illy is a leading brand in the super premium gourmet coffee sector and is sold in multiple distribution channels including cafes, hotels, retailers, restaurants, airlines, cruise ships, offices, and online—including illycaffè shops in key cities throughout North America. illy’s corporate culture is built on a shared passion for quality, teamwork, empowerment, and innovation with excellence and ethics as foundational values. illy takes your privacy seriously and offers the following details to describe how we collect, use, and protect the personal data you agree to share with us. illy caffè North America (also referred to as “we,” “our,” “us”) serves as illy’s US headquarters, and is located in Rye Brook, New York.
General Privacy Notice
1. What Information Do We Collect?
We collect your personal data whenever you interact with us and when you use the App. Generally, we will collect and process the following information:
We also automatically collect certain information when you access, use, or interact with our App. We generally collect the following information when you use the App:
2. What Do We Do With the Information We Collect?
We will ask you for personal data in certain fields on this App that we need for you to use the services. The personal data we collect is used only for the purpose we state at the time of collection or for purposes listed below. For example, our uses may include, but are not limited to, the following:
To the extent that we collect certain demographic information about you, we may use this information in our market research, but we will do so only after we “anonymize” the data, i.e., remove information that would confirm your identity. We will not use your personal data, however, to send commercial or marketing messages to you unless we have your continued consent for which you will have the ability to opt out by sending an email to email@example.com.
3. Who Can Use the Information We Collect and How?
We may provide your personal data to third parties, or third parties may collect personal data from you on our behalf if we have contracted with that third party to provide some part of the information or service that you have requested. Other than those who act on our behalf, and except as explained in this Policy, personal data you provide at this Site will not be transferred to unrelated third parties, unless we have a legal basis to do so. However, please note that the personal data you transmit to this Site may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders.
4. What Are Your Rights Regarding Your Personal Data?
We respect your right to access and control your personal data, and you have choices about the data we collect from you. If we request personal data from you that is not necessary for the purposes of providing you with our products and services, then you may decline to provide that personal data. However, if you choose not to provide personal data that is necessary to provide a particular service, you may not have access to certain features of that service.
Regardless of where you live, you can always opt-out of marketing communications, correct or update your information, and implement technical measures to opt-out of targeted or behavioral advertising as outlines below:
Opt-Out of Email Marketing Preferences.
The e-mail communications we send you will generally provide an unsubscribe link, allowing you to opt-out of receiving future email or to change your contact preferences. E-mail communications may also include a link to directly update and manage your marketing preferences, if you have an online account with us. You can also change your contact preferences through your account on the Site or through the App. You can also request an opt-out by emailing firstname.lastname@example.org. Please remember that even if you opt out of receiving marketing emails, we may still send you important information related to your account and any orders that you have placed.
Opt-Out of Targeted Advertising.
You may opt-out of third party targeted advertising or data analytics in two ways: (i) by directly notifying a Network Advertising service provider via its opt-out tools (see above), or (ii) by using your browser’s Do Not Track (DNT) settings to indicate that you do not wish to receive targeted advertising based on your overall internet usage. For more information about DNT and how it works, please visit the Future of Privacy Forum’s website: http://www.allaboutdnt.com/.
We will make every reasonable effort to honor your DNT browser settings for opting out of receiving targeted third-party advertising based on your overall Internet usage. Please note that various browsers frequently update their technology and / or change their settings and business practices without advance notice, thus we may not have the latest information on how to honor your preferences. If you exercise either opt-out option—the cookie opt-out or the browser opt-out—you will continue to receive advertising, but such advertising may not relate to your specific interests, previous purchases, or search history.
Keep in mind, however, that you cannot opt-out of our contextual data analytics and advertising, which is based on your usage of only our Services. We will continue to serve you contextual advertising. We will also continue to monitor your usage and search or transaction history to provide us with analytics on how well our Services, features, and activities are functioning and used. We will also share this information within our company in an aggregated or anonymized form (meaning that no one individual person can be identified).
How Do You Correct and Update Your Personal Data?
Our goal is to keep all personal data that we hold accurate, complete, and up-to-date. Please let us know if you change your contact details. If you believe that any of your information is incorrect, incomplete, or out-of-date, you can update your personal details through your account on the Site, in the App, or by contacting email@example.com.
5. How Do We Protect the Personal Data We Collect?
We are committed to protecting the security of your personal data. Depending on the circumstances, we may hold your information in hard copy and / or electronic form. In either situation, we use technologies and procedures to protect your personal data. We review our strategies and methods update them as necessary to meet our business needs, changes in technology, and regulatory requirements. We take our security obligations seriously and so should you. While we are responsible for maintaining the security of this App, you must also access and use this App in a manner that is responsible and secure. In addition, we have implemented a series of policies, procedures, and training to address data protection, confidentiality, and security, and we update and review the appropriateness of these measures on a regular basis.
6. How Long Do We Retain the Data?
We retain personal data for as long as necessary to provide our Services and fulfill the transactions you have requested, or for other business purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements. We are required by law to keep some types of information for certain periods of time (e.g., statute of limitations). If your personal data is no longer necessary for the legal or business purposes for which it is processed, then we will generally destroy or anonymize that information.
7. What is Our Policy if You Are an Underage Child?
We understand the importance of protecting the privacy of all individuals, especially the very young. Our services are intended for United States audiences over the age of 18. Our Site and its Services are not directed to children, and you may not use our Services if you are under the age of 13. You must also be old enough to consent to the processing of your personal data in the country or state where you live (in some countries, parents or guardians may consent on your behalf). Subscribing to our Services is restricted to adults who are either 18 years of age or older or as otherwise legally defined by the country or state where you live.
8. What Happens When You Link to a Third-Party Web Site?
10. What If You Have Questions?
Your California Privacy Rights
This California Privacy Notice (“Notice”) applies to “Consumers” as defined by the California Consumer Privacy Act (“CCPA”) as a supplement to other privacy policies or notices that we may issue. In the event of a conflict between any of our other policies, statements, or notices and this Notice, this Notice will prevail with regard to California Consumers and their rights under the CCPA.
Consistent with the CCPA, job applicants, current and former employees and contractors, and subjects of certain business-to-business communications acting solely in their capacity as representatives of another business, are not considered Consumers for purposes of this Notice or the rights described herein.
1. Information We Collect and How We Use It
We collect personal data that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal data”).
The following is a description of our data collection practices, including the personal data we collect, the source of that information, the purposes for which we collect information, and whether we disclose that information to external parties. We may use any and all of the information for any purposes described in this Privacy Notice.
Personal DATA protected against security breaches (Cal. Civ. Code § 1798.80(e))
PROTECTED CLASSIFIED INFORMATION
INTERNET OR OTHER SIMILAR NETWORK ACTIVITY
PROFESSIONAL OR EMPLOYMENT RELATED INFORMATION
INFERENCES DRAWN FROM OTHER PERSONAL DATA
When we disclose personal data for a business purpose, we enter into an agreement that describes the purpose of the agreement and requires the recipient of the personal data both to keep it confidential and to not use it for any purpose except to perform the contract. The CCPA prohibits third parties who purchase the personal data we hold for you from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
Either we or our Service Providers also may use your information for the following Business Purposes (as defined in the CCPA) on a day-to-day basis:
2. Do We “Sell” Your Personal Data?
We do not sell your name, address, phone number, or email address. However, on certain occasions, we also sell information to third parties. An external party may be considered a third party either because the purpose of sharing the personal data is not an enumerated business purpose under California law, or because our contract does not restrict them from using personal data for other purposes. To “sell” personal data means to disclose it to an external party for monetary or some other type of benefit doesn’t always mean that money is exchanged to be considered a “sale.” We may “sell” the following information:
3. How to Exercise Your Rights Under the CCPA
Under the CCPA you have the right to find out about the personal data that we have collected and how that information has been used or disclosed. You also have the right to request that we delete your personal data. If you wish to exercise any of the rights listed below, or if you would like additional information, please contact us at firstname.lastname@example.org.
The Right to Access and Know About Personal Data Collected, Disclosed, or Sold
You have the right to request that we disclose to you certain information about our collection and use of your personal data over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
For data portability requests, we will select a format to provide your personal data that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
The Right to Request Deletion of Your Personal Data
Subject to certain exceptions, you have the right to request that we delete any or all of the personal data that we collected from you and retained over the past 12 months. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal data from our records, unless an exception applies. You may request that only a portion of your personal data be deleted.
We may deny all or part of your deletion request if retaining your personal data is necessary for us or our Service Providers to:
The CCPA provides you with the right to opt out and stop businesses from selling your personal data. This right applies to all California consumers ages 16 or older and may be exercised at any time.
If you are 16 years of age or older, you have the right to direct us to not sell your personal data at any time (the "right to opt-out"). Our Sites and products are not intended for minors. We do not sell the personal data of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the "right to opt-in") from either the consumer who is at least 13 but not yet 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to the sale of their personal data may opt-out of future sales at any time.
How to exercise this right:
By contacting us at the toll-free number: 1-877-469-4559; or
By sending an email to email@example.com, providing details of your request;
The Right to Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights, and will not engage in the following behaviors:
Exercising Your Rights
When you exercise these rights and submit a request to us, we will verify your identity by asking for information about your relationship with us, such as your name, email address on file, billing or shipping address, phone number, or order number.
We try to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding your verifiable request's receipt. The response we provide will also explain the reasons we cannot comply with your request, if applicable.
4. Authorized Agents
You may authorize a natural person, or a business entity registered with the California Secretary of State, to act on your behalf to make a request to know about personal data collected or to delete your personal data.
To facilitate such an authorization, you must (i) verify your identity to us and provide that authorized agent written permission to make such a request or (ii) provide the authorized agent with power of attorney in your behalf pursuant to the California Probate Code sections 4000 to 4465.
The authorized agent must include those authorizations in your verifiable consumer request.
5. Notice of Financial Incentive
We will not discriminate against you in any manner prohibited by the CCPA because you exercise your CCPA rights. However, we may charge a different price or rate, or offer a different level or quality of goods or services, to the extent that doing so is reasonably related to the value of the applicable data. In addition, we may offer you financial incentives for the collection, sale, retention, and use of your personal data as permitted by the CCPA; such offers may result in reasonably different prices, rates, or quality levels. The material aspects of any financial incentive will be explained and described in our program terms. For details of our current financial incentive program and its terms, including how to opt-in or withdraw from your opt-in, and program benefits, refer to the program terms and conditions.
Please note that participating in incentive programs is entirely optional; participants affirmatively opt into the program, and can opt out of the program (i.e., terminate participation and forgo the ongoing incentives) by following the instructions in the program’s description and terms. We may add or change incentive programs and / or their terms by posting a notice on the program descriptions and terms linked to above, so check them regularly.
6. Children Under the Age of 16
We do not knowingly collect, solicit, or share personal data from children under the age of 16. If we have knowledge that a child under 16 has submitted personal data in violation of this Policy, we will delete that information as soon as possible. If you believe we may have obtained information in violation of this Policy, please email us at firstname.lastname@example.org or call us at 1-877-469-4559.
7. Questions about the CCPA
If you have questions or concerns regarding this statement, you should first contact us via email at email@example.com.
We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Notice, we will post the updated Notice on the Site and update the Notice’s effective date. Your continued use of our Site following the posting of changes constitutes your acceptance of such changes. If we are required by applicable data protection laws to obtain your consent to any material changes before they come into effect, then we will do so in accordance with law.
9. California Shine the Light Law
If you are a California resident and have an established business relationship with us and want to receive information about how to exercise your third party disclosure choices, you must send a request to the following address with a preference on how our response to your request should be sent (email or postal mail). You may contact us in two ways. Send an email to firstname.lastname@example.org.
Alternatively, you may contact us at:
ILLY CAFFÈ NORTH AMERICA
800 Westchester Avenue, Suite 440
Rye Brook, NY 10573
Attn: Your California Privacy Rights
c/o Privacy Administrator
For requests sent via email, you must put the statement “Your California Privacy Rights” in the subject field of your email. All requests sent via postal mail must be labeled “Your California Privacy Rights” on the envelope or post card and clearly stated on the actual request. For all requests, please include your name, street address, city, state, and zip code. (Your street address is optional if you wish to receive a response to your request via email. Please include your zip code for our own recordkeeping.) We will not accept requests via the telephone or by facsimile. We are not responsible for responding to notices that are not labeled or not sent properly, or do not have complete information.
Your Rights Under the EU General Data Protection Regulation (GDPR) (Regulation EU 2016/679) or in the UK under Data Protection Act 2018 (DPA 2018)
Please note that the App AND SITE AREis not directed to the European market and to people within the European territory.
The personal data described above may be stored on servers located in Europe. As a result, this data is protected and processed in accordance with the GDPR. The data processor for the storage of this personal data is illycaffè S.p.A., with its headquarters at: via Flavia 110, Trieste, Italy. illycaffè S.p.A. makes use of its own staff (IT technicians also external to illycaffè S.p.A, marketing staff, collaborators of data sub-processors and IT consultants) for server management and support for data analysis.
The following have been identified as data sub-processors to manage the servers hosting the personal data:
The list of other possible data sub-processor can be requested by writing to email@example.com.
Personal data is currently stored on these servers and processed only for the purpose of preservation and security, and therefore, pursuant to our legitimate interests including the protection of personal data and the hosting activities. Your personal data is not accessed in Europe unless it is necessary to perform technical activities. In addition, your personal data is not transmitted to other countries outside of Europe.
We retain personal data for as long as necessary to provide our Services and fulfill the transactions you have requested, or for other business purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.
By providing your personal data for the purposes described above, you consent to processing your personal data in Europe.
If we request personal data from you that is not necessary for the purposes of providing you with our products and services, then you may decline to provide that personal data. However, if you choose not to provide personal data that is necessary to provide a particular service, you may not have access to certain features of that service.
You may be able to exercise the following rights under the GDPR regarding your personal data stored in Europe:
You may also have the opportunity to object to the processing of personal data and to exercise the other rights contained in Chapter 3 of Section 1 of the GDPR including the right to revoke your consent, where required. (The revocation of your consent does not affect the legality of our processing based on the consent given before the revocation.)
These rights can be asserted by contacting illycaffè S.p.A. at its headquarters in via Flavia 110 in Trieste, Italy, phone +39.040.3890.111, fax +39.040.3890.490, e-mail firstname.lastname@example.org. illycaffè S.p.A. also has a Data Protection Officer available at email@example.com and at the above address in Trieste.
Finally, under the GDPR, you can always file a complaint with a supervisory authority. Because illycaffè S.p.A. (the data processor on behalf of illy caffè North America) is headquartered in Italy, the Italian Data Protection Authority is identified as the supervisory authority. Please see the information on the website www.garanteprivacy.it.
REST OF THE WORLD