1. General information
2. Purposes and legal basis
illycaffè may process data for the following purposes:
; The processing is based on the following legal basis: consent;
B. to carry out, only with your consent, advertising communications/information on products-services-initiatives of illycaffè and its partners and market research and/or interviews for the evaluation of product-services of illycaffè, all by illycaffè to the addresses that you provided in the form or other contact details provided later (please note that the sending of SMS/MMS and e-mail will also be in electronically with the help of automated tools); the consent will be possibly requested at further stage also on the registration pages of subsidiaries or affiliates companies . The activities in this point will not be carried out without your consent. The processing is based on the following legal basis: consent;
C. to offer you more personalized services and marketing preferences that are more relevant to you and based upon your preferences by creating a profile analyzing or predicting aspects concerning personal preferences or interests. The processing for this purpose will also take place in databases in an automated modality. Can be created a profile both individual user and of homogeneous classes of users. In addition, it may also be possible to associate and compare data coming from different databases of illycaffè partners (subsidiaries or affiliates companies of illycaffè S.p.A. resident in the European Union and subsidiaries or affiliates companies of Gruppo illy S.p.A. resident in the Union European). Marketing activities, promotion, commercial communications and direct sales will be conducted only if the user has agreed to the processing for this purpose. Consent and provision of data for this purpose are optional and the user is free to purchase, register without agreeing to the data processing for this purpose. The only consequence of this lack will be that the user will not be subject to the activities indicated in this point. The processing is based on the following legal basis: consent.
D. to be compliant with the requirements pursuant to obligation established by law, by a regulation or by EU legislation and for legitimate interests such as to assert or defend the rights of the Company. The processing is based on the following legal basis: the fulfillment of legal obligations and the pursuit of legitimate interests.
3. Mandatory provision of data
As regards the purposes set out in point 2(C) of this information, please refer to the same.
4. Data addressee categories
5. Data retention
Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
- for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
- for the purposes described in point 2(A) of this policy, the data can be retained until the withdrawal of consent or request for cancellation;
- for the purposes described in point 2(B) of this policy, the data can be retained until the withdrawal of consent or request for cancellation without prejudice to the conservation in accordance with the law to prove the consent previously given;
- for the purposes described in point 2© the data can be retained until the withdrawal of consent or request for cancellation not exceeding 12 months from their registration, save the effective transformation into anonymous form that does not allow, even indirectly or by linking other databases, to identify the data subjects;
in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
6. Data Controller and Data Protection Officer
The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: email@example.com. There is also a Data Protection Officer available at the e-mail address firstname.lastname@example.org and at the addresses of the Company.
We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) access to personal data and rectification of them, erasure of data or restriction of processing concerning him/her, data portability; the data subject may also have the possibility to object to the processing of data and to exercise the other rights contained in Chapter 3 Section 1 of the GDPR including the right to withdraw consent, where applicable: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
The data subject, if he thinks that the processing of his personal data infringes the provisions of the GDPR and of privacy laws, can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it
10. Processing procedures
We remind you that only for technical assistance needs data may be sent to companies outside the European community who are specifically designated as data processors by committing to comply with all the requirements of European legislation, also by signing the appropriate Contractual Clauses indicated by the Data Protection Authority; the data are only a copy of those contained in the European servers and the copy of the same is always available at illycaffè S.p.A..