Privacy Policy & Data Protection

DATA CONTROLLER

Il Giardino dei Tarocchi Shop operates this store and its website, including all related information, content, features, tools, products, and services, in order to provide you, the customer, with a curated shopping experience (the « Services »). Il Giardino dei Tarocchi Shop uses the Shopify platform, which enables us to provide you with the Services. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit, use, or make a purchase or other transaction through the Services, or otherwise communicate with us. If there is any conflict between our Terms of Service and this Privacy Policy, this Privacy Policy shall prevail with respect to the collection, use, and disclosure of your personal data.

Please read this Policy carefully. By accessing and using the Services, you confirm that you have read this Privacy Policy and understand how we collect, use, and disclose your personal data, as described herein.

The entity that collects, stores and manages the data relating to the www.ilgiardinodeitarocchi.it site is:
Fondazione Il Giardino dei Tarocchi
Località Garavicchio
58011 Capalbio
Province of Grosseto (Italy).

For any information, communication or request relating to the management of personal data, you can use the following references:
Fondazione IL GIARDINO DEI TAROCCHI
Legal HQ: Località Garavicchio – 58011 Capalbio (GR), Italy
Tel. (+39) 0564 895122
EMail.shop@ilgiardinodeitarocchi.it
Certified E-Mail (PEC): ilgiardinodeitarocchi[@]legalmail.it

Personal Information We Collect or Process


By « personal information » we refer to information that identifies or can reasonably be linked to you or another person. Personal information does not include data that is collected anonymously or in such a way that it can no longer be identified or linked to you.

We may collect or process the following categories of personal information (including inferences derived from it), depending on how you interact with the Services, where you live, and as permitted or required by applicable law:

  1. Contact Information: Including your name, address, billing address, shipping address, phone number, and email address.
  2. Financial information: including credit card, debit card, and financial account numbers, payment card information, transaction details, payment methods, payment confirmation, and other payment-related details.
  3. Account information: including username, password, security questions, preferences, and settings.
  4. Transaction information: including items viewed, added to cart, wishlisted, purchased, returned, exchanged, or erased, as well as past transactions history.
  5. Communications with us: this includes information you provide in direct communications, such as when you submit a customer support request for assistance.
  6. Device Information: including information about your device, browser or network connection, IP address, and other unique identifiers.
  7. Usage Information: this includes information regarding your interaction with the Services, including how and when you browse or interact with the Services.
    For operation and maintenance needs, www.ilgiardinodeitarocchi.it and any third-party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User’s IP address.Sources of Personal Information
    We may collect personal information from the following sources:
    *Freely provided by the User: for example, when you create an account, visit or use the Services, communicate with us or otherwise provide us with your data;
    *Provided by you for the provision of a service: from your device when you use our products or services or visit our websites, including through the use of cookies and similar technologies, or through registration to reserve entrances.
    *From our service providers: when we engage them to implement certain technologies and when they collect or process your personal data on our behalf.
    *Collected automatically during the use of www.ilgiardinodeitarocchi.it (e.g. website usage and navigation data).
    *From our partners or other third parties.

The Data requested by www.ilgiardinodeitarocchi.it in the fields marked with an asterisk (*) are mandatory. Failure to provide such data prevents the provision of the Service.
All other Data are optional, Users are free to refrain from communicating them, without this having any consequence on the availability of the Service or its operation.
For information on the use of cookies or other tracking tools by www.ilgiardinodeitarocchi.it or by the owners of third-party services used by www.ilgiardinodeitarocchi.it, please refer to the cookie policy.
The User, where the data are mandatory, must take care to indicate correct and updated data. In the event of an error in the entry, it must promptly correct them by means of a specific communication sent to the Data Controller. The Data Controller declines all responsibility for any damage resulting from the incorrect or inaccurate indication of data.
The User assumes responsibility for the Personal Data of third parties obtained, published or shared through www.ilgiardinodeitarocchi.it and guarantees that he/she has the right to communicate or share them, exempting the Data Controller from any liability towards third parties.

How We Use Your Personal Information

Depending on how you interact with us or what Services you use, we may use personal data for the following purposes:

  1. Provide, personalize, and improve the Services: we use your personal information to provide you with the Services, including to perform our contract with you, to process your payments, to fulfill your orders, to remember your preferences and items you are interested in, to send notifications to you related to your account, to process purchases, returns, exchanges or other transactions, to create, maintain and otherwise manage your account, to arrange for shipping, to facilitate any returns and exchanges, to enable you to post reviews, and to create a customized shopping experience for you, such as recommending products related to your purchases. This may include using your personal information to better tailor and improve the Services.
  2. Marketing and Advertising: we use your personal information for marketing and promotional purposes, such as to send marketing, advertising and promotional communications by email, text message or postal mail, and to show you online advertisements for products or services on the Services or other websites, including based on items you previously have purchased or added to your cart and other activity on the Services.
  3. Security and Fraud Prevention: we use your personal information to authenticate your account, to provide a secure payment and shopping experience, detect, investigate or take action regarding possible fraudulent, illegal, unsafe, or malicious activity, protect public safety, and to secure our services. If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password or other access details with anyone else.
  4. Communications: we use your personal information to provide you with customer support, to be responsive to you, to provide effective services to you and to maintain our business relationship with you.
  5. Legal Reasons: we use your personal information to comply with applicable law or respond to valid legal process, including requests from law enforcement or government agencies, to investigate or participate in civil discovery, potential or actual litigation, or other adversarial legal proceedings, and to enforce or investigate potential violations of our terms or policies.

HOW WE DISCLOSE PERSONAL INFORMATION


In specific circumstances, we may disclose your personal information to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:

  1. Shopify and third-party providers: who perform services on our behalf (IT management, payment processing, data analysis, customer support, cloud storage, logistics, and shipping).
  2. Business and marketing partners: to provide you with advertising services. For example, we use Shopify to support personalized advertising based on your online activity. Depending on where you live, you may have the right to request that we not share your information for targeted advertising.
  3. At your direction or consent: when you ask us to transmit information to third parties (e.g. to ship products or through the use of social widgets or integrated logins).
  4. Affiliates: within our corporate group.
  5. Corporate Actions: in connection with mergers, bankruptcies, legal obligations (search warrants or subpoenas), or to defend the rights of our users and the Services.

USING SHOPIFY

The Services are hosted by Shopify, which collects and processes personal information about your access to and use of the Services in order to provide and improve the Services for you. Information you submit to the Services will be transmitted to and shared with Shopify as well as third parties that may be located in countries other than where you reside, in order to provide and improve the Services for you. In addition, to help protect, grow, and improve our business, we use certain Shopify enhanced features that incorporate data and information obtained from your interactions with our Store, along with other SaaS (Software as a Service) providers, and the platform itself.

To provide these enhanced features, Shopify may make use of personal information collected about your interactions with our store, along with other SaaS, and with Shopify. In these circumstances, Shopify is responsible for the processing of your personal information, including for responding to your requests to exercise your rights over use of your personal information for these purposes. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights with respect to your personal information here Shopify Privacy Portal Link.

THIRD PARTY WEBSITES AND LINKS
The Services may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.

CHILDREN’S DATA


The Services are not intended to be used by children, and we do not knowingly collect any personal information about children under the age of majority according to the Italian jurisdiction. If you are the parent or guardian of a child who has provided us with their personal information, you may contact us using the contact details set out below to request that it be deleted. As of the Effective Date of this Privacy Policy, we do not have actual knowledge that we « share » or « sell » (as those terms are defined in applicable law) personal information of individuals under 16 years of age.

METHODS AND PLACE OF PROCESSING OF THE DATA COLLECTED


The personal data provided by the user are recorded and stored on the Data Controller’s servers and used for the provision of the services provided on the www.ilgiardinodeitarocchi.it website . The Data Controller has adopted the appropriate security measures aimed at preventing unauthorized access, disclosure, modification or erasure of Personal Data and monitors the use of the data by the Authorized Parties to use them. The processing is computer-telematic in nature.

LEGAL BASIS OF THE PROCESSING
I.the User has given consent for one or more specific purposes.
II. the processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures;
III. the processing is necessary to comply with a legal obligation to which the Data Controller is subject;
IV. the processing is necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the Data Controller;
V. the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties. However, it is always possible to request that the data controller clarify the specific legal basis for each processing activity and, in particular, indicate whether such processing is based on a legal obligation, required by a contract, or necessary for the performance of or for entering into a contract.
VI. The Data Controller processes the data only and exclusively for the provision of the service requested by the User through the www.ilgiardinodeitarocchi.it website and therefore for the fulfilment of a contractual service and for additional marketing purposes, possibly authorised by the User through explicit consent.

LOCATION

Data are processed at the Data Controller’s operating offices and in its servers. The User’s Personal Data may be transferred to a country other than the one in which the User is located but which guarantees the same security standards established by European legislation (EU Reg. 679/2016 – GDPR) or judged suitable on the basis of specific agreements or assessments.

RETENTION PERIOD

The Data are processed for the time required by the purposes for which they were collected and stored for the subsequent time, provided for or permitted by the applicable legislation in the specific situation.

Therefore:
Personal Data collected for purposes related to the execution of a contract (e.g. entrance booking) will be stored for 10 years: time provided for by the legislation on the storage of tax documentation.
Personal Data collected for marketing purposes will be stored for a maximum of 10 years, without prejudice to the possibility of revoking consent by the User.

Personal Data may be stored for a longer period (10 years) in compliance with a legal obligation or by order of an authority or in cases where they are necessary to exercise a right or defend one’s position in a dispute.

At the end of the retention period, the Personal Data will be deleted. Therefore, at the end of the term, the right of access, rectification and portability of the Data can no longer be exercised.

PURPOSE OF THE PROCESSING OF THE COLLECTED DATA


The User’s Data are collected to allow the Owner to provide its Services, as well as for the following purposes: Payment Management, Management of support and contact requests, Statistics, Contacts with the User, sending messages and Infrastructure Monitoring, according to the specific information provided below. For each purpose, it is indicated whether it is a service managed independently by www.ilgiardinodeitarocchi.it or by third-party companies as well as the references of the privacy policy.

CONTACTING YOU


CONTACT BY PHONE (www.ilgiardinodeitarocchi.it )
Users who have provided their telephone number may be contacted for commercial or promotional purposes (if they have expressed explicit consent) related to www.ilgiardinodeitarocchi.it , as well as to fulfill support requests.
Personal Data collected: telephone number.
This service is managed directly by www.ilgiardinodeitarocchi.it


CONTACT FORM SUBMISSION


By completing the contact form with their personal data, the User consents to its use for responding to requests for information, quotations, or any other purpose specified in the form header.
Personal Data collected: First name, last name, email address, and telephone number.
This service is managed directly by www.ilgiardinodeitarocchi.it .

NEWSLETTER


By registering for the mailing list or newsletter, the User’s e-mail address is automatically included in a list of contacts to whom e-mail messages containing information, including commercial and promotional information, relating to www.ilgiardinodeitarocchi.it may be sent .
Personal Data collected: surname, e-mail, first name and telephone number. This service is managed directly by www.ilgiardinodeitarocchi.it.

CONTACT MANAGEMENT AND MESSAGE DELIVERY


This type of service allows us to manage a database of e-mail contacts, telephone contacts or contacts of any other type, used to communicate with the User. These services may also allow the collection of data relating to the date and time of viewing the messages by the User, as well as the User’s interaction with them, such as information on clicks on the links included in the messages.

SELLING AND MANAGING PAYMENTS


The Personal Data collected is used for the provision of services to the User or for the sale of products, including payment processing and delivery. Depending on the payment method selected, collected data may include credit card details, bank account information for transfers, or other provided payment instruments.
Payment management services enable www.ilgiardinodeitarocchi.it to process payments via credit card, bank transfer, or other means. Such payment data is acquired directly by the respective payment service provider without being processed or stored by www.ilgiardinodeitarocchi.it . Additionally, some of these services may facilitate the delivery of scheduled communications, such as invoices or payment notifications. »

HANDLING SUPPORT AND CONTACT REQUESTS


This type of service allows www.ilgiardinodeitarocchi.it to manage support and contact requests received through the contact form. The Personal Data processed depends on the information provided by the User within the messages and on the tool used for communication.

INFRASTRUCTURE MONITORING


This type of service allows www.ilgiardinodeitarocchi.it to monitor the use and behavior of components of the same, to allow the improvement of performance and functionality, maintenance or troubleshooting. The Personal Data processed depend on the characteristics and methods of implementation of these services, which by their nature filter the activity of www.ilgiardinodeitarocchi.it


COOKIE


Cookies and similar technologies are very small text documents or code snippets that often contain a unique identification code and perform various functions, such as remembering your access data to the services, collecting statistical information about the pages you visit, identifying the browser and device you use, and selecting targeted content and communications based on your preferences. When you visit a website or use a mobile app, a computer asks your computer or mobile device for permission to save the file to your device and access the information. The information collected through cookies and similar technologies may include the date and time of your visit and how you use a particular website or mobile application.

FUNCTIONALITY AND USE OF COOKIES

Cookies ensure that you remain logged in while visiting our online shop, that all items remain in your shopping cart, that you can shop safely and that the site continues to function properly. Cookies also allow us to see how our site is being used and how we can improve it. In addition, depending on your preferences, our cookies may be used to present you with targeted advertisements in line with your personal interests.

Some cookies are necessary for the site to function properly. Some of the following actions can be performed through these cookies:

  • Store items in an online shopping cart.
  • Save your cookie preferences for this site.
  • Save your language preferences.
  • Log in to our portal (we need to check if you are logged in).
  • Manage home banking or credit card payments or other systems.
    Depending on the type of data they store and the duration of their stay on the user’s device, cookies can be divided into different categories:
  • Session or temporary cookies: expire or are deleted when you close your browser.
  • Persistent cookies: they have longer expiry dates (from a few minutes to entire months) depending on the function performed.
    Based on their purposes, they are further divided into:
  • Technical cookies: they manage the data necessary for viewing pages and facilitate navigation (for example, they avoid having to re-enter the user and password, remember the last page visited or the point of a video, adapt images to the device). They also allow aggregate statistical analysis on the most visited pages, but only anonymously.
  • Profiling cookies: they are used to analyze the interests and browsing habits of individual users, personalize navigation and provide content, including advertising, targeted to specific interests.
Cookies can be provided directly by the manager of the site you are visiting (first-party cookies) or, if the site relies on external services, by third parties (third-party cookies).

DISABLING OR REMOVING COOKIES

You can choose not to accept all cookies, except for those that are necessary. In your browser settings, you can change the parameters to ensure that cookies are blocked; most browsers provide explanations of this in the « Help » function. However, if you block cookies, you may not be able to take advantage of all the technical features of our site and this may negatively affect your user experience.
We have made it easy to manage consents through the following commands:
Change your consent / Withdraw your consent
Unique identity: ……………
Last modification of consent recorded on: ………
To view the consent audit, please contact your site administrator.

COOKIES USED ON OUR SITE

Necessary

Performance

Functional

STATISTICS COLLECTED DIRECTLY (www.ilgiardinodeitarocchi.it )


www.ilgiardinodeitarocchi.it uses an internal statistics system, which does not involve third parties.
Data is collected through Cookies and consists of Usage Data linked to an IP address. Service carried out directly by www.ilgiardinodeitarocchi.it .

GDPR APPLICABILITY

The applicability of the GDPR (General Data Protection Regulation) depends on the location of the organization processing the data, not the nationality or residence of the individual involved, therefore Il Giardino dei Tarocchi applies and is regulated by the GDPR.

Here is why the GDPR protects non-EU citizens in this scenario:

  1. The « Establishment » Criterion
Under
    Article 3(1), the GDPR applies to the processing of personal data carried out in the context of the activities of an establishment of a controller or a processor in the European Union.
  2. Universal Protection for « Natural Persons »
    The GDPR aims to protect the fundamental rights and freedoms of natural persons regarding data processing. The text does not limit this protection to « EU citizens » or « EU residents » when the data controller is based in Europe.
  3. Obligations in Case of a Breach (Data Breach)
    If a data breach occurs on a website managed by an Italian entity, the controller is required to:
Notify the supervisory authority, the Italian Garante Privacy: https://www.garanteprivacy.it within 72 hours if the breach poses a risk to the individuals’ rights.
Inform the affected data subjects, including non-EU citizens.

EXERCISE OF RIGHTS


According to the EU General Data Protection Regulation 679/2026 (GDPR), Data Subjects have specific rights to manage their personal data. Organizations (Data Controllers) must facilitate these requests and respond within set timeframes.

Right to be informed (GDPR Articles 12 to 14): Data subjects have the right to be informed about the collection and use of their personal data.
Right to access (GDPR Article 15): Data subjects have the right to view and request copies of their personal data.
Right to rectification (GDPR Article 16): Data subjects have the right to request inaccurate or outdated personal information be updated or corrected.
Right to be forgotten/Right to erasure (GDPR Article 17): Data subjects have the right to request their personal data be deleted. Note that this is not an absolute right and may be subject to exemptions based on certain laws.
Right to data portability (GDPR Article 20): Data subjects have the right to ask for their data to be transferred to another controller or provided to them. The data must be provided in a machine-readable electronic format.
Right to restrict processing (Article 18): Data subjects have the right to request the restriction or suppression of their personal data.
Right to withdraw consent (GDPR Article 7): Data subjects have the right to withdraw previously given consent to process their personal data.
Right to object (GDPR Article 21): Data subjects have the right to object to the processing of their personal data.
Right to object to automated processing (GDPR Article 22): Data subjects have the right to object to decisions being made with their data solely based on automated decision making or profiling.

HOW TO EXERCISE YOUR RIGHTS


To exercise their rights, Users may send a request to the contact details by writing to the Data Controller by writing to the address emailinfo@ilgiardinodeitarocchi.it, or through the appropriate contact form specifying the subject « ADMINISTRATIVE INFORMATION ».

Modalities should be provided for facilitating the exercise of the data subject’s rights under this Regulation, including mechanisms to request and, if applicable, obtain, free of charge, in particular, access to and rectification or erasure of personal data and the exercise of the right to object. The controller should also provide means for requests to be made electronically, especially where personal data are processed by electronic means. The controller should be obliged to respond to requests from the data subject without undue delay and at the latest within one month and to give reasons where the controller does not intend to comply with any such requests.

In the case of a person under the age of 14, the request must be authorized by the holder of parental responsibility, providing simultaneous proof of possession of this qualification.
In the event of violation of the rights set out in this Policy, pursuant to Article 77 of EU Reg. no. 2016/679, you may lodge a complaint with the competent Supervisory Authority based on your habitual residence, place of work, or place of violation of your rights: in Italy, all relevant information is available on the website: www.garanteprivacy.it .

DEFENCE IN COURT

The User’s Personal Data may be used by the Data Controller in court or in the preparatory stages of its possible establishment for the defense against abuses in the use of www.ilgiardinodeitarocchi.it or related Services by the User.
The User declares to be aware that the Owner may be obliged to disclose the Data by order of public authorities.

SPECIFIC INFORMATION


At the request of the User, in addition to the information contained in this privacy policy, www.ilgiardinodeitarocchi.it may provide the User with additional and contextual information regarding specific Services, or the collection and processing of Personal Data.

INFORMATION NOT INCLUDED IN THIS PRIVACY POLICY


Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact details.

RESPONDING TO « DO NOT TRACK » REQUESTS


www.ilgiardinodeitarocchi.it does not support « Do Not Track » requests.
To find out if any third-party services you use support them, please consult their respective privacy policies.

PRIVACY POLICY UPDATES

The Data Controller reserves the right to make necessary changes and updates to this privacy policy at any time by informing Users on this page and, if possible, on www.ilgiardinodeitarocchi.it and, if technically and legally feasible, by sending a notification to Users through one of the contact details held by the Data Controller. Please check this page regularly, referring to the date of last modification indicated at the bottom.
If the changes concern processing whose legal basis is consent, the Data Controller will collect the User’s consent again, if necessary. Last update: 10.04.2026


DEFINITIONS AND LEGAL REFERENCES


PERSONAL DATA (OR DATA)
Personal data is any information which, directly or indirectly, including in connection with any other information, including a personal identification number, identifies or identifies a natural person.

USAGE DATA
This information is collected automatically by www.ilgiardinodeitarocchi.it (including via integrated third-party applications). It includes: IP addresses or domain names of the computers used by Users connecting to the website; URI (Uniform Resource Identifier) addresses; the time of the request; the method used to submit the request to the server; the size of the file received in response; the numerical code indicating the server’s response status (e.g., success, error); the country of origin; the features of the visitor’s browser and operating system; various time-related details of the visit (such as time spent on each page); and details regarding the navigation path within the Application, specifically the sequence of pages visited and other parameters related to the User’s device and IT environment.

USER
The individual using www.ilgiardinodeitarocchi.it who, unless otherwise specified, coincides with the Data Subject.

DATA SUBJECT
The natural person to whom the Personal Data relates.

DATA PROCESSOR (OR PROCESSOR)
The natural person, legal person, public administration and any other entity that processes personal data on behalf of the Data Controller, as set out in this privacy policy.

DATA CONTROLLER (OR CONTROLLER)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data and the means adopted, including the security measures relating to the operation and use of www.ilgiardinodeitarocchi.it . The Data Controller, unless otherwise specified, is the owner of www.ilgiardinodeitarocchi.it .

WWW.ILGIARDINODEITAROCCHI.IT (OR THIS APPLICATION)
The hardware or software tool by which Users’ Personal Data is collected and processed.

SERVICE
The Service provided by www.ilgiardinodeitarocchi.it as defined in the relevant terms (if any) on this site/application.

EUROPEAN UNION (OR EU)
Unless otherwise specified, any reference to the European Union contained in this document is intended to extend to all current member states of the European Union and the European Economic Area.

COOKIE
A small portion of data stored within the User’s device.

LEGAL REFERENCES


This privacy policy concerns exclusively the Tarot Garden Foundation and the www.ilgiardinodeitarocchi.it website and is drawn up in application of art. Articles 13 and 14 of Regulation (EU) 2016/679 and related internal acts of Italian legislation.

CONTACTS:
GENERAL INFORMATION

Fondazione Il Giardino dei Tarocchi
Località Garavicchio
58011 Capalbio (GR) – Italia
Tel.(+39) 0564/895122
info[@]ilgiardinodeitarocchi.it
biglietteria
reservation[@]ilgiardinodeitarocchi.it