Version Update: May 2019
1) WHO WE ARE
Lavazza Premium Coffee Corporation, a New York corporation with offices in 120 Wall Street, Floor 27 New York, NY, 10005, USA is a wholly-owned subsidiary of Luigi Lavazza S.p.A., a company incorporated in Italy with its registered office in Torino, Via Bologna 32 – 10152 – Italy (hereinafter individually or collectively as “Lavazza,”, “LPCC”, "Company," "we" or “us” or “our”). Together we determine the purposes and means of the processing of personal data.
2) WHAT WE COLLECT
Personal Data You Provide. We collect and store Personal Data you voluntarily provide to us through your use of the Site or that we may request in connection with your use of the Site.
Lavazza will only collect those categories of Personal Data from you that are necessary to carry out your purposes in connection with your visit(s) to our Site.
These categories and examples include:
Identity Your first and last name, maiden name, username, or other unique identifier
Contact Your email address, telephone and mobile phone number, physical address
Location data Geo-location data processed through cookies installed on your computer or smart phone
Internet browsing data Web-browsing data processed through cookies installed on your computer or smart phone
Account data Bank data and payment card information -
Transaction data Order details, including payment information and product information
We do not intentionally collect or process any Sensitive Data on the Site. “Sensitive Data” means personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data that concerns a person’s sex life of sexual orientation.
Your Personal Data is collected when you interact with features on our Site, including but not limited to: using a customer order form to purchase products and/or request additional services, creating an account with us, filling out a survey, entering contests, participating in promotions, submitting comments or questions, requesting to receive the newsletter or promotional information.
To take advantage of certain features that on the Site, such as purchasing a product, you may be required to create an account and/or login credentials by typing in your user name/ID or email address and password and other information, or by using one of the available social media authentication methods such as Facebook®, Google+® and Yahoo®. When purchasing a product you will also be required to provide information necessary for order fulfillment such as credit card information, billing and shipping information. Certain features of the Site may ask you to provide additional optional information to us.
Bank data, payment card and any other financial information are not recorded by the Site. We handle payment and financial information in a manner that is compliant with applicable laws, regulations and security standards. In particular we encrypt your Account Data to prevent the data from being read or accessed by any third parties other than the banks or financial institutions handling the payment services through our Site.
Information Collected by Cookies.
3) THE PURPOSES FOR WHICH WE USE YOUR INFORMATION
We use the information that we collect from you for the purpose(s) for which it was collected, including:
a) To create your account when you voluntarily sign up for the account, and to allow you to use the site as a “Registered User” on subsequent visits (legal basis: consent);
b) To reply to you when you contact us, order products from us, or we you enter prize competitions and transactions with us (e.g., to respond to your questions and comments; to fulfil your requests; to communicate with you about your activities on a Site) (legal basis: consent; performance of a contract);
c) To perform a contract to which you are a party and to manage your orders, including payment services (e.g., to provide you with access to certain areas and features on the Site; to fulfil your order in connection with shopping or commercial services offered on a Site; to fulfill your order, to provide customer service, including contacting you with questions about your order and for shipping purposes) (legal basis: performance of a contract);
d) To perform certain business functions for us, which may include order fulfilment, delivering packages, sending postal mail and e-mail for administrative or marketing purposes, performing IT functions; removing repetitive information from customer lists, analyzing data and providing marketing assistance, processing credit card payments, providing customer service, managing prize draws, competitions, or surveys, or providing additional features or functions of the Site (legal basis: consent; performance of a contract);
e) To investigate suspected fraud, harassment, physical threats, or other violations of any law, rule or regulation, rules or policies of a Site, or the rights of third parties; or to investigate any suspected conduct which we deem improper (legal basis: to protect the vital interests of a person);
f) To verify your identity when we receive a request to disclose, delete, or otherwise act upon the personal information we have collected about you (legal basis: consent, compliance with a legal obligation);
g) To comply with a legal obligation to which Lavazza is subject (e.g., for disclosures required by law, regulation, or court order) (legal basis: compliance with a legal obligation);
h) For the purpose of or in connection with legal proceedings, establishing, defending, or exercising legal rights, in an emergency to protect the health or safety of users of a Site or the general public, or in the interests of national security (legal basis: compliance with a legal obligation);
i) To send advertising or direct sales materials or to conduct market research, carry out data analytics or deliver newsletter and commercial communications, by means of electronic tools (SMS, e-email, social network), whether automated (calls without an operator) or not automated (mail and phone calls with an operator), to participate in contents or sweepstakes, surveys in compliance with appropriate legal grounds, for marketing analysis (including analyzing information from cookies and other tracking features used on the Site or other uses of the Site to improve user experience) and to customize the content that is presented to you in your use of the Site (legal basis: consent, legitimate interest of the controller);
j) For any other purposes you have lawfully given your consent to (legal basis: consent).
The provision of Personal Data for the above purposes from A to H is voluntary. Please be aware that if you choose not to provide such data, Lavazza may not be able to enter into a contract with you, reply to your requests, fulfil your purchased order or comply with legal obligations to which Lavazza is subject to.
The provision of Personal Information for the purposes described from I to J above is also voluntary. By not providing such Personal Data, or objecting to the relevant data processing on appropriate grounds relating to your particular situation, it may prevent Lavazza from sending advertising or direct sales materials or conducting market research, carrying out data analytics or delivering commercial communications. We may still contact you for administrative purposes, such as confirming a purchase order or respond to requests you've made. To the extent that you provide us with financial information (such as credit card or bank account numbers) in connection with shopping or commercial services offered on the Site, we will use the financial information that you provide to fulfill your order.
4) HOW WE MAY SHARE YOUR PERSONAL DATA
Your Personal Data may be disclosed, to further the purposes specified above, in the following circumstances:
· We may share your Personal Data with our parent, subsidiary, and affiliated companies, in the course of our business operations. We share your Personal Data with employees and personnel of Lavazza as necessary for business purposes, such as processing your order, customer service, system administration, and promotion and marketing;
· We may share your Personal Data with our third party service providers, who are authorized by Lavazza to process Personal Data, that are committed to/ or under an appropriate contractual or statutory obligation of confidentiality. These service providers perform certain business functions for us, which may include marketing, data analysis, and IT and website services. We may provide your Personal Data to these third party agents, consultants and contractors to perform those functions on our behalf;
· We may share your Personal Data with law enforcement agencies and public authorities when so required by the applicable law, regulation, legal processes or government requests or in the good faith belief (e.g., to conform to the edicts of the law or comply with legal process served on LPCC), to act under exigent circumstances to protect the personal safety of users of LPCC, its Sites, or the public, to enforce the terms of any of our policies, or protect the rights, property or safety of LPCC, our associates, or our customers. This may include assistance in fraud protection and investigation.
· in case of a substantial corporate transaction, such as a merger, consolidation, asset sale, or a transaction involving the transfer of some or all of our business assets, or in the unlikely event of bankruptcy, we may share your information with business entities or people involved in the negotiation or transfer.
Lavazza may share information that does not identify you, such as aggregate information, at its discretion, including for statistical analysis or other business purposes.
5) Where We Process and Secure Your Personal Data
The data we collect will be transferred to ITALY in the European Union and accessed by Lavazza personnel for processing. Personal Data processing is compliant with relevant data protection laws, including the provisions of the European Union’s Regulation 679/2016 (“GDPR – General Data Protection Regulation”). We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
All personal data provided by you are kept by Lavazza in compliance with industry standard security measures. We use technical, administrative, and physical security measures to protect against the loss, misuse, alteration, disclosure, and unauthorized access of data used by our system, and to ensure that all data used by our system is reliable for its intended use, and is accurate, complete, and current.
No data transmissions over the Internet, however, are guaranteed to be completely secure. While we strive to protect your data from unauthorized use or disclosure, Lavazza does not warrant or guarantee the security of the data that you provide to us; any transmission of data is at your own risk.
6) How long do we retain your Personal Data
Lavazza will retain your Personal Data for as long as it is necessary to fulfill the purpose for which the data was collected and generally as stated below, unless a longer retention period is required or permitted by law.
· We will retain your Personal Data that is useful for signing into your account on the Site for the entire duration of your account.
· Your Account Data will be kept for as long as it is necessary to guarantee the correct execution of your order and the fulfillment of the related administrative and payment obligations.
· Persona Data collected for the purposes of sending promotional and advertising material or targeted advertising purposes will be retained for a period not exceeding 24 months.
· Personal data collected for the management of prize competitions and transactions will be kept for the entire duration of the premium transaction and for a period of time to ensure the correct execution of the contract and the fulfillment of the related administrative and tax obligations.
· The data collected for automatic profiling purposes will be kept for a period of time not exceeding 12 months or at the different period indicated by the supervisory authorities
7) YOUR RIGHTS TO CONTROL YOUR PERSONAL DATA
You have control over the Personal Data that we collect about You and may exercise any of the following rights by sending a request to us using the contact information below (“Data Subject Request”):
You have the right to access your Personal Data that we hold about you. You have a right to know if we process any Personal Data about you and, if we do, be sent a copy of the Personal Data, along with an explanation of the purposes of the processing, and the categories of recipients we have disclosed your Personal Data to. You can contact us at privacyDPO@lavazza.com and/or firstname.lastname@example.org and using the subject line “Data Subject Request – Access” to exercise this right.
You have the right to correct your Personal Data if it is inaccurate. If you have registered an account, you may change or update your information at any time. Alternatively, you may request access to the personal information that we have collected about you and confirm or change that information by sending an e-mail to us at privacyDPO@lavazza.com and/or email@example.com and using the subject line “Data Subject Request – Right of Access.”
You have a right to revoke your consent to or to opt-out of how we use your Personal Data or to object to one or more of our data processing activities as described in this Policy. For example, to revoke your consent and opt-out of receiving promotional information by email, you may follow the instructions in the email to unsubscribe, or opt-out via your account settings, if applicable. Alternatively, you can contact us at privacyDPO@lavazza.com and/or firstname.lastname@example.org and using the subject line “Data Subject Request – Opt Out.”
You have the right to have your Personal Data erased under certain circumstances. You may exercise this right if you (a) withdraw your consent and we have no other lawful basis for processing the data; (b) if the data is no longer necessary for the purpose for which it was collected; (c) where you have objected to the use of the data for direct marketing; (d) where the data has been unlawfully processed; (e) where erasure is necessary to comply with a legal obligation. You may request erasure of your Personal Data by making an email request to privacyDPO@lavazza.com and/or email@example.com and using the subject line “Data Subject Request – Right of Erasure.” Please note that there are also exceptions to this right that may prevent you from exercising this right. For example, if the data is necessary for the establishment, exercise, or defense of legal claims, your right to erasure will not apply.
You have the right to restrict the processing of your Personal Data under certain circumstances. You may exercise this right if (a) you contest the accuracy of the Personal Data we have about you; (b) if the processing is unlawful; (c) if the data is no longer necessary for the purposes of processing but it is required for the establishment, exercise, or defense of legal claims; and (d) if you have objected to the processing of your data based on the public interest or the legitimate interest of others. You may request the restriction by making an email request to privacyDPO@lavazza.com and/or firstname.lastname@example.org and using the subject line “Data Subject Request –Restriction of Processing.” Upon confirmation, we will limit the processing your Personal Data for the establishment, exercise, or defense of legal claims, the protection of another, for important public interest reasons, for storage purposes, and where you provide consent.
You have the right to object to your Personal Data from being used for direct marketing, including profiling for targeted advertising. You can exercise your right by making an email request to privacyDPO@lavazza.com and/or email@example.com and using the subject line “Data Subject Request – Objection to Marketing.”
You have the right to data portability. You may request to be given a copy the Personal Data that you have provided to us and that we have processed through automated means based on your consent in a commonly used, machine-readable electronic format where technologically possible, for your re-use. You can request your Personal Data by making an email request to privacyDPO@lavazza.com and/or firstname.lastname@example.org and using the subject line “Data Subject Request – Data Portablity.”
When we receive a Data Subject Request from you, we will communicate with you and work promptly to respond to your request. Please note that there are some exceptions to the rights above and there may be situations where we are unable to fully respond to your request or may need more time to do so. If you wish to obtain more information about your rights, or how to exercise them, please contact our Data Privacy Officer at privacyDPO@lavazza.com.
If you have any concerns or a complaint about how we have used your Personal Data, please let us know directly by contacting our Data Privacy Officer at privacyDPO@lavazza.com. The competent Authority to address Your complaints is the Italian Data Protection Authority (Garante Italiano per la Protezione Dati Personali).
9) YOUR CALIFORNIA PRIVACY RIGHTS
Shine the Light Requests. If you are a California resident, you have the right to make an annual request that we disclose to you what categories of Personal Data we disclosed to third parties for their direct marketing purposes, and to whom we disclosed them. If you are California resident and would like to make such a request, please submit your request via email to email@example.com using the subject line “California Shine the Light Request.”
9) LINKS AND THIRD-PARTY CONTENT
Our Site may contain links to other websites and our Site may be linked from other websites, including websites of our partners or other third parties, which are not under our control. We provide these links on our Site as a customer convenience and to allow advertisers, including our partners, to promote their own sites or products, and do not endorse those sites, companies or their products or services. Also, when you link to our Site from another site, the originating site may collect information about you. We do not review, control or monitor the practices, information or materials on any other websites, and are not responsible or liable for the communications, information, content or materials from or the practices and policies (including without limitation privacy or data collection practices or policies) of any of those sites. In addition, any links to these third party sites may also contain cookies or other tracking devices.
9) CHILDREN'S PRIVACY
Our Site is not intended for use by children under 18. We do not knowingly solicit or collect Personal Data from anyone who is under 16. We do not sell products for purchase by children under 18. If you are under 16, you must obtain your parent’s or guardian’s consent before using this Site. We strongly encourage you to get your parent's or guardian’s consent before giving out any personal information online.
In case we determine upon collection that a user is under this age, we will not use or maintain his/her personal information without his/her parent’s or guardian’s consent. A parent or guardian can review, remove, change, or refuse further collection or use of their child’s personal information by contacting us at privacyDPO@lavazza.com. firstname.lastname@example.org.
10) HOW TO CONTACT US