1. General information
2. Purposes and legal basis
illycaffè may process data for the following purposes:
A. to grant you access to all the services, including interactive ones, of the illycaffè websites described in the Terms and Conditions and in any Purchase Conditions contained in various sections of the website of illycaffè (also belonging to other business group companies). All the services of the illycaffè websites can be accessed with the same credentials. In some cases, you may be required to provide further data that will be processed with your consent where necessary; the services include, among others, Facebook “Custom Audiences” feature (for further information please refer to: https://www.facebook.com/help/381385302004628). The processing is based on the following legal basis: consent;
B. to deliver advertising communications/information on products, services, initiatives of illycaffè and its partners and to carry out market research and/or interviews for the evaluation of illycaffè product and services. For these purposes, illycaffè will use the e-mail address you provided in the registration form or other contact details provided also afterwards (please note that e-mails and SMS/MMS can also be sent through automated systems); the processing is based on the following legal basis: consent;
C. to create a user target (targeting), based on the information collected by illycaffè about the user, including the analysis of purchasing habits aimed at carrying out specific marketing and promotional activities, proposing direct sales and sending commercial communications, in accordance with the specific needs of the user which emerged from the targeting. For this purpose, the data will be processed also using databases and automated systems. Can be created a target both individual user and of homogeneous classes of users. In addition, it may also be possible to associate and compare data coming from different databases of illycaffè partners (subsidiaries or affiliates companies of illycaffè S.p.A. resident in the European Union and subsidiaries or affiliates companies of Gruppo illy S.p.A. resident in the Union European). Marketing and promotional activities, commercial communications and direct sales will be proposed to the user only if specific consent for such kind of processing has been given. The consent and provision of data for such purpose are optional; the processing is based on the following legal basis: consent;
D. to fulfill an obligation established by law, by a regulation or by EU legislation (for this purposes the legal basis is the fulfillment of legal obligations) and for legitimate interests such as to assert or defend an illycaffè UK and illycaffè rights (for this purposes the legal basis is the pursuit of legitimate interests).
3. Mandatory provision of data
The provision of data for the purposes described in point 2(C) of this policy and the consent to its processing are optional. In case consent and provision is not given, there will be no consequences for the user besides the fact that they will not be subject to the activities referred to in point 2(C). Please note that even if the user consents to the processing for the purposes described in point 2(C) of this policy, they may revoke the consent given for any reason and object to the activities in question by contacting the data controller.
4. Data addressee categories
5. Data retention
Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
- for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
- for the purposes described in point 2(A) of this policy, the data can be retained until the withdrawal of consent or request for cancellation;
- for the purposes described in point 2(B) of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;
- for the purposes described in point 2(C) the data can be retained until the withdrawal of consent or request for cancellation not exceeding 12 months from their registration, save the effective transformation into anonymous form that does not allow, even indirectly or by linking other databases, to identify the data subjects;
in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
6. Data Controller and Data Protection Officer
The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: email@example.com. There is also a Data Protection Officer available at the email address firstname.lastname@example.org and at the addresses of the Company.
We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to exercising the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
The data subject can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it.
The processing of data for the purposes referred to in point 2(C) of this policy can be considered as targeting. The profiling is based on consumers data in order to better understand their consumption habits and direct their purchases with targeted communications and to create a customer experience. The data are extracted and processed through software that creates a consumption target consisting in the indication of the actions carried out (e.g. participation in an event or program, purchase of certain products, filling out questionnaires) and on the analysis of certain characteristics that help define the customer category (e.g. age). However, this kind of processing does not constitute a particular risk to users’ privacy considering the type of basic targeting, that does not require data of a particularly delicate nature or that allows the detailed reconstruction of particularly reserved aspects of private life. Also, no legal effects are produced as a consequence of targeting that may affect the data subject and no decision is made on the basis of automated processing which is used only to create promotional messages in line with the tastes and habits of the user. Furthermore, the employees in charge of communication always filter out personal data when sending promotional content to the defined groups. The data subject always has the right to ask for human intervention, to express his opinion, to receive an explanation of the decision made and to contest the decision.
10. Processing procedures
We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A..