Pursuant to article 13 of Regulation (EU) 2016/679 on the protection of personal data (hereinafter “Regulation” or “GDPR”), the Data Controller informs about the processing of personal data carried out through the website www.stefyflowers.com (hereinafter also referred to as the “site”). This information concerns this website and not other websites that may be consulted by the user by browsing the links on the site, for which reference should be made to the information provided by other sites regarding their management of privacy. Pursuant to art. 37 of the GDPR, the Data Controller is obliged to appoint the Data Protection Officer (RDP / DPO).

Data controller

Stefyflowers by Stefania Fiorelli
Headquarters: Via del Vascello 34, 00152 Rome (RM) Italy
Email: info@stefyflowers.com tel +06 92593451

Data processed and purpose of processing

The personal data collected through the website will be used for the following purposes: to allow correct navigation of the site through cookies and technical navigation data; analyze the use of the site through statistical processing of anonymous or aggregated data; give information and reviews on products and services; sell our products or services and promptly execute the obligations arising in the pre-contractual and contractual phase; fulfill the obligations established by applicable Italian and EU laws, regulations and/or legislation. Subject to free, specific, informed consent, they will be used to send marketing communications about our products and/or services and to profile the user in order to offer better and personalized services.

Legal basis of the treatment

The legal basis of the processing may be: the execution of a contract of which the interested party is a part (online sale) or the execution of pre-contractual measures adopted at the request of the interested party (information request); specific, free and informed consent, when required for data collection for purposes other than contractual or simple navigation (marketing and profiling); the fulfillment of legal obligations also not deriving from the execution of the sale; the protection of the legitimate interest of the Data Controller for the conduct of its activities. The provision of the requested data is mandatory for contractual purposes (e.g. to make purchases through the site) and for legislative and regulatory compliance, it may be optional for other purposes. Failure, partial or incorrect provision of the requested data will make it impossible for the Data Controller to execute the contract and the consequent fulfillment of the related legislative and regulatory obligations, as well as preclude the adequacy of the treatment itself

Technical navigation data – log file

The computer systems and software procedures used to operate this site acquire, during their normal operation, some data whose transmission is implicit in the use of Internet communication protocols. This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access or exit was made, information on the pages visited by users within the site, the time of access, the analysis of the internal path and other parameters relating to the operating system and the user’s IT environment. These data of a technical nature are accessible to the Data Controller in an aggregate and non-identifying manner and are used for the purposes of technical management of the services provided and anonymous statistical analysis of the traffic generated and the pages visited, in the event of computer attacks on the site, crimes or offenses committed through the site, can be used for investigation and accountability purposes. The data is kept for the time necessary to fulfill the specified purposes, except in the case in which it is necessary to keep the data to ascertain accidents, unlawful acts or crimes or at the request of the police or the authorities.

Data provided by users through e-mail messages, telephone, ordinary mail

The site publishes our addresses, telephone numbers, e-mail addresses, to which each person can freely contact for requests for information or assistance for purchases: the provision is optional, the data will be processed to respond to the request and / or for the purposes specified by the interested party, they will be kept for the time required to achieve the purposes or for the fulfillment of requests, if not already stored for other purposes of managing the relationship with the interested party which provide for different and prolonged retention times .

Data provided for user account registration

The creation of a user account is required to access your private area and to make purchases on the site via the electronic commerce platform. For registration, only common, limited and necessary personal data are required, such as personal data and residence, telephone, e-mail, password, which will be used to register and administer the user’s account, allow access to the reserved area of ​​the site and view notices, manage the electronic shopping cart, view the order history, manage any credit notes or purchase vouchers in favor of the user, modify their personal data, billing, shipping, payment. The data will be stored in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 of the GDPR, for the period of validity of the user’s registration until the request for cancellation or withdrawal by the user, who will subsequently no longer be able to access his/her private area.

Data provided for purchases and shipments

For online purchases with the issuance of the sales document, with the aim of managing the sale, fulfilling contractual and legislative obligations and issuing the necessary documents, the personal and tax data of the buyer are required, mandatory by law, an e-mail address and a telephone number which will be used to communicate with the Customer regarding the delivery. The data will be kept for the time required by the purposes and by the applicable Italian or Community law. In the case of payment by credit card or other online payment circuit, the user’s data and the credit card used will be processed directly by the electronic commerce platform external to our site which will independently manage this information, therefore we invite the visitor to read the information on the processing of personal data provided by the e-commerce platform where the payment is made.

Marketing Consent

Subject to your separate and specific consent, the personal data collected will be used to send via e-mail, SMS or MMS messages, instant multimedia messaging applications and applications on the mobile network or data network (so-called Apps) promotions or communications with informative and/or promotional content on our products or services. The legal basis of the processing is your free, specific and informed consent pursuant to art. 6, c. 1, lit. a of the GDPR.

Consent for profiling

With your separate and specific consent, the data may be used for profiling activities in order to improve the offer of products and services on our part. The legal basis of the processing is your free, specific and informed consent pursuant to art. 6, c. 1, lit. a of the GDPR.

Cookies

Cookies (hereinafter “cookies”) are small files that are saved on the user’s device while browsing the website, have the purpose of collecting information on the user’s browsing of the website and can be retransmitted or reused on subsequent visits. Cookies have different characteristics and are used for different purposes, both by the owner of the site you are visiting (so-called first-party cookies), and by other sites (so-called third-party cookies) because our site incorporates web tools provided by third parts. Cookies can be stored permanently on the device or have a variable duration (so-called persistent cookies), otherwise they are temporary and are deleted when the browser is closed or have a limited duration (so-called session cookies). There are other technologies such as pixel tags, web bugs, web storage and other similar files and technologies that can perform the same functions as cookies, in this Cookie Policy we also use the term “cookie” for all these similar technologies.

Session cookies

Their duration corresponds to the session of use of the browser and they are automatically deleted when the latter is closed.

Persistent cookies

They remain stored on the navigation device until the expiry date, or are deleted by the user before expiry.

Technical or functional cookies

Technical or functional cookies are used for navigation and use of the website, they are used to ensure the correct functioning of the site or to manage certain site delivery functions based on user choices, they are necessary and their deactivation it can mean the loss of functionality of the site or the impossibility of navigating it correctly. The visitor’s consent is not required for this type of cookie.

Analytical cookies

On the site we use third-party services provided by Google Analytics (analytics.google.com) with anonymization (partial masking of the IP address), in this way the third party is not able to acquire the user’s IP address and to cross it with other data in its possession, therefore it is not possible to profile the user’s preferences. We use these cookies to collect and analyze traffic and use of the site anonymously: without directly identifying the user, they allow us to monitor access to the site and improve its performance and usability. The deactivation of these cookies can be performed without any loss of functionality, for further information, please refer to the link https://www .google.it/policies/privacy/partners/ The user can also selectively disable the action of Google Analytics by installing the opt-out component provided by Google on his browser, please refer to the link https://tools.google.com/dlpage/gaoptout. The visitor’s consent is not required for these cookies because the data is collected anonymously.

Cookie di terza parte

On the site we use third-party services that use tracking and profiling cookies, for which the visitor is informed before accessing the site and consent is requested: these cookies are registered on the device only if the user accepts them explicitly. Profiling cookies monitor and profile users during navigation, studying and memorizing their browsing options and habits on the site and on the web in general, as well as consumption habits, also for the purpose of sending advertisements for targeted and personalized services. These tracking cookies are used for marketing purposes, to create user profiles and user preferences while browsing the site and can cross-reference the information collected with that already held by third parties or collected by other websites. third parties. For these cookies, the data collected from the user is also transmitted to providers or web service providers located in the United States (USA), therefore outside the European Union. In compliance with the principles and requirements of articles 44 and 49 of the GDPR for the transfer outside the EU, the legal basis for the transfer is the prior consent of the interested party pursuant to art. 6 par. 1 lit. a) of the GDPR.

Links to other sites – Social Network Plugin

In the pages of the site there may be links to visit other third-party websites, the use of these features leads the user to interact with the web services offered by third-party sites and involves the exchange of information with such sites, the visitor is redirected to the third-party site by leaving our site and, therefore, the management of information is carried out by the third parties independently. The site also incorporates plugins such as “social buttons” with the aim of allowing easy sharing of the contents of our site on your favorite social networks. To safeguard user privacy, these plugins are programmed so as not to set any cookies when accessing the page, but only when the user makes effective and voluntary use of the plugin, according to the social network settings. If the user browses the site while logged into his profile on the social network, he has already consented to the use of cookies conveyed through the social network. The collection and use of information obtained from third parties through the plugin are governed by the respective privacy policies of the social networks, to which please refer.

Cookie management

When accessing the site there is a banner that contains a short information text and a link to this extended information. The banner allows the visitor to manage the use of cookies and to set the choice for optional profiling/tracing cookies, by default only functional/technical cookies are enabled which are necessary and cannot be deactivated without loss of site functionality. Consent to the use of cookies set is recorded with a “technical cookie” saved on the user’s device. The management of cookies is also possible by changing the browser settings through the following possible solutions, they are examples and there are also others:

• modification of browser settings, which allow or not the storage of cookies and which normally also allow setting the cookie rules so that those of “third parties” are not accepted. Some also allow you to block the cookies of some third parties and not of others, through a function that allows you to indicate from which domains to allow the sending of cookies;
• with specific software components added to the browser (so-called plug-ins), which specialize the functions commonly made available by navigation software and which can be configured by the user to select cookies based on the domains of origin;
• through the so-called “do not track”, which allows the user to signal to each site visited his wish to be tracked or not during navigation. However, this technical method is not standardized and there is no certainty that this functionality is implemented on all domains that deposit cookies on the site and for which, being third parties, the Owner cannot control them;
• It is possible to disable Google Analytics cookies by visiting the Google web page (Google GaOptOut) and downloading the add-on for the browser used.

Note: by choosing to block all cookies, the full functionality of the Site may be compromised.

Methods of treatment and conservation

The data are processed with IT/electronic tools by personnel authorized and instructed by the Data Controller, or also by designated third parties responsible for the processing of their competence, always in compliance with the principles of lawfulness of the processing and through the adoption of adequate measures of security to limit the access to the data only to the authorized subjects. The data will be kept for the time required by the processing purposes, as specified in the previous sections where the storage times are indicated for each treatment.

Data communication and transfer

The data will be communicated exclusively to subjects authorized and designated for the management of the site and our activities relating to the site:

• internal staff acting under the authority of the Data Controller;
• hosting provider, website developer, other internet service providers for the website professionals, consultants or companies, for services functional to the management of our activities or for the administration of the website;
• in case of purchases on the site: carriers, couriers, postal services, shipping and logistics companies, which act as independent data controllers;
• in case of purchases on the site: payment platforms for electronic commerce, which act as independent data controllers.

Site user data is not disclosed and is not transferred outside the European Economic Area. The cookie data will be communicated exclusively to authorized and designated subjects for the management of the site and our activities related to the site:

• internal staff acting under the authority of the Data Controller;
• website developer, other internet service providers for the website.

Transfer of data outside the EU

Some third-party cookie data, deposited after the user’s specific consent, may be transferred outside the EU to providers or web service providers located in the United States (USA): these third parties provide the guarantees of a adequate level of protection that meets regulatory requirements, with particular regard to the security measures adopted pursuant to the GDPR. For some analytical cookies, the data collected from the user is transmitted anonymously to providers or web service providers located in the USA but does not identify the user because they are made partially anonymous, therefore the GDPR requirements for the transfer do not apply non-EU.

Exercise of the rights of the interested party

Salvo le limitazioni previste dallo stesso Regolamento, il soggetto interessato potrà in qualsiasi momento rivolgersi al Titolare presso i recapiti qui indicati per esercitare i diritti previsti dagli articoli 15-22 del GDPR:

• access to personal data; rectification; cancellation; restriction of processing; opposition to the treatment; data portability;
• withdrawal of consent, where provided: the withdrawal of consent does not affect the lawfulness of the treatment based on the consent given before the revocation;
• information on the automated process relating to profiling.

The interested party also has the right to lodge a complaint, in the manner and within the terms established, with the Guarantor for the protection of personal data: please visit the website www.gpdp.it for more details.

Privacy & Cookie Policy update

The possible entry into force of new sector regulations, as well as the constant examination and updating of services to the user, could lead to the need to vary the methods of processing personal data through the site: it is possible that our policy undergoes changes over time and we therefore invite the visitor to periodically consult this page.