1. General information
We inform you that personal data may be collected from the data subject or from the organizers of the course (in this case only data necessary to verify attendance and therefore only for administrative-accounting purposes).
illycaffè may process data for the following purposes:
A. to manage the course;
B. to be compliant with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company;
C. to document the course delivery to the certification body and therefore for a legitimate interest consisting in fulfilling obligations deriving from certification.
3. Mandatory nature of the provision
The provision of data for the for the purposes specified in point 2 letter A and C of this information is optional and the lack of such data will make impossible for you to attend the course. The provision of data for the for the purposes specified in point 2 letter B of this information is necessary and the lack of such data will make impossible for you to attend the course or to continue any established relationship.
4. Data recipient categories
The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (legal department staff, staff of Università del Caffè, IT staff also external to the Company, that can also carry out tasks of system administrators being appointed as such in this case, advisors also external to the Company - legal and administrative advisors, IT technicians that can also carry out tasks of system administrators being appointed as such in this case - employees of Data Processor internal and external to the Company, trainees, teachers, transport and correspondence staff, also external to the Company) and Data Processor internal and external (e.g. shipping and enveloping companies, information technology outsourcers that store data on their servers and software and hardware maintenance and management companies, and more generally companies/offices that carry out instrumental activities to illycaffè activities). The list of Data Processors is always available by contacting the Data Controller.
5. Data retention
Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
- for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
- for the purposes of point 2 letter A, data may be retained until the end of the course without prejudice to the possible conservation for the period imposed by legal obligations, regulations and community regulations;
- for the purposes of point 2 letter C, data may be retained for the period imposed by the certification;
in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
6. Data Controller and Data Protection Officer
The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: email@example.com. There is also a Data Protection Officer available at the email address firstname.lastname@example.org and at the addresses of the Company.
We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to exercising the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
The data subject can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it.
9. Legal Basis
The legal basis is provided by the fulfilment of legal obligations (Italian and European laws) as well as the legitimate interests of the Data Controller in the customer-supplier relationship.
10. Processing procedures