Last Updated: November, 2020
1) WHO WE ARE
Lavazza Premium Coffee Corporation, a New York corporation with offices in 120 Wall Street, Floor 27 New York, NY, 10005, USA is a wholly-owned subsidiary of Luigi Lavazza S.p.A., a company incorporated in Italy with its registered office in Torino, Via Bologna 32 – 10152 – Italy (hereinafter individually or collectively as “Lavazza,”, “LPCC”, "Company," "we" or “us” or “our”)
2) WHAT WE COLLECT
Personal Data You Provide. We collect and store personal data you voluntarily provide to us through your use of the Site or that we may collect or request in connection with your use of the Site (“Personal Data”). Lavazza will only collect those categories of Personal Data from you that are necessary to carry out the services provided through our Site. These categories and examples include:
Identity Your first and last name, maiden name, username, or other unique identifier
Contact Your email address, telephone and mobile phone number, physical address
Internet browsing Web-browsing data processed through cookies installed on your
data computer or smart phone
Account data Bank data, payment card and any other financial information (individually and collectively, “Account Data”) are not recorded by the Site. We handle payment and financial information in a manner that is compliant with applicable laws, regulations and security standards. In particular we, or our third party payment providers, encrypt your Account Data to prevent the data from being read or accessed by any third parties other than the banks or financial institutions handling the payment services through our Site.
We do not intentionally collect or process any Sensitive Data on the Site. “Sensitive Data” means personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data or data that concerns a person’s sex life of sexual orientation.
Your Personal Data is collected when you interact with features on our Site, including but not limited to: using a customer order form to purchase products and/or request additional services, creating an account with us, filling out a survey, entering contests, participating in promotions, submitting comments or questions, and requesting to receive our newsletter or promotional information.
To take advantage of certain features that on the Site, such as purchasing a product, you may be required to create an account and/or login credentials by typing in your user name/ID or email address and password and other information, or by using one of the available social media authentication methods such as Facebook®, Google+® and Yahoo®. When purchasing a product you will also be required to provide information necessary for order fulfillment such as credit card information, and billing and shipping information. Certain features of the Site may ask you to provide additional optional information to us.
3) THE PURPOSES FOR WHICH WE USE YOUR INFORMATION
We use the information that we collect from you for the following purpose(s):
Registration to our website: the procedure of registering to our website, through the creation of an account or the use of an already-existing social network account, is aimed at allowing you to use the website as a "Registered User" and to access a series of exclusive services offered through it. The provision of data is optional. The legal basis for processing is the implementation of pre-contractual measures to which the data subject is party.
Access via the use of social networks may involve accessing personal data other than the data provided at the time of registration to our portal, on the basis of the authorizations you have provided to these social networks and which are to be referred to in relation to the policies on the management of your privacy.
Management of requests: the Personal Data will be collected in order to manage and answer requests about the products and initiatives of the various brands of the Lavazza Group. The legal basis for this processing is the implementation of pre-contractual measures to which the data subject is party.
Purchase of products: by using our website you may purchase Lavazza products as a Registered User (and in this case you do not need to re-enter your Personal Data every time you purchase a product) and as a non-Registered User (re-entering the required data each time in order to complete a purchase). Both these cases require the processing of your Personal Data.
Your Personal Data will be processed in order to manage orders and payments, and to fulfil consequent administrative and accounting obligations, as well as to contact you for any information regarding your purchases (for example, information on the status of your orders). The provision of personal data is optional, but necessary to complete the purchase order. The legal basis for the processing is the performance of the Contract to which the data subject is party.
Marketing: under to your specific consent, we may process your Personal Data in order to send you commercial communications, as well as to invite you to take part in our promotional initiatives, to participate in our events and to register for our newsletter. The legal basis of this processing is the Consent of the Data Subject, which can be withdrawn at any time.
Participation in competitions and give-aways: we may process your Personal Data so that you can participate in competitions and give-aways. The legal basis for this processing is the implementation of pre-contractual measures to which the data subject is party.
Profiling: subject to your specific consent, we may process your Personal Data for profiling purposes, namely for analysing or predicting your tastes, potential habits and consumer choices, so that we can offer you products, services, promotions and customised commercial communications. The legal basis of this processing is the consent of the Data Subject, which can be withdrawn at any time.
Analysis purposes: the Personal Data you have provided when interacting with the Lavazza world and the information regarding this interaction will be collected in our database and will be used to anonymously analyze and improve the services we offer, to assess the efficiency of the activities and initiatives promoted by Lavazza and to conduct statistical analysis on the composition of the database. The legal basis of the processing is the legitimate interest of the Data Controller.
Any other purpose for which you have provided your specific consent can be withdrawn at any time.
NATURE OF THE PROVISION
The provision of your Personal Data is optional. However, the failure to provide your Personal Data may result in the impossibility to use certain services (e.g. to place orders and make purchases, to participate in competitions and giveaways, to be sent the newsletter, etc.).
The compulsory or optional nature of the provision of your Personal Data will be marked each time using symbols (e.g. “*”) placed next to the information that requires the provision of data for the respective purpose.
4) HOW WE MAY SHARE YOUR PERSONAL DATA
Your Personal Data may be disclosed, to further the purposes specified above, in the following circumstances:
· We may share your Personal Data with our parent, subsidiary, and affiliated companies, in the course of our business operations. We share your Personal Data with employees and personnel of Lavazza as necessary for business purposes, such as processing your order, customer service, system administration, and promotion and marketing;
· We may share your Personal Data with our third party service providers, who are authorized by Lavazza to process Personal Data on our behalf, and who are committed to comply with an appropriate contractual or statutory obligation of confidentiality. These service providers perform certain business functions for us, which may include marketing, data analysis, and IT and website services. We may provide your Personal Data to these third party agents, consultants and contractors to perform those functions on our behalf;
· We may share your Personal Data with law enforcement agencies and public authorities when so required by the applicable law, regulation, legal processes or government requests or in the good faith belief (e.g., to conform to the edicts of the law or comply with legal process served on LPCC), to act under exigent circumstances to protect the personal safety of users of LPCC, its Site, or the public, to enforce the terms of any of our policies, or protect the rights, property or safety of LPCC, our associates, or our customers. This may include assistance in fraud protection and investigation.
· in case of a substantial corporate transaction, such as a merger, consolidation, asset sale, or a transaction involving the transfer of some or all of our business assets, or in the unlikely event of bankruptcy, we may share your information with business entities or people involved in the negotiation or transfer.
5) WHERE WE PROCESS AND SECURE YOUR PERSONAL DATA
Your Personal Data will be processed in compliance with the provisions of applicable data protection laws, with the use of electronic or automated means and manual methods, for the purposes for which the data has been collected, via databases, the electronic platforms managed by Lavazza or by third parties (appointed as Data Processors), the integrated IT systems of Lavazza and the aforesaid third parties, and/or websites owned or used by Lavazza.
Your Personal Data will be processed using methods designed to ensure the confidentiality and only by people trained and authorised to process it. Lavazza, as Data Controller, adopts all the appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented in relation to the processing.
The Personal Data you provide will be collected and processed in US and transferred to Italy, in the European Union, and may be accessible by the companies forming part of the Lavazza Group and/or third-party companies that carry out the processing activities on behalf of the Data Controller, as Data Processors.
The Data Controller has made a list of Data Processors, which is constantly updated and can be viewed by contacting the Controller.
No data transmissions over the Internet, however, are guaranteed to be completely secure. While we strive to protect your data from unauthorized use or disclosure, subject to applicable laws Lavazza does not warrant or guarantee the security of the data that you provide to us.
6) HOW LONG DO WE RETAIN YOUR PERSONAL DATA
Lavazza will retain your Personal Data for as long as it is necessary to fulfill the purpose for which the data was collected and generally as stated below, unless a longer retention period is required or permitted by law.
· Registration to the Website: The Personal Data you have provided in order to register to the Website will be stored for the entire period of time that you are registered on the Website. If your account is inactive for 24 months, it will be deleted.
· Your Invoice Data will be kept for as long as it is necessary to guarantee the correct execution of your order(s) and the fulfillment of the related administrative and payment obligations.
· The data collected for profiling purposes and for the sending of promotional and advertising material, for which consent has been given, will be stored for a period of time of no longer than 12 and 24 months respectively or for any other period of time that may be indicated by the supervisory authorities. If you have not provided the above consent, your personal data will be made anonymous and used for statistical analysis.
· Personal Data collected for the management of prize competitions and transactions will be kept for the entire duration of the prize competitions and transactions and for a period of time afterward to ensure the correct execution of the contract and the fulfillment of the related administrative and tax or other legal obligations.
7) YOUR GDPR RIGHTS
You may exercise any of the following rights by sending a request to us using the contact information below (“Data Subject Request”):
- the right to obtain confirmation as to whether or not personal data concerning you exists, regardless of it being already recorded, and communication of such data in intelligible form;
- the right to withdraw the consent you have given for the purposes of the processing at any time;
- the right to access, rectify, erase and limit the processing and portability of your personal data;
- the right to object to its processing any time you wish;
- the right to commence proceedings before the competent supervisory Authority, if you think that the processing of your data is contrary to the laws in force.
If you have any concerns or a complaint about how we have used your Personal Data, if you wish to exercise the aforesaid rights or you wish to have more information on the processing of your personal data please write an email to email@example.com or to Group Data Privacy Officer at privacyDPO@lavazza.com
9) YOUR CALIFORNIA PRIVACY RIGHTS
If you are a California resident, the categories of “Personal Information” (as defined by the California Consumer Privacy Act, as amended (the, “CCPA”) that we collect, as well as the purposes for which we use them, are described above in Sections 2-3. Additionally, you have the following rights in connection with your Personal Information:
Right to know: you have the right to make two requests per year about our collection and use of your Personal Information over the past 12 months: a) the categories of Personal Information we have collected from you; b) the source and purposes of the collection; c) the data stored; d) the categories of third parties with whom we share your data; e) if we shared your Personal Information for a business purpose and the categories of Personal Information that each category of recipient obtained.
Right to deletion: You have the right to request deletion of your Personal Information that has been collected and retained from you, unless their conservation is necessary to fulfill a legal obligation (e.g. administrative and tax obligations, etc.) as well as for the execution of a contractual relationship, etc, as required by law.
To exercise these rights, please email us at firstname.lastname@example.org.
We will not discriminate against you in terms of services, the level or quality of services, or pricing for exercising any of your CCPA rights, although in some cases the deletion of certain Personal Information may render it technically impossible to provide certain features of our services to you. If you make excessive requests, we may charge a reasonable fee as permitted under the CCPA.
We do not and will not sell Personal Information about you, as defined by CCPA. We also have not done so for the last 12 months.
Right to Opt-Out of Data Sales for Nevada Residents
We do not sell your covered information, as defined by Section 603A.320 of the Nevada Revised Statutes. If you reside in Nevada, you have the right to submit a request to us at email@example.com regarding the sale of covered information. Please include "Nevada" in your email subject line and include the following information in your email: your name, Nevada resident address, and email address. We will respond within sixty (60) days of receiving your request.
9) LINKS AND THIRD-PARTY CONTENT
Our Site may contain links to other websites and our Site may be linked from other websites, including websites of our partners or other third parties, which are not under our control. We provide these links on our Site as a customer convenience and to allow advertisers, including our partners, to promote their own sites or products, and we do not endorse those sites, companies or their products or services. Also, when you link to our Site from another site, the originating site may collect information about you. We do not review, control or monitor the practices, information or materials on any other websites, and are not responsible or liable for the communications, information, content or materials from or the practices and policies (including without limitation privacy or data collection practices or policies) of any of those sites. In addition, any links to these third party sites may also contain cookies or other tracking devices.
9) CHILDREN'S PRIVACY
Our Site is not intended for use by children under 16. We do not knowingly solicit or collect Personal Data from anyone who is under 16. We do not sell products for purchase by children under 16
In case we determine upon collection that a user is under this age, we will delete his/her Personal Data.
10) HOW TO CONTACT US