The processing of personal data by Eataly

OUR PRIVACY POLICY

This Privacy Policy is provided pursuant to state and federal privacy laws of the United States as of January 27, 2020 and describes how Eataly USA LLC and Eataly NET USA LLC as below identified ( hereinafter , “Eataly”, “We’, “Our” and “Us” jointly in this Privacy Policy “Eataly”) collect and process the personal data of users or customers through their websites, in particular www.eataly.com (hereinafter the “Site”), physical stores, or more generally every time that express reference is made to this Privacy Policy.

By using our services and viewing the Site, you acknowledge that we will be collecting, sharing and using your submissions and Personal Data (as defined below) as described in this Privacy Policy, and you consent to those practices. You understand that by using the Service, you consent and agree to the collection and use of certain information about You and Your use of the Service in accordance with our Privacy Policy and Terms of Use.

Eataly may amend, supplement or periodically update this information, also in consideration of possible regulatory changes which are applicable or provisions from the competent authorities for the Protection of Personal Data. The changes and substantial updates to the Privacy Policy will be applied and brought to the attention of the interested parties as soon as they are adopted by updating the link to the Privacy Policy in the Site footer and by emailing the registered users. In case of changes that significantly affect the rights of the registered user, the communication will be made with reasonable notice.

We are committed to keeping you informed about how we use your Personal Data, and we take industry-standard precautions to protect Your information. Our payment process for purchases of goods as well as event ticket purchases and classes is managed via Chase Paymentech; as explained in their Privacy Policy and Terms of Service both use industry-standard encryption to keep unauthorized persons from being able to read the payment data You have entered online. At Eataly, we do not store Your credit card or debit card information on our servers.

PURPOSES OF PROCESSING AND LEGAL BASIS

The data are processed for the following purposes.

We collect, process and store personally identifying information and related data based on the contract between you and us, in order to:

- manage orders and perform related activities (ex: sales and after-sales customer assistance, communications with the customers on the status of their orders, responses to their information requests, management of payments, etc.);
- managing user accounts when registered with the Site in order to use the related services;
- allow access to specific and additional services requested from time to time by the user (e.g. registration to courses held at Eataly stores);
- manage product shipments including delivery to the residence, business or other location directed by you, and create waybills related thereto;
- follow specific user requests (e.g. consider a candidate submitted through the "Work With Us" section or otherwise).

(collectively, the “Order Process”)

b) We also collect, process, store and use personally identifying information and related data when you, as the user and provider/source of such personally identifying information and related data, grant consent in a manner that is, where required, specifically collected each respective time, in order to carry out market research, as well as to contact the user and send commercial communications and promotional offers, in addition to sending the Newsletter described below, with regard to products, services and/or events of Eataly, through SMS, telephone, paper mail or other means, including through a prior analysis of consumer behavior aimed at customizing, personalizing, localizing or otherwise specializing commercial messages from us and our trusted partners, to you.

c) In addition, we collect, process, store and use personally identifying information and related data based on the legitimate interest of Eataly as long as those legitimate interests do not over-burden your privacy rights, specifically:

-for the analysis and improvement of our services;
- for statistical and/or research and development activities, also by analyzing data deriving from the use of services and products or consumer behavior;
- in order to defend our rights in the course of court, arbitration, mediation, administrative or extrajudicial proceedings, and in disputes arising in connection with the services and/or goods offered;
- in the case of extraordinary transactions, including merger, sale of a business unit, acquisitions, etc.

d) Further, if we need to fulfill legal obligations to which Eataly is subject, we reserve the right to collect, process, store and use personally identifying information and related data.
Our collection, processing, storage and use of data for the purposes referred to regarding the Order Process and is mandatory, as it is necessary to process the sale and delivery of products and services purchased, or for registration at the sites. Refusal to provide personal data for processing makes it impossible to perform the services required for the purchase of goods and provision of services on the Sites.

CATEGORIES OF DATA PROCESSED BY EATALY

Accordingly, by providing Personal Data (as broadly defined below, and which includes personally identifying information) to Eataly, You consent to the collection, storage and processing as set forth above of the data provided by You manually, as well as IP information, for localization, corporate compliance, legal and auditing purposes, in connection with Eataly’s business purposes, such as data analysis, audits, fraud prevention, developing new Services and/or features, enhancing and improving our Services, documenting usage, analyzing and researching user trends and researching/documenting the effectiveness of any promotional campaign;  and to our sharing of that information with the entity You ordered from, as well as our personnel for purposes of managing and processing Your order, processing payment for that order, following up with You regarding Your order and making recommendations for future orders.

For purposes of this Privacy Policy and any agreement with Eataly that incorporates them by reference, including our Terms of Use “Personal Data” is defined as personally identifying information, including but not limited to a username, account number, email address, IP information and any personally identifying information entered by a User on the Services including address and payment information.

“Special Categories of Personal Data” is defined as data revealing health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, personal relationships or sexual orientation. We may ask you to submit information that falls into “Special Categories of Personal Data” in connection with allergies, health restrictions and food/beverage preferences. Also, if You may place an order that has as the shipping address a location such as a house of worship, a hospital, a campaign office or a picket line, You may be providing such Special Categories of Personal Data incidentally.

We may also collect “Interactive Data”, meaning browser type, Internet service provider, device type/model/manufacturer, operating system, date and time stamp, and a unique ID that allows us to identify Your browser, mobile device, pages you visit, cell service/wifi provider or Your account (including, for example, a persistent device identifier), and other similar information; You consent to such collection so that we can manage and deliver your Order or enable you to attend a class or event (each of which is a contract between You and Eataly) and/or so we can provide You with relevant and/or requested Provided Content, data, information and Services. To improve our Services and avoid errors, we may obtain certain analytical information including records of the user sign in process, as well as login and logoff times, object loss metrics, test processes, button and action data and related information; such data may be shared with Instabug and/or Amplitude so we can provide You with the Services you want to receive, error-free.

Your Information, including Personal Data, is collected, stored, processed, used and archived pursuant to this Privacy Policy and you agree that all references to Personal Data in this Privacy Policy and the Eataly Terms of Use include Special Categories of Personal Data and Interactive Data. You consent to our use, storage, retention and processing of data included in Special Categories of Personal Data as well as Interactive Data in the same way that We use, store, retain and process Your Personal Data, and agree that the term Personal Data as used below includes Special Categories of Personal Data and Interactive Data.

If you share a third party’s personal information with us, for purposes of sending them information about a product, or shipping them a gift or other item, you indemnify us in connection with our use of that information to provide them with the information and/or goods selected by you for us to share with them, and affirm that we can handle such information in the same way we handle Personal Data pursuant to this Privacy Policy.

COOKIES AND OTHER TECHNOLOGIES

A cookie is a small file sent by a website and stored on the user's browser while they use an Internet site. Cookies can be stored only for the time you use a particular site (cookies session) or for a longer period of time and independent from the session (persistent cookies). Cookies work in conjunction with the website content and normally have the function of improving the usability and browsing experience on the web (technical cookies). Some types of cookies also allow you to know the contents displayed, the choices selected and any use of the site by the user. This functionality also allows us to offer the most useful and relevant advertising to every single user (profiling cookies). A website can use self-developed cookies (first-party cookies) or cookies developed by third-party companies (third-party cookies)

We treat information collected by cookies and other technologies as non-Personal Data. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered Personal Data by local law, we also treat these identifiers as Personal Data.

In addition to allowing an easy use of the Sites, Eataly uses cookies for various purposes, including: (i) identifying the user when logging in; (ii) store the products saved in the cart for purchase; (iii) avoid fraudulent use of accounts or payments; (iv) perform user profiling and then provide information on the products of interest to you, or other personalised contents or offers; (v) provide promotions, content, advertising, related to the user and his preferences and to remember these preferences; (vi) carry out market research; (vii) improve the Sites, the offer of Eataly products, and their marketing, etc.
In particular, Eataly uses:

a) TECHNICAL COOKIES: These are cookies necessary for browsing as they allow correct use of the Site and its full functionality. They include cookies which enable the creation of a personalized account, logging in, displaying content in the chosen language at every access, recognizing the user is connecting from (and remembering this setting for future access) and order management. These cookies are strictly necessary for Site operation and their deactivation might impair browsing experience and outcome. In particular, we use technical cookies for the following purposes:

- for the management of dynamic web pages, for the geographical identification of users, and for the management of last access data;

- to guarantee the correct functioning of the web pages;

- for the functioning of the forms (e.g. course registration form);

- for the management of data relating to the amounts and products of the orders

b) ANALYTICAL COOKIES: used to collect information on the number of users and how they visit the site. For example:

- Google Analytics: the site uses the Google Analytics tool to collect information, in aggregate form, on the number of users and how they visit the site. This tool uses third-party technical cookies for its operation. Information on the processing of privacy by Google is available at the following link: http://www.google.com/analytics/learn/privacy.html. Information on the cookies used by Google Analytics, collection and use of this data are available at the following link: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#gajs. The following link also contains information to deny consent to the use of third-party cookies by Google Analytics: http://tools.google.com/dlpage/gaoptout

c) THIRD PARTY PROFILING COOKIES FOR MARKETING/RETARGETING: these are cookies of third-party companies that allow the collection of information on the user for subsequent communication of more specific and/or personalized promotional material. They include cookies for inserting banner advertisements on the Site relating to third party companies or products chosen or viewed by the user, or similar or like products. These cookies can be deactivated without preventing proper navigation on the Sites, however their deactivation involves the receipt of promotional messages that may not be relevant to the user. For more information on profiling cookies currently installed in the user's terminal, review the third-party privacy information and change the preferences expressed, users can consult the page http://www.youronlinechoices.com/it.

Disabling cookies. The user can always decide to block, delete, disable cookies or other similar technologies through the settings of their browser or device. There are many different browsers: each different browser (and in some cases even each different version of the same browser) has its own procedure for deleting cookies. Cookie preferences must be set separately for each browser used, as the features and options offered may vary. It is therefore advisable to visit the support pages of your browser for more information. Furthermore, the user can modify the settings related to Eataly cookies, including their activation and deactivation, by accessing the dedicated section in the Sites' footer, under "Cookie Settings". Their complete deactivation may preclude many features, or the proper browsing or viewing of the Site or other web pages.

Acceptance and waiver of cookies. At the time of the user's first access to the Sites and, in any case, until a choice is expressed, the user will be asked to provide his consent to the use of third-party analytical cookies and profiling cookies. In particular, consent can be provided by continuing with navigation. We may also collect information when you register for or create a Eataly account, or connect your Eataly account with another account, by logging into an account that you already have with Facebook, or certain other third-party social networking site (collectively and individually, “SNS”) via our Service. We may gather information regarding your contact lists and SNS information and profile.

A pixel tag or web beacon is an often-transparent graphic image, usually no larger than 1 pixel by 1 pixel, that is placed on a website or in an email that is used to monitor the behavior of the user visiting the website or sending the email.  We may use web beacons and/or pixel tags for many purposes, including site usage analytics, advertising, user management, auditing and reporting, and content and advertising personalization.

We do not respond to “do not track” browser signals.

DATA RECIPIENTS OR CATEGORIES OF RECIPIENTS

In order to use Eataly’s Services for purposes like learning about or ordering products, registering for classes, sending gifts, etc., You may from time to time provide personally identifying and other forms of information, including, but not limited to, Your name, street address, email address, phone number, and other contact information. In addition,
Data that we collect may be processed and/or stored by third parties, carefully selected in terms of reliability and competence, who, act in the name and on behalf of Eataly on the basis of contractual agreements and specific instructions. This is necessary or appropriate in order to carry out activities, including those that are instrumental or ancillary, related to the purposes of data processing and product delivery set forth in this Privacy Policy, the main one of which consists in the supply of goods or services requested by the interested party (e.g.: postal service companies, couriers, data entry companies, companies that manage marketing and newsletters, etc.).

Furthermore, the personal data of the users can be communicated between the Eataly Group companies. For example, if the user purchases a course or service on the sites of Eataly Group, their data will be processed by the company relevant to the request. Likewise, if the user submits an application for an open position at a specific Eataly store, the data will be processed by the head of the position in question, if a controller is required in the country where said store is located; if no controller is required, appropriate personnel will process, store and/or use the information contained therein.

In any other case, except as permitted by applicable laws, personal data are not transferred and/or disclosed to third parties.

We and our third-party service providers including PayPal and Chase Paymentech may collect Your billing, shipping, and other information, and We may collect other supplemental information from third parties related thereto pursuant to their Privacy Policy and Terms of Service. You can always choose not to provide any information, but then You might not be able to order Eataly’s products and utilize certain of our Services. For example, if you sign up for a class, send a gift certificate or order delicious products, you will also be required to provide a billing address and credit card or other payment information which will be collected, used, processed and retained so that we can process your order, remind you of the class, check you in at the class, obtain follow-up information and/or feedback from you, and for other accounting and legal purposes. If you order items for shipping or delivery, we will share your name and address information, and possibly phone and email information, with those involved in shipping/delivering your goods to you or your chosen recipient.

Like most websites, We use log files to collect Internet Protocol ("IP") addresses, browser type, Internet Service Provider ("ISP"), referring/exit pages, platform type, and date/time stamp, and these are included in the definitions of Interactive Data, Personal Data and/or Special Categories of Personal Data, as appropriate. We may use the information to analyze site usage, administer the site, understand usage and navigation trends in the aggregate, and determine interest in our products as well as the relevance of content. IP addresses are also linked to personally identifiable information, to better a user's experience when using the Website. Although We have no obligation to do so, We may also retain any email, letter, or other correspondence between You and Eataly and any representative or agent thereof, to ensure quality control.

We may use Your email address or information for a range of purposes including managing, tracking, completing and confirming Your orders and/or class reservations, processing a payment, communicating with our suppliers and vendors, marketing, maintaining quality of service, and administrative/legal/accounting/auditing purposes, and we reserve the right to share Your Personal Data with our staff/employees/contractors/team as needed to effect all of these purposes or processes. Those companies may or may not retain, share, store, or use personally identifiable information for secondary purposes. We reserve the right to partner with any third party to provide specific services and process, and to store and organize Personal Data on our behalf, in connection with our reasonable management, maintenance and growth of Eataly and related businesses.

We may use Your Personal Data in connection with information from You that is not Personal Data which we have collected in a manner such that the end-product does not personally identify You or any other user of the Service. We may make information that would otherwise be deemed Personal Data (e.g. the number of Users who have ordered a particular product, or who live in a particular zip code) non-personally identifiable by either combining it with information about other users (aggregating Your Personal Data with information about other users), or by removing characteristics (such as Your name or email address) that would have made the information personally identifiable. This process is known as de-personalizing or anonymizing of information. Accordingly, You consent to our use of Your Personal Data to provide analyses of our users in the aggregate to current and prospective partners and other third parties.

Through this Privacy Policy You grant us a royalty-free, worldwide, perpetual, irrevocable and fully transferable right and license to use, process, store and share Your Personal Data in connection with the creation and development of analytical and statistical analysis processes, tools and data relating to the use of the customer data we collect in providing the Service (the "Analytical Data"). Additionally, we may partner with other companies to process, analyze, and/or store data, including, but not limited to, Analytical Data. While providing services for us, these companies may access Your Personal Data. To the extent applicable, we require these entities to comply with this Privacy Policy and take appropriate confidentiality and security measures. You expressly authorize and consent that we can make any commercial use of the Analytical Data, including without limitation, sharing the Analytical Data with third parties, and that all Analytical Data is included in the definition of Personal Data herein.

Although We intend to use reasonable security safeguards to protect the security of Personal Data, WE HAVE LIMITED CONTROL AND WE CANNOT PROVIDE OR GUARANTEE COMPLETE SECURITY OF ANY INFORMATION; THEREFORE, YOUR POSTING OR TRANSMITTING OF PERSONAL DATA IS DONE AT YOUR SOLE RISK. If there is a breach in the security of Eataly’s Services that impacts or involves Your Personal Data, We will contact You at Your then-current email address; we are not responsible for contacting You in the case of a security breach by or at Your credit card company that does not involve an active Eataly purchase.

The Personal Data you provide to us will allow us to run and operate our Service, including fulfilling and shipping your orders, welcoming you to an Eataly class, maintaining the integrity of the Service, providing you with the Services that you are seeking; minimizing spam, alerting you of new products or services, features, or enhancements, handling your questions or issues, administering promotions, contests and sweepstakes, displaying relevant marketing to you, combating fraud and abuse, to notify you of promotions, updates, or special offers that we think may interest you, and for other legal and accounting/audit reasons. We also use information in the aggregate to understand how our users as a group use the services and resources provided on our Service. We also use your email address and phone number as part of the Service in sending you messages about the Service and other general announcements.

We collect personally identifying information such as Your IP address and e-mail address when You register for/create a user account with the Service, visit any of the sites and Services that are part of Eataly family of sites, or use any of Eataly’s Services. We may use third-party services to store, process, or transmit data, or perform other technical functions related to operating the Service. These services may include spam detection, backup services, product information hosting and e-mail services; a list of third-party services is provided in our Subprocessor List. While we endeavor to ensure our service providers’ compliance with our privacy strictures, we cannot guarantee other services’ performance. We or the services we use store or process Your Personal Data in data centers located in the United States, Canada, Ireland and Italy, and may subcontract processing to, or share Your information with, third parties located in countries other than those countries and/or Your home country. Your Personal Data may therefore be subject to privacy laws that are different from those in Your country of residence. Information collected within the European Economic Area (“EEA”) and Switzerland may, for example, be transferred to and processed by third parties identified above, located in a country outside of the EEA and Switzerland, where You may have fewer legal rights in relation to Your information.

We will use Your e-mail address internally for purposes of managing Your account and maintaining site integrity; in the event the Service allows Users to share photographs, videos and/or comments, such Interactions will be connected to the User Name of the User submitting such content; if at that time You agree to allow Your e-mail address and/or User Name to be public, it will be public; if You opt to make it public, everyone has the ability to access it and use it for any purpose. We may occasionally send e-mails to You from Eataly about Your account, Your orders, our recommendations to You, and news about Eataly that we reasonably believe to be of use to our registered users. By creating and maintaining a User Account on and with Eataly, You consent to receiving such emails unless you explicitly unsubscribe from or deselect the option to be subscribed to, such emails. We reserve the right to reply to and archive any e-mail message You send to Eataly and/or its personnel and use it for legal, accounting and quality control purposes.

We may also use Your Personal Data in connection with information that we have collected in a manner such that the end-product and/or data has been masked or anonymized so it does not personally identify You or any other user of the Service to any unauthorized third party. We may make information that would otherwise be deemed Personal Data non-personally identifiable by either combining it with information about other users (aggregating your Personal Data with information about other users), or by removing or masking characteristics (such as your name or email address) that make the information personally identifiable. This process is known as de-personalizing or anonymizing your information.

Social Networking Sites. We may share the information in your account (including your Personal Data) with Social Networking Sites (SNS) including Facebook when you use Eataly Services while logged into your SNS account.

We collect, process and retain the following data for the following reasons:

1. E-mail Addresses: We collect e-mail addresses of and from those who communicate with us via e-mail and any Interactions or Personal Data included in e-mails to us, as well as whether You open emails or click the links contained in emails. We need this information so we can respond to You, and so we can handle questions about the Service, and for other legal and accounting, quality control, audit and managerial reasons including maintaining the integrity of the Service and the Provided Content that we host.

2. User-Specific Information: We collect data and information about what pages users access or visit including Your interactions with integral Service features such Orders and Your choices there, location information so we can direct You to Eataly, referral information (i.e. data about what site You are coming to the Service from and where You go to when You leave Eataly), whether there are errors in displaying Provided Content to You, and textual interactions you have with our personnel and/or AI using . We need this information to maintain the integrity of the site, the Service and the Interactions that we host; to process Your orders and provide You with the items You ordered from our partners and third parties; to provide You with Interactions; to minimize spam; and for other legal and accounting/audit reasons.

1. When You make a purchase via Eataly, You will be asked to freely give informed and unambiguous consent that the Personal Data that You submit in conjunction with Your Order (“Order Information”) can be collected, processed and retained for purposes of enabling You to make a purchase, as well as for site/Service integrity,  legal and accounting/auditing purposes. Order Information includes Your credit or debit card number, card expiration date, CVV code, and billing/payment account address which are shared with payment services providers to process payments; prevent, detect, and investigate fraud or other prohibited activities; facilitate dispute resolution such as chargebacks or refunds; and for other purposes associated with the acceptance of payment methods including credit or debit cards.

2. You consent to our collection, processing and retention of Your Personal Data, Your Interactions, and Personal Data (the “User Information”) connected therewith, when You submit Interactions via Eataly Services. You also acknowledge that we are collecting Your User Information pursuant to our performance of a contract between You and Eataly for Eataly so we can make your reservation for an Eataly Class, send you items you have ordered (and if necessary, for us to accept their return), book/confirm your class at Eataly, process your purchase of gift cards and/or facilitate any other transaction. We need such consent because Your purpose in and reason for entering into the contract was to engage in such services and/or obtain said goods. In order for Eataly to perform under the Contract, Your User Information also needs to be accessible to those on Eataly’s team who have access to our servers data and databanks, and to Eataly management, Personnel, and legal and accounting support teams, to maintain the integrity of the Service, enforce these Terms of Service and maintain the integrity of the Service.

3. In the event we allow Users to write and share comments on any of our sites or Services, You consent to our collection, processing, retention and display of text that You submit as Reviews or Posts, as well as Your Personal Data associated therewith. We need such consent because Your purpose in and reason for submitting a comment is for that Interactions to be visible to the general public.

4. If you purchase tickets to an event or for a class, you agree to that we can send you the tickets, a receipt and class confirmation emails, as well as occasional e-mails about other classes you might be interested in, as well as information about Eataly services, Eataly site policy updates and other matters concerning the management and integrity of Eataly. You further give informed and unambiguous consent that Personal Data submitted in connection with a ticket purchase can be collected, processed and retained for legal and accounting/auditing purposes. “Payment Information” includes your credit or debit card number, card expiration date, CVV code, cheque payment information and billing/payment account address. Payment Information is not retained or otherwise used at Eataly, but it is shared with payment services processors/providers to process payments; prevent, detect and investigate fraud or other prohibited activities; facilitate dispute resolution such as chargebacks or refunds; provide you with services and, if applicable, goods; and for other purposes associated with the acceptance of credit or debit cards.

5. By and through Your use of the Services, You consent to our collection, processing, retention and use of Your IP address for a limited time; we need this consent to provide You with information about Eataly nearest to You, and other location-based services. Temporarily collecting, processing, and retaining IP addresses also enables us to conduct internal management of the Services, maintain server and Service integrity, and reduce spam. Certain IP information may be collected by the server for log purposes and used for limited technical assessments of the Service.

6. After You create an account with the Services, we may work with third parties on statistical modelling tools that enables us to recognize and contact You across multiple devices.

3. Logs of server interactions, as well as class logs, are collected and processed by and for Eataly. Our servers automatically record information that Your browser sends whenever You visit the Service. This information includes Your Internet Protocol address, Your browser type and version, the search engine You used to find the Service, if any, referring and exit pages, date/time stamp and clickstream data, which Service You use and when and how long You use them. We use this information to monitor and analyze how users use the Service, to provide customer service, to maintain and improve the Service, and to gather demographic information about our user base as a whole.  We need this information for legal and accounting/audit reasons, including maintaining the integrity of the Service and the Interactions that we host, and may use this information in our marketing and advertising services.

4. We use cookies to store visitors’ preferences; customize web pages based on visitors’ browser type or other information that the visitor sends; and record activity at the Service in order to provide better service when visitors return to our site. Cookies must be enabled for the Service to function properly with Your computer but can be turned off via the browser settings on each User’s computer. During their normal operation, the computer systems and software procedures used to operate this Site acquire certain personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected with the aim of linking it to identified users, although, by its nature, it might enable user identification through processing and linking with data held by third parties. This category of data includes IP addresses or domain names of computers used by persons who connect to the site, the URI (Uniform Resource Identifier) ​​of requested resources, the time of request, the method used to submit the request to the server, the size of the file received in reply, the numerical code indicating the status of the reply provided by the server (successful, error, etc.) and other parameters regarding the user's operating system and computer environment.

Contests and Sweepstakes

When You enter a contest, challenge or sweepstakes with Eataly, we will use the information You submit to determine a winner, to provide the winner(s) with their prizes (including via mail by sharing Personal Data with the postal or delivery service), and for auditing and legal purposes; winner names will be made public if the winner accepts their prize. We need such consent because Your purpose in and reason for submitting Your information is for and in connection with Your contest entry.

Payment Information

If you order merchandise, buy a gift card for yourself or someone else, or purchase a ticket for an Eataly class, You agree to that we can email or message You the receipt and confirmations for such order, process the order (and return of goods, if any) or purchase, and send You communications about other Interactions, information, data and/or items that You might be interested in, as well as information about Eataly Services, Eataly site policy updates and other matters concerning the management and integrity of Eataly. You further give informed and unambiguous consent that Personal Data submitted in connection with an Order can be collected, processed and retained for analysis and follow-up purposes, as well as legal and accounting/auditing purposes.

TRANSFER OF DATA TO OTHER COUNTRIES

You expressly consent to the storage of Your Personal Data in the United States, Italy and Ireland.  Your Personal Data and other information may also be stored and processed in any country where we have operations or where we engage service providers. We will transfer Personal Data that we maintain about You to recipients who are located, temporarily or permanently, in countries other than the country in which the Personal Data was originally collected. Those countries may have data protection rules that are different from those of Your country. However, we will take measures to ensure that any such transfers comply with applicable data protection laws and that Your Personal Data remains protected to the standards described in this Privacy Policy. Your Personal Data may therefore be subject to privacy laws that are different from those in your country of residence. We will share Personal Data if we have a good faith belief that (i) access, use, preservation or disclosure of such information is reasonably necessary to satisfy any applicable law, regulation, legal process, such as a court order or subpoena, or a request by law enforcement or governmental authorities, (ii) such action is appropriate to enforce our Terms of Use or another policy, including any investigation of potential violations thereof, (iii) such action is necessary to detect, prevent, or otherwise address fraud, security or technical issues associated with the Service, or (iv) such action is appropriate to protect the rights, property or safety of Eataly, its employees/contractors/officers/affiliates, attendees at any Eataly class, users of the Service or others.

Data Retention Periods

Eataly may store the personal information only for as long as is reasonably necessary taking into consideration our need to answer queries or resolve problems, provide improved and new services, comply with legal requirements under applicable law(s) or in the event of disputes and extraordinary claims that reasonably require the retention of personal data. This means that Eataly may retain your personal information for a reasonable period after you stop using Eataly services or stop using the Site.

Within a reasonable time after a user’s personal data are no longer necessary for the purposes for which they were collected, Eataly will delete them, unless laws requires further storage, the user has consented to the processing for a longer time, or they are archived. In particular, within a reasonable time after a user deactivates their account or, for unregistered users, of the completion of the order, Eataly will retain any personally identifying information and related data that it, in its sole discretion, reasonably believes is necessary to:

- fulfill the requests of the authorities within their competence;
- defend or assert any existing or potential claim;
- handle any complaint regarding contracts or orders concluded. The data retention period necessary to achieve the aforementioned purposes is linked to the limitation period of a claim that in many cases is equal to 10 years. Eataly will retain personal data as follows, except where required to retain data for a longer period of time for legal or accounting purposes, including maintaining the security of the sites and business.
Personal Data entered in the "Work with us" section when submitting a job application online or by/for other means, if the applicant is not hired, will be stored in the system of the relevant Eataly branch for a maximum of 24 months, in order to allow us to evaluate the candidate for other positions. The user can ask for this data to be removed at any time by submitting a request to Eataly Customer Service; if such a request is received, and retention is not otherwise required or necessary, Eataly agrees to remove it within a reasonable time. If the submitter is hired, it may be retained for the duration of their employment with Eataly and approximately ten additional years.

RIGHTS OF THE DATA SUBJECT

Each user has the right to access their personal data and to obtain confirmation of the existence or otherwise of his personal data, even if not yet registered, and to their communication in intelligible form. In particular, each user has the right to obtain access to his data from Eataly, as well as any information regarding the methods and characteristics of the processing.

In addition to the above, the user, in the cases provided by law, has the right to receive his personal data in a structured, plain and readable format, as well as the right to transmit this data to another data controller without impediments. Furthermore, each user has the right to obtain updates, rectification or integration of their data from Eataly. The user also has the right to erase his personal data as well as to limit the processing in cases provided by law.

Finally, each user has the right to object, in whole or in part, to the processing of personal data concerning him if the processing is based on the legitimate interest of the controller, as well as for direct marketing purposes.
The requests referred to in the previous points should be addressed to the data controller's contacts indicated in the "Data Controller" section below. The requests must be addressed to the relevant controller for the relevant activities. We may make a small charge for this service upon subsequent requests.

If you have doubts or if you want more information about the relevant data controller, contact Customer Care.

We want to make sure that Your Personal Data is accurate and up to date. You may ask us to correct or remove information You think is inaccurate. We reserve the right to ask for information from you, including Personal Data, to confirm your identity before we edit or delete Personal Data pursuant to a request from You. We cannot delete information in connection with orders, bookings, reservations and other paid services or goods for at least ten years as we must retain it for accounting and legal purposes; we reserve the right to retain such Personal Data for accounting and business purposes.

DATA ACCESS FOR CALIFORNIA RESIDENTS

If you are a resident of California, you may request that we provide you with the information that we have shared with third parties for electronic/online direct marketing purposes, if such sharing has occurred; such information can be provided to you once a year free of charge, and will cover information shared during the past twelve (12) months. Information will be provided within thirty (30) days of your request, or we will inform you that we need additional time to fulfill your request.

If you are a California resident and wish to make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. You may make this request in writing to us at the address provided herein. Any such request must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state and ZIP code.  Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this address.

Information shared for purposes other than direct marketing will not necessarily be included in our response to such request. We reserve the right to request and confirm proof of identity as we determine necessary in our sole discretion.

CHILDREN/AGE-BARRED INDIVIDUALS

We do not knowingly solicit, collect or process information from children who (a) are residents or citizens of the European Union and under the age where consent of a parent or legal guardian is required for the processing of Personal Data of children including email addresses and IP addresses, as well as certain uses of cookies; or (b) users who are under the age of thirteen (13) and residents or citizens of any other country (an “Age-Barred Individual”).

In compliance with United States regulations regarding online privacy for children, Eataly do not knowingly solicit or collect information from children under the age of thirteen (13) or any other Age-Barred Individual. Age-Barred Individuals are not permitted to have an account, use any Eataly website or app, or submit Interactions of any type to Eataly. By using the Service and/or submitting an order, You thereby confirm that You are eighteen (18) years old or older, and not an Age-Barred Individual. While children under the age of eighteen (18) are able to take classes at Eataly, adult supervision is required throughout for classes that include children under the age of 10 years, and any reservation to take an Eataly Class for a child under 13 must be made by an adult who can consent to sharing said child’s name and other information with Eataly and our subprocessors and partners.

ACCOUNT TERMINATION AND DELETION

If for any reason You terminate Your user account with us, we will destroy active records containing Your Personal Data as soon as reasonably possible. “Reasonably” here means no more than thirty business days from the termination of the account; however, we may have to retain some information for a longer period as legal records or for auditing purposes, as we need to retain data where we have a valid justification to hold on to it, such as to resolve disputes, keep track of product sales or comply with our legal obligations, or to so we know not to use it again pursuant to a User’s request.

If  You are a resident or citizen of a country where the GDPR applies, and ask us to delete Your account, we will remove Your Personal Data from our Service, and then from our records in accordance with our data deletion cycle, except that we may retain Personal Data where we have a valid justification to hold on to it, such as to resolve disputes, keep track of product sales or comply with our legal obligations, or to so we know not to use it again pursuant to a User’s request. If we terminate Your access to the Service, we may retain enough information to prevent You from signing up for the Service in the future.

USE OF LOCATION-BASED SERVICES

Eataly may receive location data from entities like Facebook and OpenTable, and can collect, use, transmit, process and maintain such location data, with other Personal Data we have collected from you. You hereby confirm that Eataly’s collection, use, transmission, processing and maintenance of such location data to provide such services is permitted and consented to.

VIOLATIONS OF THE AGREEMENT                                                                                 

Eataly reserves the right to seek all remedies available at law and in equity for violations of the Agreement, including without limitation the right to block access to the Sites from a particular account, device and/or IP address.

CHANGES TO THE AGREEMENT                                                                                            

We may change this Agreement from time to time and without prior notice. If We make a change to this Agreement, it will be effective as soon as We post it, and the most current version of this Agreement will always be posted on our TOS page. If We make a material change to the Agreement, We will notify You. You agree that You will review this Agreement periodically. By continuing to access and/or use the Sites after We post Updated Terms, You agree to be bound by the Updated Terms, and if You do not agree to the Updated Terms, You will stop using the Sites. This Agreement will govern any disputes arising before the effective date of the Updated Terms.

As We continue to develop our business, We might sell or buy assets, subsidiaries, or business units. In such transactions, customer information generally is one of the transferred business assets and accordingly, user information, including Personal Data collected from You through Your use of the Service, could be included in the transferred assets. If Eataly or any subsidiary thereof is acquired by, or merged with, any other entity, We reserve the right to assign or transfer any information that We have collected. Further, if we become involved in a merger, acquisition or other transaction involving the sale of some or all of our assets, it is probable that user information, including Personal Data collected from you through your use of the Service, could be included in the transferred assets. Should such an event occur, we will use reasonable means to notify you through email and/or a prominent notice on the Service. or any bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or for any application of laws or equitable principles affecting creditors' rights, Your information might be transferred or disclosed to third parties.

GENERAL    

Our TOS includes Our Privacy Policy and they collectively constitute the entire agreement between You and Eataly, govern Your use of the Services and completely replace any prior agreements between You and Eataly in relation to the Services. You may also be subject to additional terms and conditions that may apply when You use affiliate services, third-party content, or third-party software. If any part of our TOS or the privacy policy included therein is held invalid or unenforceable, that portion shall be construed in a manner consistent with applicable law to reflect, as nearly as possible, the original intentions of the parties, and the remaining portions shall remain in full force and effect. The delay or failure of Eataly to exercise or enforce any right or provision of these TOS shall not constitute a waiver of such right or provision. If any provision of this Agreement is held to be invalid or unenforceable by a court of competent jurisdiction, the parties nevertheless agree that the court should endeavor to give effect to the parties' intentions as reflected in the provision, and the other provisions of this Agreement remain in full force and effect. You agree that, except as otherwise expressly provided in these TOS, there shall be no third-party beneficiaries to these TOS. You agree that any claim or cause of action arising out of or related to these TOS or the use of the Service must be filed within one (1) year after the cause of action arose or be forever barred.

LEGAL AUTHORITY

To use and/or register for our Services You must be: (a) of legal age to form a binding contract with us, (b) not an Age-Barred Individual; and (c) not barred from receiving our Services under the laws of the United States or other applicable jurisdictions. Eataly reserves the right to refuse service and refund any monies paid in such circumstances at their sole discretion.

Contact Information

Eataly welcomes Your questions or comments regarding the Terms:

Attn: Customer Service

Email Address: customerservice@eataly.com

Last updated on January 27, 2020