Privacy Policy - espressamente illy Reserved Area

Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force
  1. General information
    illycaffè S.p.A. (hereinafter also referred to as the "Company" or "illycaffè") hereby informs you the purposes and procedures of data processing (provided by you) of which it will be hold.
  2. Purposes 
    illycaffè may process data for the following purposes:
    A. to register you to the private area of the site, recognizing you as illycaffè Client; 
    B. to be compliant with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company in the appropriate offices.
  3. Mandatory nature of the provision
    Provision of data required on the registration form for the purposes described in point 2, letter A, of this privacy policy is optional, however, if the data are not provided, access to the private area and also to access to the services of the area itself will be denied.Provision of data (personal data, address and other information requested in the event of dispute or requests to exercise the rights) provided on the registration form or required also later on is necessary for the purposes described in point 2, letter B, of this privacy policy, and the lack of provision will make it impossible to register and then access on the private area, and/or impossible to keep the login credentials once you have registered.
  4. Data recipient categories 
    The data may be communicated by illycaffè for the purposes specified in point 2 letter B of this information (communicating only data that are necessary for the pursuit of these purposes) to: judicial authorities, tax police and public security and public bodies if there is an obligation to this disclosure, also to law firms and legal advisers and to post offices (being able to see the address for sending any written notices). For the purposes specified in point 2 letter A of this information, data will not be communicated by illycaffè. The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (administrative staff and management of illycaffè clients, transport and correspondence staff, including external to the Company, marketing staff and site management staff also external to the Company, IT technicians and IT staff that can also carry out tasks of system administrators, being appointed as such in this case, public relations staff, legal department staff, members of Board and Statutory Auditors, internal auditor, trainees, freelancers and consultants-employees also external to the Company acting under the direct responsibility of the Company, such as legal consultants, staff of the internal and external Data Processors) and to internal and external Data Processors to the Company (for example companies-professional studies who perform instrumental activities of illycaffè S.p.A. such as marketing activities, shipping and enveloping or call center activities, management public relationships, including information technology outsourcing company, management activities of the website).
  5. Data retention 

    Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:

    - for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;

    - for the purposes described in point 2 letter A of this policy, the data can be retained until the withdrawal of consent or request for cancellation;

    - in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.

  6. Data Controller and Data Protection Officer
    The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: There is also a Data Protection Officer available at the email address and at the addresses of the Company.
  7. Rights
    We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
  8. Complaints
    The data subject can always lodge a complaint with a supervisory authority whose references can be found on the website
  9. Legal Basis
    The legal basis the legal basis consists of legal obligations (Italian and European laws) as well as the legitimate interests of the Data Controller in the customer-supplier relationship. Furthermore, for the purposes for which consent is provided, the legal basis is the consent itself.
  10. Processing procedures
    Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions in the different states in which illycaffè has its offices (in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims set forth in this privacy policy. Data will be filed at illycaffè S.p.A. offices and at the appointed data processors (as well as third parties who receive data as specified in point 4 of this privacy policy). Data will be entered in databases, including IT databases.
N.B. The consent can only be given by persons over 16 years, if the subject is under 16, he cannot use what is provided for in the purposes for which consent is required (e.g. registration, ...).
This privacy policy is updated as at 06/08/2018. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (email