Privacy policy

WHY THIS INFORMATION?

Pursuant to Legislative Decree 196/2003 and Regulation (EU) 2016/679 (hereinafter "Regulation"), this page describes the methods of processing the personal data of users who consult the website of GMP srl accessible electronically at the following address: https://www.lafilledesfleurs.it

We inform the user that following consultation of this site, data relating to identified or identifiable persons may be processed.

This information does not apply to other sites, pages, or online services that may be accessible via hyperlinks published on the site.

Identity of the Data Controller

The data controller is GMP srl, with registered office in Milan (MI), Piazzale Biancamano 8 - postcode 20121

Data source and type of data collected

  • Data provided by the User

The Data Controller collects personal data provided by users:

  1. when purchasing a product/service offered. The data collected by the Data Controller may include, but is not limited to: personal data, contact information, location data, corporate and financial information; information relating to your creditworthiness, payment information, and VAT number.
  2. when creating an account/registering on the The data collected by the Data Controller may include, by way of example and not limited to: personal data, contact details.
  3. When sending a message using the addresses and/or contact forms on the site. The optional and voluntary sending of messages to the contact addresses, as well as the completion and submission of the forms on the site, entail the acquisition of the sender's contact information necessary to provide a response, as well as all personal data included in the

The data provided will be used with IT and telematic tools for the sole purpose of providing the requested service.

2) Browsing data

The Data Controller collects data relating to the user's use of the website. This information is acquired by the computer systems and software procedures used to operate the online portal during their normal operation. Furthermore, the transmission of this information is connected and inherent to the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and the user's IT environment.

This data, necessary for the use of web services, is also processed for the purpose of:

  • obtain statistical information on the use of services (most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
  • check the correct functioning of the services

Browsing data does not persist for more than seven days and is deleted immediately after its aggregation (except in the event of judicial authorities needing to investigate criminal offenses).

3) Cookies and other tracking systems

In order to make its services as efficient and easy to use as possible, this site uses cookies.

Therefore, when you visit the Site, a minimal amount of information is inserted into your device, such as small text files called "cookies," which are stored in your web browser's directory. There are different types of cookies, but essentially the primary purpose of a cookie is to make the Site function more efficiently and enable certain features.

For more information on the cookies used by this website, you can view the cookie policy at the following link.

link .

Purpose of the processing

Depending on the type of processing to be carried out, the Data Controller uses the data collected and/or provided by the User for the following purposes:

  • Process and fulfill orders, manage payments, communicate with you regarding your order, manage any returns, provide customer support, and allow product pickup. They will also be used to acquire pre-contractual data and information; exchange information for the purpose of executing the contractual relationship, including pre- and post-contractual activities; formulate requests or fulfill received requests; manage accounting and tax obligations;
  • carry out preliminary and subsequent activities following the request for registration/creation of the User Account, as well as for the fulfillment of any other obligations arising therefrom;
  • provide feedback to any communications, requests for information and/or services from users by sending a message using the addresses and/or contact forms on the site;
  • Manage and control risks, prevent potential fraud, insolvency, or default; prevent and manage potential disputes, and take legal action if necessary.



Legal basis for processing

With reference to the purposes indicated in the previous paragraph, the legal basis of the same is, in relation to the point:

  • the need to perform a contract to which the data subject is party or pre-contractual measures taken at the request of the data subject;
  • the need to perform a contract to which the data subject is party or pre-contractual measures taken at the request of the data subject;
  • the need to perform a contract to which the data subject is party or pre-contractual measures taken at the request of the data subject;
  • the need to pursue the legitimate interest of the data controller (in particular with regard to the prevention of fraud and insolvency).



Data recipients

The personal data processed by the Data Controller are not disseminated, meaning they are not disclosed to unspecified parties in any form, including making them available or simply for consultation.

However, they may be disclosed to employees of the Data Controller, or to persons authorized to process the data as they operate under the authority of the data controller. Based on their roles and work duties, these employees have been authorized to process the personal data, taking into account their respective skills and in accordance with the instructions given to them by the Data Controller.

The Owner has engaged third-party service providers in connection with the operation of the Website, such as hosting service providers, website service providers, IT maintenance service providers, as well as service providers that enable the integration of other functions into the Website that the User may use at his or her discretion.

These service providers, designated as Data Processors, are provided only with the personal data necessary to provide the respective services and are not permitted to use or disclose the data subjects' personal data for other purposes without the data subject's prior authorization.

The data may also be communicated, to the extent strictly necessary, to parties who, for the purposes of fulfilling orders or other requests or providing services related to the transaction or contractual relationship with the Data Controller, must supply goods and/or perform tasks or services on behalf of the Data Controller.

Finally, the data may be disclosed to parties authorized to access it pursuant to laws, regulations, and EU legislation.

Data transfer

Under no circumstances does the Data Controller transfer personal data to third countries or to international organisations.

However, we reserve the right to use cloud services. In this case, service providers will be selected from among those who provide adequate guarantees, as required by Article 46 of EU Regulation 2016/679.


Data retention

The Data Controller retains and processes personal data for the time necessary to fulfill the indicated purposes. Subsequently, the personal data will be retained and not further processed for the period established by applicable civil and tax regulations.

In the case of data provided for commercial promotion purposes for services other than those already acquired by the interested party, for which the interested party initially gave consent, these will be retained for 24 months, unless the consent given is revoked.

The data collected when you create an account will be retained for the entire duration of your registration and in any case for no longer than a maximum period of 12 (twelve) months of inactivity, or if, within this period, no Services have been associated and/or products purchased using the same registration.

It should also be added that, in the event that a user provides the Data Controller with personal data that is not requested or not necessary for the purpose of carrying out the requested service or for the provision of a service strictly connected to it,

GMP srl cannot be considered the owner of this data, and will proceed to delete it as soon as possible.



Rights of the interested party

In relation to the data processed pursuant to this information notice, the interested party is granted the right at any time to:

  • Request access to your personal data and related information from the Data Controller (Article 15 of the GDPR); the rectification of inaccurate data or the completion of incomplete data (Article 16 of the GDPR); the erasure of your personal data (if one of the conditions set forth in Article 17, paragraph 1 of the GDPR applies and in compliance with the exceptions set forth in paragraph 3 of the same article); the restriction of the processing of your personal data (if one of the conditions set forth in Article 18, paragraph 1 of the GDPR applies);
  • request and obtain from the Data Controller - where the legal basis for the processing is a contract or consent, and the processing is carried out by automated means - your personal data in a structured, commonly used, machine-readable format, including for the purpose of communicating such data to another data controller (so-called right to data portability - Article 20 of the GDPR);
  • object at any time to the processing of your personal data when there are particular situations that concern you (Article 21 of the GDPR);

Refusal to provide data

If the Data Subject fails to provide the data identified as necessary to perform the requested service, the Data Controller will not be able to proceed with the processing related to the management of the aforementioned service, nor with the obligations that depend on it.

If the data subject does not consent to the processing of personal data for the activities that require it, such processing will not take place for the same purposes, without this having an impact on the provision of other requested services, nor on those for which the data subject has already given consent. If the data subject has given consent and subsequently withdraws it or objects to the processing, their data will no longer be processed.

for such activities, without this entailing consequences or detrimental effects for the interested party and for any other services requested.


Automated decision-making processes

The Data Controller does not carry out processing consisting of automated decision-making processes on personal data.

In order to offer you Klarna's payment methods, we may transmit your personal data, such as contact information and order details, to Klarna at checkout so that Klarna can assess your suitability for their payment methods and personalize those payment methods. Your personal data transferred will be treated in accordance with Klarna 's privacy policy.