1. Data Controller and relevant contact details
The Data Controller is La Marzocco S.r.l. (hereinafter also referred to as the “Controller”, the “Company” or “La Marzocco”), with registered office in Florence (FI), Viale G. Matteotti, n. 25 and operating office in Scarperia (FI), Via La Torre, n. 14/H, VAT number 04040140487. The Data Controller can be contacted at the following e-mail address: email@example.com.
2. Contact data of the Data Protection Officer (DPO)
The Controller has appointed a Data Protection Officer (“RPD”), whom you can contact for any information regarding the processing of your Data, at the following email address: firstname.lastname@example.org.
3. Processed Data types
The personal data collected and processed by the Site is the following.
3.1 Navigation data
This category of Data includes the IP addresses or the domain names of the computers used by the users who connect to the Site, the addresses in URI (Uniform Resource Identifier) format of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the computer environment of the user. This Data is only used to collect statistical information, as well as to verify that the Site is functioning properly. The Data, in addition, could be used to determine liability in the event of cybercrimes committed against the Site. Except in the latter case, the navigation Data is erased after 7 days .
3.3 Data voluntarily provided by the user
The Site allows users to voluntarily provide personal information, for example by filling in the “Can our team assist you with any support?” form located in the corresponding section of the Website itself.
3.4 Third-party Data
If you decide to provide any third-party Data, please ensure that the parties in question have received in advance appropriate information on the processing methods and purposes mentioned herein. In that case, you act as a separate data controller, and undertake all the obligations and responsibilities provided for by the law. As a consequence, you shall hold La Marzocco harmless against any objection, claim, request for compensation of damages resulting from the processing, etc. that should be made by any third parties whose personal data were processed, through your use of the Site, in breach of the GDPR.
3.5 Data of persons under 16 years of age
Remember that, if you are under 16 years of age, you cannot provide any personal data, and, in any case, we accept no responsibility for any false statements you made. If we realize that your declarations are untruthful, we will immediately delete any personal data acquired.
4. Services provided by the Site
The following paragraphs provide a description of the services offered by the Site. For each of the services we offer the information provided herein includes but is not limited to: the Data processing purposes, the legal grounds of the processing and the processed Data retention times.
4.1 To offer a platform accessible to our customers to find information about the Company
The users can find useful information on the site about history of the company, products, events and latest news.
Purposes of the processing: to provide information and support to the customer.
Legal basis of the processing: art. 6, paragraph 1, letter b) of the GDPR, “performance of a contract to which the data subject is party or taking of steps at the request of the data subject prior to entering into a contract”.
Retention periods: The navigation Data is erased after 7 days.
4.2 Section “Can our team assist you with any support?”
Through the section “Can our team assist you with any support?”, the user can submit to the Company, for example: requests for information on the purchase of La Marzocco equipment; requests for marketing or events promoted by La Marzocco, etc. In order to receive this service, the user must necessarily provide the following personal data: name, surname, e-mail address, city, country, phone number and company name.
Purposes of the processing: (i) answering the requests for information submitted by the user through the section “Can our team assist you with any support?” of the Website; recording the user Data on Company’s CRM, for the management of the pre-contractual/contractual agreement.
Legal grounds of the processing: art. 6, paragraph 1, letter b) of the GDPR, “performance of a contract to which the data subject is party or taking of steps at the request of the data subject prior to entering into a contract”.
Retention period: the personal data shall be retained for no more than 24 months from the time of their registration on the Company’s CRM.
4.3 Registration and access to the reserved area of the Site through the creation of a personal account (Technical Center)
4.4 Registration and access to the reserved area of the Site through the creation of a personal account (Marketing Center)
5. Additional purposes of the processing
Within the scope of the Data processing operations carried out through the Site, the Controller also pursues the following additional and specific purposes:
5.1 Compliance with legal obligations
Where necessary, the Controller processes the personal data of the data subjects, collected through the Site, in order to ensure the compliance with the obligations provided for by the applicable laws, regulations and community rules.
Legal basis of the processing: art. 6, paragraph 1, letter c) of the GDPR, “processing is necessary for compliance with a legal obligation to which the Controller is subject”.
Retention periods: the personal data is retained for the time strictly necessary for the Controller to comply with the legal obligations it is subject to.
5.2. Establishment, exercise, or defence of legal claims.
Where necessary, the Controller processes the personal data of the data subjects, collected through the Site, in order to establish, exercise or defend a claim in a legal proceeding or whenever the judicial authorities exercise their judicial functions.
Legal basis of the processing: art. 6, paragraph 1, letter f) of the GDPR, “processing is necessary for the purposes of the legitimate interests pursued by the controller”.
Retention periods: the personal data is retained for a period strictly limited to the duration of the litigation, until the expiry of the appeal enforceability terms.
6. Recipients and transfer of personal data
Your Data can be shared with:
1. people authorised by the Data Controller to process the personal data, who have received appropriate operating instructions, have committed to keep the data confidential or are subject to an appropriate legal confidentiality obligation;
2. persons delegated and/or designated by the Controller to carry out any tasks strictly related to the pursuing of the above-listed purposes (including technical maintenance operations on the systems), duly appointed as Processors;
3. people, companies or professional firms providing support and consulting services to the Controller, duly appointed as Processors;
4. roasters selected by the Controller for the Coffee Subscription Project who, as independent controller, are in charge of the monthly coffee delivery service
5. persons, bodies or authorities to which your Data must be communicated pursuant to law provisions or orders issued by the competent authorities.
The Data is managed and stored on servers owned by the Controller and/or by third-party companies appointed as Processors.
Some of your Data are shared with recipients that could be based outside the European Economic Area. La Marzocco assures that the electronic and paper processing of your Data is carried out by the recipients in compliance with the GDPR. Transfers can actually be based on an adequacy decision, on the Standard Contractual Clauses approved by the European Commissions or on other appropriate legal grounds. For further information please contact the Controller, by sending an email to the address email@example.com.
7. Rights of the data subjects
Consistently with the provisions contained in the GDPR, you have the right to request from the Controller, at any time, the access to your Data, as well as its rectification or erasure, in addition to the right to object to its processing. The law also allows you, in the cases provided for by art. 18 of the GDPR, to obtain the limitation of the processing, as well as, in the cases provided for by art. 20 of the GDPR, to receive your personal Data in a structured, commonly used and machine-readable format.
Requests can be sent to the email address: firstname.lastname@example.org.
Finally remember that pursuant to art. 77 of the GDPR you always have the right to lodge a complaint with the competent control authority (Italian Data Protection Authority), if you consider that the processing of your Data infringes the GDPR.