Privacy policy

WEBSITE DATA PRIVACY INFORMATION FORM updated to EU Regulation 2016/679 (European Regulation on the protection of personal data)

1. 
   Introduction

ITALVI SRL takes the user's privacy seriously and is committed to respecting it. It is a company operating in the production and distribution of coffee-based products. This privacy policy ("Privacy Policy") describes the personal data processing activities carried out by ITALVI SRL through the website occaffe.com (Site) and the related commitments undertaken in this regard by the Company. ITALVI SRL may process the user's personal data when the user visits the Site and uses the services and features on the Site. In the sections of the Site where the user's personal data are collected, a specific information notice is normally published pursuant to art. 13 /15 of EU Reg. 2016/679. Where required by EU Reg. 2016/679, the user's consent will be requested before proceeding with the processing of his/her personal data. If the user provides personal data of third parties, he/she must ensure that the communication of the data to ITALVI SRL and the subsequent processing for the purposes specified in the applicable privacy policy complies with EU Reg. 2016/679 and applicable legislation.

1. Identification details of the owner, manager and Privacy Officer

The Data Controller is ITALVI SRL with registered office in VIA. Via Trebbia, 21

04100 Latina

1. Type of data processed

Visiting and consulting the Site does not generally involve the collection and processing of the user's personal data except for navigation data and cookies as specified below. In addition to the so-called "navigation data" (see below), personal data voluntarily provided by the user may be processed when the user interacts with the Site's features or requests to use the services offered on the Site. In compliance with the Privacy Code, ITALVI SRL may also collect the user's personal data from third parties in the course of its business.

1. Cookies and browsing data

The Site uses “cookies”. By using the Site, the user consents to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the hard disk of the user's computer. There are two macro-categories of cookies: technical cookies and profiling cookies.

Technical cookies are necessary for the correct functioning of a website and to allow the user to navigate; without them the user may not be able to correctly view the pages or use some services.

Profiling cookies have the task of creating user profiles in order to send advertising messages in line with the preferences expressed by the user during navigation.

Cookies can also be classified as:

_ “session” cookies, which are deleted immediately when the browser is closed; _ “persistent” cookies, which remain in the browser for a certain period of time. They are used, for example, to recognize the device that connects to a site, facilitating authentication operations for the user;

_ “own” cookies, generated and managed directly by the manager of the website on which the user is browsing; _ “third-party” cookies, generated and managed by parties other than the manager of the website on which the user is browsing.

1. Cookies used on the site The Site uses the following types of cookies: a. first-party cookies, session and persistent, necessary to allow navigation on the Site, for internal security and system administration purposes; b. third-party cookies, session and persistent, necessary to allow the user to use multimedia elements present on the Site, such as images and videos; c. third-party cookies, persistent, used by the Site to send statistical information to the Google Analytics system, through which ITALVI SRL can perform statistical analyses of accesses / visits to the Site. The cookies used pursue exclusively statistical purposes and collect information in aggregate form. Through a pair of cookies, one persistent and the other session (expiring when the browser is closed), Google Analytics also saves a log with the times of start of the visit to the Site and exit from it. You can prevent Google from detecting data via cookies and the subsequent processing of data by downloading and installing the browser plug-in from the following address: http://tools.google.com/dlpage/gaoptout?hl=it
   
   
   
   
2. third-party cookies, persistent, used by the Site to include in its pages the buttons of some social networks (Facebook, Twitter and Google+). By selecting one of these buttons, the user can publish on his personal page of the relevant social network the contents of the web page of the Site he is visiting

The Site may contain links to other sites (so-called third-party sites). ITALVI SRL does not perform any access or control over cookies, web beacons and other user tracking technologies that may be used by third-party sites that the user can access from the Site; ITALVI SRL does not perform any control over content and materials published by or obtained through third-party sites, nor over the related methods of processing of the user's personal data, and expressly declines any related liability for such eventualities. The user is required to verify the privacy policy of third-party sites accessed through the Site and to inform themselves about the conditions applicable to the processing of their personal data. This Privacy Policy applies only to the Site as defined above.

1. How to disable cookies in browsers

If you wish, you can also directly manage cookies through your browser settings. However, deleting cookies from your browser may remove the preferences you have set for the ITALVI SRL website, so it would be advisable for you to periodically visit this page to re-check your preferences.

For further information and support you can also visit the specific help page of the web browser you are using:

• Internet Explorer;
• Firefox;
• Safari;
• Chrome;
• Opera

1. Retention of personal data

Personal data are stored and processed through computer systems owned by ITALVI SRL and managed or by third party technical service providers; for further details please refer to the section “Scope of accessibility of personal data” below. The data are processed exclusively by specifically authorized personnel, including personnel in charge of carrying out extraordinary maintenance operations. Personal data will be stored for the duration of the contract and after the end of the contract in order to fulfill the legal obligation of ITALVI SRL, including claims for any complaints, in accordance with applicable law, and will then be deleted or made anonymous.

If we consent to the processing of our products and services for direct marketing purposes after the expiry of the contract, we will process the data until the consent is revoked.

1. Purposes and methods of data processing

ITALVI SRL may process the user's common and sensitive personal data for the following purposes: use by users of services and features on the Site, management of requests and reports from its users, sending newsletters, management of applications received through the Site, etc. Furthermore, with the additional and specific optional consent of the user, ITALVI SRL may process personal data for marketing purposes, i.e. to send the user promotional material and/or commercial communications relating to the Company's services, to the contact details indicated, both through traditional methods and/or means of contact (such as, paper mail, telephone calls with an operator, etc.) and automated methods and/or means (such as, communications via the Internet, fax, e-mail, text messages, applications for mobile devices such as smartphones and tablets - so-called APPS -, social network accounts - e.g. via Facebook or Twitter -, telephone calls with an automatic operator, etc.). Personal data are processed both in paper and electronic form and entered into the company information system in full compliance with EU Regulation 2016/679, including security and confidentiality profiles and inspired by the principles of correctness and lawfulness of processing. In compliance with EU Regulation 2016/679, the data are stored and preserved for the time necessary to achieve the purposes for which they are processed and in any case for the entire time in which you decide to be registered on our website.

1. Security and quality of personal data

ITALVI SRL undertakes to protect the security of the user's personal data and complies with the security provisions set forth by applicable legislation in order to avoid data loss, illegitimate or illicit use of data and unauthorized access to the same, with particular reference to the Technical Regulations regarding minimum security measures. Furthermore, the information systems and computer programs used by ITALVI SRL are configured in such a way as to minimize the use of personal and identifying data; such data are processed only for the achievement of the specific purposes pursued from time to time. ITALVI SRL uses multiple advanced security technologies and procedures designed to promote the protection of users' personal data; for example, personal data are stored on secure servers located in places with protected and controlled access. The user can help ITALVI SRL to update and maintain correct personal data by communicating any changes relating to their address, qualification, contact information, etc.

1. Scope of communication and access to data The user's personal data may be communicated to:

- all subjects whose right to access such data is recognized by virtue of regulatory provisions; - to our collaborators, employees, within the scope of their relative duties; - to all those natural and/or legal persons, public and/or private when the communication is necessary or functional to the performance of our activity and in the ways and for the purposes illustrated above;

1. Nature of provision of personal data

The provision of some personal data by the user is mandatory to allow the Company to manage communications, requests received from the user or to contact the user to follow up on his request. This type of data is marked with an asterisk [*] and in this case the provision is mandatory to allow the Company to follow up on the request which, in its absence, cannot be processed. On the contrary, the collection of other data not marked with an asterisk is optional: failure to provide them will not entail any consequences for the user.

The provision of personal data by the user for marketing purposes, as specified in the section "Purposes and methods of processing" is optional and refusal to provide them will have no consequences. The consent given for marketing purposes is intended to be extended to the sending of communications carried out through both automated and traditional methods and/or means of contact, as exemplified above.

1. Rights of the interested party

12.1 Art. 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679

The interested party has the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

1. the purposes of the processing;
2. the categories of personal data concerned;
3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
4. the envisaged period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period;
5. the existence of the right of the data subject to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning him or her or to object to such processing;
6. the right to lodge a complaint with a supervisory authority;
7. the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

12.2 Right pursuant to art. 17 of EU Reg. 2016/679 - right to erasure ('right to be forgotten')

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: a. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

1. (b) the data subject withdraws consent on which the processing is based according to Article 6, paragraph 1, point (a), or Article 9, paragraph 2, point (a), and where there is no other legal ground for the processing;
2. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
3. the personal data have been unlawfully processed;
4. the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
5. personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1 of EU Reg. 2016/679

12.3 Right under art. 18 Right to restriction of processing

The interested party has the right to obtain from the data controller the limitation of processing when one of the following hypotheses occurs:

1. the data subject contests the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
2. the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
3. although the data controller no longer needs them for the purposes of the processing, the personal data are required by the data subject for the establishment, exercise or defence of legal claims;
4. the interested party has opposed the processing pursuant to Article 21, paragraph 1, EU Regulation 2016/679 pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party.

12.4 Right under art. 20 Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and shall have the right to transmit those data to another controller without hindrance from the controller.

1. Revocation of consent to processing

The interested party has the right to revoke consent to the processing of his/her personal data by sending a registered letter with return receipt to the following address: ITALVI SRL. Via Trebbia, 21 04100 Latina

(RM) accompanied by a photocopy of your identity document, with the following text: <<revocation of consent to the processing of all my personal data>> or via certified email to datipersonali@occaffe.com. At the end of this operation, your personal data will be removed from the archives as soon as possible.

If you wish to have more information on the processing of your personal data, or exercise the rights referred to in the previous point 7, you can send a registered letter with return receipt to the following address: ITALVI SRL SRL Via Trebbia, 21 04100 Latina (RM) accompanied by a photocopy of your identity document, with the following text: <<revocation of consent to the processing of all my personal data>> or by certified email to datipersonali@occaffe.com. Before we can provide you with, or modify any information, it may be necessary to verify your identity and answer some questions. An answer will be provided as soon as possible.