1. General information
2. Purposes and legal basis
illycaffè may process data for the following purposes:
A. to grant you access to all the services, including interactive ones, of the illycaffè websites described in the Terms and Conditions and in any Purchase Conditions contained in various sections of the website of illycaffè (also belonging to other business group companies). All the services of the illycaffè websites can be accessed with the same credentials. In some cases, you may be required to provide further data that will be processed with your consent where necessary; the services include, among others, Facebook “Custom Audiences” feature (for further information please refer to: https://www.facebook.com/help/381385302004628
). The processing is based on the following legal basis: consent;
B. to deliver advertising communications/information on products, services, initiatives of illycaffè and its partners and to carry out market research and/or interviews for the evaluation of illycaffè product and services. For these purposes, illycaffè will use the e-mail address you provided in the registration form or other contact details provided also afterwards (please note that e-mails and SMS/MMS can also be sent through automated systems); the processing is based on the following legal basis: consent;
C. to create a user target (targeting), based on the information collected by illycaffè about the user, including the analysis of purchasing habits aimed at carrying out specific marketing and promotional activities, proposing direct sales and sending commercial communications, in accordance with the specific needs of the user which emerged from the targeting. For this purpose, the data will be processed also using databases and automated systems. Can be created a target both individual user and of homogeneous classes of users. In addition, it may also be possible to associate and compare data coming from different databases of illycaffè partners (subsidiaries or affiliates companies of illycaffè S.p.A. resident in the European Union and subsidiaries or affiliates companies of Gruppo illy S.p.A. resident in the Union European). Marketing and promotional activities, commercial communications and direct sales will be proposed to the user only if specific consent for such kind of processing has been given. The consent and provision of data for such purpose are optional; the processing is based on the following legal basis: consent;
D. to fulfill an obligation established by law, by a regulation or by EU legislation (for this purpose the legal basis is the fulfillment of legal obligations) and for legitimate interests such as to assert or defend illycaffè rights (for this purposes the legal basis is the pursuit of legitimate interests).
3. Mandatory provision of data
The provision of data for the purposes described in point 2(C) of this policy and the consent to its processing are optional. In case consent and provision is not given, there will be no consequences for the user besides the fact that they will not be subject to the activities referred to in point 2(C). Please note that even if the user consents to the processing for the purposes described in point 2(C) of this policy, they may revoke the consent given for any reason and object to the activities in question by contacting the data controller.
4. Data addressee categories
5. Data retention
Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
- for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
- for the purposes described in point 2(A) of this policy, the data can be retained until the withdrawal of consent or request for cancellation;
- for the purposes described in point 2(B) of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;
- for the purposes described in point 2(C) the data can be retained until the withdrawal of consent or request for cancellation not exceeding 12 months from their registration, save the effective transformation into anonymous form that does not allow, even indirectly or by linking other databases, to identify the data subjects;
in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
6. Data Controller and Data Protection Officer
The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: firstname.lastname@example.org
. There is also a Data Protection Officer available at the email address email@example.com
and at the addresses of the Company.
We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) access to personal data and rectification of them, erasure of data or restriction of processing concerning him/her, data portability; the data subject may also have the possibility to object to the processing of data and to exercise the other rights contained in Chapter 3 Section 1 of the GDPR including the right to withdraw consent, where applicable: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
The data subject, if he thinks that the processing of his personal data infringes the provisions of the GDPR and of privacy laws, can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it
10. Processing procedures
We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A..