Skip to content

Privacy & Cookie Policy

1. Data Controller

Controller: Flora Fund, part of Master Charitable Trust

Registered address: 37 Fleet St. London, UK, EC4P 4DP

Website: https://flora-fund.org

Contact email: info@flora-fund.org

The Data Controller processes users’ personal data in accordance with EU Regulation 2016/679 (GDPR) and, where applicable, UK data protection law (UK GDPR and Data Protection Act 2018).

2. Types of Data Collected

2.1 Navigation data

The computer systems and software procedures used to operate this website automatically collect certain personal data whose transmission is inherent in the use of Internet communication protocols, including:

  • IP addresses or domain names of users’ computers and devices
  • URI/URL addresses of requested resources
  • Time and date of requests
  • Method used to submit the request to the server
  • File size received in response
  • Numeric code indicating the server response status
  • Browser and operating system information

2.2 Voluntarily provided data

Flora Fund does not currently collect personal data through contact forms, registrations, or newsletter subscriptions. Should such features be introduced in the future, this notice will be updated accordingly.

2.3 Cookies and tracking technologies

The website uses technical cookies necessary for page functionality. For details, please refer to Section 7 (Cookie Policy) below.

3. Purposes and Legal Bases for Processing

Navigation data is processed for the following purposes:

  • Enabling correct delivery of website services (legal basis: performance of a contract or pre-contractual measures – Art. 6(1)(b) GDPR / legitimate interests – Art. 6(1)(f) GDPR)
  • IT security and abuse prevention (legal basis: legitimate interests – Art. 6(1)(f) GDPR)
  • Compliance with legal obligations (legal basis: legal obligation – Art. 6(1)(c) GDPR)
  • Anonymous aggregated statistics on website usage (legal basis: legitimate interests – Art. 6(1)(f) GDPR)

4. Processing Methods and Retention

Data is processed using electronic and computer tools. Appropriate technical and organisational security measures are in place to prevent unauthorised access, loss, disclosure or unauthorised alteration of data.

Retention period: Server logs are retained for a maximum of 12 months, unless otherwise required by law. Anonymised aggregate data may be retained longer for statistical purposes.

5. Data Disclosure and Transfers

5.1 Categories of recipients

Personal data may be disclosed to:

  • Hosting and technical infrastructure providers (currently: GoDaddy / FTP Upload – servers located within the EU or in countries with an adequate level of protection)
  • IT service and website maintenance providers
  • Competent authorities, where required by law

5.2 Transfers outside the EEA

If data is transferred to third countries without an adequacy decision from the European Commission, the Controller will implement appropriate safeguards as provided by Chapter V of the GDPR (e.g. Standard Contractual Clauses – SCCs) or as applicable under UK GDPR.

6. Data Subject Rights

Under Articles 15–22 of the GDPR (and equivalent UK GDPR provisions), you have the right to:

  • Access: obtain confirmation as to whether your personal data is being processed and, if so, access your data (Art. 15)
  • Rectification: request correction of inaccurate personal data (Art. 16)
  • Erasure (‘right to be forgotten’): request deletion of your personal data (Art. 17)
  • Restriction: request restriction of processing (Art. 18)
  • Data portability: receive your personal data in a structured, commonly used, machine-readable format (Art. 20)
  • Objection: object to the processing of your personal data (Art. 21)
  • Withdrawal of consent: withdraw any consent given at any time, without affecting the lawfulness of processing based on consent before withdrawal
  • Lodge a complaint: with the relevant supervisory authority (in Italy: Garante per la Protezione dei Dati Personali – www.garanteprivacy.it; in the UK: ICO – ico.org.uk)

To exercise your rights, please contact the Controller at: info@flora-fund.org

7. Cookie Policy

7.1 What are cookies?

Cookies are small text files placed on your device (computer, tablet, smartphone) by websites you visit. They are stored and retransmitted to the same websites on subsequent visits. Cookies allow the site to recognise your device and remember certain preferences or past actions.

7.2 Types of cookies used

Strictly necessary technical cookies

These cookies are essential for the correct operation of the website and cannot be disabled. They do not store any personally identifiable data. They include:

  • Session cookies: maintain your session during browsing
  • Language preference cookies: store your selected language (IT/EN)
  • WordPress cookies (wp_*): technical cookies generated by the WordPress platform for correct site operation

Legal basis: legitimate interests (Art. 6(1)(f) GDPR); consent is not required for strictly necessary technical cookies.

Analytics cookies (if applicable)

Should the website use traffic analysis tools (e.g. Google Analytics), the relevant cookies will be listed in this section with their duration, purpose, and legal basis. Currently, the website does not use third-party analytics cookies. If introduced in the future, this notice will be updated and your consent will be sought.

Profiling and marketing cookies

The website does not use profiling or targeted advertising cookies.

7.3 How to manage cookies

You can manage your cookie preferences through:

  • Your browser settings (please refer to your browser’s help documentation for specific instructions)
  • Tools provided by third parties (e.g. Google Analytics Opt-out Add-on)

Please note that disabling technical cookies may impair the correct functioning of the website.

7.4 Third-party cookies

The website may include content or features provided by third parties (e.g. Google Fonts, embedded content services). Such third parties may set their own cookies. Flora Fund is not responsible for third-party cookies and encourages you to review their respective privacy policies.

8. Minors

This website is not directed at children under the age of 16 and the Controller does not knowingly collect personal data from minors. If data from minors is inadvertently collected and identified, it will be promptly deleted.

9. Changes to this Notice

The Controller reserves the right to make changes to this notice at any time by publishing the updated version on this website. Users are encouraged to review this page regularly. In the event of material changes, the Controller will inform users through available means.