Privacy Notice - La Marzocco App

PRIVACY NOTICE REGARDING THE PROCESSING OF PERSONAL DATA

Provided Pursuant to Articles 13 and 14 of Regulation (EU) No. 2016/679 (“GDPR”)

1. Data Controllers

The processing of personal data described in this privacy notice – and related to the operation of the “La Marzocco” app (hereinafter “App”) – is carried out by the following companies (hereinafter, “Companies”):

In pursuing some of the processing purposes indicated in this notice, the Companies listed above act individually as independent data controllers and, jointly, as joint controllers (hereinafter, “Joint Controllers”) pursuant to Article 26 of the GDPR. The Joint Controllers have entered into a specific agreement that governs their respective responsibilities and obligations. Data subjects can request an excerpt of this agreement by sending an email to the contact point indicated below.

The Joint Controllers can be reached at the following contact point: privacy@lamarzocco.com.

Data Protection Officer (DPO)
La Marzocco S.r.l. has appointed its own Data Protection Officer (“DPO”), who can be contacted at the following email address: dpo@lamarzocco.com.

2. Categories of Personal Data Processed

The personal data processed by the Joint Controllers through the App are:

  1. Identification data, such as: user’s name, surname, and email address.
  2. Device data: data of the device used by the user to operate the App, such as, for example, device ID, device signals (Bluetooth), and IP address.
  3. Geolocation data, such as: postal code/ZIP Code, province, country, collected through the device used by the user to configure their coffee machine and/or for the use of specific functions offered by the App (e.g., Store Locator).
  4. Coffee machine data, such as: serial number and operating and setting data of the machine (e.g., number, type, and timing of coffee dispensed).
  5. Additional data provided by the user, such as: profile photo, hobbies, gender and birth date.

3. Data Source

The Joint Controllers collect data directly from the user as well as from third parties. This latter case may occur, for example, if the user decides to authenticate on the App via social login methods (e.g., Google, Facebook, WeChat, etc.) and/or through the “Sign in with Apple” function. In such cases, the Joint Controllers may process data such as: name, surname, email address, and social ID, related to the account created by the user on third-party services.

For more details about the functioning, data sharing, and management of social login and “Sign in with Apple”, users are invited to consult the privacy notices made available by each service provider.

4. Purposes of La Marzocco S.r.l. as an Independent Data Controller

The data collected by La Marzocco S.r.l. (hereinafter, “Controller”) through the App are processed for the following purposes:

5. Purposes of the Companies as Joint Controllers

6. Legal Grounds

The legal bases for the data processing are as follows.

7. Nature of Data Provision

The provision of identification data is required to make available to the user the services provided through the App. Any refusal to provide the identification data, therefore, would prevent the Controller from providing the services for the purposes mentioned under lett. a).

The provision of geolocation data for the purposes of: (i) providing the support and technical assistance service (lett. b)) is optional. Any failure to provide these data, therefore, does not hinder the use of the services, but only prevents the exact geographic location of the user who has requested support and technical assistance, as well as the provision of detailed information about the nearest points/events of interest and/or service centres based on precise localization.

The provision of the geolocation data for the purpose of preventing and combating the unauthorized sale of Company products (lett. c)) is mandatory. Any refusal to provide the geolocation data would prevent the user from registering to the App and from using the services provided by the Controller through it.

The provision of the data for direct marketing (lett. g)) and profiling (lett. h)) is entirely optional and does not affect the use of the services. Users, anyway, can always withdraw their consent: (i) via the “Unsubscribe” button at the bottom of each communication; (ii) directly through the App, by pressing the “Modify privacy consents” button within the user profile; or (iii) by sending an email to privacy@lamarzocco.com.

Providing additional data (such as profile picture, hobbies, gender, and date of birth) is entirely optional. Therefore, any failure to provide such data does not affect the user’s registration on the App or the use of the services.

8. Data Retention Period

The data processed for the purpose mentioned in lett. a) are retained until the possible deletion of the account, which can be carried out by the user directly through the App, by pressing the “Delete account” button within the user profile. After the account deletion, the data are retained for the time permitted by Italian law to protect the Controller’s interests in case of claims related to the services (pursuant to Articles 2946 et seq. of the Civil Code).

The data shared by the user when authenticating via “social login” and/or “Sign in with Apple” is not retained by the Controller.

The data processed for the purpose mentioned in lett. b) are retained for the time strictly necessary to pursue support and technical assistance purposes. In any case, as these are processing activities carried out to provide services, the Controller will retain the data for the time permitted by Italian law to protect its interests in case of claims related to the services themselves (pursuant to Articles 2946 et seq. of the Civil Code).

The data processed for the purpose mentioned in lett. c) are retained until the possible deletion of the account, which can be carried out by the user directly through the App, by pressing the “Delete account” button within the user profile.

The data processed for the purpose mentioned in lett. d) are retained for the entire duration of the judicial dispute, until the expiry of the terms for appeal.

The data processed for the purpose mentioned in lett. f) are retained for the time provided by the specific legal obligation to which the Controller is subject.

The data processed for the purposes mentioned in letters g) and h) are retained until the possible revocation of consent, which can be carried out by the user: (i) via the “Unsubscribe” button at the bottom of each communication; (ii) directly through the App, by pressing the “Modify privacy consents” button within the user profile; or (iii) by sending an email to privacy@lamarzocco.com.

9. Data Recipients

Personal data may be shared with the following recipients:

10. Persons Authorized to Process Personal Data

Data may be processed by the personnel and operators of the Joint Controllers tasked with pursuing the aforementioned purposes, who have been authorized for processing, have received proper operational instructions, and are bound to professional secrecy.

11. Transfer of Personal Data to Countries Outside the European Union

Some personal data may be shared with recipients who might be located outside the European Economic Area. The Joint Controllers ensure that the data processing by these recipients is carried out in compliance with the GDPR. Indeed, transfers may be based on an adequacy decision, on Standard Contractual Clauses approved by the European Commission, or another suitable legal basis. More information is available from the Joint Controllers by writing to privacy@lamarzocco.com.

12. Rights of the Data Subject

By contacting the Joint Controllers via email at privacy@lamarzocco.com, the user can request at any time:

Furthermore, if the processing is based on the user’s consent or a contract to which the user is a party and is carried out by automated means, the user has the right to receive their data in a structured, commonly used, and machine-readable format, and, if technically feasible, to transmit them to another controller without hindrance.

The user also has the right to withdraw their consent at any time. However, it is noted that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

The user also has the right to lodge a complaint with the competent supervisory authority if they believe that the processing of their data is contrary to the applicable regulations.

13. Amendments

The Joint Controllers reserve the right to modify and update this privacy notice following any new national or European data protection legislation.