illy is a leading brand in the super premium gourmet coffee sector and is sold in multiple distribution channels including cafes, hotels, retailers, restaurants, airlines, cruise ships, offices, and online—including illycaffè shops in key cities throughout North America. illy’s corporate culture is built on a shared passion for quality, teamwork, empowerment, and innovation with excellence and ethics as foundational values. illy takes your privacy seriously and offers the following details to describe how we collect, use, and protect the personal data you agree to share with us. illy caffè North America (also referred to as “we,” “our,” “us”) serves as illy’s US headquarters, and is located in Rye Brook, New York.
General Privacy Notice
1. What Information Do We Collect?
We collect your personal data whenever you interact with us and when you use the App. Generally, we will collect and process the following information:
- Account registration information: When you create an account with us, you provide us with your full name, email and your telephone number. You may also voluntarily provide us with additional personal data that will enhance your user experience. This may include a profile picture (if you have not signed-in via Facebook), your month of birth, and precise geolocation.
- Transaction information: We collect information relating to the orders that you make including valid payment method details. Payments are made through a payment processor, and we do not store your credit card information in our own systems. We will also collect information about your purchase history made available through the App. We may also review data relating to your completed transactions on successfully completed orders.
- Customer feedback and support: We will process the information that you give us whenever you contact us. We may make a copy of any correspondence with you for our training and quality purposes.
- Marketing opt ins and opt outs: We will process information about you when you have agreed to receive marketing and promotional material from us.
- Device information: We collect your device ID; IP address; device type; operating system and version; general geographic location (from your IP address); browser type; screen resolution; device manufacturer and model; language; interaction with QR codes; and use of loyalty cards. You may control some of this information through your device settings.
We also automatically collect certain information when you access, use, or interact with our App. We generally collect the following information when you use the App:
- Device information: We collect your device ID; IP address; device type; operating system and version; general geographic location (from your IP address); browser type; screen resolution; device manufacturer and model; language; and redemption of loyalty rewards. You may control some of this information through your device settings.
- Usage information: We collect information about your interaction with the App including the number, type and frequency of products that you order, the sections you have visited within the App, the time and date you have visited the App, the redemption of loyalty rewards made available through the App, the content you view and features you access, the basket value per order, and the time spent browsing the App.
2. What Do We Do With the Information We Collect?
We will ask you for personal data in certain fields on this App that we need for you to use the services. The personal data we collect is used only for the purpose we state at the time of collection or for purposes listed below. For example, our uses may include, but are not limited to, the following:
- To process transactions
- To process payments
- To manage internal business practices
- To provide support or other services
- To provide information based on your needs and respond to your requests
- To administer products and services
- To select content, improve quality, and facilitate the use of our Site
- To deliver personalized advertising to you
- To assess usage of products and services
- To communicate with you about events
- To update you on relevant products, services, offers, and opportunities
- To engage with third parties
- To protect our content and services from illegal or harmful activities
- To get feedback and input from you
- To protect our information assets as well as your personal data
- To assist in business sales or mergers
- To comply with Laws
To the extent that we collect certain demographic information about you, we may use this information in our market research, but we will do so only after we “anonymize” the data, i.e., remove information that would confirm your identity. We will not use your personal data, however, to send commercial or marketing messages to you unless we have your continued consent for which you will have the ability to opt out by sending an email to email@example.com.
3. Who Can Use the Information We Collect and How?
We may provide your personal data to third parties, or third parties may collect personal data from you on our behalf if we have contracted with that third party to provide some part of the information or service that you have requested. Other than those who act on our behalf, and except as explained in this Policy, personal data you provide at this Site will not be transferred to unrelated third parties, unless we have a legal basis to do so. However, please note that the personal data you transmit to this Site may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders.
4. What Are Your Rights Regarding Your Personal Data?
We respect your right to access and control your personal data, and you have choices about the data we collect from you. If we request personal data from you that is not necessary for the purposes of providing you with our products and services, then you may decline to provide that personal data. However, if you choose not to provide personal data that is necessary to provide a particular service, you may not have access to certain features of that service.
Regardless of where you live, you can always opt-out of marketing communications, correct or update your information, and implement technical measures to opt-out of targeted or behavioral advertising as outlines below:
Opt-Out of Email Marketing Preferences.
The e-mail communications we send you will generally provide an unsubscribe link, allowing you to opt-out of receiving future email or to change your contact preferences. E-mail communications may also include a link to directly update and manage your marketing preferences, if you have an online account with us. You can also change your contact preferences through your account on the Site or through the App. You can also request an opt-out by emailing firstname.lastname@example.org. Please remember that even if you opt out of receiving marketing emails, we may still send you important information related to your account and any orders that you have placed.
Opt-Out of Targeted Advertising.
You may opt-out of third party targeted advertising or data analytics in two ways: (i) by directly notifying a Network Advertising service provider via its opt-out tools (see above), or (ii) by using your browser’s Do Not Track (DNT) settings to indicate that you do not wish to receive targeted advertising based on your overall internet usage. For more information about DNT and how it works, please visit the Future of Privacy Forum’s website: http://www.allaboutdnt.com/.
We will make every reasonable effort to honor your DNT browser settings for opting out of receiving targeted third-party advertising based on your overall Internet usage. Please note that various browsers frequently update their technology and / or change their settings and business practices without advance notice, thus we may not have the latest information on how to honor your preferences. If you exercise either opt-out option—the cookie opt-out or the browser opt-out—you will continue to receive advertising, but such advertising may not relate to your specific interests, previous purchases, or search history.
Keep in mind, however, that you cannot opt-out of our contextual data analytics and advertising, which is based on your usage of only our Services. We will continue to serve you contextual advertising. We will also continue to monitor your usage and search or transaction history to provide us with analytics on how well our Services, features, and activities are functioning and used. We will also share this information within our company in an aggregated or anonymized form (meaning that no one individual person can be identified).
How Do You Correct and Update Your Personal Data?
Our goal is to keep all personal data that we hold accurate, complete, and up-to-date. Please let us know if you change your contact details. If you believe that any of your information is incorrect, incomplete, or out-of-date, you can update your personal details through your account on the Site, in the App, or by contacting email@example.com.
5. How Do We Protect the Personal Data We Collect?
We are committed to protecting the security of your personal data. Depending on the circumstances, we may hold your information in hard copy and / or electronic form. In either situation, we use technologies and procedures to protect your personal data. We review our strategies and methods update them as necessary to meet our business needs, changes in technology, and regulatory requirements. We take our security obligations seriously and so should you. While we are responsible for maintaining the security of this App, you must also access and use this App in a manner that is responsible and secure. In addition, we have implemented a series of policies, procedures, and training to address data protection, confidentiality, and security, and we update and review the appropriateness of these measures on a regular basis.
6. How Long Do We Retain the Data?
We retain personal data for as long as necessary to provide our Services and fulfill the transactions you have requested, or for other business purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. We are required by law to keep some types of information for certain periods of time (e.g., statute of limitations). If your personal data is no longer necessary for the legal or business purposes for which it is processed, then we will generally destroy or anonymize that information.
7. What is Our Policy if You Are an Underage Child?
We understand the importance of protecting the privacy of all individuals, especially the very young. Our services are intended for United States audiences over the age of 18. Our Site and its Services are not directed to children, and you may not use our Services if you are under the age of 13. You must also be old enough to consent to the processing of your personal data in the country or state where you live (in some countries, parents or guardians may consent on your behalf). Subscribing to our Services is restricted to adults who are either 18 years of age or older or as otherwise legally defined by the country or state where you live.
8. What Happens When You Link to a Third-Party Web Site?
10. What If You Have Questions?
Your California Privacy Rights
This California Privacy Notice (“Notice”) applies to “Consumers” as defined by the California Consumer Privacy Act (“CCPA”) as a supplement to other privacy policies or notices that we may issue. In the event of a conflict between any of our other policies, statements, or notices and this Notice, this Notice will prevail with regard to California Consumers and their rights under the CCPA.
Consistent with the CCPA, job applicants, current and former employees and contractors, and subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, are not considered Consumers for purposes of this Notice or the rights described herein.
1. Information We Collect and How We Use It
We collect personal data that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal data”).
The following is a description of our data collection practices, including the personal data we collect, the source of that information, the purposes for which we collect information, and whether we disclose that information to external parties. We may use any and all of the information for any purposes described in this Privacy Notice.
- We collect your name, and email address when you create an account or contact us via our App or Site. We use this information to provide our Services, respond to your requests, identify and confirm sweepstakes entrants and notify sweepstakes winners, and send information and advertisements to you.
- We collect your social media handle and basic account information when you interact with our Services through social media such as Facebook, Instagram, or Twitter. We use this information to improve our Services, respond to your requests or complaints, and send information and advertisements to you.
- We collect a unique numerical identifier, assigned to you by a first-party cookie, automatically when you use our Services in order to identify you, provide our services, prevent fraud, and provide you with targeted information and offers.
- We collect your IP address automatically when you use our Services. We use this information to identify you, gauge online activity on our mobile application, measure the effectiveness of online services, applications, and tools, and serve targeted advertisements based on your online activities.
- We collect your Device ID automatically when you use our Services. We use this information to monitor your use and the effectiveness of our Services, to identify you, and to provide you with targeted information and offers.
Personal DATA protected against security breaches (Cal. Civ. Code § 1798.80(e))
- We collect your name and phone number when you create an account or contact us via our App or Site. We use this information to provide our Services, respond to your requests, identify and confirm sweepstakes entrants and notify sweepstakes winners, and send information and advertisements to you.
- A service provider working on our behalf collects your payment information when you provide it to us, or to a service provider working on our behalf, when you complete a transaction. This information includes your credit card number or bank account number. This information is processed and stored securely. We use this information to facilitate payments and transactions.
PROTECTED CLASSIFIED INFORMATION
- We collect information about your age and birth month when you create an account with us. We use this information to confirm your eligibility for our Services and to provide you rewards on your birthday.
- When you engage in transactions with us, we create records of goods or Services purchased or considered, as well as purchasing or consuming histories or tendencies. We use this information to measure the effectiveness of our Services and to provide you with targeted information, advertisements, and offers.
- We collect information regarding your coffee machine, including model, serial number, place of purchase and proof of purchase when you register your machine on our Site. We use this information to confirm warranty status, provide product service, and notify you of safety recalls. We also use this information to provide you with targeted information, advertisements, and offers.
- We collect information about your purchases and tastes through interactive surveys on our Site and through consumer surveys. We use this information as part of our own metrics and to provide you with targeted information, advertisements, and offers.
- We collect information relating to marketing an ad campaign interaction with you when you click on an ad or open a marketing email. We use this information for marketing research purposes and to design, develop, market, sell, and/or improve products, services, and initiatives, including loyalty programs.
INTERNET OR OTHER SIMILAR NETWORK ACTIVITY
- We collect information about your browsing history, search history, and information regarding your interaction with our Sites, applications, or advertisements automatically when you utilize our Services or log into caffè Wi-Fi. We use this information to design, develop, market, sell, and/or improve products, Services, and initiatives, including loyalty programs and to better understand customers and prospective customers and enhance relationship by associating you with different devices and browsers that you may use.
- As described above, we collect your IP address automatically when you use your App or Site. We can determine your general location based on the IP address. We do collect your precise geolocation where you allow us to do so.
- If you contact us via phone, we may record the call. We will notify you if a call is being recorded at the beginning of the call. We do not collect your image or any thermal, olfactory, or similar information.
- If you visit our caffès we utilize CCTV to keep you, other customers, our staff, and business systems safe and secure.
- We may use photographs shared with us on social media for relationship building purposes.
PROFESSIONAL OR EMPLOYMENT RELATED INFORMATION
- We collect business information, including your name, company, and job title, and business contact details from you when send us a request through our Site. We use this information to reach out to you.
- We do not collect any information about the institutions you have attended. We may ask you for information regarding the level of education you have attained as part of marketing surveys. or the level of education you have attained.
- We do not collect information about your physiological, biological, or behavioral characteristics.
INFERENCES DRAWN FROM OTHER PERSONAL DATA
- We analyze or your actual or likely preferences through a series of computer processes uses data that you have provided or that we have collected from our business partners and add our observations to your internal profile. We use this information to gauge and develop our marketing activities, measure the appeal and effectiveness of our services, applications, and tools, and to provide you with targeted information, advertisements, and offers.
When we disclose personal data for a business purpose, we enter into an agreement that describes the purpose of the agreement and requires the recipient of the personal data both to keep it confidential and to not use it for any purpose except to perform the contract. The CCPA prohibits third parties who purchase the personal data we hold for you from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
Either we or our Service Providers also may use your information for the following Business Purposes (as defined in the CCPA) on a day-to-day basis:
- Auditing related to a current interaction with the consumer and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair existing intended functionality.
- Short-term, transient use, provided that the personal data is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.
- Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.