1. Data Controller and relevant contact details
The Data Controller is La Marzocco S.r.l. (hereinafter also referred to as the “Controller”, the “Company” or “La Marzocco”), with registered office in Florence (FI), Viale G. Matteotti, n. 25 and operating office in Scarperia (FI), Via La Torre, n. 14/H, VAT number 04040140487. The Controller can be reached at the following e-mail address: firstname.lastname@example.org.
2. Contact details of the Data Protection Officer (DPO)
The Controller has appointed a Data Protection Officer (“DPO”), who can be reached, for any information concerning the processing of your personal data, at the following e-mail address: email@example.com.
3. Processed Data types
The personal data collected and processed by the Website are the following.
3.1 Navigation data
This category of Data includes the IP addresses or the domain names of the computers used by the users who connect to the Website, the addresses in URI (Uniform Resource Identifier) format of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the computer environment of the user. This Data is only used for the collection of statistical information, as well as to check the correct functioning of the Website. Moreover, the Data could be used to ascertain responsibility in case of hypothetical cybercrimes to the detriment of the Website. Except in this case, navigation Data are deleted after 7 days.
3.3 Data voluntarily provided by the user
Website users can choose to voluntarily provide information, for example by filling in the “Contacts” form, located in the corresponding section of the Website itself.
3.4 Third-party Data
Should you decide to provide any third-party Data, please make sure that the parties in question have received in advance appropriate information on the processing methods and purposes mentioned herein. In that case, you act as a separate data controller, and undertake all the obligations and responsibilities provided for by the Law. In this sense, you confer on this point the broadest indemnity with respect to any dispute, claim, request for compensation for damages from processing, etc. that may be received by La Marzocco from third parties whose personal data have been processed, through your use of the Website, in violation of applicable Law.
3.5 Data of persons under 16 years of age
Remember that, if you are under 16 years of age, you cannot provide any personal data, and, in any case, we accept no responsibility for any false statements you made. If we realize that your declarations are untruthful, we will immediately delete any personal data acquired.
4. Services provided by the Website
The following paragraphs provide a description of the services offered by the Website. For each of the services we offer, the information provided herein includes, but is not limited to: the purposes of the processing, the legal basis for the processing, as well as the Data retention period.
4.1 “Contacts” service
The “Contacts” link is displayed at the top of all Website pages. Through the “Contacts” section, the user can submit to the Company, for example: (i) technical questions and/or support requests on La Marzocco equipment; (ii) requests for information on the purchase of La Marzocco equipment; (iii) requests for information on the marketing activities and/or the events promoted by La Marzocco, etc. In order to receive this service, the user must necessarily provide the following personal data: name, surname, e-mail address, city, country, phone number, company name and the type of request.
Purposes of the processing: (i) answering the requests for information submitted by the user through the “Contacts” section of the Website;(ii) recording the user Data on Company’s CRM, for the management of the pre-contractual/contractual agreement.
Legal grounds of the processing: art. 6, paragraph 1, letter b) of the GDPR, “performance of a contract to which the data subject is party or taking of steps at the request of the data subject prior to entering into a contract”.
Retention period: the personal data shall be retained for no more than 24 months from the time of their registration on the Company’s CRM.
5. Additional purposes of the processing
Within the scope of the personal data processing operations carried out through the Website, the Controller also pursues the following additional and specific purposes.
5.1 Compliance with legal obligations
Where necessary, the Controller processes the personal data of the data subjects, collected through the Website, in order to ensure the compliance with the obligations provided for by the applicable Laws, regulations and EC standards.
Legal grounds of the processing: art. 6, paragraph 1, letter c) of the GDPR, “processing is necessary for compliance with a legal obligation to which the Controller is subject”.
Retention period: the personal data shall be retained for the time strictly necessary for the Controller to comply with the legal obligations it is subject to.
5.2. Establishment, exercise or defence of legal claims
Where necessary, the Controller processes the personal data of the data subjects, collected through the Website, in order to establish, exercise or defend a claim in a legal proceeding or whenever the judicial authorities exercise their judicial functions.
Legal grounds of the processing: art. 6, paragraph 1, letter f) of the GDPR, “processing is necessary for the purposes of the legitimate interests pursued by the controller”.
Retention period: the personal data shall be retained for a period strictly limited to the duration of the litigation, until the expiry of the appeal enforceability terms.
6. Recipients and transfer of personal data
Your Data can be shared with:
1. people authorised by the Controller to process the personal data, who have received appropriate operating instructions, have committed to keep the data confidential or are subject to an appropriate legal confidentiality obligation;
2. persons delegated and/or designated by the Controller to carry out any tasks strictly related to the pursuing of the above-listed purposes (including technical maintenance operations on the systems), duly appointed as Processors;
3. people, companies or professional firms providing support and consulting services to the Controller, duly appointed as Processors;
4. persons, bodies or authorities to which your personal data must be communicated pursuant to Law provisions or orders issued by the competent authorities.
The Data is managed and stored on servers owned by the Controller and/or by third-party companies appointed as Processors.
Some of your personal data are transferred to recipients who may be established outside the European Economic Area. La Marzocco ensures that the processing of personal data by these recipients is carried out pursuant to the applicable Law. In fact, the transfer of personal data is based alternatively on an adequacy Decision, or the Standard Contractual Clauses issued by the European Commission.
7. Rights of the data subjects
Consistently with the provisions contained in the GDPR, you have the right to request from the Controller, at any time, the access to your personal data, as well as its rectification or erasure, or to object to its processing. The Law also allows you, in the cases provided for by art. 18 of the GDPR, to obtain the restriction of processing, as well as, in the cases provided for by art. 20 of the GDPR, to receive your personal data in a structured format of common use and readable by automatic device.
Requests can be sent to the email address: firstname.lastname@example.org.
Finally remember that pursuant to art. 77 of the GDPR, you always have the right to lodge a complaint with the competent supervisory authority (Italian Data Protection Authority), if you believe the processing of your personal data does not comply with the regulations in force.