Last updated: [insert date]

1. Who We Are

[Company Name], [registered address], Tuscany, Italy (“we”, “us”, “our”) is the controller of your personal data for the purposes described in this policy. Website: https://botanicalsymphony.com. Contact: [privacy@yourdomain]. If appointed, Data Protection Officer (DPO): [dpo@yourdomain].

2. Scope

This policy explains how we collect, use, share, and protect personal data when you browse our Website and when you purchase our products online. It applies to visitors and customers in the EU/EEA and elsewhere.

3. Data We Collect

• Identity & Contact: name, billing/shipping address, email, phone.
• Account Data: username, password (hashed), order history, preferences.
• Order & Transaction: products purchased, order value, currency, status, delivery info.
• Payment: processed by third-party gateways (e.g., Stripe/PayPal/Apple Pay). We receive tokens/confirmations, not full card details.
• Communications: emails, contact form messages, support notes.
• Technical & Usage: IP address, device/browser data, pages viewed, interactions; collected via cookies and similar technologies (see our Cookie Policy).
• Age-Verification Data: confirmation you are of legal drinking age in your country/region.

4. Legal Bases (GDPR)

• Contract: to process and deliver your orders, manage your account.
• Consent: non-essential cookies/analytics/marketing; email marketing where required.
• Legitimate Interests: site security, fraud prevention, service improvement, limited direct marketing to customers (where permitted).
• Legal Obligation: invoices, tax/VAT, regulatory compliance (including alcohol sales restrictions).

5. How We Use Personal Data

• Provide the Website, shopping cart, checkout, and order fulfilment.
• Authenticate users, maintain accounts, remember preferences.
• Process payments via our payment processors.
• Communicate about orders, deliveries, and service updates.
• Provide customer support.
• Analyze usage (aggregated) to improve our products and site.
• Prevent fraud and ensure legal drinking age compliance.
• Send marketing communications if you opt in (you can unsubscribe anytime).

6. Sharing Your Data

We share data only as needed with trusted recipients who process it under our instructions:

• E‑commerce platform: WooCommerce and related plugins.
• Payment processors: e.g., Stripe, PayPal (they act as independent controllers for payment data).
• Hosting & infrastructure: web host, CDN, backup and security services.
• Analytics/Marketing: e.g., Google Analytics, Meta (only with your consent).
• Operational partners: couriers/shipping companies, email service providers.
• Legal/compliance: auditors, authorities when required by law.

We do not sell personal data.

7. International Transfers

If data is transferred outside the EEA/UK, we use appropriate safeguards (e.g., EU Standard Contractual Clauses, adequacy decisions) and assess local laws where necessary.

8. Retention

• Order & invoice records: kept for the period required by tax/accounting laws (typically 10 years in Italy).
• Account data: kept while your account is active; deleted or anonymized after inactivity for [X] months unless required longer by law.
• Marketing data: until you withdraw consent or object, then suppressed from future sends.
• Cookies: per durations listed in the Cookie Policy.

9. Your Rights (EU/EEA)

You have the right to access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent at any time. You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali): https://www.garanteprivacy.it/.

10. Children & Legal Drinking Age

Our Website and products are intended only for individuals of legal drinking age in their country/region. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us to delete it.

11. Security

We implement technical and organizational measures appropriate to the risk (TLS encryption, access controls, backups). No method is 100% secure, but we work to protect your data.

12. Third‑Party Links

Our Website may contain links to third‑party sites. We are not responsible for their privacy practices. Please review their policies.

13. Changes to This Policy

We may update this policy from time to time. We will post the new version with an updated “Last updated” date. Material changes may be notified via email or banner.

14. Contact

For questions or requests about this policy or your data rights, contact: [privacy@yourdomain] or write to: [Company Name], [registered address], Tuscany, Italy.

“`