Policy Privacy "Open with illy"

Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force

1. General information
   illycaffè S.p.A. (hereinafter also referred to as the "Company" or "illycaffè") hereby informs you that it will process your personal data/the data of the company you represent that you have provided in the form or after filing your form for the purposes listed in the following paragraphs. illycaffè may only require and process data which are instrumental to achieve the aims of this privacy policy.
    
2. Purposes 
   illycaffè may process data for the following purposes 
   A. to fulfil your information request and to contact you by the Customer Care;
   B. to be compliant with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company in the appropriate offices.
    
3. Mandatory nature of the provision
   Provision of data for the purposes under point 2, letter A of the privacy policy is optional. However, should you not provide data marked with an asterisk, your request will not be fulfilled. Failure to provide other data will have no consequences, except that such data may not be used to fulfil your request and to contact you by the Customer Care. Data are provided on a voluntary basis for the aims specified in point 2, letter A of this privacy policy. However, should data not be provided, your request will not be fulfilled and to contact you by the Customer Care. Data specified in point 2, letter B of this privacy policy are necessary and, without these data, your request may not be fulfilled, you will not be contacted by the Customer Care and any further relations may be truncated.
    
4. Data recipient categories 
   For the purposes of point 2, letter A, of this privacy policy, illycaffè may disclose data to affiliates companies/distributors/Università del Caffè., couriers/shippers. For the purposes of point 2, letter B, of this privacy policy, illycaffè may disclose data to lawyers, solicitors, public authorities, the judiciary, the police, the post office (as the address is visible for the sending of any written material). illycaffè will only disclose data which are essential to achieve each of the aims of the privacy policy.The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (Customer Care staff, agents, area managers also external to the Company, administrative staff, legal staff also external to the Company, marketing staff also external to the Company, staff in charge of the website also external to the Company, advisors also external to the Company – such as legal advisors, IT experts that may also perform the role of system administrators, quality service staff and staff in charge of the administration of the website – IT staff that may also perform the role of system administrators, external relations staff also external to the Company, mailing and enveloping staff also external to the Company and staff involved in the requests, also external to the Company – i.e. staff of the Università del Caffè for the relevant information, marketing staff for commercial information, internal auditors, trainees, staff of internal and external Data Processors) and internal and external Data Processors (such as enveloping and mailing companies, IT outsourcers, marketing companies and more in general consultants performing instrumental activities such as legal and communication advisors).
    
5. Data retention 
   Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
   - or legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
   - for the purposes described in point 2 lett. A of this policy, the data can be retained until the fulfillment of the request;
   in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
    
6. Data Controller and Data Protection Officer
   The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: infoprivacy@illy.com. There is also a Data Protection Officer available at the email address dpo@illy.com and at the addresses of the Company.
    
7. Rights
   We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
    
8. Complaints 
   The data subject can always lodge a complaint with a supervisory authority whose references can be found on the website www.garanteprivacy.it/web/guest/home/footer/link.
    
9. Legal Basis
   The legal basis the legal basis consists of legal obligations (Italian and European laws) as well as the legitimate interests of the Data Controller in the customer-supplier relationship. Furthermore, for the purposes for which consent is provided, the legal basis is the consent itself.
    
10. Processing procedures
    Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions in the different states in which illycaffè has its offices (in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims set forth in this privacy policy. Data will be filed at illycaffè S.p.A. offices and at the appointed data processors (as well as third parties who receive data as specified in point 4 of this privacy policy). Data will be entered in databases, including IT databases.
     
11. Data communicated outside the European community
    The data may be disclosed outside the European Community, subject to prior consent, if the request is addressed to affiliates companies / distributors / Università del Caffè residing outside the European community or if such request is required to fulfill the request; without this consent the data will not be disclosed and the Company may not be able to respond to the request.

N.B. The consent can only be given by persons over 16 years, if the subject is under 16, he cannot use what is provided for in the purposes for which consent is required.

This privacy policy is updated as at 25/05/2018. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (email dpo@illy.com). 

Please, note that before disclosing data of any recipient, the company must obtain the consent on the disclosure of such data to illycaffè, providing this privacy policy (data will be disclosed for the purposes described in point 2, letter A of the privacy policy and the recipient will be the reference to get in touch with or to fix an appointment with agents and/or distributors and/or the exclusive distributors).