Privacy Policy
Privacy Policy
Below we inform you that the service provider Fiori Carla S.n.c. of Zuzek (registered office: Italy, Via di Roiano 7, 34135, Trieste, Company registration number: 00760500322) processes your personal data as follows and for the following purposes.
When processing data, we comply with current legislation - in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
This Privacy Policy applies to the following website: https://fioricarla.com
We reserve the right to change this Policy at any time; any changes will come into effect upon publication.
Identification of the Data Controller
- Denomination: Fiori Carla S.n.c. of Zuzek
- Registered office: Italy, Via di Roiano 7, 34135, Trieste
- E-mail: fioricarla@hotmail.it
Legal bases of data processing
- Execution of a contract (Art. 6(1)(b) GDPR)
- Fulfilment of a legal obligation (Art. 6(1)(c) GDPR)
- Legitimate interests of the Data Controller or of third parties (Art. 6(1)(f) GDPR)
- Consent of the person concerned (Art. 6(1)(a) GDPR)
- Public interest or exercise of public authority (Art. 6(1)(e) GDPR)
- Accounting and tax obligations (e.g. Art. 6(1)(c) GDPR, other relevant national regulations)
- Protection, exercise or defence of a right in court (Art. 6(1)(f) GDPR)
Data processed during use of the site:
| Processed data | Purpose of processing |
| order execution, contact forms | |
| name | order execution, contact forms |
| IP address | order execution, contact forms, technical |
| telephone number | execution of orders |
| address | execution of orders |
Hosting Provider Data
The data are processed and stored by the following hosting provider to ensure the functioning of the service.
- Name of supplier: Blallo SAS di Meri Michele e Bugiolacchio Michele
- Address: Via Regina, 21, 22012, Cernobbio
- E-mail: ciao@blallo.co
- Website: https://blallo.host
Data Processors
In order to perform certain data processing activities, we use external providers (data processors). These may only process data on the basis of the contract concluded with us and in accordance with the applicable legislation.
- Cloudflare - Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA
Purpose: technical.
Data processed: IP address.
Cookies
During navigation on the website, so-called cookies may be saved on the user's computer. These contain technical information and their main purpose is to offer a comfortable and personalised navigation. However, the website may also use cookies for the purpose of analysis, remarketing or multimedia elements.
Essentials
Essential cookies and services enable basic functions and are necessary for the website to function properly. These cookies and services do not require the user's consent according to the GDPR.Necessary
These cookies and services are necessary for the website to function properly, but their use requires the user's consent. This may include, but is not limited to: payment gateways, captcha services, integrated booking services.Analytics
Statistical cookies collect usage information, enabling us to obtain information on how visitors interact with our website.Marketing
Marketing services are used by third-party advertisers or publishers to show personalised advertisements. They do this by tracking visitors through various websites.Media
These cookies and services are required to display certain multimedia elements, such as embedded videos, maps, social media posts, etc.Other services
This category includes all cookies, domains and services that do not fit into the other specific categories or that have not been explicitly categorised.Cookies used on this site
| Cookie name | Purpose |
|---|---|
| mhcookie | essential |
| tk_ai | analytics |
| wordpress_test_cookie | essential |
| wp_lang | essential |
| sbjs_migrations | analytics |
| sbjs_current_add | analytics |
| sbjs_first_add | analytics |
| sbjs_current | analytics |
| sbjs_first | analytics |
| wp-settings-* | essential |
| wp-settings-time-* | essential |
| sbjs_udata | analytics |
| sbjs_session | analytics |
| wordpress_logged_in_* | essential |
| woocommerce_items_in_cart | essential |
| woocommerce_cart_hash | essential |
| wp_woocommerce_session_* | essential |
Users can manage or deactivate the use of cookies from their browser settings, but this may affect certain functionalities of the site.
Child data
Our service is expressly not intended for persons under 16 years of age. If, however, we do collect and process data from minors, we do so only if required by law (consent or authorisation of parent/guardian).
Parents and guardians may at any time request the amendment or deletion of data concerning themselves or minors for whom they are responsible.
Contact forms
The forms on the site record data provided voluntarily by the user, which we use to contact the user or handle requests.
- name
- IP address
Data retention periods
We will only store data for as long as necessary or for the period required by law. Thereafter the data will be deleted or anonymised.
Disclosure of data to third parties
We only disclose your data to third parties if you have given your explicit consent or if required by law or by an obligation imposed by the competent authority.
Security Measures
When processing data, both the data controller and the data processors adopt organisational and technical protection measures, taking into account modern technologies and the characteristics of the processing (purpose, scope, circumstances) as well as the varying degree of risk for natural persons. The aim is to keep data protection proportionate to the risk.
These measures may include, for example, data encryption, maintaining the availability, confidentiality and integrity of systems and services, and adequate resilience. We pay particular attention to restoring access to data as quickly as possible in the event of physical or technical problems.
Through regular reviews and testing of security measures, we ensure that these guarantees are not just theoretical, but provide an adequate level of protection in practice. We store data in such a way that unauthorised persons cannot access it; therefore, paper documents are stored in a closed and secure environment, while electronic data are only accessible to persons with appropriate access privileges.
We also ensure that data can be permanently deleted when the retention period expires or for other reasons that require deletion. Paper documents are destroyed using specialised shredders or through a specialised external partner. When electronic media are decommissioned or scrapped, we ensure that the data are permanently deleted.
Protection of paper documents
For data stored in paper form, we implement physical protection that includes a secure, dry storage facility and rooms that can be locked. Only authorised employees can access these documents. If paper documents are digitised, the same rules apply as for digital documents. The person in charge of data processing may not leave the work area until he/she ensures that the entrusted materials are locked and inaccessible to unauthorised persons.
The building and the premises where the paper documents are kept are equipped with adequate fire protection and security systems, reducing the risk of physical damage.
IT Security
Computers and mobile devices involved in data processing are equipped with appropriate anti-virus software and access control measures. To protect electronically stored information, we use up-to-date backup and archiving solutions, ensuring that these backups are available if necessary.
Only authorised persons with defined permission levels can connect to the central server. The computers used for work and the data stored on them are protected by passwords and other security measures to prevent unauthorised access.
Incident management and data breach reporting
If an incident occurs that may put personal data at risk due to unauthorised access, damage or loss, we will act immediately to further protect such data and reduce the damage. If the situation suggests that the incident may pose a high risk to the rights and freedoms of data subjects, we will inform them without undue delay, clearly explaining the nature of the incident and the measures taken or planned to resolve it.
We may omit direct notification of data subjects if we have previously implemented security measures (e.g. encryption) that make personal data unintelligible to unauthorised persons, or if we have significantly reduced the likelihood of risk with additional steps. In some cases, a public notification may be sufficient in lieu of an individual notification if the latter would involve a disproportionate effort.
In accordance with the provisions in force, if a personal data breach occurs that may represent a risk for the rights and freedoms of natural persons, the Controller shall notify the competent supervisory authority within 72 hours of becoming aware of it. If the communication takes place after this deadline, the reasons for the delay must also be provided.
Users' rights
As a data subject (user), you have the following rights in relation to the processing of your personal data:
- Right of Access (Art. 15 GDPR)
You have the right to know whether we process data about you, and if so which ones. You can also request information on the purpose of the processing, the legal basis and other important aspects. - Right of rectification (Art. 16 GDPR)
You have the right to request the correction or supplementation of inaccurate or incomplete data. - Right to erasure ('right to be forgotten') (Art. 17 GDPR)
If the data are no longer required or the legal conditions for their deletion are met, you can request their deletion as soon as possible. - Right of restriction of processing (Art. 18 GDPR)
In certain cases, you may request that the data only be retained, without further processing (e.g. if you contest the accuracy of the data, but do not wish their immediate deletion). - Right to data portability (Art. 20 GDPR)
You have the right to obtain the data we hold on you in a machine-readable format or to request its transfer to another provider, if technically feasible. - Right of opposition (Art. 21 GDPR)
You may object to future processing of your data if you consider that our legitimate interests (or another legal basis) do not sufficiently justify such processing.
To exercise these rights, please contact us (e-mail: fioricarla@hotmail.it). We try to respond to requests as soon as possible. We generally reply within one month of receipt of the request, but in some cases - e.g. if the request is complex - this period may be extended by a further two months. We will inform you of the reasons for the extension within the first month.
If we are unable to comply with your request, we will also inform you of this and the reasons within the same period. In this case, you have the possibility of lodging a complaint with the supervisory authority or of taking legal action.
Complaint handling, appeals
If you believe that a misuse of your personal data has occurred, you may file a formal complaint at the following addresses:
- E-mail: fioricarla@hotmail.it
- Postal address: Italy, Via di Roiano 7, 34135, Trieste
We carefully examine the complaints received and inform you of the outcome of the assessment and the measures taken. If the law does not set a specific time limit for complaint handling, at least every three years we review the extent to which our complaint handling procedures and process meet the purposes of the data processing and relevant regulations.
You also have the right to lodge a complaint with the competent supervisory authority:
- Name of authority: Data Protection Authority
- Address: Piazza Venezia 11, 00187 Rome, Italy
- Telephone: +39-06-69677-1
- E-mail: protocollo@gpdp.it
Date of last update: May 2, 2025
Italiano 