Privacy Policy: single integrated registration profile

Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force in Italy (D.Lgs.196/03)

 

1.   General information

illycaffè S.p.A. (hereinafter also referred to as the "Company" or "illycaffè") hereby informs you that it will process the data you have provided in the form or after filling your form for the purposes listed in the following paragraphs. illycaffè may only require and process data which are instrumental to achieve the aims of this privacy policy.

2.   Purposes and legal basis

illycaffè may process data for the following purposes:

A.   to grant you access to all the services, including interactive ones, of the illycaffè websites described in the Terms and Conditions and in any Purchase Conditions contained in various sections of the website of illycaffè (also belonging to other business group companies). All the services of the illycaffè websites can be accessed with the same credentials. In some cases, you may be required to provide further data that will be processed with your consent where necessary; the services include, among others, Facebook “Custom Audiences” feature (for further information please refer to: https://www.facebook.com/help/381385302004628). The processing is based on the following legal basis: consent;

B.   to deliver advertising communications/information on products, services, initiatives of illycaffè and its partners and to carry out market research and/or interviews for the evaluation of illycaffè product and services. For these purposes, illycaffè will use the e-mail address you provided in the registration form or other contact details provided also afterwards (please note that e-mails and SMS/MMS can also be sent through automated systems); the processing is based on the following legal basis: consent;

C.   to create a user target (targeting), based on the information collected by illycaffè about the user,  including the analysis of purchasing habits aimed at carrying out specific marketing and promotional activities, proposing direct sales and sending commercial communications, in accordance with the specific needs of the user which emerged from the targeting. For this purpose, the data will be processed also using databases and automated systems. Can be created a target both individual user and of homogeneous classes of users. In addition, it may also be possible to associate and compare data coming from different databases of illycaffè partners (subsidiaries or affiliates companies of illycaffè S.p.A. resident in the European Union and subsidiaries or affiliates companies of Gruppo illy S.p.A. resident in the Union European). Marketing and promotional activities, commercial communications and direct sales will be proposed to the user only if specific consent for such kind of processing has been given. The consent and provision of data for such purpose are optional; the processing is based on the following legal basis: consent;

D.  to fulfill an obligation established by law, by a regulation or by EU legislation (for this purposes the legal basis is the fulfillment of legal obligations) and for legitimate interests such as to assert or defend an illycaffè UK and illycaffè rights (for this purposes the legal basis is the pursuit of legitimate interests).

3.   Mandatory provision of data

The provision of data for the purposes described in point 2(A) of this privacy policy is optional and failure to provide them makes impossible to access and enjoy the services of illycaffè websites (including the impossibility of buying in the shop) with the same credentials. The consent for the purposes described in point 2(A) of this privacy policy is always optional. However, without consent, access to the services of illycaffè websites with the same credentials will not be allowed.  The provision of data for the purposes described point 2(B) of this privacy policy and the consent to its processing are optional. In case consent and provision is not given, there will be no consequences for the user besides the fact that they will not be subject to the activities referred to in point 2(B). Please note that even if the user consents to the processing for the purposes referred to in point 2(B) of this policy, they may revoke the consent given for any reason and object to the activities in question by contacting the data controller.

The provision of data for the purposes described in point 2(C) of this policy and the consent to its processing are optional. In case consent and provision is not given, there will be no consequences for the user besides the fact that they will not be subject to the activities referred to in point 2(C). Please note that even if the user consents to the processing for the purposes described in point 2(C) of this policy, they may revoke the consent given for any reason and object to the activities in question by contacting the data controller.

The provision of data for the purposes described in point 2(D) of this privacy policy is necessary; should data not be provided your request may not be fulfilled and relations may be truncated.

4.   Data addressee categories

Data, collected and processed for the purposes described in point 2(A) of this privacy policy will not be disclosed unless provision is made for special services, submitted to specific conditions and for which your explicit consent will be required where necessary. For the purposes indicated in point 2(B) and 2(C) of this information, the data will not be disclosed. For the purposes of point 2(D) of this privacy policy, illycaffè may disclose data to lawyers, solicitors, public authorities, the judiciary, the police, the post office (as the address is visible when sending any written material). illycaffè will only disclose data which are essential for the achievement of each of the aims of the privacy policy. The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (legal staff also external to the Company, marketing staff also external to the Company, staff in charge of the website also external to the Company - such as legal advisors, IT experts that may also perform the role of system administrators, and appointed as such, quality service staff and staff in charge of the administration of the website – IT system staff which may also be system administrators, and which are appointed as such, external relations staff also external to the Company, staff in charge of mailing and enveloping also external to the Company, internal auditors, trainees, staff of internal and external data processors) and to internal and external data processors (such as enveloping and shipping companies, IT outsourcers, marketing companies and more in general consultants performing instrumental activities such as legal and communication advisors). The list of Data Processors is always available by contacting the Data Controller.

5.   Data retention

Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:

-       for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;

-       for the purposes described in point 2(A) of this policy, the data can be retained until the withdrawal of consent or request for cancellation;

-       for the purposes described in point 2(B) of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;

-       for the purposes described in point 2(C) the data can be retained until the withdrawal of consent or request for cancellation not exceeding 12 months from their registration, save the effective transformation into anonymous form that does not allow, even indirectly or by linking other databases, to identify the data subjects;

in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.

6.   Data Controller and Data Protection Officer

The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: infoprivacy@illy.com. There is also a Data Protection Officer available at the email address dpo@illy.com and at the addresses of the Company.

7.   Rights

We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to exercising the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.

8.   Complaints

The data subject can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it.

9.   Profiling

The processing of data for the purposes referred to in point 2(C) of this policy can be considered as targeting. The profiling is based on consumers data in order to better understand their consumption habits and direct their purchases with targeted communications and to create a customer experience. The data are extracted and processed through software that creates a consumption target consisting in the indication of the actions carried out (e.g. participation in an event or program, purchase of certain products, filling out questionnaires) and on the analysis of certain characteristics that help define the customer category (e.g. age). However, this kind of processing does not constitute a particular risk to users’ privacy considering the type of basic targeting, that does not require data of a particularly delicate nature or that allows the detailed reconstruction of particularly reserved aspects of private life. Also, no legal effects are produced as a consequence of targeting that may affect the data subject and no decision is made on the basis of automated processing which is used only to create promotional messages in line with the tastes and habits of the user. Furthermore, the employees in charge of communication always filter out personal data when sending promotional content to the defined groups. The data subject always has the right to ask for human intervention, to express his opinion, to receive an explanation of the decision made and to contest the decision.

10.  Processing procedures

Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions (i.e. in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims described in this privacy policy. Data will be filed at illycaffè S.p.A. offices in Europe and at the appointed data processors (as well as third parties who receive data as independent data controllers as described in point 4 of this privacy policy). Data will be entered in databases, including IT databases.

We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A..

 

This privacy policy is updated as at 09/30/2020. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (e-mail dpo@illy.com).