The Private Parts
1. DATA CONTROLLER
The Data Controller for your Personal Data is Kicking Horse Coffee Co. Ltd., 491 Arrow Road – Invermere BC, V0A 1K2.
2. DATA PROTECTION CONTACT AND DATA PROTECTION OFFICER
We can be contacted about privacy issues by firstname.lastname@example.org. Alternatively, you can write to us at Kicking Horse Coffee Co. Ltd., 491 Arrow Road, Invermere BC, V0A 1K2.
Our company is part of the Lavazza Group, under the coordination and direction of the parent company Luigi Lavazza S.p.A. (Lavazza Italy). If you are a citizen of the European Union (EU) the European General Data Protection Regulation 679/2016 (GDPR) also applies. In accordance with the provisions of the GDPR, the Lavazza Group has a Data Protection Officer (DPO), who is responsible for monitoring compliance with the GDPR, and will be the contact person for data subjects and European Data Protection Authorities. The DPO can be contacted at the email address PrivacyDPO@lavazza.com.
3. PERSONAL DATA PROCESSED
- Any information about an identifiable individual, other than an individual's business contact information when collected, used or disclosed for the purpose of enabling the individual to be contacted in relation to their business responsibilities;
- Any information that identifies, or could be reasonably associated with you; or
- Information such as your name, address, telephone number, birth date, payment and card numbers, purchase information and e-mail address.
Kicking Horse Coffee may process the following categories of Personal Data:
- Personal details (such as name, surname, etc.);
- Contact information (email, address, telephone number);
- Financial and payment information in connection with you making orders on our website; and
- Where you apply for employment with Kicking Horse Coffee, information which may be contained in a resume and which may be recorded during any interview or pre-employment checking.
If a request is sent through the "Contact Us" section of the Kicking Horse Coffee website, certain Personal Data must be provided in order to enable us to meet demands, and hence the related fields on the registration form are marked as compulsory.
In addition to the above categories of Personal Data, we may use information and content that you publish or otherwise publicly share in connection with social network pages owned or operated by Kicking Horse Coffee (Facebook, Twitter, Instagram, etc.) for marketing or for our internal analytics purposes. Examples of some of the data collected via social media platforms are the likes, comments, images and in general all the content and information you may have published on the social network pages dedicated to our products.
Our website may contain links to other websites that may be subject to less stringent privacy standards. If you click on a link to such a third party website, a third party may also place a cookie on your hard drive. We cannot assume any responsibility for the privacy practices, policies or actions of the third parties that operate these websites. We are not responsible for how such third parties collect, use or disclose your personal information. You should review the privacy policies of these websites before providing them with personal information.
It is important to us that we collect, use or disclose your personal information where we have your consent to do so. Depending on the sensitivity of the personal information, your consent may be implied, deemed (using an opt-out mechanism) or express. Express consent can be given orally, electronically or in writing. Implied consent is consent that can reasonably be inferred from your action or inaction. For example, when you enter into an agreement with us, we will assume your consent to the collection, use and disclosure of your personal information for purposes related to the performance of that agreement and for any other purposes identified to you at the relevant time.
We may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required to do so by applicable law or regulatory requirements.
You may change or withdraw your consent at any time, subject to legal or contractual obligations and reasonable notice, by contacting our DPO using the contact information set out above. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to our DPO. In certain circumstances, the withdrawal of consent may render us unable to continue to provide products or services where the collection, use or disclosure of your personal information is necessary to provide the product or service.
5. PURPOSES AND LEGAL BASIS OF THE PROCESSING
In accordance with the needs associated with accessing the various sections of the our website (and without prejudice to the individual initiatives that involve the provision of specific Personal Data, for which specific privacy notices will be published on a case-to-case basis), the purposes of the processing of your Personal Data and the related legal grounds are indicated below:
- Registration to the Website: the procedure of registering to our Website, through the creation of an account or the use of an already-existing social network account, is aimed at allowing you to use the Website as a "Registered User" and to access a series of exclusive services offered through it. The provision of data is optional. The legal basis for processing is the implementation of pre-contractual measures to which the data subject is party.
Access via the use of social networks may involve accessing personal data other than the data provided at the time of registration to our portal, on the basis of the authorizations you have provided to these social networks and which are to be referred to in relation to the policies on the management of your privacy.
- Purchase of products: by using our Website you may purchase our products as a Registered User (and in this case you do not need to re-enter your Personal Data every time you purchase a product) and as a Non-Registered User (re-entering the required data each time in order to complete a purchase). Both these cases require the processing of your Personal Data.
Your Personal Data will be processed to manage orders and payments, and to fulfil consequent administrative and accounting obligations, as well as to contact you for any information regarding your purchases (for example, information on the status of your orders). The legal basis for the processing is the performance of the Contract to which you are part.
- Marketing: Subject to your specific consent, we may process your Personal Data in order to send you commercial communications, as well as to invite you to take part in our promotional initiatives, to participate in our events and to register for our newsletter. The legal basis of this processing is the Consent of the Data Subject, which can be withdrawn at any time.
- Participation in competitions and give-aways: we may process your Personal Data so that you can participate in competitions and give-aways. The legal basis for this processing is the implementation of pre-contractual measures to which the data subject is party.
In addition to the previous cases:
- Analysis purposes: the Personal Data you have provided when interacting with us and the information regarding this interaction will be collected in our database and will be used to anonymously analyse and improve the services we offer, to assess the efficiency of the activities and initiatives promoted by Lavazza and to conduct statistical analysis on the composition of the database. The legal basis of the processing is the legitimate interest of the Data Controller.
- Any other purpose for which you have provided your specific consent can be withdrawn at any time.
6. NATURE OF THE PROVISION
The provision of your Personal Data is optional. However, the failure to provide your Personal Data may result in the impossibility to use certain services (e.g. to place orders and make purchases, to participate in competitions and give-aways, to be sent the newsletter, etc.).
The compulsory or optional nature of the provision of your Personal Data will be marked each time using symbols (e.g. “*”) placed next to the information that requires the provision of data for the respective purpose.
7. PROCESSING METHODS
Your Personal Data will be processed in compliance with the provisions of current privacy and Data Protection Laws, with the use of electronic or automated means and manual methods, pursuing the logics strictly connected to the purposes for which the data has been collected, via databases, the electronic platforms managed by us or by third parties (appointed as Data Processors), the integrated IT systems of Kicking Horse Coffee and the aforesaid third parties, and/or websites owned or used by us.
Your Data will be processed using methods that ensure the highest level of confidentiality and only by people trained and authorised to process it. The Data Controller adopts all the appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented in relation to the processing.
The Personal Data will be processed mainly at the offices of the Data Controller and at the places where the Data Processors are located.
8. RECIPIENTS OF THE DATA
Your Personal Data may be made accessible, for the purposes stated above, to our employees, partners and/or third-party companies that carry out data processing activities on behalf of the Data Controller, as Data Processors.
As a result, your personal information may be transferred to and processed in the Canada, United States and Italy where many of our central databases operate or other countries where our vendors maintain facilities or business operations. We use contractual means to protect your personal information. However, please note that contracts can be overridden by the criminal, national security or any other laws of the country to which the information has been transferred. While personal information is in another jurisdiction, it may be accessed by the courts, law enforcement and national security authorities of that jurisdiction. If you have questions, please contact us using the contact details of our DPO.
Your Data may be also sent to the judicial authorities where necessary and in the cases provided for by law.
9. STORAGE PERIOD OF THE DATA
In order to ensure compliance with the principles of necessity and proportionality of the processing, we have defined various Personal Data storage periods for the individual purposes pursued:
- Registration to the Website: The Personal Data you have provided in order to register to the Website will be stored for the entire period of time that you are registered on the Website. If your Account is inactive for 24 months, it will be deleted.
- Invoice data will be stored for an appropriate period of time to ensure the proper performance of the agreement and in any case for an additional 10 years for the purposes of the fulfilment of connected administrative and tax obligations.
- The data collected for the management of competitions and give-aways will be stored for the entire duration of the give-away and for an appropriate period of time to ensure its proper performance. This is without prejudice to the fulfilment of administrative and tax obligations for which the data storage period is provided for by law.
- The data collected for profiling purposes and for the sending of promotional and advertising material, for which consent has been given, will be stored for a period of time of no longer than 12 and 24 months respectively or for any other period of time that may be indicated by the supervisory authorities. If you have not provided the above consent, your personal data will be made anonymous and used for statistical analysis.
- The data collected in order to manage and answer requests about our products and initiatives will be stored for the period necessary to carry out the requests and will subsequently be deleted if there is no further contact.
10. DATA OF MINORS
Kicking Horse Coffee does not normally collect the Personal Data of minors, nor does it deliberately establish any communication with them. For this reason, we invite parents to actively monitor the online activities of their children under sixteen years of age.
Nevertheless, if we were to contact a minor under 16 years of age, consent must be obtained from his/her parents or the holders of parental responsibility, except in cases such as an answer to his/her question or dealing with his/her request.
11. RIGHTS OF THE DATA SUBJECT
At any time, you can exercise the rights below indicate:
- the right to obtain confirmation as to whether personal data concerning you exists, regardless of it being already recorded, and communication of such data in intelligible form;
- the right to withdraw the consent you have given for the purposes of the processing at any time;
- the right to access, rectify, erase and limit the processing and portability of your personal data;
- the right to object to its processing any time you wish;
- the right to commence proceedings before the competent supervisory Authority, if you think that the processing of your data is contrary to the laws in force.
12. METHODS FOR EXERCISING YOUR RIGHTS
If you wish to exercise the aforesaid rights, or you wish to have more information on the processing of your personal data, you can (i) write us an email ; (ii) write to us at Kicking Horse Coffee Co. Ltd., 491 Arrow Road, Invermere BC, V0A 1K2; (iii) write an email to our Group Data Protection Officer PrivacyDPO@lavazza.com.
We will respond to your requests within 30 days.