PRIVACY POLICY FOR THE USERS OF THE SITE HTTPS://STORE.LAMARZOCCO.COM
Please carefully read this Privacy Policy (hereinafter referred to as the “Privacy Policy”), intended for the users of the site https://store.lamarzocco.com (hereinafter referred to as the “Site”), drawn up in accordance with the provisions contained in art. 13 of the General Data Protection Regulation no. 2016/679 (hereinafter also referred to as the “GDPR”), which provides detailed information on the processing of your personal data (hereinafter also referred to as the “Data”) and on their use.
It should be pointed out that the Privacy Policy only applies to the Data processing operations carried out on the Site and does not extend to any processing operations carried out on different websites, though they can be accessed through links included in the Site.
CONTENTS
1. Data Controller and relevant contact details.
2. Contact data of the Data Protection Officer (DPO).
3. Processed Data types. 23.1 Navigation data.
3.2 Data voluntarily provided by the user.
3.3 Third-party Data.
3.4. Data of persons under 16 years of age.
4. Services provided by the Site.
4.1 “My account” section.
4.2 “Checkout” section.
4.3 “Contact Us” service.
5. Additional purposes of the processing.
5.1 Compliance with legal obligations.
5.2. Establishment, exercise or defence of legal claims.
6. Recipients and transfer of personal data.
7. Exercise of the data subject rights.
7.1 Exercising the rights.
8. Privacy Policy update. 5
1. Data Controller and relevant contact details
The Data Controller is La Marzocco S.r.l. (hereinafter also referred to as the “Controller”, the “Company” or “La Marzocco”), with registered office in Florence (FI), Viale G. Matteotti, n. 25 and operating office in Scarperia (FI), Via La Torre, n. 14/H, VAT number 04040140487.
E-mail: privacy@lamarzocco.com.
2. Contact data of the Data Protection Officer (DPO)
The Controller has appointed a Data Protection Officer (DPO), who can be contacted at the following email address: dpo@lamarzocco.com.
3. Processed Data types
3.1 Navigation data
We collect the following Data through the services used by the user.
Technical data
This category of Data includes the IP addresses or the domain names of the computers used by the users who connect to the Site, the addresses in URI (Uniform Resource Identifier) format of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the computer environment of the user. This Data is only used for statistical information (and thus is de-identified), as well as to verify that the Site is working properly, and is immediately deleted once the processing is completed. The Data could be used to determine liability in the event of cybercrimes against the Site. Except in this case, Data on web contacts is retained for no longer than 7 days.
Cookies
The Site collects Data using cookies or similar technologies. For further information, please refer to the “Cookie Policy” of the Site.
3.2 Data voluntarily provided by the user
Website users can choose to voluntarily provide information, for example by filling in the “Need help?” and “Stay connected” forms available in each of the Site pages.
3.3 Third-party Data
Should you decide to provide any third-party Data, please make sure that the parties in question have received in advance appropriate information on the processing methods and purposes mentioned herein. In that case, you act as a separate data controller, and undertake all the obligations and responsibilities provided for by the law.
3.4. Data of persons under 16 years of age
Remember that if you are under 16 years of age you cannot provide any personal data, and, in any case, we accept no responsibility for any false statements you made. If we realize that your declarations are untruthful, we will immediately delete any personal data acquired.
4. Services provided by the Site
The following paragraphs provide a description of the services offered by the Site. For each of the services we offer the information provided herein includes but is not limited to: the Data processing purposes, the legal grounds of the processing and the processed Data retention times.
4.1 “My account” section
Through a link in the banner displayed at the top of the Site pages, the user can access the “My account” section. Inside the section in question, visitors who are already registered can access their reserved area by entering their username/email address and password. If the user is not registered with the Site yet, instead, he can register by entering his username, email address and password. After gaining access to the reserved area, visitors can display their orders, manage the shipping and invoicing addresses, change the password and add further details to their account by specifying their name, surname, birth date and VAT number.
Purposes of the processing: allowing the user to register with the Site by creating a personal account.
Legal grounds of the processing: art. 6, paragraph 1, letter b) of the GDPR, “performance of a contract to which the data subject is party or taking of steps at the request of the data subject prior to entering into a contract”.
Retention times: The personal data shall be retained until the user deletes his account and for 10 years after its deletion – the ordinary limitation period for contractual liability. In any case, the Company reserves the right to delete the user account on its own initiative if 12 (twelve) months have elapsed from the last login.
4.2 “Checkout” section
After selecting the product, he wishes to purchase from the Store, the user can display his “cart”, then proceed with the checkout, to finalise the purchase. To this purpose, when checking out, the user is requested to provide his personal data, for the invoicing operations and for the shipping and delivery of the goods he purchased. Namely, visitors are requested to specify: name, surname, Country, address, ZIP code, city, province, phone and email address. If the customer is a private citizen, in addition to the above-mentioned personal data, he shall be requested to specify his birthplace and birth date.
Purposes of the processing: finalising the purchase made by the user and carrying out the related invoicing and shipping tasks.
Legal grounds of the processing: art. 6, paragraph 1, letter b) of the GDPR, “performance of a contract to which the data subject is party or taking of steps at the request of the data subject prior to entering into a contract”.
Retention times: the personal data shall be retained throughout the duration of the contractual agreement, and for 10 years after its expiry – the ordinary limitation period for contractual liability.
4.3 “Contact Us” service
The Website hosts the “Contact Us” section, displayed at the top of each of its pages, and the toll-free number, displayed in its footer, where you can contact the Company. Through this section and/or the toll-free number, the user can submit to the Company his/her questions concerning one of the following items: (i) Order; (ii) Payment; (iii) Product information; (iv) Shipment; (v) Other.
In order to receive this service, the user must necessarily provide the following personal data: name, surname, e-mail address, city, State, phone number and company.
With particular reference to the call via toll-free number, depending on the request made, it may be necessary to collect certain information regarding the data subject. Among these, by way of example and not limited to: name and surname, e-mail address, telephone number, city, etc.
Purposes of the processing: (i) answering the requests for information submitted by the user through the “Contact Us” section of the Website and/or the call via toll-free number; (ii) recording the user Data on Company CRM, for the management of the pre-contractual and/or contractual agreement.
Legal grounds of the processing: art. 6, paragraph 1, letter b) of the GDPR, “performance of a contract to which the data subject is party or taking of steps at the request of the data subject prior to entering into a contract”.
Retention time: the personal data shall be retained for no more than 24 months from the time of the last contact with the user.
5. Additional purposes of the processing
Within the scope of the personal data processing operations carried out through the Site, the Controller also pursues the following additional and specific purposes:
5.1 Compliance with legal obligations
Where necessary, the Controller processes the personal data of the data subjects, collected through the Site, in order to ensure the compliance with the obligations provided for by the applicable laws, regulations and EC standards.
Legal grounds of the processing: art. 6, paragraph 1, letter c) of the GDPR, “processing is necessary for compliance with a legal obligation to which the Controller is subject”.
Retention times: the personal data shall be retained for the time strictly necessary for the Controller to comply with the legal obligations it is subject to.
5.2. Establishment, exercise or defence of legal claims.
Where necessary, the Controller processes the personal data of the data subjects, collected through the Site, in order to establish, exercise or defend a claim in a legal proceeding or whenever the judicial authorities exercise their judicial functions.
Legal grounds of the processing: art. 6, paragraph 1, letter f) of the GDPR, “processing is necessary for the purposes of the legitimate interests pursued by the controller”.
Retention times: the personal data shall be retained for a period strictly limited to the duration of the litigation, until the expiry of the appeal enforceability terms.
6. Recipients and transfer of personal data
Your Data can be shared with:
- people authorised by the Controller to process the personal data, who have received appropriate operating instructions, have committed to keep the data confidential or are subject to an appropriate legal confidentiality obligation;
- persons delegated and/or designated by the Controller to carry out any tasks strictly related to the pursuing of the above-listed purposes (including technical maintenance operations on the systems), duly appointed as Processors;
- people, companies or professional firms providing support and consulting services to the Controller, duly appointed as Processors;
- persons, bodies or authorities to which your personal data must be communicated pursuant to law provisions or orders issued by the competent authorities.
The Data is managed and stored on servers owned by the Controller and/or by third-party companies appointed as Processors. The servers in question are located within the European Union.
Personal data is not transferred outside the European Union. In any case it is understood that, where necessary, the Controller shall be entitled to transfer the personal data to extra-EU countries too, ensuring hereby that the data shall be transferred in compliance with the law provisions and thus signing, if and insofar as necessary, specific agreements ensuring an adequate level of protection of the personal data, or anyway adopting the standard contractual clauses provided for by the European Commission for the transfer of personal data to extra-EU countries.
7. Exercise of the data subject rights
7.1 Exercising the rights
Consistently with the provisions contained in the GDPR, you have the right to request from the Controller, at any time, the access to your personal data, as well as its rectification or erasure, or to object to its processing. The law also allows you to exercise the right to request the restriction of processing in the cases provided for by art. 18 of the GDPR, as well as to obtain your personal data in a structured format of common use and readable by automatic device, in the cases provided for by art. 20 of the GDPR.
Requests can be sent to the email address: privacy@lamarzocco.com.
Finally remember that you always have the right to lodge a complaint with the competent control authority (Italian Data Protection Authority), pursuant to art. 77 of the GDPR, if you believe the processing of your personal data does not comply with the regulations in force.
8. Privacy Policy update
This Privacy Policy has been published in November 2020, and over time it may be subject to change, even following the coming into force of new industry regulations, the update or the provision of new services, or the introduction of technological innovations. La Marzocco shall inform you of the changes in question as soon as they are introduced, and they shall be binding as soon as they are published on the Site. La Marzocco therefore encourages you to regularly visit this section, in order to gain access to the most recent and up-to-date version of the Privacy Policy and make sure that you always have up-to-date information about the collected Data and their use by the Controller.