Privacy Policy

Privacy Policy

pursuant to EU Regulation 2016/679 (“GDPR”)

Last updated: June 2026

SANSIMONE S.R.L. places great importance on protecting users’ privacy and is committed to processing personal data lawfully, fairly, and transparently.

This Privacy Policy explains how personal data is collected, used, and protected when users visit the Antica Erboristeria San Simone website and use its services.

1. Data Controller

The Data Controller is:

SANSIMONE S.R.L.
Via Ghibellina 190/R
50122 Florence (FI) – Italy
VAT / Tax Code: 07524660482
Email: info@anticaerboristeriasansimone.it

2. Types of Data Collected

We may collect the following categories of personal data:

Data voluntarily provided by the user

• first and last name
• email address
• phone number
• shipping and billing address
• information required to process orders
• information submitted through contact forms
• information entered in the personalized perfume questionnaire
• order history and purchase preferences

Automatically collected data

While browsing the website, the following information may be collected:

• IP address
• browser and device type
• website usage statistics
• pages visited
• browsing duration
• technical and statistical cookies

3. Purpose of Data Processing

Personal data is processed for the following purposes:

• allowing website navigation
• managing user registration and accounts
• processing orders and payments
• handling national and international shipping
• providing customer support
• sending newsletters and marketing communications (subject to consent)
• allowing users to create and save personalized perfumes
• improving website performance and user experience
• complying with legal, tax, and administrative obligations
• preventing fraudulent use of the website

4. Legal Basis for Processing

Personal data is processed on the basis of:

• performance of a contract or pre-contractual measures
• legal obligations
• user consent (newsletter and marketing)
• legitimate interest of the Data Controller in maintaining website security and improving services

5. Processing Methods

Data is processed using electronic and paper-based tools and appropriate security measures are adopted to prevent unauthorized access, loss, disclosure, or unlawful use.

Although every reasonable effort is made to protect personal data, no IT system can guarantee absolute security.

6. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected and in compliance with applicable legal obligations.

Order-related data may be retained for tax and accounting purposes according to applicable laws.

Marketing-related data will be retained until consent is withdrawn.

7. Newsletter and Marketing Communications

Users may voluntarily subscribe to the newsletter to receive:

• updates
• news
• promotions
• commercial communications
• information about products and activities

Users may unsubscribe at any time through the unsubscribe link included in emails or by contacting the Data Controller.

8. Payments

Online payments are securely managed through external payment providers such as:

• Stripe
• PayPal

The website does not store complete payment card details.

9. Third-Party Services

The website may use third-party services, including:

Google Analytics 4

Used to collect anonymous or aggregated statistics regarding website usage.

Google reCAPTCHA

Used to protect the website from spam and automated abuse.

Stripe and PayPal

Used for secure online payment processing.

The use of these services may involve data transfers outside the European Union in compliance with GDPR safeguards.

10. Hosting and Infrastructure

The website is hosted on Amazon Web Services (AWS) cloud infrastructure with appropriate technical and organizational security measures.

11. International Data Transfers

Some services used by the website may involve transferring data outside the European Union.

Such transfers are carried out in compliance with GDPR requirements and appropriate legal safeguards, including Standard Contractual Clauses approved by the European Commission.

12. User Rights

Users may exercise their rights under Articles 15-22 of the GDPR at any time, including:

• access to personal data
• rectification
• deletion
• restriction of processing
• objection to processing
• data portability
• withdrawal of consent

Requests may be sent to:
info@anticaerboristeriasansimone.it

Users also have the right to lodge a complaint with the competent Data Protection Authority.

13. Cookies

The website uses technical cookies and, subject to consent, statistical and marketing cookies.

Cookie preferences are managed through a dedicated cookie banner.

For more information, users may refer to the dedicated Cookie Policy.

14. Changes to this Privacy Policy

This Privacy Policy may be updated over time.

Any changes will be published on this page together with the updated revision date.