< back

back

Privacy policy for data collection via card for promotional purposes applicable to all initiatives not otherwise specified (rev01)

Privacy policy pursuant to Regulation EU 2016/679 (GDPR) and national legislation in force
 
  1. General information
    This privacy policy statement is full information in relation to the data provided in the card at one of the illy shop and/or illy caffè or in other situations. The undersigned company (illycaffè S.p.A., hereinafter also referred to as the "Company" or "illycaffè") hereby informs you that it will process the data you have provided in the card for the purposes listed in the following paragraphs. illycaffè may only require and process data which are instrumental to achieve the purposes of this privacy policy.
     
  2. Purposes 
    illycaffè may process data for the following purposes: 
    A. to send advertising communications/information on products-services-initiatives of illycaffè and its partners and market research and/or interviews for the evaluation of product-services of illycaffè, all by illycaffè to the telephone numbers (and therefore also through SMS/MMS) and post address (including the e-mail address through which you can receive regular newsletters) that you specified in the card (please note that the sending of SMS/MMS and e-mail will also be in electronically with the help of automated tools); 
    B. to comply with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company in the appropriate offices; 
    C. to receive a surprise via email on your birthday.
     
  3. Mandatory nature of the provision
    The provision of data for the purposes under point 2, letter A of this privacy policy is optional and the lack of them could make it impossible to be subject to the activities specified in this point at the addresses not conferred (In fact, you are always free to give even just one address. For example, you can communicate only the e-mail if you do not wish to receive SMS/MMS, or the phone if you wish to receive SMS/MMS messages or phone calls and not receive e-mail). Please note that for the purposes specified in point 2 letter A the consent is optional and the only consequence will be not to be subject to the activities by illycaffè; also if you have agreed to the processing you can always oppose to such activities at any time by getting in contact with the Data Controller. The provision of data for the purposes under point 2, letter B of this privacy policy is necessary for the purposes specified in this point and the lack of them could make it impossible to be subject to the activities specified in this privacy policy (always where you have agreed). The provision of data for the purposes under point 2, letter C of this privacy policy is optional and the lack of them could make it impossible to be subject to the activities specified in this point.
     
  4. Data recipient categories 
    illycaffè may disclose collected data for the purpose described in point 2, letter B of this privacy policy to couriers/shippers, to lawyers, legal advisors, public authorities, judiciary, police. For the purpose described in point 2, letter A of this information data may be disclosed by illycaffè to couriers/shippers. illycaffè discloses only the data essential to the pursuit of each purpose specified in this privacy policy. For the purpose described in point 2, letter C of this information data will not be disclosed to third parties. The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (managers, legal staff, mailing and enveloping staff also external to the Company, IT staff that may also perform the role of system administrators being appointed as such in this case, staff of the Data Processors internal and external, consultants also external to the Company- such as IT technicians that may also perform the role of system administrators being appointed as such in this case and quality staff- interns, staff in charge of the website also external to the Company, marketing staff also external to the Company, staff of illy shop and/or illy caffè, hostess also external to the Company, internal auditor) and to data processors internal and external to the Company (eg. enveloping and shipping companies, IT outsourcers, marketing company and more in general consultants performing instrumental activities such as legal and communication advisors).
     
  5. Data retention 
    Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
    - or legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
    - for the purposes described in point 2 lett. A of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;
    - for the purposes described in point 2 lett. C of this policy, the data can be retained until the withdrawal of consent;
    in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
     
  6. Data Controller and Data Protection Officer
    The Data Controller is illycaffè S.p.A., having its registered office in via Flavia, 110 – 34147-Trieste (TS), Italy, telephone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: infoprivacy@illy.com. There is also a Data Protection Officer available at the email address dpo@illy.com and at the addresses of the Company.
     
  7. Rights 
    We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
     
  8. Complaints 
    The data subject can always lodge a complaint with a supervisory authority whose references can be found on the website www.garanteprivacy.it/web/guest/home/footer/link
     
  9. Legal Basis
    The legal basis the legal basis consists of legal obligations (Italian and European laws) as well as the legitimate interests of the Data Controller in the customer-supplier relationship. Furthermore, for the purposes for which consent is provided, the legal basis is the consent itself.
     
  10. Processing procedures
    Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions in the different states in which illycaffè has its offices (in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims set forth in this privacy policy. Data will be filed at illycaffè S.p.A. offices and at the appointed data processors (as well as third parties who receive data as specified in point 4 of this privacy policy). Data will be entered in databases, including IT databases.
 
N.B. The consent can only be given by persons over 16 years, if the subject is under 16, he cannot use what is provided for in the purposes for which consent is required (eg. receiving commercial communication, ... ).
 
This privacy policy is updated as at 25/05/2018. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (email dpo@illy.com).