Privacy Policy
Last updated: June 12, 2026
This policy describes how Lock & Go ("we", "the Controller") collects, uses and protects the personal data of users who visit lockandgo.it and use our smart-locker luggage storage service, in accordance with Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018.
1. Data Controller
The Data Controller is Lock & Go, Milan, Italy. For any request concerning personal data you can write to: info@lockandgo.it.
2. Data we collect
2.1 Data you provide directly
- Account data: email address and login details, when you create an account or sign in.
- Booking data: locker location, compartment size, date and time slot, number of bags.
- Contact data: name, email and message content when you contact us for support.
2.2 Payment data
Payments are processed by Stripe Payments Europe, Ltd. Card details are transmitted directly to Stripe in encrypted form and are never stored on our servers. We only receive the outcome of the transaction and a payment identifier from Stripe. For more information see the Stripe Privacy Policy.
2.3 Data collected automatically
- Technical browsing data: IP address, browser and device type, pages visited.
- Cookies and measurement tools: we use Google Tag Manager and analytics tools to measure how the site is used. Analytics and marketing cookies are activated only with your consent (Consent Mode v2); without consent they remain disabled.
- Campaign parameters (UTM): if you reach the site from an advertising campaign, we record the campaign parameters to measure its effectiveness.
3. Purposes and legal bases of processing
| Purpose | Legal basis |
|---|---|
| Managing your booking and locker access | Performance of a contract (Art. 6.1.b GDPR) |
| Payment processing and invoicing | Performance of a contract and legal obligation (Art. 6.1.b, 6.1.c) |
| Customer support | Performance of a contract (Art. 6.1.b) |
| Service communications (confirmations, reminders) | Performance of a contract (Art. 6.1.b) |
| Analytics and marketing | Consent (Art. 6.1.a) |
| Service security and fraud prevention | Legitimate interest (Art. 6.1.f) |
4. Data retention
- Booking and payment data: retained for 10 years to comply with tax and accounting obligations.
- Account data: retained while the account remains active; deleted upon a deletion request.
- Browsing data and cookies: retained for the durations indicated in the consent management tool.
5. Recipients of the data
Data may be shared with:
- Stripe, for payment processing;
- technical service providers (hosting, cloud infrastructure, transactional email), appointed as data processors under Art. 28 GDPR;
- Google (Tag Manager / Analytics), only with your consent, for measurement purposes;
- competent authorities, where required by law.
We do not sell your data to third parties. Any transfers outside the EU take place on the basis of Standard Contractual Clauses or adequacy decisions.
6. Your rights
Under Articles 15-22 GDPR you have the right to:
- access your data and obtain a copy;
- request its rectification or erasure;
- restrict or object to processing;
- receive your data in a portable format;
- withdraw consent at any time, without affecting the lawfulness of prior processing;
- lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
To exercise your rights, write to info@lockandgo.it.
7. Security
We adopt appropriate technical and organisational measures to protect personal data: encrypted connections (HTTPS), access limited to authorised personnel and infrastructure monitoring. Lockers are also protected by surveillance and digital access, as described on our Security page.
8. Minors
The service is intended for adult users. We do not knowingly collect data from anyone under 18.
9. Changes to this policy
We may update this policy to reflect regulatory or service changes. The updated version will always be published on this page with the last-updated date.