Privacy policy for newsletter subscription and market research
Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force in Italy (D.Lgs. 196/03)
1. General information
illycaffè S.p.A. (hereinafter also referred to as the "Company" or "illycaffè") hereby informs you that it will process the data you have provided in the form and later for the purposes listed in the following paragraphs. illycaffè may only require and process data which are instrumental to achieve the purposes of this privacy policy.
2. Purposes and legal basis
illycaffè may process data for the following purposes:
A. to carry out advertising communications/information on products-services-initiatives of illycaffè and its partners and market research and/or interviews for the evaluation of product-services of illycaffè, all by illycaffè to the addresses that you provided in the form or other contact details provided later (please note that the sending of SMS/MMS and e-mail will also be in electronically with the help of automated tools); the processing is based on the following legal basis: consent;
B. to fulfill an obligation established by law, by a regulation or by EU legislation (for this purposes the legal basis is the fulfillment of legal obligations) and for legitimate interests such as to assert or defend the rights of the Company (for this purposes the legal basis is the pursuit of legitimate interests).
3. Mandatory provision of data
The provision of data and consent for the purposes under point 2(A) of this privacy policy are optional and the lack of them could make it impossible to be subject to the activities specified in this point. In addition, if you agreed to the data processing for the purposes described in this point, you may cancel your consent at any time by sending a notice to the Data Controller. The provision of data for the purposes under point 2(B) of this privacy policy is necessary and the lack of them could make it impossible to be subject to the activities specified in this privacy policy.
4. Data addressee categories
The collected and processed data may be communicated by illycaffè for the purposes described in point 2(B) of this information to carriers / shippers, lawyers and legal advisors, public authorities, judicial bodies, for the purposes of point 2(A) of this information data may be communicated by illycaffè to carriers / shippers. illycaffè will only communicate the personal data required for the pursuit of each purpose indicated in this information. The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (legal department staff, mailing and enveloping staff also external to the Company, IT staff that may also perform the role of system administrators being appointed as such in this case, staff of the internal and external Data Processors, consultants also external to the Company -such as IT technicians that may also perform the role of system administrators being appointed as such in this case and quality advisors- staff in charge of the website also external to the Company, interns, staff in charge of the website also external to the Company, marketing staff also external to the Company, internal auditor) and external data processor (appointed by illycaffè) and to internal and external Data Processors (e.g. enveloping and shipping companies, IT outsourcers, marketing companies and more in general consultants performing instrumental activities such as legal and communication advisors). The list of Data Processors is always available by contacting the Data Controller.
5. Data retention
Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
- or legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
- for the purposes described in point 2(A) of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;
in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
6. Data Controller and Data Protection Officer
The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: infoprivacy@illy.com. There is also a Data Protection Officer available at the email address dpo@illy.com and at the addresses of the Company.
7. Rights
We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to exercising the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
8. Complaints
The data subject can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it.
9. Processing procedures
Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions in the different states in which illycaffè has its offices (in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims set forth in this privacy policy. Data will be filed at illycaffè S.p.A. offices and at the appointed data processors (as well as third parties who receive data as specified in point 4 of this privacy policy). Data will be entered in databases, including IT databases.
We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A.
This privacy policy is updated as at 09/30/2020. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (e-mail dpo@illy.com).
EUROPE
We would like to remind you that by selecting a country, the price list, the catalogue and the shipping conditions may vary. The orders placed on www.illy.com/en-gb/home will be delivered only within the UK. Please use this menu to choose the country site where you would like to receive your order.