Privacy Policy – IoT Support International

Please carefully read this Privacy Policy (hereinafter referred to as the “Privacy Policy”), intended for the users of the site https://support-iot.lamarzocco.com (hereinafter referred to as the “Site”), drawn up in accordance with the provisions contained in art. 13 of the General Data Protection Regulation no. 2016/679 (hereinafter also referred to as the “GDPR”), which provides detailed information on the processing of your personal data (hereinafter also referred to as the “Data”).

It should be pointed out that the Privacy Policy only applies to the Data processing operations carried out on the Site and does not extend to any processing operations carried out on different websites, though they can be accessed through links included in the Site.

1. Data Controller and relevant contact details

The Data Controller is La Marzocco S.r.l. (hereinafter also referred to as the “Controller”, the “Company” or “La Marzocco”), with registered office in Florence (FI), Viale G. Matteotti, n. 25 and operating office in Scarperia (FI), Via La Torre, n. 14/H, VAT number 04040140487. The Data Controller can be contacted at the following e-mail address: privacy@lamarzocco.com.

2. Contact data of the Data Protection Officer (DPO)

The Controller has appointed a Data Protection Officer (“RPD”), whom you can contact for any information regarding the processing of your Data, at the following email address: dpo@lamarzocco.com.

3. Processed Data types

The personal data collected and processed by the Site is the following.

3.1 Navigation data

This category of Data includes the IP addresses or the domain names of the computers used by the users who connect to the Site, the addresses in URI (Uniform Resource Identifier) format of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the computer environment of the user. This Data is only used to collect statistical information, as well as to verify that the Site is functioning properly. The Data, in addition, could be used to determine liability in the event of cybercrimes committed against the Site. Except in the latter case, the navigation Data is erased after 7 days.

3.2 Cookies

The Site collects and processes Data using cookies or similar technologies. For further information on the use of cookies, please refer to the “Cookie Policy” of the Site.

3.3 Data voluntarily provided by the user

The Site allows users to voluntarily provide personal information, for example by filling out the form for IoT related problems unsolved reading the FAQ in this support website.

3.4 Third-party Data

If you decide to provide any third-party Data, please ensure that the parties in question have received in advance appropriate information on the processing methods and purposes mentioned herein. In that case, you act as a separate data controller, and undertake all the obligations and responsibilities provided for by the law. As a consequence, you shall hold La Marzocco harmless against any objection, claim, request for compensation of damages resulting from the processing, etc. that should be made by any third parties whose personal data were processed, through your use of the Site, in breach of the GDPR.

3.5 Data of persons under 16 years of age

Remember that, if you are under 16 years of age, you cannot provide any personal data, and, in any case, we accept no responsibility for any false statements you made. If we realize that your declarations are untruthful, we will immediately delete any personal data acquired.

4. Services provided by the Site

The following paragraphs provide a description of the services offered by the Site. For each of the services we offer the information provided herein includes but is not limited to: the Data processing purposes, the legal grounds of the processing and the processed Data retention times.

4.1 To offer a platform accessible to our customers to find information on how to solve the most common problems and how to properly operate our IoT products.

The users can find useful information on the site for the use of the products, including video tutorials and FAQs on the most common problems.

Purposes of the processing: to provide information and support to the customer.

Legal basis of the processing: art. 6, paragraph 1, letter b) of the GDPR, “performance of a contract to which the data subject is party or taking of steps at the request of the data subject prior to entering into a contract”.

Retention periods: The navigation Data is erased after 7 days.

4.2 Filling out the form for IoT support requests

The Site allows users to voluntarily provide personal information to manage support requests for IoT related problems unsolved reading the FAQ in this support website. The users can fill out the form available at the following link https://support-iot.lamarzocco.com/support-request/ by inserting email address, name, city, state/province, country, model, machine serial number, problem type and decription.

Purposes of the processing: manage IoT support requests.

Retention periods: The Data processed for the purposes referred to in letter b) are kept for the time strictly necessary to pursue the purposes of support and technical assistance. In any case, since this is a processing carried out for the provision of services, La Marzocco will process the Data up to the time allowed by Italian law to protect its interests (art. 2946 et seq. of the Italian Civil Code) from possible complaints relating to the services.

5. Additional purposes of the processing

Within the scope of the Data processing operations carried out through the Site, the Controller also pursues the following additional and specific purposes:

5.1 Compliance with legal obligations

Where necessary, the Controller processes the personal data of the data subjects, collected through the Site, in order to ensure the compliance with the obligations provided for by the applicable laws, regulations and community rules.

Legal basis of the processing: art. 6, paragraph 1, letter c) of the GDPR, “processing is necessary for compliance with a legal obligation to which the Controller is subject”.

Retention periods: the personal data is retained for the time strictly necessary for the Controller to comply with the legal obligations it is subject to.

5.2. Establishment, exercise, or defence of legal claims.

Where necessary, the Controller processes the personal data of the data subjects, collected through the Site, in order to establish, exercise or defend a claim in a legal proceeding or whenever the judicial authorities exercise their judicial functions.

Legal basis of the processing: art. 6, paragraph 1, letter f) of the GDPR, “processing is necessary for the purposes of the legitimate interests pursued by the controller”.

Retention periods: the personal data is retained for a period strictly limited to the duration of the litigation, until the expiry of the appeal enforceability terms.

6. Recipients and transfer of personal data

Your Data can be shared with:

1. people authorised by the Data Controller to process the personal data, who have received appropriate operating instructions, have committed to keep the data confidential or are subject to an appropriate legal confidentiality obligation;

2. persons delegated and/or designated by the Controller to carry out any tasks strictly related to the pursuing of the above-listed purposes (including technical maintenance operations on the systems), duly appointed as Processors;

3. people, companies or professional firms providing support and consulting services to the Controller, duly appointed as Processors;

4. persons, bodies or authorities to which your Data must be communicated pursuant to law provisions or orders issued by the competent authorities.

The Data is managed and stored on servers owned by the Controller and/or by third-party companies appointed as Processors.

Some of your Data are shared with recipients that could be based outside the European Economic Area. La Marzocco assures that the electronic and paper processing of your Data is carried out by the recipients in compliance with the GDPR. Transfers can actually be based on an adequacy decision, on the Standard Contractual Clauses approved by the European Commissions or on other appropriate legal grounds. For further information please contact the Controller, by sending an email to the address privacy@lamarzocco.com.

7. Rights of the data subjects

Consistently with the provisions contained in the GDPR, you have the right to request from the Controller, at any time, the access to your Data, as well as its rectification or erasure, in addition to the right to object to its processing. The law also allows you, in the cases provided for by art. 18 of the GDPR, to obtain the limitation of the processing, as well as, in the cases provided for by art. 20 of the GDPR, to receive your personal Data in a structured, commonly used and machine-readable format.

Requests can be sent to the email address: privacy@lamarzocco.com.

Finally remember that pursuant to art. 77 of the GDPR you always have the right to lodge a complaint with the competent control authority (Italian Data Protection Authority), if you consider that the processing of your Data infringes the GDPR.

This Privacy Policy has been published in July 13th 2022, and over time it may be subject to change, even following the coming into force of new industry regulations, the update or the provision of new services, or the introduction of technological innovations. La Marzocco will give you notice of the changes in question when they are introduced, and they shall be binding as soon as they are published on the Site. La Marzocco therefore encourages you to regularly visit this section, in order to gain access to the most recent and up-to-date version of the Privacy Policy and make sure that you always have up-to-date information about the collected Data and their use by the Controller.