Privacy Policy

Effective date: August 14, 2025
Applies to: Our U.S.-facing websites, apps, customer service channels, in‑person sales, and other services operated by or on behalf of Lorenzo & Rose ("Lorenzo & Rose," "we," "us," or "our").

If you reside in California, Colorado, Connecticut, Delaware, Montana, Oregon, Texas, Utah, Virginia, or Nevada, additional state‑specific disclosures and rights apply (see Section 12). We also explain how to submit requests in Section 10.


1) Who we are & how to contact us

Controller: Lorenzo & Rose
Email: info@lorenzoandrose.com

You may contact our Privacy Team using the details above or through the web form linked in our site footer ("Privacy Requests").


2) What we collect (categories of personal information)

We collect the following categories of information (including in the last 12 months). Examples are illustrative and may vary by product or feature:

  • Identifiers (e.g., name, username, email, postal address, phone number, IP address, device identifiers).

  • Customer records (e.g., order history, account credentials, saved addresses, payment card token/last 4 digits via our payment processors).

  • Commercial information (e.g., products viewed or added to cart, purchase and return history, discount eligibility).

  • Internet / network activity (e.g., device and browser information, log files, cookies/SDKs, pages viewed, referral/UTM data, approximate geolocation, interactions with emails or SMS).

  • Inferences drawn from the above (e.g., preferences, interests).

  • Sensitive personal information (only if needed): precise geolocation (opt‑in features only), account log‑in in combination with password, or payment card data processed by our PCI‑compliant processors. We do not collect government IDs or biometric templates.

  • User content & support (e.g., product reviews, photos you upload, survey responses, chats/calls with support).

  • Job applicant data (if you apply for a role): résumé/CV details, eligibility to work, education and employment history.

Sources. We obtain personal information directly from you, your devices, our service providers (e.g., payments, analytics, shipping), advertising partners, social networks when you interact with our content, and publicly available sources.


3) Why we use your information (purposes)

We use personal information to:

  • Provide, maintain, and improve our products/services and fulfill orders;

  • Authenticate you, secure accounts, prevent fraud, and debug;

  • Process payments, deliver orders, handle returns, and provide customer support;

  • Personalize content and experiences;

  • Conduct analytics, measure performance, and develop new features;

  • Market and advertise (including cross‑context behavioral/"targeted" advertising where permitted);

  • Comply with law, enforce terms, and protect our company, customers, and the public;

  • With your consent, where required (e.g., certain cookies, SMS marketing).

We do not use or disclose sensitive personal information for purposes other than those permitted by applicable law (e.g., account security, short‑term transient use, fraud prevention) unless we obtain consent where required.


4) Whether we "sell" or "share" personal information and targeted advertising

Some U.S. state laws define a "sale" broadly to include disclosing personal information in exchange for anything of value. "Sharing" (California) or "targeted advertising" (other states) means disclosing personal information for cross‑context behavioral advertising.

  • We engage in online advertising that may be considered a "sale," "sharing," or "targeted advertising" under certain state laws.

  • You can opt out at any time (see Section 9). We also honor browser‑/device‑based opt‑out preference signals such as Global Privacy Control (GPC) when required.

We do not knowingly sell or share the personal information of consumers under 16.


5) Retention

We retain personal information only for as long as necessary to fulfill the purposes described above, including to meet legal, accounting, or reporting requirements. Generally:

  • Transactional records: up to 7 years (tax/audit).

  • Account data: for the life of the account, then a reasonable period to close out requests, disputes, and fraud prevention.

  • Marketing & analytics data: typically 24 months (shorter if feasible); we may keep aggregate/de‑identified data longer.

  • Support recordings/chats: typically 24 months.

Where a fixed period isn’t practical, we apply criteria such as the amount and sensitivity of the data, the risk of harm from unauthorized use/disclosure, the purposes of processing, and legal requirements. We delete or de‑identify data when it is no longer needed.


6) Disclosures to third parties

We disclose personal information to:

  • Service providers / processors (e.g., payment, hosting, cloud, shipping, communications, analytics, security, advertising technology), bound by contract to use data only to provide services to us;

  • Business partners (e.g., co‑branded promotions, when you choose to participate);

  • Advertising partners for measurement and targeted advertising (you can opt out);

  • Affiliates and corporate transactions (merger, sale, reorganization);

  • Legal and safety (to comply with law, respond to lawful requests, protect rights, safety, and security).

We do not disclose your full payment card numbers to third parties; payments are processed by our PCI‑compliant processors.


7) Cookies, tracking, and opt‑out signals

We and our partners use cookies, pixels, SDKs, and similar technologies for the purposes in Section 3.

  • You can manage cookies via our Cookie Settings link and your browser/device settings.

  • Where required, we honor Global Privacy Control (GPC) and other recognized Universal Opt‑Out Mechanisms (UOOMs) as valid requests to opt out of sale/sharing or targeted advertising.

  • Opt‑outs are browser/device specific. If you clear cookies or use a different browser/device, you may need to opt out again.


8) Children’s privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent as required by law. If you believe a child under 13 has provided personal information to us, contact us at info@lorenzoandrose.com and we will take appropriate steps to delete such information.


9) Your choices

  • Opt out of sale/sharing/targeted ads: Use the “Do Not Sell or Share My Personal Information / Opt Out of Targeted Ads” link in our footer, or enable a recognized browser signal (e.g., GPC).

  • Marketing emails: Click the unsubscribe link in our emails or contact us.

  • SMS marketing: Reply STOP to opt out; reply HELP for help.

  • Cookies: Adjust preferences in Cookie Settings and your browser/device.

We will not discriminate against you for exercising your privacy rights.


10) How to exercise your privacy rights (access, delete, correct, etc.)

Depending on your state, you may have the right to know/access, delete, correct, opt out (sale/sharing/targeted ads/profiling), data portability, limit the use/disclosure of sensitive personal information (California), and appeal a decision (see Section 11).

Submit a request through our Privacy Requests web form or via info@lorenzoandrose.com. We will verify your identity (e.g., by confirming information associated with your account or order history) and respond within the timeframe required by applicable law. You may designate an authorized agent as permitted by law.


11) Appeals (Virginia, Colorado, Connecticut, Oregon, etc.)

If we deny your request, you may appeal by replying to our decision email or writing to info@lorenzoandrose.com with the subject line “Privacy Appeal.” We will respond in writing within the period required by law and explain our decision, including how to contact your state Attorney General if you disagree.


12) State‑specific disclosures

California (CCPA/CPRA). We disclose the categories of personal information listed in Section 2 for the purposes in Section 3. We provide: (i) a “Do Not Sell or Share My Personal Information” link; (ii) a “Limit the Use of My Sensitive Personal Information” option where applicable; (iii) a Notice at Collection at or before the point of collection; and (iv) recognition of valid opt‑out preference signals (e.g., GPC). We maintain records of requests and will publish metrics if required by law.

Colorado. We recognize Universal Opt‑Out Mechanisms approved by the Colorado Attorney General (currently including GPC) for opting out of sales and targeted advertising. Sensitive data (e.g., precise geolocation) is processed only with consent where required.

Connecticut & Oregon. We honor opt‑out preference signals where applicable, offer an appeal process, and require consent for processing sensitive data where required by law.

Delaware & Montana. We provide rights to access, delete, correct, portability, and opt out of targeted advertising, sales, and certain profiling, and additional children’s data protections as required by law.

Texas (TDPSA). We provide opt‑out rights for sales and targeted advertising and honor browser‑based opt‑out instructions as required by Texas law. We include a clear privacy notice and secure processing safeguards.

Utah & Virginia. We provide access, delete, portability rights, and opt‑outs for sales/targeted advertising, and an appeal process (Virginia).

Nevada (NRS 603A). Nevada residents may submit a request to opt out of the sale of “covered information” by emailing info@lorenzoandrose.com with the subject line “Nevada Opt‑Out.”


13) Security

We implement administrative, technical, and physical safeguards appropriate to the nature of the personal information we process. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.


14) De‑identified and aggregated data

Where we use de‑identified data, we maintain and use it in de‑identified form and do not attempt to re‑identify it except to test de‑identification, and we require the same of recipients.


15) International transfers

Our services and data systems are hosted in the United States. If you access our services from outside the U.S., you understand your information will be transferred to, stored, and processed in the U.S.


16) Financial incentives (California)

If we offer a loyalty or rewards program or other financial incentives that involve personal information, we will provide a program‑specific notice explaining how the value of your data is reasonably related to the program terms and how to opt in/out.


17) Third‑party links and social media

Our services may include links or integrations with third‑party sites and platforms. Your interactions with those third parties are governed by their own privacy policies, not this one.


18) Changes to this Policy

We may update this Policy from time to time. We will post the updated version and change the effective date. If changes materially affect your rights, we will provide additional notice (e.g., by email or prominent notice on our site).


19) Contact

If you have questions or complaints about this Policy or our practices, contact info@lorenzoandrose.com or write to us at the postal address in Section 1.


California Notice at Collection (summary)

  • Categories collected: See Section 2.

  • Purposes: See Section 3.

  • Sale/Sharing: See Section 4; opt‑out via footer link or GPC.

  • Retention: See Section 5.

  • Sensitive PI: Limited use; options to Limit where applicable.

  • How to exercise rights: See Section 10.

U.S. Marketing Disclosures (Email & SMS)

  • Email (CAN‑SPAM): We include our physical postal address in commercial emails and honor unsubscribes within required timeframes.

  • SMS (TCPA): Marketing texts are sent only with prior express written consent; message and data rates may apply; frequency varies; reply STOP to cancel; HELP for help. Consent is not a condition of purchase. Quiet‑hours and one‑to‑one consent rules are observed where applicable.

Note: This Policy is intended for a general retail/e‑commerce context. Depending on your exact data flows (e.g., precise geolocation, health data, loyalty programs), you may need to add or modify disclosures and configure your consent/opt‑out tools accordingly.