the processing of personal data by Eataly
PURPOSES OF PROCESSING AND LEGAL BASIS
The data are processed for the following purposes.
a) Based on the contractual need such as: follow specific user requests (e.g. consider a candidate applying for a job position or responses to their information requests), manage the relations with a suppliers (i.e. manage orders and perform related activities such as management of payments, shipments, waybills etc.);
b) Based on the consent expressed by the user, in order to carry out market research, as well as to contact the user and send commercial communications and promotional offers, when the user sign-up to the Newsletter, with regard to products and activities of Eataly, through SMS, telephone, paper mail or other means, including through a prior analysis of consumer behaviour aimed at customising commercial messages.
c) Based on the legitimate interest of Eataly, specifically: – for the analysis and improvement of its services; – for statistical and/or research and development activities; – in order to defend their rights in the course of court, administrative or extrajudicial proceedings, and in disputes arising in connection with the services offered; – in the case of extraordinary transactions, merger, sale of a business unit, acquisitions, etc. or if any such transaction is proposed.
d) Based on the need to fulfil the legal obligations to which Eataly is subject.
The provision of data for the purposes referred to in paragraph (a) above is mandatory, refusal to provide personal data for processing makes it impossible to perform the services or to provide the information required. As explained in “Cookies” and “Rights of the Data Subject below, you have the right to withdraw consent to certain other processing of your personal data, including withdrawing consent to online tracking and advertising, or receiving our marketing emails.
CATEGORIES OF DATA PROCESSED BY EATALY
Below is a description of the categories of data we deal with:
– Data supplied directly by the interested party: all personal data provided to Eataly in any manner (e.g. in the context of subscription to the Newsletter, or in the application for a job position.). Examples of data provided directly by the interested parties are: name; address and telephone number; credit card data (processed only for the time necessary for the execution of the relevant activity. If the user submits an application for a job position, the information concerning the CV and the relevant position will be collected.
– The data provided by third parties constitute all the personal data Eataly collects from other sources (postal service companies, couriers, data entry companies, etc.) to perform its services. Examples of data provided by third parties are the data on web pages visited that we may receive from other commercial operators with whom Eataly collaborates for certain initiatives
– Data collected automatically: these are browsing data and/or collected using the so-called “cookies”. During their normal operation, the computer systems and software procedures used to operate this Site acquire certain personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected with the aim of linking it to identified users, although, by its nature, it might enable user identification through processing and linking with data held by third parties. This category of data includes IP addresses or domain names of computers used by persons who connect to the site, the URI (Uniform Resource Identifier) of requested resources, the time of request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply provided by the server (successful, error, etc.) and other parameters regarding the user’s operating system and computer environment.
In particular, Eataly uses:
a) TECHNICAL COOKIES: These are cookies necessary for browsing as they allow correct use of the Site and its full functionality. They include cookies which enable the creation of a personalized account, logging in, displaying content in the chosen language at every access, recognising the the user is connecting from (and remembering this setting for future access) and order management. These cookies are strictly necessary for Site operation and their deactivation might impair browsing experience and outcome. In particular, we use technical cookies for the following purposes: – for the management of dynamic web pages, for the geographical identification of users, and for the management of last access data; – to guarantee the correct functioning of the web pages; – for the functioning of the forms (e.g. course registration form); – for the management of data relating to the amounts and products of the orders
b) ANALYTICAL COOKIES: used to collect information on the number of users and how they visit the site. For example: – Google Analytics: the site uses the Google Analytics tool to collect information, in aggregate form, on the number of users and how they visit the site. This tool uses third-party technical cookies for its operation. Information on the processing of privacy by Google is available at the following link: http://www.google.com/analytics/learn/privacy.html. Information on the cookies used by Google Analytics, collection and use of this data are available at the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#gajs. The following link also contains information to deny consent to the use of third-party cookies by Google Analytics: http://tools.google.com/dlpage/gaoptout
c) THIRD PARTY PROFILING COOKIES FOR MARKETING/RETARGETING: these are cookies of third-party companies that allow the collection of information on the user for subsequent communication of more specific and/or personalised promotional material. They include cookies for inserting banner advertisements on the Site relating to third party companies or products chosen or viewed by the user, or similar or like products. These cookies can be deactivated without preventing proper navigation on the Site, however their deactivation involves the receipt of promotional messages that may not be relevant to the user. For more information on profiling cookies currently installed in the user’s terminal, review the third- party privacy information and change the preferences expressed, users can consult the page http://www.youronlinechoices.com/it.
Disabling cookies. The user can always decide to block, delete, disable cookies or other similar technologies through the settings of their browser or device. There are many different browsers: each different browser (and in some cases even each different version of the same browser) has its own procedure for deleting cookies. Cookie preferences must be set separately for each browser used, as the features and options offered may vary. It is therefore advisable to visit the support pages of your browser for more information. Furthermore, the user can modify the settings related to Eataly cookies, including their activation and deactivation, by accessing the dedicated section in the Site’ footer, under “Cookie Settings”. Their complete deactivation may preclude many features, or the proper browsing or viewing of the Site or other web pages.
Acceptance and waiver of cookies. At the time of the user’s first access to the Site and, in any case, until a choice is expressed, the user will be asked to provide his consent to the use of third-party analytical cookies and profiling cookies. In particular, consent can be provided by continuing with navigation.
DATA RECIPIENTS OR CATEGORIES OF RECIPIENTS
Furthermore, the personal data of the users can be communicated between the Eataly Group companies (“Eataly Group” means Eataly S.r.l. and any other company directly or indirectly owned and/or controlled at any time by or under common ownership and/or control with Eataly S.r.l.). In any other case, except as required by applicable law, personal data are not transferred and/or disclosed to third parties.
TRANSFER OF DATA TO NON-EU COUNTRIES
DATA RETENTION PERIOD
Whenever Eataly collects or processes your personal data, it will only keep them for as long as is necessary for the purpose for which they were collected. As soon as the personal data are no longer necessary for the purposes for which they were collected, Eataly will delete them, unless the law requires further storage, or the user has not consented to the processing for a longer time, or when they are archived. In particular, Eataly will retain the personal data that are necessary to: – fulfill the requests of the authorities within their competence; – defend or assert any existing or potential claim; – handle any complaint regarding contracts or orders concluded. The data retention period necessary to achieve the aforementioned purposes is linked to the limitation period of a claim that in many cases is equal to 10 years. Eataly will retain personal data after such time has elapsed only when required to comply with legal obligations or in the event of disputes and extraordinary claims that reasonably require the retention of personal data. Regarding the data entered when submitting a job application online or by other means, if the application is not successful, such data will be stored in the system for a maximum of 24 months, in order to allow us to evaluate the candidate for other positions. The user can oppose to this processing at any time by submitting a request to the contacts indicated in the section “Rights of the data subject”.
RIGHTS OF THE DATA SUBJECT
Under the GDPR, each user has the right to access their personal data and to obtain confirmation of the existence or otherwise of his personal data, even if not yet registered, and to their communication in intelligible form. In particular, each user has the right to obtain access to his data from Eataly, as well as any information regarding the methods and characteristics of the processing.
Whenever the user has given the consent to use his/her personal data (i.e. when the user ticks the box to receive marketing communications), the user has the right to withdraw that consent anytime, by using the contact details indicated below in the section “Data Controller”. Furthermore, the user has the right to unsubscribe from the Newsletter right away by using the appropriate link at the end of each email.
In addition to the above, the user, in the cases provided by law, has the right to receive his personal data in a structured, plain and readable format, as well as the right to transmit this data to another data controller without impediments. Furthermore, each user has the right to obtain updates, rectification or integration of their data from Eataly. The user also has the right to erase his personal data as well as to limit the processing in cases provided by law.
Finally, each user has the right to object, in whole or in part, to the processing of personal data concerning him/her if the processing is based on the legitimate interest of the controller, as well as for direct marketing purposes.
The requests referred to in the previous points should be addressed to the data controller’s contacts indicated in the “Data Controller” section below.
The controller of the data processing, is: Eataly Retail UK Limited with registered office in Squire Patton Boggs (UK) LLP (Ref: CSU), Rutland House, 148 Edmund Street, Birmingham, B3 2JR, Company Number: 08721896.
If you have doubts or if you want more information for any matters regarding the processing of your personal data and the exercise of your rights deriving from the GDPR, you can send an email to the following address: email@example.com
CONTACTING THE REGULATOR
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your data, you have the right to fill a complaint with the Information Commissioner’s Office, tel: 0303 123 1113, website: ico.org.uk/concerns.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.