Privacy policy of app illy of ILLY LOVERS program

Why this notice
This page describes how the App uses and processes the personal data of its users. The processing is always based on the principles of lawfulness and correctness in compliance with all current regulations. Suitable security measures are adopted to protect data.
The data will be stored for a period necessary for the purposes for which it is processed in compliance with current regulations.
This privacy policy is also available as a brief notice pursuant to Regulation (EU) 2016/679 to those who interact with the web services of this App, for the purpose of protection of personal data, accessible electronically.
This policy is valid only for this App belonging to illycaffè S.p.A. and not for other websites that the user may reach through links. Such websites are independent data controllers; please refer to them for further information.
This policy complies also with the Recommendation 2/2001, adopted on May 17, 2001 by the European authorities for the protection of personal data, gathered in the Working Party defined by art. 29 of directive 95/46/EC, with the aim of identifying some minimum requirements for the collection of personal data online and, in particular, the methods, times and nature of the information that the data controllers must provide to users when they access any web page, regardless of the purpose of their visit.
The server on which the App is stored is the Jakala Datacenter maintained by the provider Irideos S.p.A. via Caldera 21, 20153, Milan, Italy.
Please read all the specific policies in the various sections of the App.
Types of data processed and processing methods
It should be noted that the data may always be processed by illycaffè to fulfill an obligation set forth by laws, regulations or community legislation and to assert or defend an illycaffè right. illycaffè can transmit the data to public bodies, judicial bodies, police forces, lawyers and legal advisors, post offices and forwarding agents, if necessary.


Browsing data
During their normal operation, the software and the related IT systems that operate in this App collect some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identifiable users, but because of its very nature, it could lead to user identification through processing and association with data held by third parties.
This category of data includes IP addresses or domain names of the computers and terminals used by users to connect to the App, the addresses of the requested resources in the form of URIs (Uniform Resource Identifier), the time of the request, the method used in submitting the request to the server, the size of the file downloaded in response, the numeric code indicating the status of the response of the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment.
This data is used for the sole purpose of collecting anonymous statistics on the use of the App and to check its correct operation; it is deleted immediately after processing. The data could be used to ascertain responsibility in case of computer crimes against the App.
The data may be processed in paper, electronic and telematic forms.
Data provided voluntarily by the user
The optional and voluntary e-mails sent by the user to the addresses indicated on this App entail the acquisition of the sender’s e-mail address necessary to reply to requests, as well as any other personal data included in the message (and in the attachments) or in the forms. If only the contact e-mails are provided without a specific form, by sending the e-mail the user consents to the processing of data (e-mail address and data contained in the request) by illycaffè, in compliance with this privacy policy, to respond to the e-mails and follow up on the requests contained therein. The provision of data is optional; however, if the user does not provide the e-mail address or other data necessary to process the request, it will be impossible to reply to the e-mail and to process the request.
The data may be processed in paper, electronic and telematic forms.
Depending on the service requested, please read all the specific policies in the various sections of the App to acknowledge all the specific purposes and methods of processing contained therein.
Data Controller and Data Protection Officer
The data controller is illycaffè S.p.A. with headquarters in via Flavia 110, Trieste, phone +39 0403890111, fax +39 0403890490, e-mail infoprivacy@illy.com. There is also a Data Protection Officer available at the e-mail dpo@illy.com and at the Company’s addresses.


Rights
We inform you that the GDPR allows the data subject to request to the Data Controller (at the contacts mentioned above) full access to personal data and its correction, cancellation or limitation of the processing and to object to the processing, in addition to exercising the right to data portability, as well as other rights provided for by Chapter 3 of the GDPR, including that of revoking consent, where envisaged: the revocation of consent does not affect the lawfulness of the processing based on the consent given before the revocation.


Complaints
The interested party can file a complaint with the Italian Data Protection Authority whose contacts are available on the website www.garanteprivacy.it.


Legal basis
The legal basis is constituted by the fulfillment of legal obligations (deriving from Italian and European laws) as well as by the legitimate interests of the controller in the relationship with the user.


Scope of disclosure
No data collected through the web service (the browsing data mentioned above) is transmitted or disclosed (except to judicial bodies or police forces, when necessary).
The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (administrative staff and employees in charge of public relations (also external to the Company), the IT staff (also external to the Company, who can also carry out system administration duties being appointed as such in this case), marketers (also external to the Company), interns, staff of internal and external data controllers, App management staff (also external to the Company)  and internal and external data controllers (such as companies in charge of shipping, marketing, server management, and maintenance). The full list of data processors is available upon request to the Data Controller.
With regard to the persons in charge of processing the data, please also refer to the specific privacy policies contained in the App according to the service requested.
The data provided by the user may be disclosed to third parties for whom there is an obligation or need to communicate pursuant to the law and for legitimate interests such as that of asserting or defending an illycaffè right; it may also be disclosed to any forwarding agents for the shipment of the requested illycaffè material; furthermore, it may be disclosed to the categories of subjects listed in the specific policies found in the various sections of the App.
Optional provision of data and processing methods
For complete information, we invite you to read all the privacy policies contained in the various data request forms.

Cookies
Definition
Cookies are small text files that are sent to your computer.
The App uses the following types of cookies:

A.    Technical session cookies
The use of so-called session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient browsing of the App.
The so-called session cookies used in this App avoid the use of other IT techniques that are potentially detrimental to the confidentiality of users’ navigation and do not collect users’ personal data that can identify them. These cookies are processed electronically.

B.    Additional technical cookies
illycaffè uses some technical cookies essential for the correct operation of the App. These cookies are necessary to provide the services requested by the users and to browse the App making the most of all its features. This type of cookies cannot be disabled as it is necessary for the correct operation of the App.


Specific information
As mentioned above, there are specific brief policies within the App in the sections of on-request services. Please also refer to these documents which integrate this policy.

Policy updated on 2/24/2020.