Customer care
Coincard
My shop
null

Download Privacy Information and download terms and conditions of Coincard



Privacy Information for Registration on coin.it and Coincard

pursuant to Article 13 of EU Regulation 679/2016 (General Data Protection Regulation)

 

 

Registration and subscription to the Coincard is prohibited for minors under 18 years of age.

 

  1. a) Who we are:

Coin S.p.A., with registered office and administrative headquarters in Mestre (VE), via Maderna n.11, 30174, tax code and VAT number: 04391480276 (“Coin”), is the company that – as Data Controller – collects and processes your personal data and, pursuant to EU Regulation 679/2016 “General Data Protection Regulation” (“GDPR”), provides you with the following information:

 

  1. b) How to contact us and the Data Protection Officer:

For any questions, information requests, or to exercise your rights, you can contact us by sending an email to servizioclienti@coin.it, or by writing to Coin S.p.A., Customer Service, Via Maderna n.11, 30174 Venezia Mestre (VE), Italy.

The Data Protection Officer (DPO) designated by Coin S.p.A., pursuant to Article 37 of the GDPR, can be contacted at dpo@coin.it.

 

  1. c) What data we collect:

The personal data we collect depends on your use of your Coincard loyalty card ("Coincard" or the "Card") and your personal account on coin.it, as well as any consent you provide, where applicable.

Specifically, we may collect the following data:

- first name and surname;

- date of birth;

- gender;

- province of residence;

- zip code;

- mobile phone number;

- email address;

- entity (store or online) issuing the Coincard;
- data relating to Coincard use, such as Coincard code, total purchase amount, discount thresholds reached, use of dedicated discounts (or prizes), participation in contests and initiatives;

- data relating to purchase details for the purpose of analyzing your preferences and purchasing habits (e.g., date, item code, product description, price, and quantity).

During the Coincard activation request process, we may ask you to show an identity document to verify your age.

For the processing of data relating to your connection and navigation on the coin.it website, we invite you to read the relevant privacy and cookie policies.

 

  1. d)Why we process your data:

Your data will be used for the following purposes:

 

(1)       Issue and manage your Coincard, thus allowing you to access our loyalty program and/or reserved promotional campaigns (e.g., accessing discounts, promotions, initiatives dedicated to cardholders, etc.), as specified in the Coincard and loyalty program regulations and informational materials. We also send you service communications to this end (e.g., regarding your status or the expiration of your spending limit). If you request your Coincard at a Coin, Coincasa, or Coin Excelsior store, your Coincard will be activated by the sales assistant, who will provide you with the necessary instructions.

(2)     Create your personal Coin account, allowing you to access the services and benefits reserved for those registered on coin.it (e.g., use your Coincard online, make purchases faster by saving your data, check your purchase history and Coincard status; view your "whishlist"; verify and modify your personal data or privacy consents; receive service communications strictly related to your account).

The legal basis for processing for purposes 1 and 2 is the need to execute the loyalty relationship established with the issuance of the Coincard and provide you with the services associated with the activation of your personal account on coin.it (Article 6, paragraph 1, letter b) of the GDPR).

 

(3)     Exercise of Coin's rights against unlawful or fraudulent conduct  

The legal basis for processing is Coin’s legitimate interest in verifying the correct use of the account and Coincard and, consequently, exercising its rights, including in court, against unlawful or fraudulent conduct (Article 6, letter f) of the GDPR).

This interest is deemed legitimate and balanced with the rights and freedoms of the data subjects, given that the processing will be aimed solely at protecting Coin's rights against fraudulent or unlawful conduct, in compliance with applicable legislation, as well as with current company procedures and regulations governing the proper processing of personal data.

 

*

If you give your consent, some of the data provided when activating your Coincard and your personal account on coin.it, as well as the data we obtain from the analysis of your preferences and purchasing habits, will be used for the following purposes:

(4)       Analysis of your preferences and purchasing habits, in order to improve our commercial offering and our products and services thanks to a better understanding of our customers, their purchasing preferences and tastes (e.g., allowing us to understand which products you prefer, to improve our assortments, etc.);            

(5)       Marketing, to contact you – by telephone, mail, newsletter, email, text message, or notification of initiatives on social networks, etc. – for advertising and promotional communications about our products, services, or initiatives, including personalized ones, if you have given us your consent to learn about your purchasing preferences and tastes (purposes under 4, e.g., sending you information about the brands or collections that interest you most), or to allow you to participate in market research.

The sending of advertising or commercial communications may also concern the various brands owned by Coin, which can be consulted, in their updated list, on the coin.it website.

The legal basis of the processing of your data for the purposes under nos. 4 and 5 is represented by your consent (art. 6, paragraph 1, letter a) of the GDPR).

If you do not wish to provide your consent, you can still obtain the Coincard by taking advantage of the benefits reserved for members and registering on coin.it by creating your personal account.

You may always freely withdraw your consent by exercising the relevant option through your personal account on coin.it or by writing to servizioclienti@coin.it. If you no longer wish to receive commercial communications via email, you can also use the link included in each communication you receive. Furthermore, in your personal area of your coin.it account, you can also choose the channels through which you wish to receive our marketing communications.

*

 

  1. e) Consequences of incomplete data:

Coin requires certain data to be provided during registration (marked as "mandatory" (*)) as it is necessary for registration on the coin.it website and/or to issue the Coincard. Failure to provide the data marked as "optional" or failure to provide consent for certain purposes will simply make the related personal data unusable.

You can change your data at any time directly through your personal account on coin.it or by writing to servizioclienti@coin.it.

 

  1. f) How we process your data:

Your data will be processed primarily electronically to allow you to access discounts and promotions based on your spending, to provide access to the other benefits described in the Coincard regulations and informational materials, and to register on coin.it.

If you give us your consent, we may also analyze your data (e.g., your purchases) to understand your tastes and preferences and send you offers, including personalized offers, on our products (e.g., if you purchase feminine or household products, we may send you promotions or discounts on similar or matching products), services (e.g., home deliveries), or initiatives (e.g., contests), or to contact you to participate in market research (e.g., through interviews, telephone contact, email, etc.).

Please note that all analysis of your data and preferences will not be performed exclusively using automated methods, but will always involve the intervention and evaluation of our employees.

Coin may carry out specific, and not continuous or generalized, checks to verify the correct use of your account and your Coincard and protect itself against fraudulent or illicit conduct, in compliance with applicable legislation as well as current company procedures and regulations.

 

  1. g) How long we keep your data:

The data required to achieve the purposes set out in points 1 and 2 of paragraph d) will be processed for the entire duration of your Coincard membership and your registration on the coin.it website.

The data required to exercise your rights, including in court proceedings, against unlawful or fraudulent conduct (purpose set out in point 3 of paragraph d) will be retained until the outcome of the dispute.

The data relating to the details of your purchases, processed for preference analysis purposes (purpose set out in point 4 of paragraph d) and/or marketing purposes (purpose set out in point 5 of paragraph d), will be retained for a period of 24 months from the date of registration of the purchase.

 

  1. h) Who processes your data:

Your data will not be disclosed or transferred to third parties.

To allow Coin to manage your account, operate your Coincard, and pursue the purposes to which you have consented (purposes under nos. 4 and 5, paragraph d), your data may be disclosed (limited to their respective areas of responsibility) to the following recipients: (i) our affiliated companies that manage Coincasa stores; (ii) providers of IT services and technical systems necessary for the management of our information systems, our website, and our databases (e.g., optical archiving, storage, and processing of IT archives); (iii) providers of applications and services necessary for the analysis of our customer data, communications, and marketing; (iv) companies that organize and manage market research; (v) public and judicial authorities in the event of disputes, fraud, or unlawful conduct; (vi) external legal and tax professionals.

The details of the entities acting as Data Processors pursuant to art. 28 of the GDPR will be provided upon request to the contact details indicated in paragraph l) below.

The data may also be disclosed to persons authorized to process data in Coin's Marketing & Digital Transformation Department and the Retail, IT, and Legal Departments.

 

i) Transfer of data outside the EU:

Your data is not transmitted outside the European Union, as the processing is carried out either directly by Coin or through suppliers who use servers and systems located in the European Union (or European Economic Area).

 

  1. l) Your rights:

By contacting the point of sale and/or by sending a communication to Coin S.p.A., via Maderna n.11, 30174 - Venezia Mestre (VE), e-mail: servizioclienti@coin.it, you may exercise the rights set forth in Articles 15 to 22 of the GDPR at any time, including access to your personal data, the rectification of inaccurate personal data, or the erasure or restriction of processing of such data, and the right to receive, or transmit to another controller, your data in a structured, commonly used, and machine-readable format.

In particular, your right to withdraw at any time any consent to the processing you may have provided and to object to the processing of your data carried out, in particular, for marketing purposes or analysis of your preferences remains unaffected.

If you wish, you may also withdraw your consent to receiving communications via electronic means (e.g., email, text message), while continuing to receive commercial communications only by post or by telephone, where applicable.

We remind you that you can independently modify your personal data and consent to data processing, including through your personal account on coin.it.

You can find a complete list of your rights at www.garanteprivacy.it.

 

Articles 15 to 22 of the GDPR grant data subjects the following rights:

-      Right of access: The interested party may request which data concerning him or her are being processed, the purposes of the processing, the categories of data processed, the recipients to whom the personal data have been or will be disclosed, any transfer of data outside the European Union, the data retention period, the existence of an automated decision-making process (including profiling), as well as the origin of the data if they are not collected from the interested party (Article 15 of the GDPR).

-      Right of rectification: The interested party may request the correction or updating of inaccurate data or, taking into account the purpose of the processing, the integration of incomplete personal data (Article 16 of the GDPR).

-      Right to erasure (right to be forgotten): (Where applicable), the data subject has the right to obtain the erasure of personal data concerning him or her, for example when the personal data is no longer necessary for the purpose for which it was collected. However, it will not be possible to request the erasure of data if it is necessary to fulfill a legal obligation (e.g., accounting, security, etc.) or to establish, exercise, or defend legal claims (Article 17 of the GDPR).

-      Right to limitation: The data subject may request that data processing be restricted, for example when the accuracy of the personal data is contested, for a period necessary to verify the accuracy of such data (Article 18 of the GDPR).

-      Right to notification: The data subject has the right to be informed of any rectification, erasure, or restriction of processing carried out on his or her personal data, and of the recipients to whom the data has been communicated (Article 19 of the GDPR).
-      Right to portability: (Where applicable) the data subject has the right to receive the data concerning him or her in a structured, commonly used, and machine-readable format (e.g., Excel, CSV). This right, however, is limited to data processed by automated means and based on a contract with the data subject, or on his or her consent. If technically feasible, it will be possible to request the data be transmitted directly to another data controller (Article 20 of the GDPR).

-      Right to object: (where applicable) The data subject has the right to object at any time, for reasons relating to his or her particular situation, to the processing of personal data concerning him or her, for example, for the purposes of pursuing a legitimate interest of the data controller or a third party (including profiling). He or she may also object at any time to the processing of data for direct marketing purposes, including profiling related to such direct marketing (Article 21 of the GDPR).

-      Right not to be subject to automated decisions, including profiling: (where applicable) The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her, except where the automated decision is necessary (i) for the conclusion or performance of a contract between the data subject and a data controller, (ii) is provided for by law, subject to appropriate measures and safeguards, or (iii) is based on the data subject's explicit consent (Article 22 of the GDPR).

 

  1. m) Who you can contact to lodge a complaint about the processing of personal data:

We remind you that if you believe that the processing of your personal data violates the provisions of the GDPR, you can always lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it), or with the Data Protection Authority of the country in which you habitually reside, work, or where the alleged violation occurred.

COIN S.p.A.