Privacy Policy

Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, this policy describes how Fiori Etruschi processes the personal data of users who visit the fiorietruschi.it website and fill out the contact forms on the Site.

1. Data controller

The Data Controller is Fiori Etruschi di Ceccarelli Lucia e Donna Silvia S.n.c., with registered office at Località Stabbiano di Sotto 409, 53040, San Casciano dei Bagni (SI), certified email (PEC) fiorietruschi@cert.cna.it, VAT number 01572540522.

To exercise their rights or request information about data processing, the interested party may contact the Data Controller by emailing fiorietruschi@gmail.com.

2. Data collected and purposes of processing

The Site collects personal data only through contact and information request forms voluntarily filled out by the user. No online purchases are made or contracts concluded through the Site. Each form submission constitutes a preliminary request for information only.

2.1 General contact forms

Required fields may include: first name, last name, email address, mobile number, reason for contact, and a free message.

Purpose: Responding to requests for information and quotes on services offered (floral and table arrangements, wedding services, styling and photo shoots, editorial and cookbook collaborations).

Legal basis: Pre-contractual measures taken at the request of the data subject (Article 6, paragraph 1, letter b) GDPR.

2.2 Application forms for participation in the Experiences

In addition to the data indicated above, the forms relating to Experiences (botanical dinners, workshops, and laboratories) may also collect the number of participants and whether they are members of the Botanical Club (Club Botanico).

Purpose: To manage requests for information and expressions of interest for Experiences organised by Fiori Etruschi. Submitting the form does not constitute a confirmed reservation or a contractual agreement between the parties.

Legal basis: Pre-contractual measures adopted at the request of the data subject (Article 6, paragraph 1, letter b) of the GDPR.

2.3 Botanical Club (Club Botanico)

The Botanical Club (Club Botanico) is a paid initiative currently under development, dedicated to those who wish to have preferential access to Etruscan Flower Experiences, exclusive materials, and private events.

The data provided in the Botanical Club section is processed for the following purposes:

  • Management of expressions of interest and Club membership;

  • Administrative and accounting management of the relationship (membership fees and payments for member-only Experiences), once the financial conditions have been defined and the service has been launched.

  • Operational communications related to membership (confirmations, updates, exclusive materials).

Legal basis for the expression of interest: consent of the interested party (Article 6, paragraph 1, letter a) of the GDPR, which can be revoked at any time.

Legal basis for managing registration and payments: performance of the contract to which the data subject is a party (Article 6, paragraph 1, letter b) of the GDPR) and fulfilment of legal obligations (Article 6, paragraph 1, letter c) of the GDPR) for accounting and tax obligations.

Payment data will be processed exclusively for the time necessary to execute the contractual relationship and fulfil the tax and accounting obligations required by Italian law, generally 10 years from the date of accounting entry.

3. Treatment methods

The data is processed using computerised tools and, where necessary, in paper form, adopting appropriate security measures to prevent unauthorised access, loss, destruction, or disclosure of the data. No automated decision-making processes or profiling activities are used.

The data collected is not currently used for direct marketing purposes, sending newsletters, or unsolicited promotional communications.

4. Retention period

Personal data collected through contact forms will be retained for a period of 3 (three) years from the date of receipt of the request, unless specific legal obligations require longer retention or the data subject exercises the right to erasure, to the extent applicable.

Data relating to Club membership and related payments will be retained for the terms established by applicable tax and accounting regulations, typically 10 years, starting from the accounting reference year.

5. Data recipients

Personal data will not be disclosed to third parties for commercial purposes. It may be disclosed exclusively to:

  • IT and hosting service providers necessary for the operation of the Site, including Squarespace Inc., based in the USA, which manages the website infrastructure;

  • any payment service providers, to the extent strictly necessary and subject to prior agreement and communication between Fiori Etruschi and the Client;

  • parties to whom disclosure is required by law or by order of the competent authorities.

Squarespace Inc. is compliant with the EU-US Data Privacy Framework. This mechanism may provide adequate guarantees for the transfer of data to the United States, subject to any regulatory updates or to its compliance status.

6. Transfer of data to third countries

The Site is hosted on the Squarespace platform, whose servers may be located outside the European Union. If data is transferred to the United States, it is legitimised under the adequacy decision under the EU-US Data Privacy Framework or by other appropriate safeguards provided by applicable law. For further information, please consult Squarespace's privacy policy.

7. Cookies and analysis tools

The Site uses technical cookies that are strictly necessary for its operation, as well as statistical analysis tools provided by Squarespace. These tools may collect data relating to traffic and use of the Site. For more information on the cookies used and their management options, please refer to the Site's Cookie Policy, where available.

8. Rights of the interested party

As a data subject, you have the right to:

  • access your personal data (Article 15 GDPR);

  • request rectification (Article 16 GDPR) or erasure (Article 17 GDPR);

  • obtain restriction of processing (Article 18 GDPR);

  • object to processing (Article 21 GDPR);

  • request data portability (Article 20 GDPR);

  • withdraw your consent at any time, without prejudice to the lawfulness of processing based on consent before its withdrawal;

  • file a complaint with the Italian Data Protection Authority.

To exercise the rights indicated above or for any request regarding the processing of your personal data, you can contact the Data Controller at the contact details indicated in point 1. The Data Controller will respond within the timeframes established by applicable law.

9. Updates to this policy

The Data Controller reserves the right to update this policy in the event of regulatory or operational changes. The updated version will be published on this page, indicating the revision date. It is recommended to consult this page periodically.

Last updated: April 19, 2026