Privacy policy
DATA PROTECTION NOTICE PURSUANT TO ART. 13 of (EU) REGULATION n. 2016/679 (“GDPR”)
The Companies belonging to the La Marzocco Group (hereinafter, also referred to as the “Joint Controllers”), pursuant to article 13 of (EU) Regulation n. 2016/679 (hereinafter, referred to as the “GDPR”), hereby provides you with information about the processing of your personal data, carried out to answer the requests for information submitted through the section “Contact Us?” of the website. Through the section the user can submit, for example: requests for information on the purchase of La Marzocco equipment; requests for marketing or events promoted by La Marzocco, etc.
JOINT CONTROLLERS
The Companies belonging to the La Marzocco Group jointly determine the purposes and means of the processing of your personal data, carried out to answer your requests for information submitted through the section of the website. In this context, therefore, these Companies operate as Joint Controllers, pursuant to art. 26 of the GDPR and according to the signing of a specific internal agreement which governs the respective responsibilities and obligations.
The contact details of the Joint Controllers are detailed below:
- La Marzocco S.r.l, [email protected];
- La Marzocco France;
- La Marzocco Germania;
- La Marzocco UK;
- La Marzocco Spain;
- La Marzocco Middle East (AE);
- La Marzocco Singapore;
- La Marzocco Switzerland.
DATA PROTECTION OFFICER (DPO)
La Marzocco S.r.l. has appointed Data Protection Officers (DPO), who can be contacted at the following email address: [email protected].
PROCESSED PERSONAL DATA
The personal data processed by the Joint Controllers are: name, surname, e-mail address, city, country, phone number and company name.
WHY IS YOUR PERSONAL DATA PROCESSED AND WHICH IS THE LEGAL BASIS OF THE PROCESSING? | HOW LONG DO WE RETAIN YOUR DATA? |
---|---|
A) Personal data are collected and processed in order to answer the requests for information submitted by the user through the section “Contact Us?” of the website. Processing of personal data is necessary for “performance of a contract to which the data subject is party or taking of steps at the request of the data subject prior to entering into a contract” (art. 6, paragraph 1, letter b) of the GDPR). |
The personal data shall be retained for no more than 24 months from the time of their registration on the Company’s CRM. |
B) Personal data are collected and processed in order to record the user Data on Company’s CRM, for the management of the pre-contractual/contractual agreement. Processing of personal data is necessary for “performance of a contract to which the data subject is party or taking of steps at the request of the data subject prior to entering into a contract” (art. 6, paragraph 1, letter b) of the GDPR). |
The personal data shall be retained for no more than 24 months from the time of their registration on the Company’s CRM. |
Once the above-mentioned retention periods expire, personal data shall be destroyed, erased, or anonymised, in accordance with the erasure and back-up policies adopted by the Joint Controllers.
NATURE OF THE PROVISION OF DATA
The provision of personal data is required in order to answer the requests for information submitted by the user. Any refusal to provide the data, therefore, would prevent the Joint Controllers from effectively pursuing the purpose mentioned under lett. A) and B).
PERSONS ACTING UNDER THE AUTHORITY OF THE CONTROLLER
Data can be processed by the Joint Controllers’ personnel in charge of fulfilling the above-mentioned purposes, who have been expressly authorized to process data by the Joint Controllers, have received proper operating instructions and are bound to professional confidentiality.
RECIPIENTS OF PERSONAL DATA
Personal data can be disclosed to autonomous data controllers, including, but not limited to, control Authorities, as well as to any other public body entitled to request the data.
Personal data can also be processed, on behalf of the Joint Controllers, by designated data processors, that must have received appropriate operating instructions. They include but are not limited to companies in charge of developing and providing IT applications.
TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES
Some personal data is shared with recipients that could be based outside the European Economic Area. The Controller assures that the processing of the data by the recipients in question is carried out in compliance with the GDPR. Transfers can actually be based on an adequacy decision, on the Standard Contractual Clauses approved by the European Commissions or on other appropriate legal grounds. For further information please contact the Joint Controllers, by sending an email to the address [email protected].
DATA SUBJECT’s RIGHTS
By contacting the Joint Controllers at the e-mail address [email protected], the data subject can request, at any time:
- to access his/her personal data (art. 15 of the GDPR).
- To have it rectified and completed (art. 16 of the GDPR).
- To have it erased (art. 17 of the GDPR).
- To restrict its processing (art. 18 of the GDPR).
- To receive the personal data in a structured format of common use and readable by automatic device, as well as, if technically feasible, to transmit it to another data controller without impediments (“right to data portability”, art. 20 of the GDPR).
Data subjects also have the right to lodge a complaint with the competent supervisory authority, pursuant to art. 77 of the GDPR, if they consider that the processing of their personal data infringes the GDPR.