Privacy Policy
PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA
ISSUED PURSUANT TO ARTICLE 13 OF REGULATION (EU) No. 2016/679 (“GDPR”)
The companies belonging to the La Marzocco Group (hereinafter, “Companies”), together with the distributors (hereinafter, “Distributors”) of products and services marketed by the Companies (hereinafter, Companies and Distributors are jointly referred to as “Joint Controllers”) provide, pursuant to Article 13 of Regulation (EU) No. 2016/679 (hereinafter, “GDPR”), information regarding the processing of personal data carried out by the Joint Controllers as part of the service called “Contact Us”, “Stay in touch”, “Create Account” (hereinafter also referred to as the “Service”), conducted to respond to information requests submitted by users (hereinafter “Users” or “Data Subjects”) through the dedicated section of the website.
JOINT CONTROLLERS
Companies and Distributors jointly determine the purposes and means of the processing of personal data carried out for the provision of the Service. In this context, Companies and Distributors act as joint controllers of the processing, pursuant to Article 26 of the GDPR, based on a specific agreement that governs their respective responsibilities and obligations. Data Subjects can request an excerpt of the agreement by sending an email to the contact point indicated below. The identification details of the Joint Controllers are provided below:
- La Marzocco S.r.l.
- La Marzocco France Sas
- La Marzocco Germany GMBH
- La Marzocco UK Ltd
- La Marzocco Spain SA
- La Marzocco Middle East DMCC
- La Marzocco SEA PtE LtD
- La Marzocco Australasia Limited
- Studer Austria GmbH
- Stealth Coffee systems Inc.
- La Marzocco Shanghai Co. Ltd
- Equipme Ltd
- RREBEL COFFEE WORKS A/S
- I.L.M Coffee Equipment Ltd
- La Marzocco Korea Co. LTD
- AlWazzan United Trading Company W.L.L.
- RREBEL COFFEE WORKS AS
- ESPRESSO AFRICA (PTY) LTD
- RREBEL COFFEE WORKS AB
The Joint Controllers can be contacted at the following contact point: [email protected].
DATA PROTECTION OFFICER (DPO)
La Marzocco S.r.l. has appointed its own Data Protection Officer (DPO), who can be reached at the following email address: [email protected].
PERSONAL DATA PROCESSED
To enable the use of the Service, Joint Controllers process the following personal data: name, surname, email address, company, country, city, and phone number of the Users.
WHY ARE PERSONAL DATA PROCESSED AND WHAT IS THE LEGAL BASIS FOR THE PROCESSING?
Personal data is collected and processed to respond to information requests submitted by the User through the “Contact Us” section of the website.
With the User’s consent, personal data is collected and processed to allow the Joint Controllers to send, via email, informative and commercial communications about news, events, products, and promotional offers that may be relevant and of interest to the User (direct marketing).
The legal basis for processing is the performance of a contract to which the User is a party, or the implementation of pre-contractual measures taken at the User’s request (pursuant Article 6(1)(b) of the GDPR).
The legal basis for the processing is the Data Subject’s consent (pursuant to Article 6(1)(a) of the GDPR).
Personal data is retained for no longer than 24 months from the time of registration on the website.
Personal data is retained until the User withdraws consent, which can be done via the “Unsubscribe” button at the bottom of each communication or by sending an email to [email protected].
Personal data, with the User’s consent, are collected and processed to analyse their interests, habits, and consumption choices, as well as their preferences and purchasing behaviours regarding the products and services offered by the Joint Controllers, to personalize the informational and promotional communications sent to them (profiling).
The legal basis for the processing is the User’s consent (pursuant to Article 6(1)(a) of the GDPR).
Personal data is retained until the User withdraws consent, which can be done via the “Unsubscribe” button at the bottom of each communication or by sending an email to [email protected].
Once the retention periods indicated above have expired, personal data will be destroyed, deleted, or anonymized, in accordance with the technical procedures for deletion and backup.
NATURE OF THE PROVISION OF PERSONAL DATA
The provision of personal data is entirely optional. Any refusal to provide data would make it impossible for the Joint Controllers to pursue the processing purposes mentioned above.
PERSONS AUTHORIZED TO PROCESS PERSONAL DATA
Personal data may be processed by the staff of the Joint Controllers who are tasked with pursuing the above-mentioned purposes, have been authorized by the Joint Controllers to process the data, have received appropriate operational instructions, and are bound by professional secrecy.
RECIPIENTS OF PERSONAL DATA
Personal data may be communicated to entities acting as data controllers, such as, by way of example but not limited to supervisory and control authorities, as well as any other public entity entitled to request the data.
Personal data may be processed, on behalf of the Joint Controllers, by entities designated as data processors, who have been given appropriate operational instructions. Among these, by way of example but not limited to: (i) companies entrusted with the management and/or maintenance of the Joint Controllers’ websites; and (ii) companies offering products functional to the management of advertising campaigns and related support services.
TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
Some personal data are shared with recipients who may be located outside the European Economic Area. The Joint Controllers ensure that the processing of data by these recipients complies with the GDPR. Indeed, transfers may be based on an adequacy decision, on Standard Contractual Clauses approved by the European Commission, or on another appropriate legal basis. More information is available from the Joint Controllers by writing to [email protected].
RIGHTS OF THE DATA SUBJECT
By contacting the Joint Controllers at [email protected], the Data Subject may request, at any time:
- access to their personal data (Article 15 GDPR).
- Their rectification and integration (Article 16 GDPR).
- Their deletion (Article 17 GDPR).
- The restriction of their processing (Article 18 GDPR).
- To object to the processing in cases of legitimate interest of the Joint Controllers (Article 21 GDPR);
- To receive the personal data in a structured, commonly used, and machine-readable format, and, if technically feasible, to transmit them to another controller without hindrance (“right to data portability”, Article 20 GDPR).
The User also has the right to withdraw their consent at any time. It should be noted, however, that the withdrawal of consent does not affect the lawfulness of the processing based on the consent before its withdrawal.
Finally, the Data Subject has the right to lodge a complaint with the competent supervisory authority if they believe that the processing of their personal data is in violation of the applicable law.
AMENDMENTS
The Joint Controllers reserve the right to modify and update this privacy notice following any new national or European legislation on personal data protection.