Privacy Policy: single integrated registration profile
Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force
1. General information
illycaffè S.p.A. (hereinafter also referred to as the "Company" or "illycaffè") hereby informs you that it will process the data you have provided in the form or after filling your form for the purposes listed in the following paragraphs. illycaffè may only require and process data which are instrumental to achieve the aims of this privacy policy.
2. Purposes and legal basis
illycaffè may process data for the following purposes:
A. to access and allow you to enjoy the services of illycaffe websites, including interactive, provided in the Terms of Use and in any Terms of purchase contained in the various sections of the site by logging with the same credentials. In some cases, it may be required to give any further information that will be processed with your consent where required; among the services there is also the Facebook “Custom Audiences” feature (for further information please refer to: https://www.facebook.com/help/381385302004628; The processing is based on the following legal basis: consent;
B. to carry out, only with your consent, advertising communications/information on products-services-initiatives of illycaffè and its partners and market research and/or interviews for the evaluation of product-services of illycaffè, all by illycaffè to the addresses that you provided in the form or other contact details provided later (please note that the sending of SMS/MMS and e-mail will also be in electronically with the help of automated tools); the consent will be possibly requested at further stage also on the registration pages of subsidiaries or affiliates companies . The activities in this point will not be carried out without your consent. The processing is based on the following legal basis: consent;
C. to offer you more personalized services and marketing preferences that are more relevant to you and based upon your preferences by creating a profile analyzing or predicting aspects concerning personal preferences or interests. The processing for this purpose will also take place in databases in an automated modality. Can be created a profile both individual user and of homogeneous classes of users. In addition, it may also be possible to associate and compare data coming from different databases of illycaffè partners (subsidiaries or affiliates companies of illycaffè S.p.A. resident in the European Union and subsidiaries or affiliates companies of Gruppo illy S.p.A. resident in the Union European). Marketing activities, promotion, commercial communications and direct sales will be conducted only if the user has agreed to the processing for this purpose. Consent and provision of data for this purpose are optional and the user is free to purchase, register without agreeing to the data processing for this purpose. The only consequence of this lack will be that the user will not be subject to the activities indicated in this point. The processing is based on the following legal basis: consent.
D. to be compliant with the requirements pursuant to obligation established by law, by a regulation or by EU legislation and for legitimate interests such as to assert or defend the rights of the Company. The processing is based on the following legal basis: the fulfillment of legal obligations and the pursuit of legitimate interests.
3. Mandatory provision of data
Provision of data for the purposes described in point 2(A) of this privacy policy is optional and failure to provide them makes impossible to access and enjoy the services of illycaffè websites (including the impossibility of buying in the shop) with the same credentials. The consent for the purposes described in point 2(A) of this privacy policy is always not mandatory, but the lack of it makes impossible to access and possibly enjoy the services of the illycaffè websites (including the impossibility of buying in the shop) with the same credentials. Provision of data for the purposes described point 2(B) of this privacy policy and the relative consent are not mandatory; failure to provide such data and the consent will have not consequences, except that you won’t receive any information (without any consequence on other purposes). Additionally, if you agreed to the data processing for the purposes described in point 2 B, of this privacy policy, you may cancel you consent at any time and without having to justify your decision (to unsubscribe) by sending a notice to the Data Controller.
As regards the purposes set out in point 2(C) of this information, please refer to the same.
Data provision for the purposes described in point 2(D) of this privacy policy is necessary; should data not be provided, your request may not be fulfilled and relations may be truncated.
4. Data addressee categories
Data, collected and processed for the purposes described in point 2(A) of this privacy policy will not be disclosed unless provision is made for special services, submitted to specific conditions and for which your explicit consent will be required where necessary. For the purposes indicated in points 2(B) and 2(C) of this information, the data will not be disclosed. For the purposes of point 2(D) of this privacy policy, illycaffè may disclose data to lawyers, solicitors, public authorities, the judiciary, the police, the post office (as the address is visible when sending any written material). illycaffè will only disclose data which are essential for the achievement of each of the aims of the privacy policy. The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (legal staff also external to the Company, marketing staff also external to the Company, staff in charge of the website also external to the Company - such as legal advisors, IT experts that may also perform the role of system administrators, and appointed as such, quality service staff and staff in charge of the administration of the website – IT system staff which may also be system administrators, and which are appointed as such, external relations staff also external to the Company, staff in charge of mailing and enveloping also external to the Company, internal auditors, trainees, staff of data processors) and to data processors (such as enveloping and shipping companies, IT outsourcers, marketing companies and more in general consultants performing instrumental activities such as legal and communication advisors). The list of Data Processors is always available by contacting the Data Controller at the addresses indicated in point 6.
5. Data retention
Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
- for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
- for the purposes described in point 2(A) of this policy, the data can be retained until the withdrawal of consent or request for cancellation;
- for the purposes described in point 2(B) of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;
- for the purposes described in point 2© the data can be retained until the withdrawal of consent or request for cancellation not exceeding 12 months from their registration, save the effective transformation into anonymous form that does not allow, even indirectly or by linking other databases, to identify the data subjects;
in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
6. Data Controller and Data Protection Officer
The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: infoprivacy@illy.com. There is also a Data Protection Officer available at the e-mail address dpo@illy.com and at the addresses of the Company.
7. Rights
We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) access to personal data and rectification of them, erasure of data or restriction of processing concerning him/her, data portability; the data subject may also have the possibility to object to the processing of data and to exercise the other rights contained in Chapter 3 Section 1 of the GDPR including the right to withdraw consent, where applicable: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
8. Complaints
The data subject, if he thinks that the processing of his personal data infringes the provisions of the GDPR and of privacy laws, can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it.
9. Profiling
The processing of data for the purposes referred to in point 2(C) of this privacy policy can be considered profiling. The profiling is based on consumer data to better understand his consumption habits and direct their purchases with targeted communications. The data are extracted and processed through software (also automated) that create a consumption profile consisting in the indication of the actions carried out (e.g. participation in an event or program, purchase of certain products, filling out questionnaires, actions taken while browsing illycaffè websites if the user has accepted profiling cookies on illycaffè websites) and in the analysis of certain characteristics that help define the customer category (e.g. age). However, this kind of processing does not constitute a particular risk for the data subject considering the type of basic profiling that does not require data of a particularly delicate nature or that allows the detailed reconstruction of particularly reserved aspects of private life. The data subject always has the right to ask for human intervention, to express his opinion, to obtain an explanation of the decision and to contest the decision.
10. Processing procedures
Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions (i.e. in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims described in this privacy policy. Data will be filed at illycaffè S.p.A. offices in Europe and at the appointed data processors (as well as third parties who receive data as independent data controllers as described in point 4 of this privacy policy). Data will be entered in databases, including IT databases.
We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A..
This privacy policy is updated to 21st of December 2021. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (e-mail dpo@illy.com).
1. General information
illycaffè S.p.A. (hereinafter also referred to as the "Company" or "illycaffè") hereby informs you that it will process the data you have provided in the form or after filling your form for the purposes listed in the following paragraphs. illycaffè may only require and process data which are instrumental to achieve the aims of this privacy policy.
2. Purposes and legal basis
illycaffè may process data for the following purposes:
A. to access and allow you to enjoy the services of illycaffe websites, including interactive, provided in the Terms of Use and in any Terms of purchase contained in the various sections of the site by logging with the same credentials. In some cases, it may be required to give any further information that will be processed with your consent where required; among the services there is also the Facebook “Custom Audiences” feature (for further information please refer to: https://www.facebook.com/help/381385302004628; The processing is based on the following legal basis: consent;
B. to carry out, only with your consent, advertising communications/information on products-services-initiatives of illycaffè and its partners and market research and/or interviews for the evaluation of product-services of illycaffè, all by illycaffè to the addresses that you provided in the form or other contact details provided later (please note that the sending of SMS/MMS and e-mail will also be in electronically with the help of automated tools); the consent will be possibly requested at further stage also on the registration pages of subsidiaries or affiliates companies . The activities in this point will not be carried out without your consent. The processing is based on the following legal basis: consent;
C. to offer you more personalized services and marketing preferences that are more relevant to you and based upon your preferences by creating a profile analyzing or predicting aspects concerning personal preferences or interests. The processing for this purpose will also take place in databases in an automated modality. Can be created a profile both individual user and of homogeneous classes of users. In addition, it may also be possible to associate and compare data coming from different databases of illycaffè partners (subsidiaries or affiliates companies of illycaffè S.p.A. resident in the European Union and subsidiaries or affiliates companies of Gruppo illy S.p.A. resident in the Union European). Marketing activities, promotion, commercial communications and direct sales will be conducted only if the user has agreed to the processing for this purpose. Consent and provision of data for this purpose are optional and the user is free to purchase, register without agreeing to the data processing for this purpose. The only consequence of this lack will be that the user will not be subject to the activities indicated in this point. The processing is based on the following legal basis: consent.
D. to be compliant with the requirements pursuant to obligation established by law, by a regulation or by EU legislation and for legitimate interests such as to assert or defend the rights of the Company. The processing is based on the following legal basis: the fulfillment of legal obligations and the pursuit of legitimate interests.
3. Mandatory provision of data
Provision of data for the purposes described in point 2(A) of this privacy policy is optional and failure to provide them makes impossible to access and enjoy the services of illycaffè websites (including the impossibility of buying in the shop) with the same credentials. The consent for the purposes described in point 2(A) of this privacy policy is always not mandatory, but the lack of it makes impossible to access and possibly enjoy the services of the illycaffè websites (including the impossibility of buying in the shop) with the same credentials. Provision of data for the purposes described point 2(B) of this privacy policy and the relative consent are not mandatory; failure to provide such data and the consent will have not consequences, except that you won’t receive any information (without any consequence on other purposes). Additionally, if you agreed to the data processing for the purposes described in point 2 B, of this privacy policy, you may cancel you consent at any time and without having to justify your decision (to unsubscribe) by sending a notice to the Data Controller.
As regards the purposes set out in point 2(C) of this information, please refer to the same.
Data provision for the purposes described in point 2(D) of this privacy policy is necessary; should data not be provided, your request may not be fulfilled and relations may be truncated.
4. Data addressee categories
Data, collected and processed for the purposes described in point 2(A) of this privacy policy will not be disclosed unless provision is made for special services, submitted to specific conditions and for which your explicit consent will be required where necessary. For the purposes indicated in points 2(B) and 2(C) of this information, the data will not be disclosed. For the purposes of point 2(D) of this privacy policy, illycaffè may disclose data to lawyers, solicitors, public authorities, the judiciary, the police, the post office (as the address is visible when sending any written material). illycaffè will only disclose data which are essential for the achievement of each of the aims of the privacy policy. The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (legal staff also external to the Company, marketing staff also external to the Company, staff in charge of the website also external to the Company - such as legal advisors, IT experts that may also perform the role of system administrators, and appointed as such, quality service staff and staff in charge of the administration of the website – IT system staff which may also be system administrators, and which are appointed as such, external relations staff also external to the Company, staff in charge of mailing and enveloping also external to the Company, internal auditors, trainees, staff of data processors) and to data processors (such as enveloping and shipping companies, IT outsourcers, marketing companies and more in general consultants performing instrumental activities such as legal and communication advisors). The list of Data Processors is always available by contacting the Data Controller at the addresses indicated in point 6.
5. Data retention
Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
- for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
- for the purposes described in point 2(A) of this policy, the data can be retained until the withdrawal of consent or request for cancellation;
- for the purposes described in point 2(B) of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;
- for the purposes described in point 2© the data can be retained until the withdrawal of consent or request for cancellation not exceeding 12 months from their registration, save the effective transformation into anonymous form that does not allow, even indirectly or by linking other databases, to identify the data subjects;
in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
6. Data Controller and Data Protection Officer
The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: infoprivacy@illy.com. There is also a Data Protection Officer available at the e-mail address dpo@illy.com and at the addresses of the Company.
7. Rights
We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) access to personal data and rectification of them, erasure of data or restriction of processing concerning him/her, data portability; the data subject may also have the possibility to object to the processing of data and to exercise the other rights contained in Chapter 3 Section 1 of the GDPR including the right to withdraw consent, where applicable: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
8. Complaints
The data subject, if he thinks that the processing of his personal data infringes the provisions of the GDPR and of privacy laws, can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it.
9. Profiling
The processing of data for the purposes referred to in point 2(C) of this privacy policy can be considered profiling. The profiling is based on consumer data to better understand his consumption habits and direct their purchases with targeted communications. The data are extracted and processed through software (also automated) that create a consumption profile consisting in the indication of the actions carried out (e.g. participation in an event or program, purchase of certain products, filling out questionnaires, actions taken while browsing illycaffè websites if the user has accepted profiling cookies on illycaffè websites) and in the analysis of certain characteristics that help define the customer category (e.g. age). However, this kind of processing does not constitute a particular risk for the data subject considering the type of basic profiling that does not require data of a particularly delicate nature or that allows the detailed reconstruction of particularly reserved aspects of private life. The data subject always has the right to ask for human intervention, to express his opinion, to obtain an explanation of the decision and to contest the decision.
10. Processing procedures
Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions (i.e. in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims described in this privacy policy. Data will be filed at illycaffè S.p.A. offices in Europe and at the appointed data processors (as well as third parties who receive data as independent data controllers as described in point 4 of this privacy policy). Data will be entered in databases, including IT databases.
We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A..
This privacy policy is updated to 21st of December 2021. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (e-mail dpo@illy.com).
Your email has been subscribed
You'll now be in the loop!
EUROPE
