Privacy policy pursuant to Regulation (EU) 2016/679 (GDPR) and national legislation in force
1. General information
illycaffè S.p.A. (hereinafter referred to as “the Company” or “illycaffè”) hereby communicates the purposes and methods of processing the data in its possession. The data will be requested and communicated at the moment of enrolment and later during the courses.
The Company will request and process only the data required to achieve the purposes described in this privacy policy statement.
2. Purposes
illycaffè may process data for the following purposes:
A. in order to register you to the course and allow illycaffè to carry out the activities related to the enrolment, organization and management of the courses;
B. to be compliant with the requirements pursuant to the legislation in force, regulations or EU regulations and for legitimate interests such as to assert or defend the rights of the Company in the appropriate offices;
C. to be able to statistically process the data about the frequency of your participation to the courses and the general courses attendance and in order to contact you to understand the reasons for non-participation or low participation. This activity will allow illycaffè to assess the quality of the service and to understand whether or not it should introduce other free courses.
3. Mandatory nature of the provision
The provision of the data required for the purposes referred to under point 2, letter A of this privacy policy is optional, but if the data are not provided, illycaffè may not be able to guarantee your participation to the courses. The provision of the data required for the purposes referred to under point 2, letter B of this privacy policy is mandatory, and if the data are not provided, illycaffè may not be able to guarantee your participation to the courses. The provision of the data for the purposes referred to under point 2, letter C of this privacy policy is optional and failure to provide them will cause only the inability to carry out the activities referred to under point 2, letter C of the same privacy policy, while there will be no effects on your enrolment and participation to the courses.
4. Data recipient categories
Without prejudice to any further communications that may be necessary for legal, fiscal and contractual purposes and the notices to the subjects indicated in other parts of this privacy policy, the data may be communicated by illycaffè for the purposes referred to under point 2, letter A of this privacy policy to: carriers-shippers-post offices (for the delivery of communications and material), to public bodies or police authorities (in case of justified requests or law provision) and external consultants (e.g. legal). For the purposes stated under point 2, letter B of this privacy policy, the data may be communicated by illycaffè to: carriers-shippers-post offices, judicial bodies or police authorities (in case of justified requests or law provision), lawyers and legal consultants. For the purposes stated under point 2, letter C of this privacy policy, the data will not be disclosed to third parties by illycaffè. It shall be recalled that illycaffè will communicate only the information needed for pursuing the individual purposes. The data may be disclosed on behalf of illycaffè, each for own role, to all subjects delegated by illycaffè (administrative, legal and logistical employees, envelope filling and mailing staff also external to the Company, marketing staff also external to the Company, executives, managers, board members and auditors, IT technicians also external to the Company and IT staff, that can also carry out tasks of system administrators being appointed as such in this case, call center staff, consultants also external to the Company, including quality certification consultants, computer, legal and tax consultants, trainees, internal auditors, staff of internal and external Data Processors, staff of Università del Caffè, staff of organization of courses also external to the Company, teachers also external to the Company) and to internal and external Data Processor (eg. shipping companies, marketing and promotional companies, external companies and firms or professionals, who perform functional activities in support of illycaffè – e.g. legal consultants -, information outsourcers that may host illycaffè servers, call centers).
Your data could also be seen by your company, Le Méridien, for managing the courses.
5. Data retention
Data will be retained by illycaffè for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:
- or legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
- for the purposes described in point 2 lett. A of this policy, the data can be retained until the withdrawal of consent or request for cancellation;
- for the purposes described in point 2 lett. C of this policy, the data can be retained until the end of the training program;
- in any case, all data may be retained for a period necessary to assert or defend a company right according to Italian and European regulations.
6. Data Controller and Data Protection Officer
The Data Controller is illycaffè S.p.A., having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: infoprivacy@illy.com. There is also a Data Protection Officer available at the email address dpo@illy.com and at the addresses of the Company.
7. Rights
We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.
8. Complaints
The data subject can always lodge a complaint with a supervisory authority whose references can be found on the website www.garanteprivacy.it/web/guest/home/footer/link.
9. Legal Basis
The legal basis the legal basis consists of legal obligations (Italian and European laws) as well as the legitimate interests of the Data Controller in the customer-supplier relationship. Furthermore, for the purposes for which consent is provided, the legal basis is the consent itself. The processing takes place in Italy.
10. Employee personal data
Extended privacy policy statement for third parties: if you communicate us the name of the Company in which you are employed, you also agree to inform your Company that its data will be communicated to illycaffè and that illycaffè will process these data as described in this privacy policy for the purposes mentioned in point 2 letter A and B of this privacy policy.
11. Processing procedures
Data may be processed on paper, manually, with IT and electronic means (therefore, illycaffè may file data both on paper and IT support). illycaffè has implemented safety measures to prevent any data loss, illegal use of data, misuse or unauthorised access. Data will be retained and processed by illycaffè in compliance with its confidentiality requirements and with the applicable local provisions in the different states in which illycaffè has its offices (in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by illycaffè exclusively to achieve the aims set forth in this privacy policy. Data will be filed at illycaffè S.p.A. offices and at the appointed data processors (as well as third parties who receive data as specified in point 4 of this privacy policy). Data will be entered in databases, including IT databases.
N.B. The consent can only be given by persons over 16 years, if the subject is under 16, he cannot use what is provided for in the purposes for which consent is required (eg. registration, ... ).
This privacy policy is updated as at 25/05/2018. Such update is carried out inside of policy of constant review of the informative ones. The versions of the previous policy statements are available writing to Data Controller (email dpo@illy.com).
