1. General information

The Ernesto Illy Foundation (hereinafter also abbreviated as “the Foundation”) hereby informs you that, for the purposes set out below, it will process your personal data provided by you in the form or afterwards.

The Foundation may only require and process data which are instrumental to achieve the purposes specified in this privacy policy.

2. Purposes and legal basis

All data will be processed by the Foundation: 

1. with your prior consent, to fulfil your information request and to take any necessary actions to fulfil your request; the legal basis for processing is the consent;
2. with your prior consent, to carry out informative communications about the Foundation and its activities all by the Foundation to the e-mail address provided (please note that the sending of e-mail will also be in electronically with the help of automated tools); the legal basis for processing is the consent;
3. to fulfill an obligation established by law, by a regulation or by EU legislation (for this purpose the legal basis is the fulfillment of legal obligations) and for legitimate interests such as to assert or defend the rights of the Foundation (for this purpose the legal basis is the pursuit of legitimate interests).

3. Mandatory provision of data

The provision of data for the purposes of point 2(A) of the information is optional and failure to provide it will make it impossible to fulfill the request. The lack of consent for the purposes of point 2(A) of this information (always revocable by contacting the Data Controller) will make it impossible to fulfill the request. The provision of data and consent for the purposes of point 2(B) of the information are optional and failure to provide and consent will not have any consequence except that of not being subject to the activities indicated in that point (not being therefore any consequence on other purposes). In addition, if you consent to the data processing for the purposes of point 2 (B) of this policy, you can always revoke freely and without any reason the consent given (and then oppose the sending of communications in question) by addressing the Data Controller. The provision of data for the purposes of point 2(C) of this policy is necessary and failure to provide such data will make it impossible to pursue one or more of the purposes stated in this policy.

4. Data addressee categories 

The data collected and processed for the purposes of point 2(A) may be communicated to carriers and shippers if it is required to send information material on paper. For the purposes of point 2(B) of this policy, the data will not be disclosed to third parties. For the purposes of point 2(C) of this policy, the data may be communicated to lawyers-legal advisors, public bodies, judicial authorities, police and to postal offices-shippers (they may see the address for sending any written communications). The Foundation will communicate only the data indispensable for the pursuit of the single purposes indicated in this policy.  

The data may be disclosed on behalf of the Foundation, each for own role, to all subjects delegated by the Foundation ((staff responsible of the area that regards the aim of the request, website management staff also external to the Foundation, marketing staff also external to the Foundation,  advisors  also external to the Foundation – e.j. legal advisors, IT technicians – IT staff also external to the Foundation, public relations staff also external to the Foundation, staff of Data Processors) and to Data Processors (such as IT outsourcers and website management companies, companies that offer various services for the management of the Foundation and, more generally, companies that carry out activities instrumental to those of the Foundation, such as consulting companies). The list of Data Processors is always available by contacting the Data Controller at the addresses indicated in point 6.

5. Data retention 

Data will be retained by the Foundation for the entire period necessary for the pursuit of the purposes contained in this information. The data retention period is as follows:

• for legal obligations, regulations and community regulations, data may be retained for the periods imposed by these regulatory sources;
• for the purposes described in point 2(A) of this policy, the data may be retained until the information request has been fulfilled or before in the event of a request for cancellation or revocation of consent; the data may also be retained afterwards, to demonstrate the consent previously given, and this for the entire period during which the subject could make objections;
• for the purposes described in point 2(B) of this policy, the data may be retained until the revocation of consent or the request for cancellation; the data may also be retained afterwards, to demonstrate the consent previously given, and this for the entire period during which the subject could make objections;

in any case, all data may be retained for a period necessary to assert or defend a Foundation right according to Italian and European regulations.

6. Data Controller

The Data Controller is Ernesto Illy Foundation, having its registered office in via Flavia 110, Trieste, phone number +39.040.3890.111, fax number +39.040.3890.490, e-mail: info@fondazioneilly.org.

7. Rights

We inform you that the GDPR provides the possibility for the data subject to ask the Data Controller (at the above addresses) to access personal data and to correct or cancel them or limit their processing or to oppose their processing, in addition to exercising the right to data portability, as well as other rights contained in Chapter 3 of the GDPR including the revocation of consent, where provided: the withdrawal of consent does not affect the lawfulness of the processing based on consent given before revocation.

8. Complaints 

The data subject can always lodge a complaint with the Italian Data Protection Authority, whose references can be found on the website www.garanteprivacy.it.

9. Processing procedures

Data may be processed on paper, manually, with IT and electronic means (therefore, the Foundation may file data both on paper and IT support). The Foundation has implemented safety measures to prevent any data loss, illegal use of data, misuse, or unauthorised access. Data will be retained and processed by the Foundation in compliance with its confidentiality requirements and with the applicable local provisions in the different states in which the Foundation has its offices (in compliance with the principles of fairness, lawfulness, transparency, and protection of the confidentiality and the rights of those concerned) strictly in line with the aims set forth in this privacy policy. Data will be processed by the Foundation exclusively to achieve the aims set forth in this privacy policy. Data will be filed at the Foundation offices and at the appointed data processors (as well as third parties who receive data as specified in this privacy policy). Data will be entered in databases, including IT databases.

10. Curricula

If curricula are sent, they will not be retained unless of interest. If they are of interest also for the future, they will be retained and the data will be processed only for personnel selection and will not be communicated outside the Foundation. No special data are required (e.g. related to health, religious beliefs, …) which, if present, will be processed only if necessary for the evaluation and if required by current regulations (e.g. protected categories). The data may be retained for one year unless a request for cancellation.

Privacy policy updated to 10 June 2021.