Privacy policy
Last updated: 30 April 2026
Data controller: Aliquo Technologies SRL — Via Giovanni Pascoli 3, 20129 Milan, Italy — VAT 13208450968.
Introduction
This Privacy Policy describes how Rendi collects, uses and discloses personal information when you visit www.rendi.it or communicate with us about the Services.
Changes to this Privacy Policy
Rendi may update this Notice from time to time, posting the revised version on the Site and updating the "Last updated" date.
How we collect and use your personal information
What personal information we collect
Information we collect directly from you:
- Contact details (name, address, phone, email)
- Order information
- Account information
- Purchase information
- Customer support information
Information we collect about your usage:
Rendi automatically collects Usage Data through cookies and similar technologies, including device, browser, network connection and IP address information.
Information we obtain from third parties:
- Companies supporting the Site (e.g. Shopify)
- Payment processors
- Advertising and tracking partners
Login via third-party identity providers
To allow you to access your Rendi account without a dedicated password, we use an external authentication provider, Clerk Inc. (based in the United States), acting as our data processor. Clerk handles the login flow and identity verification on our behalf.
When you choose to sign in via Google, Facebook or Apple, the chosen provider shares with us a limited set of information needed to create and maintain your account:
-
Google: Google unique identifier (
sub), email address, name and — if shared — profile picture. -
Facebook: Facebook unique identifier (
sub), email address if you shared it, name and — if shared — profile picture. -
Apple: Apple unique identifier (
sub), email address (real or, if you chose "Hide My Email", a@privaterelay.appleid.comalias managed by Apple) and name (only if you share it on first sign-in).
We never receive your password for the chosen provider. The password remains exclusively in the provider's systems, which manage its security autonomously.
The legal basis for processing this information is the performance of our contract with you (Art. 6(1)(b) GDPR) and — for initial account creation via OAuth — the consent you give to the provider when you first sign in (Art. 6(1)(a) GDPR).
Google, Facebook and Apple act as independent data controllers for the data that remains on their systems and for their own purposes; please review their respective privacy notices.
How we use your personal information
- Providing products and services: processing payments, fulfilling orders, managing accounts.
- Marketing and advertising: promotional communications via email, SMS, post.
- Security and fraud prevention: detecting fraudulent activity.
- Communication and service improvement: customer support.
Cookies
We use cookies and similar technologies to ensure the correct functioning of the site, to measure its usage and — subject to your consent — for marketing and profiling purposes.
A detailed list of the cookies we use, broken down by category, purpose, duration and provider, is available in our Cookie Policy, which forms an integral part of this notice.
You can change your preferences at any time by clicking "Cookie preferences" in the site footer.
How we disclose your personal information
To provide our services we share the strictly necessary personal information with the following parties, acting as data processors on our behalf:
- Shopify Inc. (Canada/EU) — e-commerce platform powering Rendi.it.
- Clerk Inc. (United States) — authentication provider (login, OAuth identity management).
- Klaviyo Inc. (United States) — transactional and marketing email, subscription preference management.
- Stripe Payments Europe Ltd. (Ireland/EU) and Shopify Payments — payment processing.
- Mondial Relay SAS (France/EU) — return shipping label generation and tracking.
- Amazon Web Services EMEA SARL (Luxembourg/EU) — cloud infrastructure (Lambda, S3, DynamoDB) hosting our backend services, and transactional email delivery (Amazon SES).
- Airtable Inc. (United States) — internal operational management of resale orders and garment catalogue.
- Meta Platforms Ireland Ltd. (Ireland/EU) — server-side event delivery (Conversion API) to measure the effectiveness of our advertising campaigns on Facebook and Instagram.
- Google Ireland Ltd. (Ireland/EU) — site statistics (Google Analytics 4), Google Ads, Google Merchant Center.
- Microsoft Ireland Operations Ltd. (Ireland/EU) — Microsoft Clarity, user-experience analytics.
- TikTok Technology Ltd. (Ireland/EU) — pixel for advertising-campaign measurement.
-
PostHog, Inc. (services delivered via EU infrastructure —
eu.i.posthog.com) — product analytics and, on selected pages such as the resale form, anonymous session recording for product-improvement purposes. - Pandectes Ltd. (Greece/EU) — cookie banner management and consent collection.
Transfers outside the EU: for providers based in the United States (Clerk, Klaviyo, Airtable) the transfer takes place under the Standard Contractual Clauses (SCC) approved by the European Commission pursuant to Art. 46(2)(c) GDPR and, where applicable, the EU-U.S. Data Privacy Framework certification.
The current list of cookies actually used is available in our Cookie Policy.
Third-party websites and links
Rendi does not guarantee the privacy or security of websites it does not control. Information shared publicly may be visible to other users without restriction.
Children's data
The Services are not intended for children. Rendi does not knowingly collect personal information about minors. If you are the parent or guardian of a child who has provided data, you may contact Rendi to request its deletion.
Security and retention of your information
No security measure is impenetrable. The retention period depends on the need to maintain the account, provide Services, comply with legal obligations and resolve disputes.
Your rights
Depending on your jurisdiction, you may have rights such as:
- Right of access/knowledge: request access to your data.
- Right to deletion: request deletion of your data.
- Right to rectification: correct inaccurate information.
- Right to portability: receive a copy of your data.
- Right to opt out of sale/sharing: object to the "sale" or "sharing" of data.
- Restriction of processing: stop or limit processing.
- Withdrawal of consent: withdraw consent given.
- Appeal: appeal against refusals.
- Communication preferences: unsubscribe from promotional emails.
You may exercise these rights by contacting Rendi or by using the options available on the Site. Rendi will not discriminate against you for exercising such rights.
Account deletion
You may request the deletion of your account and the personal data linked to it at any time. The procedure, response times and the list of data we are required to retain by law (e.g. invoicing) are described on the Account deletion page.
To exercise this or any other right granted by Chapter III GDPR (access, rectification, restriction, portability, objection) write to [email protected].
Complaints
For complaints about how Rendi processes personal data, contact Rendi at the details provided.
You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) at www.garanteprivacy.it if you believe that the processing of your personal data infringes the GDPR.
International users
Rendi transfers, stores and processes personal data outside your country of residence. For transfers outside Europe, Rendi relies on recognised transfer mechanisms such as the European Commission's standard contractual clauses.
Contact
For any request regarding the processing of your personal data, or to exercise your rights, please write to [email protected].
Address: Aliquo Technologies SRL — Via Giovanni Pascoli 3, 20129 Milan, Italy — VAT 13208450968.
