Coincard Privacy Policy

Pursuant to art. 13 of EU Regulation 2016/679 "General Data Protection Regulation"

 


a) Who we are:

 


Coin S.p.A., with registered and administrative headquarters in Mestre (VE), via Maderna n.11, 30174, tel. [*] (hereinafter "Coin"), is the Data Controller who collects and processes your personal data and, pursuant to art. 13 of EU Regulation 2016/679 General Data Protection Regulation (the "Regulation") provides you with the following information.


b) How to contact us and the Data Protection Officer:


You can contact us by sending an e-mail to coincard@coin.it, or by writing to: Coin S.p.A., Customer Service, via Maderna 11, 30174, Mestre (Venice).


The Data Protection Officer designated by Coin S.p.A. pursuant to art. 37 of the Regulations can be contacted at the e-mail address dpo@coin.it.


 


c) What data we collect:

The personal data we collect and how we collect them depend on the use you will make by activating the Coincard loyalty card ("Coincard" or the "Card"). In particular, we will collect the following data:




  • name and surname;
  • place, province, postcode (optional data);
  • date of birth;
  • gender (optional data);
  • cellphone number;
  • e-mail;
  • telephone (optional data);
  • educational qualification (optional data);
  • number of family members (optional);
  • purchases made (e.g. products purchased, amount, date and time of purchase, etc.) (optional data);
  • data relating to the use of the Coincard, such as accumulated points, use of dedicated discounts (or prizes), participation in competitions and initiatives (optional).



d) Why we collect your data:

The data you are providing us will be used in order to:


 


(1) Issue and manage the Coincard, thus allowing it to access the advantages reserved for Cardholders, described in the Coincard information material (such as for example discounts, promotions, exclusive initiatives, etc.).


The data will be processed for the execution of the contractual relationship and to retain our customers, as well as our legitimate interest in verifying the correct use of the Card (Article 6, letters b) and f) of the Regulations.


Some of this data as well as, if you provide your consent, the data that we will obtain from the analysis of your purchases, will be used for the purposes of:


 


(2) Analysis of the market and its purchasing habits in order to improve our commercial offer thanks to a better knowledge of the customers who frequent our shops, their preferences and tastes;


 


(3) Marketing, by contacting you - by telephone, post, newsletter, e-mail, sms, instant messages, post, messages or communications of initiatives on social networks, etc. - for advertising and promotional communications, including personalized ones, relating to exclusive advantages that Coin and its commercial Partners reserve for Cardholders, as well as to find out how satisfied you are with our products and services (market research).


The sending of advertising or commercial communications may also concern the various brands owned by Coin and which can be consulted, in their updated list, on the website www.coin.it


The processing of your data will be based on your possible consent (Article 6, letter a) of the Regulation. If you do not intend to give your consent, you can still obtain the Coincard and adhere to the advantages reserved for members. Your consent will always be freely revocable. You can check the consents given simply by registering your Card on the website www.coin.it and accessing the Reserved Area for Coincard holders, and modify or revoke them by writing to coincard@coin.it.


 


e) What are the consequences in case of incomplete data:

Coin requires some "mandatory data", as well as, if provided, some "optional data" (see point c). If you do not provide us, or provide us in an incomplete way, the data indicated as "mandatory", Coin will not be able to release the Coincard; failure to fill in the data indicated as "optional" will simply not allow us to use those data for the purposes for which you have given your consent (eg to analyze our customers or send them personalized communications).


We remind you that your identification as a Coincard owner at the time of purchasing a product is "optional", but if you decide not to identify yourself, we will not be able to process your purchases to calculate the points and / or Shopping Vouchers accrued, as provided in the Coincard information material.


 


f) How we process your data:

Your data will be processed mainly in an automated way to grant you discounts or promotions based on your spending volumes and give you access to the other benefits described in the information material. Furthermore, if you give us your consent, we will be able to analyze your data (e.g. those of your purchases), to try to understand your tastes and desires, so that we can improve. re (e.g. allowing us to understand which products our customers prefer) and being able to send you offers, including personalized ones, on our products (e.g. new collections of your favorite brands), initiatives (e.g. competitions), or contact you to participate in research market (e.g. through interviews, telephone contact, e-mail, etc.).


We specify that all our analysis of your data and preferences will not take place exclusively in automated ways, but will always involve the intervention and evaluation of our representatives.


Coin may carry out specific and non-continuous checks to verify the correct use of the Card and protect itself against fraudulent conduct, in compliance with the applicable legislation, as well as the procedures and company regulations in force.


 


g) How long do we keep your data:

Your data will be processed for the entire period of validity of your Coincard and on the basis of the consents provided by you. The data relating to the details of your purchases will, on the other hand, be processed for analysis or promotional purposes for a maximum period of 12 months respectively from the registration of the same.


 


h) By whom your data are processed:

Your data will not be disclosed or communicated to third parties. To allow Coin to operate the Coincard and pursue the purposes to which it has consented (see point d), your data may become aware (limited to the respective area of ​​competence) of the following recipients: (i) Information Technology Department of OVS SpA, based in Mestre (VE), via Terraglio 17, the company responsible for the management of our information systems; (ii) our affiliated companies that manage the Coin and Coincasa stores; (iii) companies that carry out the optical archiving, storage and processing of computer archives on our behalf; (iv) companies that take care of sending promotions and advertising or carrying out promotional activities. These subjects will operate as external data processors pursuant to art. 28 of the Regulations: a complete list can be requested at the addresses indicated below.


The data may be disclosed to the persons authorized to process the Marketing and Digital Transformation Department.


 


i) Data transfer:

Your data is not transmitted outside the European Union.


 


l) What are your rights:

By contacting the point of sale or by means of a communication to be sent to Coin S.p.A., via Maderna n.11, 30174, Mestre (VE), e-mail: coincard@coin.it, you may at any time exercise the rights referred to in Articles. from 15 to 22 of the Regulation (listed below) and in particular to revoke at any time any consent to the processing provided and to oppose the processing of your data carried out, in particular, for marketing purposes or analysis of your preferences. If you wish, you can also revoke your consent limited to the receipt of communications by electronic means (eg e-mail, sms, instant messages), continuing to receive commercial communications only by paper mail or telephone contact with the operator, if any.


Articles from 15 to 22 of the Regulations recognize the following rights:


Right of access: the interested party can request which data concerning him are processed, the purposes of the processing, the categories of data processed, the recipients to whom the personal data have been or will be communicated, the possible transfer of data outside of the European Union, the data retention period, the existence of an automated decision-making process (including profiling), as well as the origin of the data if they are not collected from the interested party (Article 15 of the Regulation).


Right of rectification: the interested party may request the correction or updating of inaccurate data or, taking into account the purpose of the processing, the integration of incomplete personal data (Article 16 of the Regulation).


Right of cancellation (oblivion): (where applicable) the interested party has the right to obtain the cancellation of personal data concerning him, for example when the personal data are no longer necessary for the purpose for which they were collected. However, it will not be possible to request the deletion of data if they are necessary to fulfill a legal obligation (eg keeping accounting records, security, etc.) or for the assessment, exercise or defense of a right in court. (Article 17 of the Regulation).


Right of limitation: the interested party may request that the processing of data be limited, for example when the accuracy of personal data is contested, for the period necessary to verify the accuracy of such data (Article 18 of the Regulation).


Right of notification: the interested party has the right to be informed of any corrections or cancellations or limitations of the processing and fcarried out in relation to personal data concerning him, and of the recipients to whom they have been communicated (Article 19 of the Regulation).


Right of portability: (where applicable) the interested party has the right to receive data concerning him in a structured format, commonly used and readable by an automatic device (eg. In .excel, .csv format). However, this right is limited only to data processed by automated means and on the basis of a contract with the interested party, or your consent. If technically feasible, it will be possible to request the transmission of data directly to another data controller (Article 20 of the Regulation).


Right to object: (where applicable) the interested party has the right to object at any time, for reasons connected to his particular situation, to the processing of personal data concerning him carried out, for example, for the pursuit of a legitimate interest of the owner of the treatment or of third parties (including profiling). You can also always oppose the processing of data carried out for direct marketing purposes, including profiling connected to such direct marketing (Article 21 of the Regulation).


Right not to be subjected to automated decisions, including profiling: (where applicable) the interested party has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or significantly affects your person, except in cases where the automated decision is necessary (i) for the conclusion or execution of a contract between the data subject and a data controller, (ii) is required by law, in compliance with measures and precautions, (iii) is based on the explicit consent of the interested party (Article 22 of the Regulations).


 

m) Who can you contact to lodge a complaint:

We remind you that, if you believe that the processing that concerns you violates the provisions of the Regulation, you can always lodge a complaint with the Guarantor for the protection of personal data (www.garanteprivacy.it), or with the Guarantor of the country in where he habitually resides, works or the place where the alleged violation has occurred.