Privacy Notice

Information pursuant to EU Regulation 2016/679 ("GDPR")


When you browse our site you accept that our company collects some of your personal data, this information is intended to tell you what data we collect, why and how we use them.

What data are collected?

Basically we treat two types of data:


1) data provided by the user (when you register, enter some data that you need to take advantage of our services, such as:

address, email address and password


- first name


- date of birth


- sex


- city or municipality of reference


- telephone number

2)data that we collect automatically

technical data: eg IP address, browser type, information on your computer, data on the current (approximate) position of the instrument you are using;


data collected using cookies or similar technologies: for further information, please read the dedicated section.

How are the collected data used?

We use your data first to ensure access to our services and to improve the delivery (such as registration, communications related to the provision of the service, administrative, financial or accounting activities).

These treatments are necessary to properly deliver our services to users who join.

We also use the data collected, if you have expressly provided your consent, to inform you about promotional activities that may interest you.

Is the provision of data mandatory?

The provision of personal data is mandatory only for the processing necessary for the provision of services (any refusal for the purpose of providing the service makes it impossible to use the service); it is optional for promotional purposes and any refusal to give consent does not have negative consequences on the provision of the service offered on the website

Who are the subjects of the treatment?

The data controller is Erboristeria Lotus, in person of its legal representative pro-tempore, with registered office located in Cagnano Varano (FG), via Italia 4, P.Iva: 03459020719.

The data controller uses data controllers to achieve the aforementioned purposes.

The data collected as part of the provision of the service may be communicated to:

- companies that perform functions that are strictly connected and instrumental to the operations - even technical - of services

- and administrative and judicial authorities by virtue of legal obligations

Under no circumstances do we transfer or sell personal data to third parties.


Is it possible to obtain information, modifications, copying or deletion of personal data?

Any natural person who uses our service can:

- obtain from the owner, at any time, information about the existence of personal data, the origin of the same, the purposes and methods of treatment and, if present, to obtain access to personal data and information referred to in Article 15 of the GDPR;

-require the updating, rectification, integration, deletion, limitation of data processing in the event one of the conditions provided for in Article 18 of the GDPR occurs, the transformation into anonymous form or blocking of personal data, processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected and / or subsequently processed;

- to oppose, in whole or in part, for legitimate reasons, to the processing of data, even if pertinent to the purpose of the collection and processing of personal data provided for the purposes of commercial information or sending advertising material or direct selling or for completion market research or commercial communication. Each user also has the right to withdraw the consent at any time without prejudice to the lawfulness of the treatment based on the consent given prior to the revocation;

-receiving your personal data, provided knowingly and actively or through the use of the service, in a structured format, commonly used and readable by automatic device, and transmit them to another data controller without impediments;

- propose a complaint with the Italian Data Protection Authority.

We remind you that for any question or request related to your personal data and to respect your privacy you can write to the dedicated address.

How and for how long will your data be stored?

The retention of personal data will take place in paper and / or electronic / IT format and for the time strictly necessary for the fulfillment of the purposes detailed above, in compliance with your privacy and current regulations.

For direct marketing purposes we keep your data for a maximum period equal to that required by applicable law (equal to 24).

Invoices, accounting documents and transaction data are stored for 11 years under the law (including tax obligations).

In the case of the exercise of the right to be forgotten through the request for explicit cancellation of personal data processed by the owner, we remind you that such data will be kept, in a protected form and with restricted access, only for purposes of ascertainment and repression of crimes. no more than 12 months from the date of the request and will subsequently be securely deleted or anonymised irreversibly.


How do we ensure the protection of your data?

The data are collected by the aforementioned subjects, according to the indications of the relevant legislation, with particular regard to the security measures provided by the GDPR (Article 32) for their processing by computerized, manual and automated tools and with logic strictly related to the purposes already specified and in any case so as to guarantee the security and confidentiality of the data.


Is this information subject to change over time?

This information may be subject to change. If substantial changes are made to the use of data on the user by the Owner, the latter will notify the user by publishing them with the maximum evidence on their pages or through alternative or similar means.