Last Updated: 28/11/2025
This Privacy Policy describes the processing of personal data carried out through the website https://www.fulcicult.com (hereinafter, the “Website”), in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable data protection laws.
By accessing or using the Website, you acknowledge that you have read and understood this Privacy Policy.
The Data Controller is:
Fulci
Registered office: Via Sarzana 41, 20159 Milano
Email: exhumedinfo@fulcicult.com
(If you want, I can fill these in for you.)
The personal data processed via the Website include the following:
During normal operation, the Website’s IT systems automatically acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols. Such data include:
IP address;
type of browser and device;
time of request;
pages visited and interactions with the Website;
diagnostic and technical data.
These data are processed solely for statistical purposes, security, and ensuring the Website’s proper functioning.
The Website uses:
technical and functional cookies (necessary for cart, login, checkout, session management);
analytical and third-party cookies (only if activated through plugins such as analytics or tracking pixels).
For further details, please refer to the Cookie Policy.
When placing an order, the following personal data are collected:
first and last name;
shipping and billing address;
email address;
phone number (if required for delivery);
order information and purchase history;
payment method (note: full card numbers are not stored on the Website).
Payment data are processed exclusively by external payment service providers (e.g., Stripe, PayPal), acting as autonomous data controllers or data processors, as applicable.
Personal data are processed for the following purposes:
order management;
payment processing;
shipping and delivery;
customer service communication strictly related to the purchase;
account management if the user creates an account.
Processing necessary for compliance with obligations arising from:
tax and accounting regulations;
orders from judicial or regulatory authorities;
consumer protection legislation.
Processing necessary for:
Website security, fraud prevention, and anti-abuse measures;
monitoring and improving Website performance;
maintaining server logs and diagnostic data.
Processing of aggregated or anonymized data for statistical purposes, only when compliant with GDPR and cookie regulations.
The processing of personal data is based on:
Art. 6(1)(b) GDPR — performance of a contract or steps prior to entering into a contract;
Art. 6(1)(c) GDPR — compliance with legal obligations;
Art. 6(1)(f) GDPR — legitimate interests pursued by the Controller;
Art. 6(1)(a) GDPR — user consent (solely for non-essential cookies and similar technologies).
Personal data are processed by automated and manual means, strictly in accordance with the purposes indicated and with appropriate technical and organizational security measures.
Personal data will not be disclosed indiscriminately but may be shared with:
hosting and IT service providers;
shipping and logistics companies;
payment service providers (Stripe, PayPal, etc.);
accountants, financial consultants, and legal advisors;
technical support personnel;
supervisory or judicial authorities, where required by law.
Such entities act as autonomous Data Controllers or, where applicable, Data Processors under Article 28 GDPR.
Personal data are retained for the following periods:
order and invoicing data: 10 years, pursuant to tax and accounting obligations;
shipping and logistics data: for the time necessary to complete the delivery;
customer service communications: for the duration necessary to manage the request;
analytics data: in accordance with the retention periods defined by the relevant third-party service;
server logs: retained for short periods (generally days or weeks), depending on security needs.
If third-party service providers (e.g. Google, Meta, Stripe) process data outside the European Union, such transfers are executed in compliance with Articles 44–49 GDPR through:
adequacy decisions;
Standard Contractual Clauses (SCCs);
supplementary measures when required.
Users may exercise, at any time, the rights provided by Articles 15–22 GDPR, including:
right of access;
right to rectification;
right to erasure (“right to be forgotten”);
right to restriction of processing;
right to data portability;
right to object to processing based on legitimate interests;
right to withdraw consent, where applicable;
right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).
Requests may be addressed to the Data Controller at: [email].
The Website uses the WooCommerce platform, which processes data required for:
shopping cart functionality;
checkout and order placement;
customer accounts;
order management and notifications.
WooCommerce uses essential cookies strictly necessary for the operation of the online store.
The Data Controller adopts appropriate organizational and technical measures, including:
SSL/HTTPS encryption;
firewalls and anti-malware systems;
access controls;
secure backups;
minimization and pseudonymization where possible.
The Data Controller reserves the right to amend or update this Privacy Policy at any time. Changes will be published on this page and will become effective upon publication.
For any inquiries concerning the processing of personal data or the exercise of your rights, you may contact the Data Controller at:
exhumedinfo@fulcicult.com
Via Sarzana 41, 20159 Milano
