Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter, the “Regulation”), LAVAZZA Professional UK invites you to carefully read this Privacy Policy, which contains important information on the protection of your Personal Data.

Your Personal Data shall be processed in line with the principles of fairness, lawfulness, transparency, limitation of purpose and retention, data minimization, accuracy, integrity, and privacy, in accordance with the provisions of the Regulation.

DATA CONTROLLER The Data Controller for your Personal Data is LAVAZZA Professional UK (hereinafter “Lavazza” and/or the “Data Controller”), with registered office at Armstrong Road, Daneshill Industrial Estate, Basingstoke, RG24 8NU, in the person of its pro tempore legal representative.

DATA PROTECTION OFFICER – DPO. In compliance with the provisions of the Regulation, the Data Controller has selected and appointed a Data Protection Officer (DPO), with the task of monitoring compliance with the Regulation and act as a contact point for data subjects and the Data Protection Authority.  The DPO can be contacted at the e-mail address: PrivacyDPO@lavazza.com

DATA PROCESSOR. Your personal data may be provided, communicated, or disclosed to the Lavazza Group companies. Processing may also be carried out by third-party companies, in their capacity as data Processors, who carry out, on behalf of Lavazza, activities exclusively connected with the management of contracts, technical assistance, and other activities connected with the contractual relationship. The Controller has drawn-up a list of Data Processors, which is constantly updated, and is available to you on request to the DPO. 

PERSONAL DATA PROCESSED. i) Identification details of Clients/Suppliers; ii) Contact details of Clients/Suppliers; iii) Banking details of Clients/Suppliers.

PURPOSES OF PROCESSING. Your Personal Data shall be processed for the purpose of enabling the performance of pre-contractual activities, drawing-up and signing the service agreement regulating the provision of services or goods, and enabling the proper performance of all the activities under the agreement.  In particular, the data shall be processed for the purpose of:

  • Enabling communications to be exchanged;
  • Submitting requests or addressing the requests or proposals received;
  • Exchanging information aimed at the performance of the contractual relationship, including pre- and post-contractual activities;
  • Managing and ensuring that orders are properly discharged;
  • Managing the ensuing obligations with respect to statutory financial statements;
  • Receiving information on promotions, initiatives. 

LEGAL BASIS FOR PROCESSING. Your Personal Data, collected for the above purposes, are lawfully processed to perform the agreement to which you are a party, or to perform any pre-contractual measures relating thereto. Only the purpose of receiving information on promotions, initiatives require as legal basis the consent of the data subject.

METHODS OF PROCESSING.  Your personal data shall be processed in compliance with the provisions of the applicable laws and regulations on the processing of Personal Data, through both electronic and automated means or manually. Your Data shall be processed in manners suitable to guarantee their utmost security and confidentiality and only by individuals who have been instructed and authorised for processing. The Data Controller adopts technical and organisational measures suitable to ensure a level of security that is appropriate to processing risks. 

DATA RECIPIENTS. Your Personal Data shall not be published, meaning that they shall not be disclosed to undefined parties.  However, they may be communicated, for the above purposes, to employees and associates of the Controller in their capacity as persons authorised to process personal data. In particular, based on the roles and professional tasks assigned, the employees have been authorised to process your Personal Data, within the limits of their competence and in compliance with the instructions imparted to them by the Controller.  Your Personal Data may also be communicated to the parties entitled to have access thereto under provisions of law, regulations, and Community legislation.

DATA RETENTION PERIOD. The Controller shall retain and process the personal data for the time necessary to fulfil the purposes indicated.  In the case at hand, the data of suppliers, clients, sole traders and self-employed professionals shall be retained until expiry of the relative administrative limitation period.

RIGHTS OF DATA SUBJECTS AND METHODS FOR EXERCISING SUCH RIGHTS. You may at any time exercise, with respect to the Data Controller, the rights provided under Articles 15 et. seq. of the General Data Protection Regulation (GDPR). If you wish to exercise the above rights, or wish to receive further information on the processing of your Personal Data, you may write to the following e-mail address: PrivacyDPO@lavazza.com or to the address of its registered offices, Via Bologna 32, 10152, Turin (TO), Italy.