Privacy policy for enrollment at the courses of Università del Caffè during events

Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force
 

  1. General information
    We inform you that personal data may be collected from the data subject or from the organizers of the course (in this case only data necessary to verify attendance and therefore only for administrative-accounting purposes).
     
  2. Purposes
    illycaffè may process data for the following purposes:
    1. to manage the course;
    2. to be compliant with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company in the appropriate offices.
       
  3. Mandatory nature of the provision
    The provision of data for the for the purposes specified in letter A of this information is optional and the lack of such data will make impossible for you to enroll in the course. The provision of data for the for the purposes specified in letter B of this information is necessary and the lack of such data will make impossible for you to enroll in the course or to continue any established relationship.
    Please note that that for the purposes indicated in this information the processing may also occur without the consent of data subject.
     
  4. Data recipient categories
    illycaffè may disclose collected data for the purposes of point 2, letter B of this privacy policy, to public authorities, the judiciary, the police, lawyers/ solicitors, the post office, to couriers/shippers (when notices must be sent); for the purposes of point 2, letter A of this privacy policy, data will not be disclosed. illycaffè will only disclose data which are essential for the achievement of each of the aims of the privacy policy.
    The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (legal department staff, staff of Università del Caffè, IT staff also external to the Company, that can also carry out tasks of system administrators being appointed as such in this case, advisors also external to the Company - legal and administrative advisors, IT technicians that can also carry out tasks of system administrators being appointed as such in this case - employees of Data Processor internal and external to the Company, trainees, teachers, transport and correspondence staff, also external to the Company) and Data Processor internal and external (eg. shipping and enveloping companies, information technology outsourcers that store data on their servers and software and hardware maintenance and management companies, and more generally companies/offices that carry out instrumental activities to illycaffè activities)
     
  5. Data retention
    Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
    - or legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
    - in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
     
  6. Data Controller and Data Protection Officer
    The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: infoprivacy@illy.com. There is also a Data Protection Officer available at the email address dpo@illy.com and at the addresses of the Company.
     
  7. Rights
    We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
     
  8. Complaints
    The data subject can always lodge a complaint with a supervisory authority whose references can be found on the website www.garanteprivacy.it/web/guest/home/footer/link.
     
  9. Legal Basis
    The legal basis the legal basis consists of legal obligations (Italian and European laws) as well as the legitimate interests of the Data Controller in the customer-supplier relationship.
     
  10. Processing procedures
    Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions in the different states in which illycaffè has its offices (in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims set forth in this privacy policy. Data will be filed at illycaffè S.p.A. offices and at the appointed data processors (as well as third parties who receive data as specified in point 4 of this privacy policy). Data will be entered in databases, including IT databases.
     

This privacy policy is updated as at 25/05/2018. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (email dpo@illy.com).