Personal data processing policy
The following privacy rules – to be understood as provided also as a policy pursuant to art. 13 of the European Regulation 2016/679 “GDPR – have the purpose of describing the procedures for the collection and use of personal data through the Company’s websites and are aimed at users of the related services.
The data controller of personal data is La Marzocco Srl, with registered office in Viale Gian Giacomo Matteotti no. 25, 50121 – Florence, Italy; Tax Code, VAT Number and Registration in the Florence Business Register no. 04040140487 (hereinafter “Data Controller” or “LM”).
The Data Controller has designated the Data Protection Officer (hereinafter “DPO”), who can be contacted, for all matters relating to the processing of your personal data and the exercise of your rights under the GDPR, at the following e-mail address: firstname.lastname@example.org.
1. Object and type of data processing
The Data Controller processes personal data, exclusively of a non-sensitive type, communicated by the concerned party during the contact step made by:
- filling out the appropriate form:
- access to the sections dedicated to purchases (store, home);
- subscription to the newsletter service.
In addition to these data, freely entered by the user on the website, browsing data may also be processed, collected as a result of the use of our services by the user and, in particular:
- information on the device used by the user to connect;
- specific information on the device (e.g. device type, mobile network information);
- Log information. While the user makes use of our services or displays content provided by LM, we may automatically collect and store some information in the server logs. This information could include: data on how we use our service, such as search queries; information on internet connection data such as IP address and all data linked to it; information about device events such as system activity, hardware settings, browser type and language, date and time of requests and referring URLs; cookies that could uniquely identify the browser or the user’s LM account.
2. Purpose of data processing
The browsing data will be used in order to obtain anonymous statistical information on the use of the site and to check its correct functioning. They can also be used to ascertain the responsibility for a criminal offence, in case of criminal offences against the website.
The other personal data voluntarily provided to the Data Controller will be processed – even without the express consent of the party concerned and in compliance with art. 6 sect. b, c and f of the GDPR (legal bases of processing) – for the following purposes:
- allow registration to the reserved area of the website;
- allow the user to proceed with the purchase of goods through the store and home website and then perform any related activities (selection of products, sending orders and acceptance, delivery, exercise of the right of withdrawal and collection of goods, or any other necessary fulfilment required by the sale conditions);
- allow registration to the newsletter service provided by the Data Controller and any additional services requested;
- proceed to send informative newsletters to the user registered to the relative service;
- fulfil pre-contractual, contractual and tax obligations;
- check the requests made by the interested party;
- send service notices, also with reference to changes in contractual terms, contents, conditions and policies adopted;
- fulfil the obligations deriving from the law, rules, EC regulation or an order of the Authority;
- prevent or discover fraudulent or unauthorised activity towards the website;
- exercise any other right of the Data Controller, such as the right to defence in court, as well as any other processing compatible with the aforementioned purposes.
The same data will be processed, only after free and specific consent of the concerned party – shown through flags on dedicated boxes – for the pursuit of the following purposes:
- sending commercial communications and/or advertising material and market research;
- communication to third parties;
- collection and analysis of behaviours, habits, preferences expressed in the use of web content, in order to improve the services provided and to personalise them.
It is specified that the consent given by the concerned party can always be revoked, by contacting the Data Controller or the DPO at the addresses indicated, or by direct management through entry into the personal profile.
3. Duration of processing
Personal data will be processed for the time necessary to achieve the purposes for which they were collected. It should be noted in particular that:
browsing data will be deleted within 2 years of their processing;
the data relating to and connected with the sale of the goods will be kept for the time required for the execution of the purchase contract, for after-sales activities, and subsequently for the time necessary to satisfy accounting and legal purposes;
In any case, a higher retention period is reserved, where required by law or regulations.
4. Data communication
The data may be disclosed to public and private parties, physical and/or legal persons (legal, administrative and fiscal consultancy offices, forwarding agents and couriers, any IT companies and others) in relation to which the communication is necessary for the pursuit of contractual, administrative, accounting, purposes, as well as to guarantee the concerned parties to use the website.
The data may also be disclosed to other parties, when the communication is required or imposed by law.
5. Place of processing
Personal data will be processed within the territory of the European Union (Great Britain). If for technical and/or operational reasons it is necessary to rely on entities located outside the European Union, it is guaranteed that the transfer to these entities, limited to the performance of specific processing activities, will be carried out in compliance with the provisions of the GDPR
6. Rights of the concerned parties
Pursuant to articles 13, 15-22 of the GDPR, the concerned party has the right, in particular:
- to obtain confirmation that a processing of personal data concerning him/herself is in progress;
- to obtain access to data and the following information (purpose of processing, categories of personal data, recipients and/or categories of recipients, retention period);
- to obtain the correction or integration of inaccurate personal data concerning him/herself;
- to obtain the cancellation of personal data concerning him/herself in the cases provided for by art. 17 GDPR;
- to obtain that personal data concerning him/herself are only stored without any other use being made of them in the following cases provided for by art. 18 GDPR;
- to receive personal data relating to him/herself processed by automated means in a format that is commonly used, readable by an automatic and interoperable device, if they are processed by contract or on the basis of its consent.
Finally, the concerned party has the right to contact the Supervisory Authority to file a complaint.
For any request or communication, or to exercise your rights, you can contact the Data Controller by sending an e-mail to email@example.com.