Thank you for your interest in Campari! This Privacy Notice explains how information about you, that directly identifies you, or that makes you identifiable (“personal information”) is collected, used, disclosed, and otherwise processed by Campari in connection with our Services.
When we use the terms “Campari”, Campari Group”, “we”, “us”, or “our” in this Privacy Notice, we are referring to Davide Campari-Milano N.V., and its affiliates and subsidiaries. When we use the term “Service,” we are referring to all of the services and product offerings that we offer on our own behalf, including our product offerings such as our website https://www.campari.com/, our mobile applications, or any other Campari Group product or service that posts or links to this Privacy Notice.
This Privacy Notice is designed to apply to our website visitors, users of our Service, and other companies and users on a global basis. We may choose or be required by law to provide additional disclosures relating to the processing of personal information in certain countries, regions or states. Please refer below for disclosures that may be applicable to you:
From the first moment you interact with us, we are collecting personal information about you. Sometimes we collect personal information automatically when you interact with our services and sometimes, we collect the personal information directly from you. At times, we may collect personal information about you from other sources and third parties, even before our first direct interaction. The type of personal information we collect may also depend on the relationship we have with you (e.g., business representative, consumer).
From the first moment you interact with us, we are collecting personal information about you. Sometimes we collect personal information automatically when you interact with our services and sometimes, we collect the personal information directly from you. At times, we may collect personal information about you from other sources and third parties, even before our first direct interaction. The type of personal information we collect may also depend on the relationship we have with you (e.g., business representative, consumer).
The controller, which is the company belonging to the Campari Group that is responsible for the processing of your personal data, depends on how you interact with the Campari Group brands. As such, the relevant controller will typically consist of one or two entities: (1) The main entity who manages the Campari brands based on region, and, if applicable, (2) the local company you interact with in connection with localized activities (e.g., marketing campaigns, events, competitions). In connection with the local controller, the controller and contact information will be disclosed in the specific method of interaction. These controllers are specified in the following tables:
These controllers are specified in the following tables:
We may collect the following personal information you provide in connection with our Service:
Although we often collect the personal information described above directly from you, we also collect this information through service providers and other third parties that collect it on our behalf, such as communications providers, analytics providers, survey, contest and promotion entry providers and marketing providers. Please see the Personal Information from Other Sources and Third Parties section below
As is true of most digital platforms, we and our third-party providers and partners collect certain personal information automatically when you visit or interact with our Service:
We and our third-party providers may use (i) cookies or small data files that are stored on an individual’s computer and (ii) other, related technologies, such as web beacons, pixels, embedded scripts, location-identifying technologies, and logging technologies (collectively, “cookies”) to automatically collect this personal information.
For more information about these practices and your choices regarding cookies, please see our Cookie Notice.
We may also obtain personal information from third parties and other sources, which we often combine with personal information we collect either automatically or directly from an individual.
We may receive the same categories of personal information as described above from the following third parties:
In all of these instances, our Privacy Notice governs the handling of your personal information. Note we do not control the personal information that third parties collect or how they use that personal information. You should review the third parties’ privacy policies for more information about how they collect, use, and share information they obtain and use.
We use personal information we collect:
Where an individual chooses to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide you with additional privacy-related information where the scope of the inquiry/request and/or personal information we require fall outside the scope of this Privacy Notice. In that case, the additional privacy notice will govern how we may process the information provided at that time.
We may also share, transmit, disclose, grant access to, make available, and provide personal information with and to third parties, as described below.
Our Services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 16. If an individual is under the age of 16, they should not use our Services or otherwise provide us with any personal information either directly or by other means. If a child under the age of 16 has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we collect has been provided by a child under the age of 16, we will promptly delete that personal information
The Services may contain integrations or links to third party websites or services, including those of our business partners. By interacting with these third parties, you are providing information directly to the third party and not Campari. Please note that Campari is not responsible for the privacy practices of these third parties or any entity that it does not own or control. We encourage you to review the privacy policies and online terms of those third parties to learn more about how they handle your personal information.
We reserve the right to change this Privacy Notice from time to time in our sole discretion. We will notify you about material changes in the way we process personal data by sending a notice to the primary email address specified in your account, by placing a prominent notice on our Website, or through other appropriate communication channels. It is your responsibility to review this Privacy Notice periodically. All changes shall be effective from the date of publication unless otherwise provided.
If you have any questions or requests in connection with this Privacy Notice or other privacy-related matters, please send an email to gpdp.office@campari.com
This Additional Notice for California Residents (“CA Disclosures”) supplements the information contained in our Privacy Notice and apply solely to individual residents of the State of California (“consumers” or “you”).
These CA Disclosures provide additional information about how we collect, use, disclose and otherwise process personal information of individual residents of the State of California, either online or offline, within the scope of the California Consumer Privacy Act of 2018 (“CCPA”).
Unless otherwise expressly stated, all terms in these CA Disclosures have the same meaning as defined in our Privacy Notice or as otherwise defined in the CCPA.
When we use the term “personal information” in this CA Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
We collect personal information from and about you for a variety of purposes, as described in the How We Collect Your Personal Information and How We Use Your Personal Information sections of the Privacy Notice.
In the last 12 months, we have collected the following categories of personal information:
We collect this information from the following sources: directly from you, from our business partners and affiliates, from your browser or device when you visit our App or use our Services, or from third parties that you permit to share information with us. Please see the How We Collect Your Personal Information section of the Privacy Notice for more information about the sources of personal information we collect.
We share personal information with third parties for business purposes. The categories of third parties to whom we disclose your personal information for a business purpose include: (i) other brands and affiliates in our family of companies; (ii) our service providers and advisors; (iii) analytics providers; (vii) marketing and strategic partners; and (viii) social networks.
In the previous 12 months, we have disclosed all of the categories of personal information we collect, explained in the Collection and Use of Personal Information section of these CA Disclosures, to third parties for a business purpose.
Unless you have exercised your Right to Opt-Out of Personal Information Sales, we may sell personal information to third parties for monetary or other valuable consideration. The third parties may use such information for their own purposes in accordance with their own privacy statements, which may include reselling this information to additional third parties.
These third parties may include:
As a California resident, you may be able to exercise the following rights in relation to the personal information that we have collected about you (subject to certain limitations at law):
You have the right to request any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:
You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
You have the right to direct us not to sell personal information we have collected about you to third parties now or in the future.
If you are under the age of 16, you have the right to opt in, or to have a parent or guardian opt in on your behalf, to such sales.
You have the right not to receive discriminatory treatment for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.
California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s
“Shine the Light” law (Civ. Code §1798.83).
To exercise your Right to Access, Right to Know or your Right to Deletion, please submit a request by:
Before processing your request, we will need to verify your identity and confirm you are a resident of the State of California. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. This process may require us to request additional personal information from you, including, but not limited to, your email address, phone number, and/or date of last transaction on our Services. In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion
of your request, we will explain the reasons for declining to comply with the request.
Unless you have exercised your Right to Opt-Out of Personal Information Sales, we may sell personal information to third parties for monetary or other valuable consideration. The third parties may use such information for their own purposes in accordance with their own privacy statements, which may include reselling this information to additional third parties. You do not need to create an account with us to exercise your Right to Opt-Out of Personal Information Sales. However, we may ask you to provide additional personal information so that we can properly identify you in our dataset and to track compliance with your opt out request. This information may include, but not be limited to, your name, email, and postal code. We will only use personal information provided in an opt out request to review and comply with the request. If you chose not to provide this information, we may only be able to process your request to the extent we are able to identify
you in our data systems.
In certain circumstances, California residents are permitted to use an authorized agent to submit requests to know or delete personal information on their behalf through the designated methods set forth in these CA Disclosures, where we can verify the authorized agent’s authority to act on their behalf by:
For requests to opt-out of personal information “sales”, we require a signed permission demonstrating your authorized agent has been authorized by you to act on your behalf.
This Additional Notice supplements the information contained in our Privacy Notice and apply to individuals who reside in European Economic Area (“EEA”), United Kingdom (“UK”) and Switzerland, even temporarily. This Additional Notice provide information about how we collect, use, disclose and otherwise process personal data, either online or offline, within the scope of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), UK GDPR and Switzerland data protection legislation. Unless otherwise expressly stated, all terms in this note have the same meaning as defined in our Privacy Notice or as otherwise defined in the aforementioned legislations.
Campari Group maintains operations in Europe and may direct our services to individuals located in the EEA, UK and Switzerland, including through our European websites (collectively, our “European Services”). The following disclosures (“Privacy Disclosures”) apply to our processing of personal data in connection with our European Services.
When we use the term “personal data” in this section, we mean information relating to an identified or identifiable natural person.
The Data Protection Officer can be reached at: gpdp.office@campari.com
We collect the categories of personal data that you voluntarily submit directly to us when you use the European Services, as set forth in our Privacy Notice under the sections entitled How We Collect Your Personal Information and How We Use Your Personal Information.
We will indicate to you if the provision of certain personal information is mandatory or optional. If you choose not to provide any personal information marked as mandatory, we may not be able to respond to your queries or provide other services to you.
The table at Annex 1 sets out in detail the categories of personal data we collect about you and how we use that information when you use the European Services, as well as the legal basis which we rely on to process the personal information and recipients of that personal information.
We also automatically collect personal information indirectly about how you access and use the European Services, and information about the device you use to access the European Services. For example, we may collect:
We use this information to provide you the features and functionality of the European Services, to monitor and improve the European Services and to develop new services.
The table at Annex 2 sets out further information about the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information and recipients of that personal information.
We may link or combine the personal information we collect about you and the information we collect automatically.
We may anonymise and aggregate any of the personal information we collect (so that it does not directly identify you).
We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the European Services. We may also share such anonymised and aggregated information with others.
Annexes 1 and 2 set out how long we store your personal information. We will usually store the personal information we collect about you for no longer than necessary for the purposes, as set out in in accordance with our legal obligations and legitimate business interests.
The criteria used to determine the period for which personal information about you will be retained varies depending on the legal basis under which we process the personal information:
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal information, as well as the potential risk of harm from unauthorized use or disclosure of your personal information.
Upon withdrawal of consent or upon expiry of the storage period for the data collected for the purposes referred to in
Annex 1 and 2, whichever is the earlier, the data will be automatically deleted or permanently anonymized.
In addition to the recipients listed in Annexes 1 and 2, we may also share your personal information with the following (as required in accordance with the uses set out in Annexes 1 and 2):
From time to time we may contact you with information about our services, including sending you marketing messages and asking for your feedback on our Services. Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you.
We may send you marketing messages if you have given us your consent to do so or where we have relied on the soft optin rule (where applicable). If you wish to unsubscribe from such emails, simply click the “unsubscribe link” provided at the bottom of the email communication.
Security. We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, change or damage. All personal information we collect will be stored by our cloud hosting provider on secure servers. We will never send you unsolicited emails or contact you by phone requesting credit or debit card information or national identification numbers.
International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, United Kingdom or Switzerland, your personal information may be processed outside of those regions, including in the United States.
In the event of such a transfer, we ensure that: (i) the personal information is transferred to countries recognized as offering an equivalent level of protection; or (ii) the transfer is made pursuant to appropriate safeguards, such as standard contractual clauses adopted by the European Commission (including additional safeguards as recommended by the European data Protection Board)
If you wish to enquire further about these safeguards used, please contact us using the details set out at the end of these Privacy Disclosures.
We may analyze personal data we have collected about you to create a profile of your interests and preferences so that we can contact you with information that is relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively send product updates. We may also use personal data about you to detect and reduce fraud and credit risk. The entering of personal data in our Customer Relationship Management (CRM) system is optional and occurs only if consent is given to one of the purposes detailed in Annex 1 and 2; it automatically implies that Campari Group employees across the world, tasked with data processing, will be able to view the data, as well as to change and to update it.
In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold
You have the right to provide instructions regarding the retention, deletion and disclosure of your personal information after your death. In the absence of instructions from you, it is possible for your heirs to request the disclosure or deletion of your personal information.
You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal information, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
You also have the right to lodge a complaint to your local data protection authority. If you are based in the European Union, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html).
If you wish to exercise one of these rights, please fill out our Privacy Rights Requests Form.
Due to the confidential nature of data processing we may ask you to provide proof of identity when exercising the above rights. This can be done by providing a scanned copy of a valid identity document or a signed photocopy of a valid identity document.
Our European Services use cookies and similar technologies such as pixels and Local Storage Objects (LSOs) like HTML5 (together “cookies”) to distinguish you from other users of our Services. This helps us to provide you with a good experience when you browse our Services and also allows us to monitor and analyse how you use and interact with our Services so that we can continue to improve our Services. It also helps us and our partners to determine products and services that may be of interest to you. Please see our Cookie Notice for more information about these practices and your choices regarding cookies
Our emails may contain tracking pixels that identify if and when you have opened an email that we have sent you, how many times you have read it and whether you have clicked on any links in that email. This helps us measure the effectiveness of our marketing email campaigns, make the emails we send to you more relevant to your interests and to understand if you have opened and read any important administrative emails we might send you.
Most popular email clients will allow you to block these pixels by disabling certain external images in emails. You can do this through the settings on your email client – these generally give you the option of choosing whether emails will display “remote images”, “remote content” or “images” by default.
Some browsers also give you the option of downloading and installing extensions that block pixels and other tracking technologies.
Personal data will be processed with IT-based tools and/or processed manually for the length of time needed to achieve the purpose for which it was collected. In particular, personal data collected for the purposes outline in Annex 1 and 2 will be also processed with the usage of automated mechanisms based on procedures and logics that are strictly related to the purposes specified.
Legal Drinking Age Verification, which includes your date of birth and country or region.
Verify your age and ability to use the European Services.
The processing is necessary for our legitimate interests, namely administering the European Services, and for the performance of a contract with you, namely our Terms of Service.
The period of time required by the applicable law.
We may share any information you provide to us with third parties who support us in defining marketing campaigns or with providers of hosting or maintenance services for our digital assets.
Contact information such as first name, last name and email address.
We may share this information with [e.g., Stripe] in order to identify you so that you can make and receive payments through the European Services.
Your account and profile information such as your full name, email, and password. When you update your profile information, we may also collect your phone number, email address, birthday or date of birth, and your preferences].
We may share any information you provide to us with third parties who support us in defining marketing campaigns or with providers of hosting or maintenance services for our digital assets.
Reservations. When you make an online reservation with any of our brand houses, we collect information required make your booking, which may include your first name, last name, mobile number, email address, number of guests attending, and any information you provide in the comments section (e.g. preferences, special requests).
We may share this information with third parties who support us in defining marketing campaigns or with providers of hosting or maintenance services for our digital assets.
Payment transaction information. When you subscribe to our services, we may collect information such as your billing address and other information such as date and time of your transaction.
We may share any information you provide to us with third parties providing us payment services.
Newsletter and marketing emails. If you sign up to receive news or alerts from us, or join our wait list, we may collect your email and applicable interests and communication preferences
We may share this information with third parties who support us in defining marketing campaigns or with providers of hosting or maintenance services for our digital assets.
Chat, comments and opinions. When you contact us directly, e.g. by email or phone we will record your comments and opinions.
We may share any information you provide to us when you contact us with third parties who support us in defining marketing campaigns or with providers of hosting or maintenance services for our digital assets.
Information received from third parties, such as social networks. If you interact with us through a social network, we may receive information from the social network such as your name, profile information, and any other information you permit the social network to share with third parties. The data we receive is dependent on your privacy settings with the social network.
Your preferences, such as preferences set for notifications, marketing communications, how the European Services is displayed and the active functionalities on the European Services.
We may also share your personal information with third parties who support us in defining marketing campaigns or with providers of hosting or maintenance services for our digital assets.
Approximate location information. Other than information you choose to provide to us, we do not collect information about your precise location. Your device’s IP address may however help us determine an approximate location.
We may share this information with the following with third parties who support us in defining marketing campaigns or with providers of hosting or maintenance services for our digital assets, such as:
Information about how you access and use the European Services. For example, how frequently you access the European Services, the time you access the European Services and how long you use it for, the approximate location that you access the European Services from, the site from which you came and the site to which you are going when you leave our website, the website pages you visit, the links you click, whether you open emails or click the links contained in emails, whether you access the European Services from multiple devices, and other actions you take on the European Services
We may share this information with the following with third parties who support us in defining marketing campaigns or with providers of hosting or maintenance services for our digital assets, such as:
Log files and information about your device. We also collect information about the tablet, smartphone or other electronic device you use to connect to the European Services. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to the European Services through the device, your mobile network, your IP address and your device’s telephone number (if it has one).
We may share this information with the following with third parties who support us in defining marketing campaigns or with providers of hosting or maintenance services for our digital assets, such as: