PRIVACY

 

Section 1 - Privacy Policy: site’s general rules

Section 2 – Privacy policy for newsletter subscription and market research

Section 3 - Privacy Policy: single integrated registration profile

Section 4 – Privacy policy: order flow (without adding data in Address Book) or as a guest

Section 5 - Privacy Policy: order flow (with data added in Address Book)

Section 1 - Privacy Policy: site’s general rules

Why the present document

The present document describes how personal data of users are processed in this website. Data are processed in compliance with lawfulness and fairness requirements, in compliance with the applicable regulations and adopting proper security measures to protect data.

Data will be retained for the time required to achieve the purposes of the processing and in compliance with the applicable regulations.

This privacy policy is also intended as a summary notice, pursuant to EU 2016/679 to users of web services of this website to protect personal data that may be accessed electronically on:


www.illy.com/en-gb/content/home

the opening page of this website.

This privacy policy is strictly referred to the present website, not for other websites that users may access by clicking on the relevant links. These websites are independent data controllers (save as for the Company websites) and therefore reference must be made to the relevant policy.

This privacy policy is also based on the recommendation n. 2/2001 that the European Data Protection Authorities – i.e. members of the Working Group set up in line with article 29 of the directive 95/46/EC – adopted on 17 May 2011 to identify a series of minimum standards on online collection of personal data, in specific procedures, time limits and nature of data. Data controller are required to provide users with the relevant information when they visit their web pages irrespective of the aims of the access.

The server hosting the website is located at:

·        Salesforce.com Inc. in one of its data centers in Great Britain;

·        Engineering D.Hub S.p.A.- Via Carlo Viola 76  - 11026 Pont Saint Martin (AO) Italy;

·        Adobe Inc. on cloud Amazon Web Services of Frankfurt in Germany.

We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A.

Please, read all relevant privacy policies in this website.

Type of processed data and processing procedures

We inform you that the data will always be processed by illycaffè to comply with an obligation imposed by law, regulation or legislation and to enforce or defend a right of illycaffè. illycaffè may disclose data to public authorities, courts, police, lawyers/attorneys, post offices/shippers, if necessary.

Navigation Data

IT systems and software procedures of this website, in the framework of their regular operation, acquires some personal data whose transfer is implicit in the use of Internet communication protocols.

These data are not collected with a view to linking them to their holders. However, these are data that, by their very nature, with processing and cross-reference with data of third parties, may identify users.

This data category includes IP addresses or domain names of computers of users visiting the website, URI (Uniform Resource Identifier) addresses of required resources, the time of the request, the method used to send the request to the server, the size of the obtained file, the numeric code on the reply status of the server (sent, error, etc.) and other requirements of the operative system and the IT environment of users.

These data are used by illycaffè with the exclusive aim of collecting anonymous statistical information on the website use and to supervise its smooth operation, and they are deleted immediately after processing. Data may be used to determine any liability in the event of IT crimes against the website or, in general, against the Company.

Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support).

Data that users provide on a voluntary basis

The optional, explicit and voluntary sending of communications to the addresses of illycaffè S.p.A. (if there is not a special form that must filled out, including references to the relevant privacy policies) requires illycaffè to acquire the sender's address for the relevant reply as well as other personal data included in the communication (or in the relevant attachments). In this event (without forms that must filled out, including references to the relevant privacy policies), provision of data is not mandatory. However, should data or the relevant address not be provided, the relevant request cannot be fulfilled. By sending of communication, the sender authorises illycaffè to process data with a view to fulfilling the relevant requests.

illycaffè may process data, whether on paper or on IT support, both manually and with other IT or electronic means.

Depending on services requested, users are in any case advised to familiarise themselves with the contents of specific privacy statements as may be found in the various sections of the site

Data Controller and Data Protection Officer

he Data Controller is illycaffè S.p.A, having its registered office in via Flavia 110, in Trieste, ph. +39.040.3890.111, fax +39.040.3890.490. There is also a Data Protection Officer available at the email address dpo@illy.com and at the addresses of the Company.

Rights

We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.

Complaints

The data subject can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it

Legal Basis

The legal basis the legal basis consists of legal obligations (Italian and European laws) as well as the legitimate interests of the Data Controller in the relationship with the user. Furthermore, for the purposes for which consent is provided, the legal basis is the consent itself.

Notice and Disclosure Scope

No data from the web service (i.e. the above navigation data) may be notified or disclosed (except for notification to the judiciary or the police, if required).

As for processing based on the relevant forms in the website (i.e. registration), reference is hereby made to the relevant forms and any applicable rules.

The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (administrative staff, staff in charge of public relations also external to the Company, IT staff that can also carry out tasks of system administrators, also external to the Company, marketing staff also external to the Company, trainees, Data Processors and their staff, persons in charge of the specific area to which a request is made, site management staff also external to the Company) and to internal and external Data Processors (for example outsourcers in charge of mailing, marketing, administration and maintenance of servers, website administration). The list of Data Processors is always available by contacting the Data Controller

About persons in charge of data processing, please also refer to the specific information contained within the site depending on the required service.

The data provided by the user may be disclosed to the subjects for which there is an obligation pursuant to law or for legitimate interests such as to assert a right of the company; data may be disclosed to any carrier/freight forwarder for the dispatch of illycaffè material required; data may be communicated to the categories of persons eventually specified in the specific information in the various sections of the site.

Option to provide data and processing procedures

For a complete information on the processing of the data by illycaffè, we invite you to take vision of all the information contained within the various areas of application of the data and all sections of this privacy policy.

Definition of cookies

Cookies are small text files that are sent to your computer.
The site in question uses the following types of cookies:

A.    Technical session cookies

So-called session cookies are solely used for transmitting session identifying data in the form of numbers randomly generated by the server. These cookies are necessary to ensure secure and efficient site browsing.

Session cookies are used in this site precisely to ensure maximum user privacy during browsing as they do not permit acquisition of user’s personal details that would otherwise permit user identification and recognition. These cookies are processed with electronic means.

B.    Additional technical cookies

 illycaffè uses some technical cookies:

 - cookie of agreement: it is inserted to record the consent to the use of cookies analytics and / or profiling. You are free to delete cookies from your computer.

 - cookie shopping basket: it is used to fill the cart in shopping online.

 - additional technical cookies. There are other technical cookies essential for the proper operation of the website. These cookies allow you to provide the services requested by users and to browse the site using its best performance. This type of cookie cannot be disabled because it is necessary for the proper operation of the site.

C.    Analytic cookies

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google (Data Controller) will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website.

For further information please refer to http://www.google.com/policies/privacy/.

Our web site may use SessionCam for analysis. SessionCam is a product that has been developed by SessionCam LTD. SessionCam may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include bank details or any sensitive personal data. Data collected by SessionCam from illycaffè S.p.A. website is for illycaffè S.p.A. internal use only. The information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting.

For further information please refer to http://www.sessioncam.com/privacy-policy-cookies/.

D.    Profiling/advertising cookie of third parties

These cookies collect information about your browsing habits in order to offer advertising that is relevant and targeted to your interests. Your personal information will not be tracked, but you should visit the site http://www.youronlinechoices.com/it/ for more information. Removing these cookies will not be lost any functionality

Third parties are Data Controller, please refer to their privacy policy, below there is a list of the third parties:

GOOGLE ANALYTICS, ADWORDS, ADMOB, DOUBLECLICK for more information visit http://www.google.com/policies/privacy/

AUDIENCE STREAM for more information visit https://tealium.com/privacy/

CHANNEL ADVISOR for more information visit https://www.channeladvisor.com/privacy-policy/

SESSION CAM for more information visit https://sessioncam.com/privacy-policy-cookies/

DOUBLECLICK for more information visit http://www.google.com/policies/privacy/

CJ AFFILIATE BY CONVERSANT for more information visit https://www.conversantmedia.com/legal/privacy

QUANTCAST for more information visit https://www.quantcast.com/how-we-do-it/consumer-choice/privacy-policy/

PEBBLE POST for more information visit https://pebblepost.com/documents/privacy-policy

TURN e AMOBEE for more information visit https://www.amobee.com/trust/privacy-guidelines

MNIX for more information visit https://subscription.timeinc.com/storefront/privacy/tio/generic_privacy_new.html?dnp-source=E

LINKEDIN for more information visit https://www.linkedin.com/legal/privacy-policy

FACEBOOK for more information visit https://www.facebook.com/policy.php

SHOPSOCIALLY for more information visit https://shopsocially.com/platform/privacy-policy

PINTEREST for more information visit https://policy.pinterest.com/en/privacy-policy

SOCIOMANTIC for more information visit https://www.sociomantic.com/privacy/it/

EBAY for more information visit https://www.ebay.com/help/policies/member-behaviour-policies/user-privacy-notice-privacy-policy?id=4260

SHAREASALE for more information visit http://shareasale.com/PrivacyPolicy.pdf

LINQIA for more information visit http://www.linqia.com/privacy-policy/

CONVERSANT for more information visit http://www.conversantmedia.com/legal/privacy

BING for more information visit https://privacy.microsoft.com/en-us/privacystatement

PAYCLICK for more information visit https://payclick.it/it/privacy

TWITTER for more information visit https://twitter.com/it/privacy

AMAZON for more information visit https://www.amazon.com/gp/help/customer/display.html?nodeId=468496

DATAWAD for more information visit http://www.datawad.com/privacy/

MEDIAMIND for more information visit http://origin.www.mediamind.com/privacy-policy

YAHOO for more information visit https://policies.yahoo.com/xa/en/yahoo/privacy/index.htm

SMART AD SERVER for more information visit http://smartadserver.it/privacy-policy

TABOOLA for more information visit https://www.taboola.com/privacy-policy

ADFORM for more information visit https://site.adform.com/privacy-policy-opt-out/

RESPONSYS, BLUEKAI for more information visit https://www.oracle.com/legal/privacy/privacy-policy.html

CRITEO ADVERTISING for more information visit https://www.criteo.com/it/privacy/

DIGITALKEYS for more information visit https://www.digitalkeys.fr/politique-de-confidentialite/

SIZMEK VERSATAG for more information visit https://www.sizmek.com/privacy-policy/

illycaffè’s cookies are processed with electronic means.

How to delete Cookies

Most browsers allow you to reject/accept cookies. Below we present some practical information to disable cookies on major web browsers.

Chrome:

1.    Select the top right icon to open the personalization dropdown menu

2.    Select More tools.

3.    Select Clear browsing data.

4.    In the box that appears, select “Cookies and other site and plug-in data,” and "Cached images and files.”

5.    On the menu box at the top, select "beginning of time" to delete everything.

6.    Select Clear browsing data.

 

Mozilla Firefox

1.    Go to 'Tools' in the menu bar

2.    Click on 'Options'

3.    Click on 'Privacy Tab'

4.    Click on "Clear Now"

5.    Select "Cookies"

6.    Click on "Clear Private Data Now"

Internet Explorer

1.    Select “Tools”

2.    Select “Internet Properties”

3.    In “General” tab select “Delete…”

4.    Select the option “Cookie”

5.    Select “Delete”

Safari

1.    Click Safari then Preferences. Click on 'Privacy.'

2.    Click on 'Details.'

3.    You will see a list of websites that store cookies. You can remove single sites by clicking the 'Remove' button and selecting a site. If you want to clear all cookies, click 'Remove All.'

4.    When you have finished removing sites, click 'Done.'

 

How to browse without cookies

Google Chrome

1.    Select the top right icon to open the personalization dropdown menu

2.    Select “New Incognito Window”

 

Mozilla Firefox

1.    Select the top right icon to open the personalization dropdown menu

2.    Select “Select New Private Window”

 

Internet Explorer

1.    Select “Tools”

2.    Select “Safety”

3.    Select “InPrivate Browsing”

 

Safari

1.    Select the Gear icon to open the personalization menu

2.    Select “Private Browsing...”

3.    Click OK

 

Specific Notices

As already reported, this website includes other specific summary privacy policies in pages on services on request. Reference is hereby made to such privacy policies integrating this privacy policy.

N.B. The consent can only be given by persons over 14 years, if the subject is under 14, he cannot use what is provided for in the purposes for which consent is required (e.g. receiving commercial communication, ...).

This privacy policy is updated as at 15/05/2019.

 

Section 2 – Privacy policy for newsletter subscription and market research

Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force

1.   General information

Euro Food Brands Ltd. (hereinafter also referred to as the "Company" or “EFB”) hereby informs you that it will process the data you have provided in the form and later for the purposes listed in the following paragraphs. EFB may only require and process data which are instrumental to achieve the purposes of this privacy policy.

2.   Purposes

EFB may process data for the following purposes:

A.   to carry out advertising communications/information on products-services-initiatives of EFB and market research and/or interviews for the evaluation of services of EFB, to the addresses that you provided in the form or other contact details provided later (please note that the sending of SMS/MMS and e-mail will also be in electronically with the help of automated tools);

B.   to be compliant with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company.

3.   Mandatory nature of the provision

The provision of data and consent for the purposes under point 2, letter A of this privacy policy are optional and the lack of them could make it impossible to be subject to the activities specified in this point. In addition, if you agreed to the data processing for the purposes described in this point, you may cancel your consent at any time by sending a notice to the Data Controller. The provision of data for the purposes under point 2, letter B of this privacy policy is necessary and the lack of them could make it impossible to be subject to the activities specified in this privacy policy.

4.   Data recipient categories

The collected and processed data may be communicated by EFB for the purposes described in point 2, letter B of this information to carriers / shippers, lawyers and legal advisors, public authorities, judicial bodies, for the purposes of point 2 letter A of this information data may be communicated by EBF to carriers / shippers. EFB will only communicate the personal data required for the pursuit of each purpose indicated in this information. The data may be disclosed on behalf of EFB, each for own role, to all subjects delegated by EFB (legal department staff, mailing and enveloping staff also external to the Company, staff of the internal and external Data Processors, consultants also external to the Company -such as IT technicians and quality advisors- staff in charge of the website also external to the Company, trainees, staff in charge of the website also external to the Company, marketing staff also external to the Company, internal auditor) and external data processor (appointed by EFB) and to internal and external Data Processors (e.g. enveloping and shipping companies, IT outsourcers, marketing companies and more in general consultants performing instrumental activities such as legal and communication advisors). The list of Data Processors is always available by contacting the Data Controller.

5.   Data retention

Data will be retained by EFB for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:

-     or legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;

-     for the purposes described in point 2 letter A of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;

in any case, all data may be retained for a period necessary to assert or defend a company right according to British and European regulations.

6.   Data Controller

The Data Controller is the undersigned company Euro Food Brands Ltd. a company duly incorporated and validly existing under the laws of England & Wales, whose registered office is at The Pinnacle, 170 Midsummer Boulevard, Milton Keynes, MK9 1FE, Ph: +44 1604 821234 Fax: +44 1604 845667, e-mail sales@eurofoodbrands.co.uk..

7.   Rights

We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.

8.   Complaints

The data subject can always lodge a complaint with the British Supervisory Authority whose references can be found on the website https://ico.org.uk/.

9.   Legal Basis

The legal basis the legal basis consists of legal obligations (Italian and European laws) as well as the legitimate interests of the Data Controller in the relationship with the user. Furthermore, for the purposes for which consent is provided, the legal basis is the consent itself.

10.  Processing procedures

Data may be processed on paper, manually, with IT and electronic means (therefore, EBF may file data both on paper and IT support). EBF has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by EBF in compliance with its confidentiality requirements and with the applicable local provisions in the different states in which EBF has its offices (in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by EBF exclusively to achieve the aims set forth in this privacy policy. Data will be filed at EBF offices and at the appointed data processors (as well as third parties who receive data as specified in point 4 of this privacy policy). Data will be entered in databases, including IT databases.

We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A.

 

N.B. The consent can only be given by persons over 16 years, if the subject is under 16, he cannot use what is provided for in the purposes for which consent is required (e.g. receiving commercial communication, ...).

This privacy policy is updated as at 14/02/2019. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller.

Section 3 - Privacy Policy: single integrated registration profile

Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force

1.    General information

illycaffè S.p.A. (hereinafter also referred to as the "Company" or "illycaffè") hereby informs you that it will process the data you have provided in the form or after filling your form for the purposes listed in the following paragraphs. illycaffè may only require and process data which are instrumental to achieve the aims of this privacy policy.

2.   Purposes

illycaffè may process data for the following purposes:

A.   to access and make you enjoy the services of illycaffe websites, including interactive, provided in the Terms of Use and in any Terms of purchase contained in the various sections of the site by logging with the same credentials. In some cases, it may be required to give any further information that will be processed with your consent where required; among the services there is also the Facebook “Custom Audiences” feature (for further information please refer to: https://www.facebook.com/help/381385302004628;

B.   to carry out advertising communications/information on products-services-initiatives of illycaffè and its partners and market research and/or interviews for the evaluation of product-services of illycaffè, all by illycaffè to the addresses that you provided in the form or other contact details provided later (please note that the sending of SMS/MMS and e-mail will also be in electronically with the help of automated tools);

C.   in order to create, based on the information about the user in possession of illycaffè, a user profile (profiling) including the study of habits and consumer choices also deriving from analysis of the choices of products aimed at specific activities of marketing, promotion, direct marketing and business communications by illycaffè S.p.A., in accordance with the user's specific needs emerged from the profiling and also designed to analyze the choices and consumer habits of customers of illycaffè products. The processing for this purpose will also take place in databases in an automated modality. Can be created a profile both individual user and of homogeneous classes of users. In addition, it may also be possible to associate and compare data coming from different databases of illycaffè partners (subsidiaries or affiliates companies of illycaffè S.p.A. resident in the European Union and subsidiaries or affiliates companies of Gruppo illy S.p.A. resident in the Union European). Marketing activities, promotion, commercial communications and direct sales will be conducted only if the user has agreed to the processing for this purpose. Consent and provision of data for this purpose are optional and the user is free to purchase, register without agreeing to the data processing for this purpose. The only consequence of this lack will be that the user will not be subject to the activities indicated in this point;

D.   to be compliant with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company.

3.   Mandatory nature of the provision

Provision of data for the purposes described in point 2, letter A, of this privacy policy is optional and failure to provide them makes impossible to access and enjoy the services of illycaffè websites (including the impossibility of buying in the shop) with the same credentials. The consent for the purposes described in point 2, letter A, of this privacy policy is always not mandatory, but the lack of it makes impossible to access and possibly enjoy the services of the illycaffè websites (including the impossibility of buying in the shop) with the same credentials.  Provision of data for the purposes described point 2, letter B, of this privacy policy and the relative consent are not mandatory; failure to provide such data and the consent will have not consequences, except that you won’t receive any information (without any consequence on other purposes). Additionally, if you agreed to the data processing for the purposes described in point 2, letter B, of this privacy policy, you may cancel you consent at any time and without having to justify your decision (to unsubscribe) by sending a notice to the Data Controller.

As regards the purposes set out in point 2, letter C of this information, please refer to the same.

Data provision for the purposes described in point 2, letter D, of this privacy policy is necessary; should data not be provided, your request may not be fulfilled and relations may be truncated.

4.   Data recipient categories

Data, collected and processed for the purposes described in point 2, letter A, of this privacy policy will not be disclosed unless provision is made for special services, submitted to specific conditions and for which your explicit consent will be required where necessary. For the purposes indicated in point 2, letter B and C of this information, the data will not be disclosed. For the purposes of point 2, letter D, of this privacy policy, illycaffè may disclose data to lawyers, solicitors, public authorities, the judiciary, the police, the post office (as the address is visible when sending any written material). illycaffè will only disclose data which are essential for the achievement of each of the aims of the privacy policy. The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (legal staff also external to the Company, marketing staff also external to the Company, staff in charge of the website also external to the Company - such as legal advisors, IT experts that may also perform the role of system administrators, and appointed as such, quality service staff and staff in charge of the administration of the website – IT system staff which may also be system administrators, and which are appointed as such, external relations staff also external to the Company, staff in charge of mailing and enveloping also external to the Company, internal auditors, trainees, staff of internal and external data processors) and to internal and external data processors (such as enveloping and shipping companies, IT outsourcers, marketing companies and more in general consultants performing instrumental activities such as legal and communication advisors). The list of Data Processors is always available by contacting the Data Controller.

5.    Data retention

Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:

-     for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;

-     for the purposes described in point 2 letter A of this policy, the data can be retained until the withdrawal of consent or request for cancellation;

-     for the purposes described in point 2 letter B of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;

-     for the purposes described in point 2 letter C the data can be retained until the withdrawal of consent or request for cancellation not exceeding 12 months from their registration, save the effective transformation into anonymous form that does not allow, even indirectly or by linking other databases, to identify the data subjects;

in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.

6.   Data Controller and Data Protection Officer

The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: infoprivacy@illy.com. There is also a Data Protection Officer available at the email address dpo@illy.com and at the addresses of the Company.

7.   Rights

We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.

8.   Complaints

The data subject can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it.

9.   Legal Basis

The legal basis the legal basis consists of legal obligations (Italian and European laws) as well as the legitimate interests of the Data Controller in the relationship with the user. Furthermore, for the purposes for which consent is provided, the legal basis is the consent itself.

10.  Profiling

The processing of data for the purposes referred to in point 2 letter C of this privacy policy can be considered profiling. Profiling is based on consumer data in order to better understand his consumption habits and direct his purchases with targeted communications. The data are extracted and processed through software that create a consumption profile consisting in the indication of the actions carried out (adherence to an event, accessions to specific initiatives, purchase of certain products) and in the analysis of specific characteristics that can make better understand the customer category (e.g. age). This processing, however, does not constitute a particular risk for the data subject considering the type of basic profiling that does not require data of a particularly delicate nature or that allows the detailed reconstruction of particularly reserved aspects of private life. Moreover, they are not produced based on profiling, legal effects that affect the person concerned or that significantly affect his person, as no decision is made based on automated processing which is used only to send advertising material in line with the tastes and habits of the interested party. However, everything is always filtered by physical subjects who send it to the defined groups. The interested party always has the right to obtain human intervention, to express his opinion, to obtain an explanation of the decision obtained and to challenge the decision.

11.  Processing procedures

Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions (i.e. in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims described in this privacy policy. Data will be filed at illycaffè S.p.A. offices in Europe and at the appointed data processors (as well as third parties who receive data as independent data controllers as described in point 4 of this privacy policy). Data will be entered in databases, including IT databases.

We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A..

 

N.B. The consent can only be given by persons over 14 years, if the subject is under 14, he cannot use what is provided for in the purposes for which consent is required (e.g. receiving commercial communication, profiling, ...).

This privacy policy is updated as at 14/02/2019. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (e-mail dpo@illy.com).

Section 4 – Privacy policy: order flow (without adding data in Address Book) or as a guest

 

Privacy policy for Euro Food Brands Ltd. pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force

 

1.   General information

Euro Food Brands Ltd. (hereinafter also referred to as the "Company" or “EFB”)”) hereby informs you the purposes and procedures of data processing (provided by you of which will be hold.

Please note that your will indicate only your data (except as specified in point 3 letter F of this information) and/or data of the firm/company/institution represented by you.

2.   Purposes

EFB may process data for the following purposes:

A.   to fulfill obligations arising from the purchase contract, and therefore also for administrative-accounting purposes and for the order management. About the credit card information is you also refer to the contents of the payment section of the site;

B.   to be compliant with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company.

For the purposes described in point 2 letter A and B of this information, the processing can be carried out without the consent of data subjects.

3.   Mandatory nature of the provision

A.   The provision of data on the registration form marked as mandatory (those marked in bold) is necessary for the purposes specified in point 2 letter A of this information and therefore the refusal to provide it in whole or in part may make it impossible for the Company to execute the contract and then buying illycaffè products. The indication of the product to purchase and the method of payment is necessary to purchase the product (and then again for purposes specified in point 2 letter A of this information) and the lack of information will make it impossible to buy the product. As far as shipping information if different from billing you see to point 3 letter F of this information. About other data contained in the optional fields see also as shown below. Where not otherwise specified in this information data in optional fields can optionally be provided and the failure does not lead to any result other than that not to use such information (which may still be useful for the purpose in object).

B.   The provision of data (tax code or VAT number, personal details and address, billing information and purchase, other data that may be necessary in pursuance of legal obligations and legislation or regulations to enforce or exercise a right of EFB) for the purposes specified in point 2 letter B of this information is necessary and failure makes it impossible to register and/or to follow up the purchase contract.

C.   As far as shipping information if different from billing you see to point 3 letter F of this information. About data relating to VAT and company name will also see to point 3 letter E of this information. As far as credit card information see to point 3 letter D of this information. As for other data not marked in bold in the registration form and any other data provided, the provision is optional and failure to provide not lead to any result but to disregard such data that may be useful in some cases to better manage the order.

D.   As far as credit card information, your provision is optional and failure to make it impossible to pay by credit card.

E.   The provision of requested data in case of invoice request (such as that of the VAT and the company name) is optional, but failure to make it impossible to invoice with the data given, if required.

F.   The provision of data relating to alternative addresses to which to send the goods and/or a gift is optional but the missing data in bold will make it impossible to ship the material to the address indicated. Please note that for these activities, the user agrees on its own responsibility to obtain the consent of the subject of which indicates the data, send the goods to him address or indicate him as holder of the gift. In addition, user engages for these activities to inform the subject of which he communicates data to EFB (subject to which to send the goods or holder of the gift) that he will communicate data to EFB, so EFB can treat them (through persons in charge and data processors specified they must have knowledge to perform the tasks assigned by EFB) in order to send the material to the address and also informing him that EFB will give specific information about processing of data, putting him still aware immediately on that EFB may disclose data to carriers and shippers, and that provision of data is optional and failure to make it impossible to ship the goods to the address and/or to indicate the subject as a holder of the gift. You agree to obtain consent (where due) to communicate the data to EFB and their processing (therefore also consenting to the recording in databases EFB) by EFB for the purposes specified above in this section. User data will then be known even by those who receive the goods.

4.   Data recipient categories

The data may be communicated by EFB for the purposes specified in point 2 letter A of this information (communicating only data that are necessary for the pursuit of these purposes) to: banks for payments, carriers and forwarding agents, post offices, distributors, companies (including foreign) that contracts could be sold as provided in the contract of purchase (in which case it will be, with the assignment of the contract, including the transfer of data relating to the contract and its implementation and management), lawyers and legal consultants, companies audit where no appointed as data processor. For the purposes specified in point 2 letter A and B of this information, data may be communicated (by communicating only the data that are necessary for the pursuit of these purposes) by EFB to judicial authorities, tax police and public security and public bodies if there is an obligation to this disclosure, also to law firms and legal advisers and to post offices (being able to see the address for sending any written notices). The data may be disclosed on behalf of EFB, each for own role, to all subjects delegated by EFB (administrative staff, transport and correspondence staff, including external to the Company, marketing staff and site management staff also external to the Company, IT technicians and IT staff, public relations staff, legal department staff, members of Board and Statutory Auditors, internal auditor, trainees, freelancers and consultants-employees also external to the Company acting under the direct responsibility of the Company, such as It technicians, quality control consultants, legal consultants and auditors, staff of internal and external Data processors) and to internal and external Data processors (companies-professional studies who perform instrumental activities of EFB such as marketing activities, shipping and enveloping or call center activities, audit of accounts and management public relationships, including information technology outsourcing company based in other states). The list of Data Processors is always available by contacting the Data Controller.

5.    Data retention

Data will be retained by EFB for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:

-     for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;

-     for contractual purposes until the end of the relationship and even after the end of it for the period determined by British and European regulations, including in tax matters;

in any case, all data may be retained for a period necessary to assert or defend a company right according to British and European regulations.

6.   Data Controller

The Data Controller is the undersigned company Euro Food Brands Ltd a company duly incorporated and validly existing under the laws of England & Wales, whose registered office is at The Pinnacle, 170 Midsummer Boulevard, Milton Keynes, MK9 1FE, Ph: +44 1604 821234 Fax: +44 1604 845667, e-mail sales@eurofoodbrands.co.uk.

7.   Rights

We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.

8.   Complaints

The data subject can always lodge a complaint with the British Supervisory Authority whose references can be found on the website https://ico.org.uk/.

9.   Legal Basis

The legal basis the legal basis consists of legal and contractual obligations (British and European laws) as well as the legitimate interests of the Data Controller in the customer-supplier relationship. Furthermore, for the purposes for which consent is provided, the legal basis is the consent itself.

10.  Processing procedures

Data may be processed on paper, manually, with IT and electronic means (therefore, EFB may file data both on paper and IT support). EFB has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by EFB in compliance with its confidentiality requirements and with the applicable local provisions (i.e. in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by EFB exclusively to achieve the aims described in this privacy policy. Data will be filed at EFB offices and at the appointed data processors (as well as third parties who receive data as independent data controllers as described in point 4 of this privacy policy). Data will be entered in databases, including IT databases.

We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation. also, by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A..

This privacy policy is updated as at 14/02/2019. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller.

Section 5 - Privacy Policy: order flow (with data added in Address Book)

If you proceed to the e-shop registration (purpose specified in point 2 letter A of British, Italian, French and Chinese information), the registration data will be processed by Euro Food Brands Ltd., by illycaffè S.p.A. (in the offices of Italy, Spain, Germany, Netherlands, Austria), by illycaffè France s.a.s.,, by illy caffè North America Inc. and by illycaffè Shanghai Co. Ltd. and this is because you can always buy in more nations and with the recording you will not have to retype all the data every time (but only a few) where you want to buy in another country not one from which you register. At the time of purchase then, depending on the state in which you buy, the processing for the purposes arising from the purchase contract and then also to provide administrative, accounting and order management, will be made upon the nation in which the order was made. Below there are the information of Euro Food Brands Ltd., illycaffè S.p.A. and illycaffè France s.a.s. under the European laws on the processing of personal data, illy caffé North America Inc., illycaffè Shanghai Co. Ltd. 

Euro Food Brands Ltd., illycaffè S.p.A., illycaffè France s.a.s., illy caffé North America Inc. and illycaffè Shanghai Co. Ltd.  are Data Controller.

Privacy policy for Euro Food Brands Ltd. pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force

 

1.   General information

Euro Food Brands Ltd (hereinafter also referred to as the "Company" or “EFB”)”) hereby informs you (according to you to register to the site and shop and defining you also as "user" or "data subject") the purposes and procedures of data processing (provided by you and/or as a result of processing by the Company) of which will be hold. If you purchase and register as a legal representative of a firm/company/organization, per user or data subject shall be considered the firm /company/organization represented by you (which will be ​​the subject recorded and will purchase) and your data will be processed by the Company only to identify you as the legal representative and for the purposes specified in point 2 letter A, B, C, considering the consent to the processing of data provided (through you) by the firm/company/organization that you represent.

In addition, the consent for the purposes specified in point 2 letter A of this information, will be considered provided also by you in registering in the site your name as the legal representative of the firm/company/organization represented by you. Please see this information, also remembering to look over privacy policy of shop.illy.com. Registration allows you to not have to retype all the data every time (but only a few) and give the consents required. Please note that you are also free not to register (not so consenting to its processing) and still buy our products going into the section of this site where you can buy without register.

Please note that your will indicate only your data and/or data of the firm/company/institution represented by you.

2.   Purposes

EFB may process data for the following purposes:

A.   in order to allow the registration to the shop recognize you as a user registered and manage the recording (without the consent for such purposes you will not sign up and the consent will also be provided, as indicated above, to illycaffè S.p.A., to illycaffè France s.a.s., to illy caffè North America Inc., to illycaffè Shanghai Co. Ltd.);

B.   where you shall purchase, to fulfill obligations arising from the purchase contract, and therefore also for administrative-accounting purposes and for the order management. About the credit card information is you also refer to the contents of the payment section of the site;

C.   to be compliant with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company.

For the purposes described in point 2 letter B and C of this information, the processing can be carried out without the consent of data subjects. Therefore, this consent is not required.

3.   Mandatory nature of the provision

A.   The provision of data on the registration form marked as mandatory (those marked in bold) is necessary for the purposes specified in point 2 letter B of this information and therefore the refusal to provide it in whole or in part may make it impossible for the Company to execute the contract and then buying illycaffè products. The indication of the product to purchase and the method of payment is necessary to purchase the product (and then again for purposes specified in point 2 letter B of this information) and the lack of information will make it impossible to buy the product. As far as shipping information if different from billing you see to point 3 letter F of this information. About other data contained in the optional fields see also as shown below. Where not otherwise specified in this information data in optional fields can optionally be provided and the failure does not lead to any result other than that not to use such information (which may still be useful for the purpose in object).

B.   The provision of data (tax code or VAT number, personal details and address, billing information and purchase, other data that may be necessary in pursuance of legal obligations and legislation or regulations to enforce or exercise a right of EFB) for the purposes specified in point 2 letter C of this information is necessary and failure makes it impossible to register and/or to follow up the purchase contract.

C.   The provision of data specified as mandatory (those marked in bold) in the registration form in order of registration (point 2 letter A of this information) is optional but the absence of data will make it impossible to register the same. As far as shipping information if different from billing you see to point 3 letter F of this information. About data relating to VAT and company name will also see to point 3 letter E of this information. As far as credit card information see to point 3 letter D of this information. As for other data not marked in bold in the registration form and any other data provided, the provision is optional and failure to provide not lead to any result but to disregard such data that may be useful in some cases to better manage the order (see also refer to point 3 letter E of this information).

D.  As far as credit card information, your provision is optional and failure to make it impossible to pay by credit card.

E.   The provision of requested data in case of invoice request (such as that of the VAT and the company name) is optional, but failure to make it impossible to invoice with the data given, if required.

F.   The provision of data relating to alternative addresses to which to send the goods and/or a gift is optional but the missing data in bold will make it impossible to ship the material to the address indicated. Please note that for these activities, the user agrees on its own responsibility to obtain the consent of the subject of which indicates the data, send the goods to him address or indicate him as holder of the gift. In addition, user engages for these activities to inform the subject of which he communicates data to EFB (subject to which to send the goods or holder of the gift) that he will communicate data to EFB, so EFB can treat them (through persons in charge and data processors specified they must have knowledge to perform the tasks assigned by EFB) in order to send the material to the address and also informing him that EFB will give specific information about processing of data, putting him still aware immediately on that EFB may disclose data to carriers and shippers, and that provision of data is optional and failure to make it impossible to ship the goods to the address and/or to indicate the subject as a holder of the gift. You agree to obtain consent (where due) to communicate the data to EFB and their processing (therefore also consenting to the recording in databases EFB) by EFB for the purposes specified above in this section. User data will then be known even by those who receive the goods.

4.   Data recipient categories

The data will not be disclosed to third parties by EFB for the purposes specified in point 2 letter A of this information. The data may be communicated by EFB for the purposes specified in point 2 letter B of this information (communicating only data that are necessary for the pursuit of these purposes) both in Great Britain and abroad to: banks for payments, carriers and forwarding agents, post offices, distributors, companies (including foreign) that contracts could be sold as provided in the contract of purchase (in which case it will be, with the assignment of the contract, including the transfer of data relating to the contract and its implementation and management), lawyers and legal consultants, companies audit where no appointed as data processor. For the purposes specified in point 2 letter B and C of this information, data may be communicated in Great Britain and abroad (by communicating only the data that are necessary for the pursuit of these purposes) by EFB to judicial authorities, tax police and public security and public bodies if there is an obligation to this disclosure, also to law firms and legal advisers and to post offices (being able to see the address for sending any written notices). The data may be disclosed on behalf of EFB, each for own role, to all subjects delegated by EFB (administrative staff, transport and correspondence staff, including external to the Company, marketing staff and site management staff also external to the Company, IT technicians and IT staff, public relations staff, legal department staff, members of Board and Statutory Auditors, internal auditor, trainees, freelancers and consultants-employees also external to the Company acting under the direct responsibility of the Company, such as It technicians, quality control consultants, legal consultants and auditors, staff of internal and external Data processors) and to internal and external Data processors (companies-professional studies who perform instrumental activities of EFB such as marketing activities, shipping and enveloping or call center activities, audit of accounts and management public relationships, including information technology outsourcing company based in other states). The list of Data Processors is always available by contacting the Data Controller.

5.   Data retention

Data will be retained by EFB for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:

-     for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;

-     for contractual purposes until the end of the relationship and even after the end of it for the period determined by British and European regulations, including in tax matters;

-     for the purposes described in point 2 letter A of this policy, the data can be retained until the withdrawal of consent or request for cancellation;

in any case, all data may be retained for a period necessary to assert or defend a company right according to British and European regulations.

6.   Data Controller

The Data Controller is the undersigned company Euro Food Brands Ltd a company duly incorporated and validly existing under the laws of England & Wales, whose registered office is at The Pinnacle, 170 Midsummer Boulevard, Milton Keynes, MK9 1FE, Ph: +44 1604 821234 Fax: +44 1604 845667, e-mail sales@eurofoodbrands.co.uk.

7.   Rights

We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.

8.   Complaints

The data subject can always lodge a complaint with the British Supervisory Authority whose references can be found on the website https://ico.org.uk/.

9.   Legal Basis

The legal basis the legal basis consists of legal obligations British and European laws) as well as the legitimate interests of the Data Controller in the customer-supplier relationship. Furthermore, for the purposes for which consent is provided, the legal basis is the consent itself.

10.  Processing procedures

Data may be processed on paper, manually, with IT and electronic means (therefore, EFB may file data both on paper and IT support). EFB has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by EFB in compliance with its confidentiality requirements and with the applicable local provisions (i.e. in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by EFB exclusively to achieve the aims described in this privacy policy. Data will be filed at EFB offices and at the appointed data processors (as well as third parties who receive data as independent data controllers as described in point 4 of this privacy policy). Data will be entered in databases, including IT databases.

We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation. also, by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A..

N.B. The consent can only be given by persons over 16 years, if the subject is under 16, he cannot use what is provided for in the purposes for which consent is required (e.g. receiving commercial communication, profiling, ...).

This privacy policy is updated as at 14/02/2019. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data