Privacy Policy

1) Data Controller

Data Controller (individual):
Ing. Loris Menghi
Via Tevere, 5 – 47923 Rimini (Italy)
Phone/WhatsApp: +39 333 5815203
Email: info@lorismenghi.com
Italian Tax Code (C.F.): MNGLRS76S13H294A

Business entity (where applicable):
Loris Menghi (Albania)
NUIS: M21809024Q
Address: Rruga Norbert Jokl, Ndertesa Nr. 2, Hyrja 1, Tirane (Albania)

Depending on the specific service requested (e.g., invoicing, contractual arrangements, or commercial terms), processing activities may be carried out by the individual and/or the business entity above. In all cases, you can contact us using the email address provided in this section.

2) What Personal Data We Collect

• Contact data: name, email address, phone number (including WhatsApp), and any information you include in messages or forms.
• Technical data: IP address, browser type, device information, and server logs (for security, debugging, and performance).
• Support data: information you provide during support requests (e.g., store URL, Magento/Adobe Commerce version, module configuration, error logs). This may include personal data if you include it in logs or screenshots.
• Marketplace-related data: if you contact us regarding products obtained via Adobe Commerce Marketplace, we may receive/handle your contact data and purchase context that you provide to us.

We do not intentionally collect special categories of data (e.g., health or political opinions). Please do not send such data.

3) Why We Process Your Data (Purposes)

• To respond to inquiries and provide information about services and products.
• To provide technical support for our software and Marketplace extensions.
• To deliver services you requested (development, consultancy, configuration, troubleshooting).
• To improve security (prevent fraud/abuse, investigate incidents, maintain service integrity).
• To comply with legal obligations (accounting, tax, regulatory requirements where applicable).

4) Legal Bases (GDPR)

• Contract (Art. 6(1)(b)): to provide services or support you requested.
• Legitimate interests (Art. 6(1)(f)): site security, fraud prevention, and improving our services.
• Consent (Art. 6(1)(a)): when you explicitly choose to be contacted through certain channels (e.g., WhatsApp) or accept optional cookies (if applicable).
• Legal obligation (Art. 6(1)(c)): bookkeeping and compliance duties where required.

5) WhatsApp / Spoki Communications

If you contact us via WhatsApp, request WhatsApp-based support, or ask information about Spoki-related integrations, we may process your phone number and the content of the conversation to manage your request.

In the context of our software products (e.g., extensions that integrate with Spoki), personal data may be transmitted to Spoki only when required to deliver the requested integration or support (for example, configuration guidance, troubleshooting, or verifying a webhook request/response).

Important note for merchants using our Spoki integrations:
When you install and use a Spoki integration on your own e-commerce store, you (the merchant) are typically the Data Controller for your customers’ data. Our role is generally limited to providing software and support. You are responsible for ensuring your store’s privacy policy and consent flows are compliant for messaging your customers.

6) Sharing Data With Third Parties

We may share personal data only when necessary to provide services, comply with legal obligations, or ensure security. Depending on your interactions, recipients may include:

• Hosting and infrastructure providers (to operate this website and related services).
• Email providers (to send/receive communications).
• Spoki (only when required for Spoki-related integrations and support scenarios, or when you request such interactions).
• Adobe Commerce Marketplace: purchases, downloads, and Marketplace processes are handled on Adobe’s systems; their own privacy policy applies to those processes.

We do not sell personal data.

7) International Transfers

Your data may be processed in Italy and, where applicable, also in Albania (see Data Controller section). If any service providers process data outside the European Economic Area, we will use appropriate safeguards required by applicable data protection laws (such as contractual measures).

8) Data Retention

• Contact requests: retained as long as needed to manage the conversation and related follow-ups.
• Support tickets / emails: retained for a reasonable period to ensure continuity of support and auditing.
• Server logs: retained for security and troubleshooting (typically a limited period, unless needed for incident investigation).
• Accounting records: retained for the period required by applicable laws.

9) Security

We implement reasonable technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. However, no system can be guaranteed 100% secure.

10) Your Rights

If you are located in the EEA/UK (or where applicable), you may have rights such as access, rectification, erasure, restriction, portability, and objection, as provided by data protection laws. You can exercise your rights by contacting us at: info@lorismenghi.com.

11) Cookies

This website may use technical cookies necessary for basic functionality and security. If analytics or marketing cookies are enabled, they will be used only according to your consent preferences (where applicable).

If you implement a cookie banner/consent tool, ensure it accurately reflects the cookies/services used on your site.

12) Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect the latest version.

13) Contact

For privacy-related requests, contact:
info@lorismenghi.com