Login

Cart

Your cart is empty

Privacy policy

1. Introduction and Contact Details of the Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data refers to all data with which you can be personally identified.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

ORNELLA COLICCHIO UG (haftungsbeschränkt)
Sulzgasse 35/1
72116 Mössingen
Germany

Phone: +49 (0) 151 149 259 03
Email: contact@ornellacolicchio.com

The controller responsible for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2. Data Collection When Visiting Our Website

2.1

When using our website for informational purposes only, meaning if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Visited website
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (if applicable, in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used in any other way. However, we reserve the right to subsequently review the server log files if there are concrete indications of unlawful use.

2.2

For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

3. Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying page content, we use the system of the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland (“Shopify”)

Data may also be transferred to:

Shopify Inc.
150 Elgin St
Ottawa, ON K2P 1L4
Canada

All data collected on our website is processed on the provider’s servers. We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

3.2 Shopify

We use a Content Delivery Network (CDN) from the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland (“Shopify”)

Data may also be transferred to:

  • Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada
  • Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content, or scripts more quickly through a network of regionally distributed servers. Processing is carried out on the basis of our legitimate interest in improving the stability and functionality of our website pursuant to Art. 6 para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

For data transfers to the USA, the recipient has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

4. Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, i.e., small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (“session cookies”), while others remain on your device longer and enable the storage of page settings (“persistent cookies”). In the latter case, you can find the storage duration in the overview of your web browser’s cookie settings.

If personal data is also processed through individual cookies used by us, processing takes place in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the event of consent given, or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the website visit.

You can configure your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5. Contacting Us

5.1 HubSpot

To process customer inquiries, we use the email ticketing system of the following provider:

HubSpot Ireland Ltd.
2nd Floor
30 North Wall Quay
Dublin 1
Ireland

If you send us inquiries via email through our website, these are stored and organized in the ticketing system to enable chronological processing and improve the service experience. You can always view the current status of your inquiry using the individually assigned ticket number.

For the organization and processing of inquiries, personal data is collected depending on the extent provided, but at least first name, last name, and email address, transmitted to the provider, stored there, and read.

The legal basis for processing this data is our legitimate interest in the efficient organization of our customer service, the fastest possible response to your inquiry, and the optimization of our service offering pursuant to Art. 6 para. 1 lit. f GDPR.

We have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

5.2

When contacting us (e.g., via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

Your data will be deleted once it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no statutory retention obligations to the contrary.

6. Data Processing When Opening a Customer Account

Pursuant to Art. 6 para. 1 lit. b GDPR, personal data will continue to be collected and processed to the extent necessary if you provide it to us when opening a customer account. The data required for opening an account can be found in the input form of the corresponding form on our website.

You can delete your customer account at any time by sending a message to the controller’s address stated above. After deletion of your customer account, your data will be deleted provided that all contracts concluded through the account have been fully processed, there are no statutory retention periods to the contrary, and we have no legitimate interest in further storage.

7. Use of Customer Data for Direct Advertising

7.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and used to address you personally.

For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive newsletters after you have expressly confirmed your consent to receiving the newsletter by clicking a verification link sent to the specified email address.

By activating the confirmation link, you grant us your consent to use your personal data in accordance with Art. 6 para. 1 lit. a GDPR. In doing so, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace possible misuse of your email address at a later point in time.

The data collected by us when registering for the newsletter is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by sending a corresponding message to the controller named at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to further use of your data or we reserve the right to further data usage permitted by law and about which we inform you in this declaration.

7.2 Shopify Email

Our email newsletters are sent via the following provider:

Shopify International Limited
Victoria Buildings, 2nd Floor
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland

Data may also be transferred to:

Shopify Inc.
150 Elgin St
Ottawa, ON K2P 1L4
Canada

Based on our legitimate interest in effective and user-friendly newsletter marketing, we transfer the data you provide when registering for the newsletter to this provider pursuant to Art. 6 para. 1 lit. f GDPR so that the provider can send the newsletter on our behalf.

Subject to your express consent pursuant to Art. 6 para. 1 lit. a GDPR, the provider also carries out statistical evaluations of newsletter campaigns using web beacons or tracking pixels in the emails sent, which can measure open rates and specific interactions with newsletter content. Device information (e.g., time of access, IP address, browser type, and operating system) is also collected and evaluated, but not merged with other data sets.

You may revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our website visitors and prohibits disclosure to third parties.

For data transfers to Canada, an adequate level of data protection is guaranteed by an adequacy decision of the European Commission.

8. Data Processing for Order Fulfillment

8.1

To the extent necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned financial institution pursuant to Art. 6 para. 1 lit. b GDPR.

If, based on a corresponding contract, we owe you updates for goods with digital elements or digital products, we process the contact data you provided during the order process in order to personally inform you within the framework of our statutory information obligations pursuant to Art. 6 para. 1 lit. c GDPR. Your contact data is used strictly for notifications about updates owed by us and processed only to the extent necessary for the respective information.

To process your order, we also cooperate with the following service provider(s), who support us wholly or partially in the performance of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.2 Post & DHL Shipping (official)

For the preparation of shipping, we use the services of the following provider:

Deutsche Post DHL Research And Innovation GmbH
Kurt-Schumacher-Str. 1
53113 Bonn
Germany

Pursuant to Art. 6 para. 1 lit. b GDPR, we transmit digital shipping labels with your delivery information exclusively for the purpose of processing your online order from our order processing system to the provider, who then sends them to our local printers to enable printing. Data is only transferred to the extent actually necessary for processing.

8.3 Transfer of Personal Data to Shipping Service Providers

- DHL

We use the following provider as our transport service provider:

DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany

We pass on your email address and/or telephone number to the provider before delivery of the goods for the purpose of coordinating a delivery date or delivery notification pursuant to Art. 6 para. 1 lit. a GDPR, provided you have given your express consent during the ordering process.

Otherwise, for the purpose of delivery pursuant to Art. 6 para. 1 lit. b GDPR, we only pass on the recipient’s name and delivery address to the provider. The transfer only takes place to the extent necessary for the delivery of goods.

In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

Consent may be revoked at any time with future effect either vis-à-vis the controller named above or vis-à-vis the provider.

8.4 Use of Payment Service Providers (Payment Services)

- Apple Pay

If you choose the “Apple Pay” payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the “Apple Pay” function of your device operated with iOS, watchOS, or macOS by charging a payment card stored with “Apple Pay.”

Apple Pay uses security functions integrated into your device’s hardware and software to protect your transactions. To authorize a payment, it is therefore necessary to enter a code previously defined by you and verify using the “Face ID” or “Touch ID” function of your device.

For payment processing purposes, the information you provide during the ordering process, together with information about your order, is transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment.

The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment is made, Apple sends your device account number and a transaction-specific dynamic security code to the originating website to confirm payment success.

If personal data is processed during the described transmissions, the processing is carried out exclusively for payment processing purposes pursuant to Art. 6 para. 1 lit. b GDPR.

Apple retains anonymized transaction data, including the approximate purchase amount, approximate date and time, and whether the transaction was successfully completed. Anonymization completely excludes personal identification. Apple uses anonymized data to improve Apple Pay and other Apple products and services.

If you use Apple Pay on iPhone or Apple Watch to complete a purchase made through Safari on Mac, the Mac and authorization device communicate over an encrypted channel on Apple servers. Apple does not process or store any of this information in a format that can identify you personally.

You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to “Wallet & Apple Pay” and disable “Allow Payments on Mac.”

Further information on data protection with Apple Pay can be found at:

https://support.apple.com/de-de/HT203027

- Klarna

One or more online payment methods from the following provider are available on this website:

Klarna Bank AB
Sveavägen 46
111 34 Stockholm
Sweden

If you select a payment method where the provider makes advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order are transferred to the provider pursuant to Art. 6 para. 1 lit. b GDPR.

If you select a payment method where the provider makes advance payment (such as purchase on account, installment purchase, or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and possibly data regarding an alternative payment method).

To protect our legitimate interest in determining the solvency of our customers, this data is forwarded to the provider pursuant to Art. 6 para. 1 lit. f GDPR for the purpose of a credit check.

The provider checks, based on the personal data you provide and additional data (such as shopping cart, invoice amount, order history, and payment experience), whether the payment option selected by you can be granted with regard to payment and/or default risks.

In addition to provider-internal criteria pursuant to Art. 6 para. 1 lit. f GDPR, identity and creditworthiness information from the following credit agencies may also be included in the decision-making process:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (“score values”). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other things, is included in the calculation of the score values.

You may object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

- Shopify Payments

One or more online payment methods from the following provider are available on this website:

Shopify International Limited
Victoria Buildings
1-2 Haddington Road
Dublin 4, D04 XN32
Ireland

If you select a payment method where the provider makes advance payment (such as credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order are transferred to the provider pursuant to Art. 6 para. 1 lit. b GDPR.

The transfer of your data takes place exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

8.5 Electronic Cancellation Function for Distance Contracts

Consumers who conclude contracts on this website for which a statutory right of withdrawal exists have the option of declaring the withdrawal via an electronic cancellation function in accordance with the applicable cancellation provisions.

For the provision of the electronic cancellation function, we use a solution from the following provider:

Jonas Busch
Sole Proprietor
Cologne, Germany

When using the cancellation function, in addition to information identifying the contract to be canceled, further personal information such as the consumer’s first and last name and email address must be provided or confirmed.

This information is initially collected by the provider on the basis of our legitimate interest in a user-friendly, stable, and process-optimized solution pursuant to Art. 6 para. 1 lit. f GDPR, then used to confirm receipt of the cancellation declaration on our behalf by email, and finally transmitted to us.

We subsequently process the transmitted information for the proper handling of the cancellation pursuant to Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. c GDPR on the basis of our legal obligation to provide an electronic cancellation function for paid consumer distance contracts.

The information collected by the provider is routinely deleted after final processing of a cancellation, unless statutory retention obligations prevent this.

We have concluded a data processing agreement with the provider that protects the data processed within the scope of the cancellation function and prohibits unauthorized disclosure to third parties.

9. Website Functionalities

Applications for Job Advertisements via Email

On our website, we publish current vacancies in a separate section, to which interested parties may apply via email using the contact address provided.

Applicants must provide all personal data required for a well-founded assessment, including general information such as name, address, and contact details, as well as performance-related evidence and, where applicable, health-related information. Details regarding the application can be found in the respective job advertisement.

After receipt of the application via email, the data is stored and evaluated exclusively for the purpose of processing the application. If we have any questions, we use either the applicant’s email address or telephone number.

Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR (or § 26 para. 1 BDSG in Germany), under which the application process is regarded as the initiation of an employment relationship.

If special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data such as information about severe disability status) are requested during the application process, processing is carried out pursuant to Art. 9 para. 2 lit. b GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our related obligations.

Alternatively or cumulatively, processing of special categories of data may also be based on Art. 9 para. 2 lit. h GDPR if it is carried out for purposes of preventive healthcare or occupational medicine, assessment of the applicant’s working capacity, medical diagnosis, healthcare or social care, or the management of healthcare or social systems and services.

If an applicant is not selected or withdraws their application prematurely, the submitted data and all electronic correspondence, including the application email, will be deleted no later than six months after the corresponding notification. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, fulfilling our obligations to provide evidence under regulations concerning equal treatment of applicants.

In the event of a successful application, the data provided will be processed on the basis of Art. 6 para. 1 lit. b GDPR (in Germany in conjunction with § 26 para. 1 BDSG) for the purpose of carrying out the employment relationship.

10. Tools and Miscellaneous

10.1 Lexware Office

For accounting purposes, we use the cloud-based accounting software service of the following provider:

Haufe-Lexware GmbH & Co. KG
Munzinger Straße 9
79111 Freiburg
Germany

The provider processes incoming and outgoing invoices as well as, if applicable, our company’s bank transactions in order to automatically capture invoices, match them to transactions, and create financial accounting records in a partially automated process.

If personal data is also processed in this context, processing is carried out on the basis of our legitimate interest in the efficient organization and documentation of our business processes pursuant to Art. 6 para. 1 lit. f GDPR.

10.2 Cookie Consent Tool

This website uses a so-called “cookie consent tool” to obtain effective user consent for cookies and cookie-based applications requiring consent.

The “cookie consent tool” is displayed to users upon page access in the form of an interactive user interface, through which consent for certain cookies and/or cookie-based applications can be granted by ticking checkboxes.

By using the tool, all cookies/services requiring consent are only loaded if the respective user has granted consent by ticking the corresponding box. This ensures that such cookies are only set on the user’s device if consent has been granted.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this processing is carried out pursuant to Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific, and user-friendly consent management for cookies and therefore in a legally compliant design of our website.

An additional legal basis for processing is Art. 6 para. 1 lit. c GDPR. As the controller, we are legally obligated to make the use of technically unnecessary cookies dependent on the user’s consent.

Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the configuration options of the cookie consent tool can be found directly in the corresponding user interface on our website.

11. Rights of the Data Subject

11.1

Applicable data protection law grants you the following rights vis-à-vis the controller with regard to the processing of your personal data (rights of access and intervention), whereby reference is made to the stated legal basis for the respective exercise requirements:

  • Right of access pursuant to Art. 15 GDPR
  • Right to rectification pursuant to Art. 16 GDPR
  • Right to erasure pursuant to Art. 17 GDPR
  • Right to restriction of processing pursuant to Art. 18 GDPR
  • Right to notification pursuant to Art. 19 GDPR
  • Right to data portability pursuant to Art. 20 GDPR
  • Right to withdraw granted consent pursuant to Art. 7 para. 3 GDPR
  • Right to lodge a complaint pursuant to Art. 77 GDPR

11.2 Right to Object

If we process your personal data on the basis of our overriding legitimate interest within the framework of a balancing of interests, you have the right at any time to object to this processing with effect for the future on grounds arising from your particular situation.

If you exercise your right to object, we will stop processing the affected data. However, further processing remains reserved if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

If your personal data is processed by us for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You may exercise the objection as described above.

If you exercise your right to object, we will stop processing the affected data for direct marketing purposes.

12. Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and — where applicable — additionally by the respective statutory retention period (e.g., retention periods under commercial and tax law).

When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, the affected data is stored until you revoke your consent.

If statutory retention periods exist for data processed within the framework of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data is routinely deleted after expiration of the retention periods provided it is no longer required for contract fulfillment or contract initiation and/or we no longer have a legitimate interest in continued storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information contained in this declaration regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Status: 22/05/2026, 20:27:31

SUBSCRIBE TO THE OC NEWSLETTER

GET QUICK UPDATES ON THE LAUNCH OF THE NEW CAMPAIGN AND SECURE EXCLUSIVE PRODUCTS

*SUBSCRIBE
OC LOGO white long

MADE IN ITALY