Privacy policy for enrollment at the courses of Università del Caffè for Producers

Privacy policy statement in accordance with provisions of the Italian Privacy Law (art. 13 of D.Lgs. 196/03) and with European Law 95/46/EC (update at the date of the agreement)

Please, note that your personal data by you provided will be processed by illycaffè S.p.A. (Data Controller hereinafter also referred to as "illycaffè“ or “Company”) having its registered offices in via Flavia 110, Trieste, Italy (tel. +39.040.3890.111, fax +39.040.3890.490).
The data may be collected from the data subject or from  the organizers of the course (in this case only data necessary to verify attendance and therefore only for administrative-accounting purposes).
The data may be disclosed on behalf of illycaffè to all parties appointed according to law as persons in charge of the processing by illycaffè: legal department staff, staff of coffee procurement department, staff of Università del Caffè, IT staff also external to the Company, that can also carry out tasks of system administrators being appointed as such in this case, advisors also external to the Company - legal and administrative advisors, IT technicians that can also carry out tasks of system administrators being appointed as such in this case - employees of Data Processor external to the Company as specified below, employees of the internal Data Processor, trainees, teachers, transport and correspondence staff, also external to the Company. Moreover the data may be disclosed to any Data Processor appointed according to law (processing data on behalf of illycaffè), internal (including the Data Processor indicated below) and external to the Company (such as shipping and enveloping companies, information technology outsourcers that store data on their servers and software and hardware maintenance and management companies, and more generally companies/offices that carry out instrumental activities to illycaffè activities) always appointed by illycaffè according to law. The companies/external entities appointed Data Processor will process data either directly or through their employees/staff which are persons in charge of data processing on behalf of illycaffè, performing the same tasks as data processors as well as the administration/maintenance of processors/servers of external data processors hosting illycaffè data. Data processors and persons in charge of processing will retain data insofar it is necessary to perform the tasks assigned by illycaffè by only performing the actions needed to implement such tasks.
illycaffè S.p.A will process data either manually, on paper, using IT or telematic means in compliance with the D.Lgs. 196/03 on privacy protection (and also in compliance with the principles of fairness, lawfulness and transparency as well as privacy protection and privacy rights), it will file and process data for as long as ¡t ¡s needed to pursue the purposes specified ¡n this privacy statement and, in any case, for the time prescribed by the law, also adopting security measures and proper procedures to protect data. Data will exclusively be processed in compliance with the purposes specified ¡n this privacy statement. Data will be filed at the offices of illycaffé S.p.A and at the appointed data processors (as well as at any third parties to whom the data are disclosed).
The Data Processor, whom you may contact for everything relating to the use of the data, and especially to exercise the rights contained in art. 7 of D.Lgs. 196/03, within the times and by the procedures envisaged by the law, and to obtain the full, up-to-date list of the other Data Processors, is the Corporate Human Resources, Organization,  Processes and IT Director, who can be contacted for the purposes of this role at the addresses of illycaffè S.p.A. (written communications or enquiries must be addressed “to the Data Processors, the Corporate Human Resources, Organization,  Processes and IT Director, specifying the subject of “privacy”). Any changes to the Data Processor identified above or this privacy policy statement may be published on the “privacy policy” page of the website www.illy.com. You are therefore encouraged to visit this site, while information may also still be requested by the procedures envisaged by art. 9 of D.Lgs. 196/03.
Data may be processed by illycaffè:

  1. to enroll you in the course and manage the course;
  2. to comply with the requirements pursuant to the legislation in force, regulations or EU regulations and to assert or defend the rights of the Company in a court of law.

The provision of data for the for the purposes specified in letter A of this information is optional and the lack of such data will make impossible for you to enroll in the course.
he provision of data for the for the purposes specified in letter B of this information is necessary and the lack of such data will make impossible for you to enroll in the course or to continue any established relationship.
Please note that that for the purposes indicated in this information the processing may also occur without the consent of data subject pursuant to article 24, point a), b), f) of the D.Lgs. 196/03 and as they are also administrative-accounting purposes.

Section 7 of D.Lgs. 196/03 - Right to Access Personal Data and Other Rights

  1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him/her exist, regardless of their being already recorded, and communication of such data in intelligible form.
  2. A data subject shall have the right to be informed
    1. of the source of the personal data;
    2. of the purposes and methods of the processing;
    3. of the logic applied to the processing, if the latter is carried out with the help of electronic means;
    4. of the identification data concerning data controller, data processors and the representative designated as per Section 5(2); 
    5. of the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative(s) in the State’s territory, data processor(s) or person(s) in charge of the processing.
  3. A data subject shall have the right to obtain
    1. updating, rectification or, where interested therein, integration of the data;
    2. erasure, anonymization or blocking of data that have been processed unlawfully, including data whose retention is unnecessary for the purposes for which they have been collected or subsequently processed;
    3. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.
  4. A data subject shall have the right to object, in whole or in part,
    1. on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection;
    2. to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling or else for the performance of market or commercial communication surveys.

 

Please note that the data may also be communicated to the certification body for auditing purposes as already indicated in the privacy policy provided in the time of the sustainability checks carried out in the field.

Information updated as at 14/12/2017. Such update is carried out inside of policy of constant review of the informative ones.