PERSONAL DATA PROCESSING POLICY
Hereby we (LA MARZOCCO MIDDLE EAST DMCC Webpage: https://ae.lamarzoccohome.com/ ) inform our valued customers that during our business activity and to be able to provide our service to our clients we have to collect personal data such as for example name, address, copy of Emirates ID, but excluding payment related information or sensitive personal data.
The simplest way to think about our policy that we would like to explain that what personal data we collecting about you during our service and how we are using it.
We are committed to process personal data in an ethical and legal manner. With regards to our commitment to insure Personal Data protection we a use a set of technical and organizational measures, procedures and processes determined in accordance with the provisions of UAE Data Protection Law to preserve the privacy, confidentiality, integrity, integration and availability of Personal Data.
To assist our clients’ understanding we introduce the most basic but necessary terms and concepts as follows (’’PDPL’’ can provide more explanation) :
Personal Data: Any data relating to an identified natural person, or a natural person who can be identified, directly or indirectly, through the linking of data, by reference to an identifier such as his name, voice, picture, electronic identification identifier, number, geographical location, or one or more physical, physiological, cultural or social characteristics. Personal Data includes Sensitive Personal Data and Biometric Data.
Sensitive Personal Data: Any information that directly or indirectly reveals a person’s race, ethnicity, political or philosophical views, religious beliefs, criminal record, biometric data , or any data related to such person’s health such as his physical, psychological, mental, corporal, genetic or sexual state, including any information related to such person’s provision with healthcare services that reveal his health condition.
Data Subject: The natural person to whom Personal Data relates.
Controller: The Establishment or the natural person who is in the possession of the Personal Data and who, by virtue of its activity, alone or jointly with others determines the means, methods, standards and purposes of the Processing of such Personal Data.
Processor: An Establishment or a natural person who processes the Personal Data on behalf of the Controller and under his supervision and instructions.
Data Protection Officer: A natural or legal person appointed by the Controller or the Processor in order to verify that the entity he belongs to complies with the Personal Data protection controls, requirements, procedures and rules provided for herein, and to ensure the integrity of its systems
and procedures to achieve the compliance with the provisions of ’’PDPL’’.
Data Breach: A breach of security and Personal Data through unauthorized or unlawful access thereto, such as replication, transmission, distribution, exchange, transfer, circulation or Processing in such a manner leading to the disclosure or divulgence to third parties, or otherwise the destruction or modification of such data while being stored, transferred and processed.
Processing: An operation or set of operations which is performed on Personal Data using any electronic means including the Processing or other means, such as collection, storage, recording, structuring, adaptation or alteration, handling, retrieval, exchange, sharing, use, characterization, disclosure by transmission, dissemination, distribution or otherwise making restriction, combination, alignment, available, erasure, destruction or creation of a model of Personal Data.
SCOPE AND DESCRIPTION OF PROCESSING
LA MARZOCCO MIDDLE EAST DMCC declares that Personal data will be processed within the territory of the United Arab Emirates (UAE). If for technical and/or operational reasons it is necessary to rely on entities located outside the UAE, it is guaranteed that the transfer to these entities, limited to the performance of specific processing activities, will be carried out in compliance with the provisions of the ’’PDPL’’ or other law or regulation which provides adequate protection of Personal Data.
We here inform you that the Data Controller that conducts personal data processing activities for data subjects who are in the UAE is:
Licensee/op. name LA MARZOCCO MIDDLE EAST DMCC صاحب الرخصة ل مارزوكو ميدل إيست م.د.م.س
License Number DMCC-814966 DMCC-814966 الرخصة رق
Registration Number DMCC190742 DMCC190742 التجاري السجل رقم
Manager name: Lorenzo Carboni إسم المدير لورينزو كاربوني
Address: Unit No: DCC-G-07 DMCC Coffee Centre Plot No: S10814 Jebel Ali Free Zone- South Dubai United Arab Emirates
DCC-G-07 :رقم وحدة مركز القهوة التابع لمركز دبي للسلع المتعددة S10814 المنطقة الحرة لجبل علي -جنوب دبي االمارت العربية المتحدة
The Data Controller has designated the Data Protection Officer (hereinafter “DPO”), who can be contacted, for all matters relating to the processing of your personal data and the exercise of your rights under the ’’PDPL’’, at the following e-mail address: firstname.lastname@example.org
Consent, Processing of Personal Data with or without consent of the Data Subject
During the use of the webpage https://ae.lamarzoccohome.com/ we may or must to collect Personal Data with the purpose of processing to be able to fulfill our obligation derived from the order to be placed by the natural person/visitor of the site. To meet the requirements of the ’’PDPL’’ we ask the consent of the Data Subject (natural person) where necessary. However in accordance with the ’’PDPL’’ Processing of Personal Data without consent of the Data Subject are allowed, where the Processing is necessary for the performance of a contract to which the Data Subject is a party or for taking any actions upon request of the Data Subject for the purpose of concluding, amending or terminating a contract. Please note that by placing the order on our website for our product a contractual status is created by the customer between LA MARZOCCO MIDDLE EAST DMCC and the Data Subject.
Please note that the consent given by you can be revoked, by contacting the Data Controller or the DPO at the addresses indicated, or by direct management through entry into the personal profile, however please note that withdrawal of your consent does not impact the legality of the processing carried out prior to the withdrawal.
Why and what Information we collect
Navigation information, log files
The Website follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services’ analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable and usually made by automatic methods. The purpose of the information is for analyzing trends, administering the Website, tracking users’ movement on the Website, and gathering demographic information.
Cookies and web beacons
A cookie is a series of data characters that, when programmed into a website, is placed by the web server into the browser’s application folder on your computer. Once placed onto your machine, the cookie will allow the website to “recall” you as a unique individual. Like any other site, the Website uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information. We use non-personally identifiable information to troubleshoot, administer the Website and its services, analyze trends, gather demographic information, comply with applicable law, and cooperate with law enforcement activities. We may also share this information with our authorized third-party service providers to measure the overall effectiveness of our online tools, content, and programming. Please note that we do not use profiling cookies.
Personal and business information
In order to access and use certain areas and services of the Website, users may be asked for personally identifiable information (including, your name, address, email address and telephone number, Emirates ID if necessary) and business information (such as business name, address and telephone number). When you make a purchase on the Website, you will be asked to provide financial information necessary to process your transaction, such as account or credit card numbers and other payment information. However not the Website nor the Data Controller will process this personal, business, and financial information that you voluntarily provide to us in order to provide you with the services offered through the Website because, in case you decide to place your order you will be navigated to the site of third party provider (such as credit card companies and banking institutions along with logistics) to complete payment then the order where your financial information will be collected, stored or processed. While you may decline to provide certain information to us, it may render you unable to access certain services and features offered through the Website. You also have the ability to access and change the personal information which you have provided on the Website by use of the appropriate features on the Website or contact us.
How we use your information
We use the information we collect in various ways, including to:
How long we use your information
Personal data will be processed for the time necessary to achieve the purposes for which they were collected. It should be noted in particular that:
browsing data will be deleted within 2 years of their processing;
the data relating to and connected with the sale of the goods will be kept for the time required for the execution of the purchase contract, for after-sales activities, and subsequently for the time necessary to satisfy accounting and legal purposes;
In any case, a higher retention period is reserved, where required by law or regulations.
Who may we share your information with
(Transfer, cross-border transfer (pursuant to Article 22 and 23) and sharing of personal data for processing)
With respect to UAE Data Protection Law we inform you that personal data collected from individuals who are in the UAE shall be shared for processing with the Secondary Data Controller that is:
La Marzocco Srl, with registered office in Viale Gian Giacomo Matteotti no. 25, 50121 – Florence, Italy; Tax Code, VAT Number and Registration in the Florence Business Register no. 04040140487 (hereinafter “Secondary Data Controller”).
LA MARZOCCO MIDDLE EAST DMCC declares that the state (Italy-EU) where La Marzocco Srl’s registered office is located has Personal Data protection legislation (Regulation (EU) 2016/679 – General Data Protection Regulation, shortly named: GDPR) in place which insure an adequate level of protection for Data Subjects.
We may share your information with carefully selected third parties (even with location in other countries than the UAE, but only where adequate protection of personal data is guaranteed) with whom we have a relationship and who may contact you or utilize your data only for reasons pre-agreed with us, including marketing.
The data may be disclosed to public and private parties, physical and/or legal persons (legal, administrative and fiscal consultancy offices, forwarding agents and couriers, any IT companies and others) in relation to which the communication is necessary for the pursuit of contractual, administrative, accounting, purposes, as well as to guarantee the concerned parties to use the website.
We may permit third parties to use your information. For example, we may provide advertisers information to help them reach the kind of audience they want to target and to enable us to comply with our commitments to our advertisers (e.g. by displaying their advertisements to a target audience).
We may also provide your information to other service providers who perform services on our behalf, such as – payment processing, information technology, Website maintenance, surveys and market research, warehousing and logistics, legal, audit, financial and insurance providers, couriers, advertising and marketing or any service required to process your order, including regulatory, law enforcement, government or municipal bodies.
The data may also be disclosed to other parties, when the communication is required or imposed by law.
Measures were taken to protect your information
Information you provide to us via our Website is stored on secure servers. Any payment transactions carried out through our Website will be encrypted using Secure Socket Layer technology by PayTabs. It is your responsibility to keep any Website passwords or login codes issued to or chosen by you, confidential.
We have implemented commercially reasonable steps to safeguard the integrity of our information technology infrastructure, including by implementing authentication, monitoring, auditing, and encryption technology. Security measures have been integrated into the design, implementation, and day-to-day operations of the Website as part of our continuing commitment to the security of electronic content and the electronic transmission of information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, despite such efforts, generally the transmission of information via the internet is not completely secure and its security can never be guaranteed. Any transmission of data via our Website is therefore carried out at your own risk, also we cannot take responsibility for the actions of third parties that may receive any such information.
What are your rights as Data Subject
A Data Subject shall have the right, upon request submitted to the Controller and
at no charge, obtain information in connection with Personal Data relating to him.:
A Data Subject shall have the right to receive his Personal Data, which he has provided to a Controller, in a structured and machine-readable format where Processing is based on the Consent of Data Subject, or is necessary for the performance of a contractual obligation, or performed by automated means.
A Data Subject shall have the right to transfer Personal Data concerning him to another Controller, wherever technically possible.
A Data Subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate Personal Data concerning him or to complete such Data.
A Data Subject shall have the right to require the Controller to erase the Personal Data concerning him in certain cases with regards of Article 15 where no longer necessary, upon withdrawal of Consent, no grounds to continue the Processing, Personal Data processed in violation of ’’PDPL’’.
A Data Subject shall have the right to require the Controller to restrict and stop the Processing in certain cases such as contests of accuracy, Processing is contrary to the agreed purposes, Processing is performed in contravention of the ’’PDPL’’.
A Data Subject shall have the right to require the Controller to continue keeping the Personal Data relating to him after the expiry of the purpose of Processing, where the Personal Data is necessary to pursue or defend in procedures relating to the claim of rights and legal actions.
A Data Subject shall have the right to object to the Processing of Personal Data relating to him and stop the Processing where Personal Data is Processed for direct marketing purposes, for statistical survey purposes, the Personal Data is processed in contravention of the provisions of
Article 5 of ’’PDPL’’.
A Data Subject shall have the right to object to automated decision-making that have legal implications or seriously affect the Data Subject, including Profiling and have the right to ask human intervention in the view of Automated Processing decision.
The concerned party has also the right to contact the Supervisory Authority – UAE Data Office (not yet operational) to file a complaint.
For any request or communication, or to exercise your rights, you can contact the Data Controller or the Data Protection Officer by sending an e-mail to email@example.com or to firstname.lastname@example.org