STARBUCKS PRIVACY STATEMENT

Last Revised: 30 January 2018

This Privacy Statement ("Statement") applies to the website located at Starbucks.it, Starbucks mobile applications, and any other websites or applications associated with Starbucks brands or products that direct the viewer or user to this Statement. In this Statement, the terms "Starbucks," "we," and "us" refer to Starbucks Italy S.r.l., with registered office in Via Monte Napoleone 29, Milan, acting in its capacity as data controller that can be contacted at the details in Section 16 below and its respective subsidiaries and affiliated companies. The term “your device” refers to any computer, tablet, smart phone or other device you are using to access our websites or to operate the Starbucks mobile applications. Websites that are owned and operated by Starbucks may contain links to websites that are owned and operated by other companies. This Statement does not apply to websites and services that are owned and operated by third parties.

This Statement came into effect on the date indicated at the top of this webpage. We may update this Statement from time to time and in particular following the applicability date of the EU Regulation 679/2016 (the "General Data Protection Regulation"). If we make changes, we will post the updated Statement on this page and change the date at the top of this Statement webpage. We encourage you to look for updates and changes to this Statement by checking this date when you access our websites and mobile applications. We will notify you of any modifications to this Statement that materially affect the way we use or disclose your personal information prior to the change becoming effective also by means of a message on this website.

PART I - GENERAL INFORMATION

1. Information We Collect And Legal Basis For The Collection

As you use our websites and mobile applications or visit one of our stores, we collect information about you and the services you use for the purposes described below in Section 2 of this Statement. The information we collect falls into three different categories: (1) information you give us; (2) information we collect from you automatically; and (3) information we collect from other sources. Some examples of when we collect this information include when you browse or make a purchase on one of our websites; create a Starbucks account; use our website or mobile application to purchase, reload or redeem a Starbucks Card; use the remote order and pay functionality in our mobile applications; buy or send a gift card or e-gift; or participate in a survey or promotion.

a) Information You Give Us

Some information we collect is provided when you use our services. This may include, for instance, your first and last name, username, password, email address, postal address, phone number, financial account information such as a credit card number, birthday, demographic information (such as your gender). With your prior consent, you may also permit us to access information directly from your device, such as information in the “contacts list.” You may also provide us information about other people, including when you direct us to send a gift card or e-gift and in such circumstances, you declare and warrant you have obtained the consent from such other people to the communication of his personal data to Starbucks for the purpose of the requested service.

b) Information We Collect Automatically

Some information is collected by us automatically, including when you access our websites, download and use our Starbucks mobile applications or otherwise use our services or install our applications. This information, whose collection might require your consent, includes:

  • Purchasing Information – We may collect, with your prior consent, information about your transactions in our stores, on our websites or via our Starbucks mobile applications including what products you purchase, how frequently you purchase them, any rewards or promotions associated with a purchase, and the products you have placed on your “Wishlist” or “My Bag” for future purchase. The collection of such information is discretionary and subject to your consent, however the refusal to provide such personal data would limit the types of services (including rewards or promotions associated with the purchase) that Starbucks can provide you and their customization to you.
  • Device and Usage Information – We may collect information about your browser or device. This information may include the type of device you are using, your operating system, your browser, your internet service provider, your domain name, your internet protocol (IP) address, your device and mobile ad identifiers, the website that referred you to our website, the web pages you view (including the date and time you viewed them), the services or functionality you access or use (including the date and time of your access or use), and the subject of the ads you click or scroll over. To collect this information, we use cookies, web beacons and similar technologies. The collection of such information is discretionary and subject to your consent, however the refusal to provide such information would limit the level of services that Starbucks can provide you.
  • Location Information – We may collect, with your prior consent, information about the location of your device, including GPS location, for the purposes of enhancing or facilitating our services, such as enabling the functionality of our websites or mobile applications that provide you with information about stores near you, enabling you to order and pay remotely for our products and services, or have certain Starbucks products delivered by a third-party vendor. We may also use information about the location of the device you are using to help us understand how our websites, mobile applications, and other services and functionality are being used and to deliver more relevant advertising. If you want to consent to or change your preferences in relation to the collection of this location information, please see the section below titled "Your Choices.". The collection of such information is discretionary subject to your consent, however the refusal to provide such information would make it impossible for Starbucks to provide the services indicated in this section.

c) Information We Collect from Other Sources

Some information we collect is publicly available. For example, with your prior consent, we may collect information you submit to a blog, a chat room, or a social network like Facebook, Twitter or Google+. We may also collect information about you from other companies and organisations. By gathering additional information about you, we can correct inaccurate information, enhance the security of your transactions, and - provided you have consented - give you product recommendations and special offers that are more likely to interest you.

2. How We Use Your Information And On What Legal Basis

We may use the information we collect about you for the following purposes:

  1. process your purchases of or requests for products and services;
  2. communicate with you about orders, purchases, returns, services, accounts, programmes, contests, and sweepstakes;
  3. respond to your customer service enquiries and requests for information;
  4. post your comments or statements on our websites;
  5. maintain appropriate records required under applicable laws for internal administrative purposes;
  6. provide important product safety information and notice of product recalls;
  7. deliver gift cards or e-gifts in accordance with your instructions;
  8. detect, prevent, or investigate security breaches or fraud and protect the rights of Starbucks and others, in particular to (i) protect, enforce or defend the legal rights, privacy, safety or property of Starbucks, our company subsidiaries or affiliates or their employees and contractors, (ii) protect the safety, privacy and security of users of Starbucks services, (iii) comply with the law or legal process, (iv) respond to requests from public and government authorities;
  9. complete a merger or sale of assets. In this respect, if Starbucks sells all or part of its business or makes a sale or transfer of its assets or is otherwise involved in a merger or transfer of all or a material part of its business, Starbucks may transfer your information to the party or parties involved in the transaction as part of that transaction;
  10. within the limits provided by the provisions on cookies, web beacons and other similar technologies below,
    • a) maintain, improve, and analyse our websites, mobile applications, ads, and the products and services we offer
    • b) facilitate the functionality of our websites and mobile applications;
  11. subject to the conditions below,
    • a) send you personalised promotions and special offers;
    • b) inform you about our brands, products, events, or other promotional purposes.

The disclosure of your personal data for the purposes indicated in letters from a) to i) of this Statement is compulsory as it is necessary for the provision of the required services and the refusal to provide the information for the purposes indicated in letters from a) to h) would make it impossible for Starbucks to provide the required services, while the processing of the information for the purpose of letter i) is not compulsory and is performed in compliance with applicable laws and the legitimate interest of Starbucks and its counterparties to perform such transactions, adequately balanced with your interests. You can object to such data processing by contacting us through the modalities indicated in Section 16 below, but if you object to such data processing activity, your data cannot be used for this purpose.

With regard to the above-mentioned purposes, your information may be processed by Starbucks by way of electronic and non-electronic means.

3. How We Share Your Information

We may share your information with the following categories of entities outside of Starbucks, situated both in the EEA and, within the limits of Section 15 below, outside the EEA, which process your personal data in their capacity of data controller or data processors depending on the circumstances, in the following circumstances:

  1. When We Work Together – We may share information between and among Starbucks Corporation, its subsidiaries, and affiliated companies for the purposes of management and analysis, decision making, and other business purposes. For example, we may share your information with our subsidiaries and affiliated companies to administer our loyalty programmes, process orders and requests, and expand and promote our product and service offerings.
  2. When We Work with Service Providers – We may share your information with service providers that provide us with support services, such as credit card processing, website hosting, email and postal delivery, location mapping, product and service delivery, analytics services, or conducting academic research.
  3. When We Work on Business Transactions – If we become involved with a merger or another situation involving the transfer of some or all of our business assets, we may share your information with business entities or people involved in the negotiation or transfer.
  4. When Sharing Helps Us Protect Lawful Interests – We may disclose your information if we believe that the disclosure is required by law, if we believe that the disclosure is necessary to enforce our agreements or policies, or if we believe that the disclosure will help us protect the rights, property, or safety of Starbucks or our customers or partners.
  5. When We Work with Marketing Service Providers – We may share your information with marketing service providers to assess, develop and provide you with promotions and special offers that may interest you, administer contests, sweepstakes and events or for other promotional purposes.
  6. When You Give Consent – We may share information about you with other companies if you give us permission or direct us to share the information.
  7. When the Information Does Not Identify You – We may share your information in an anonymous format. For example, we may share information about your use of our websites and mobile applications in a manner that does not directly or indirectly identify you or may combine information about the nature or frequency of your transactions with similar information about other people and share the aggregated information for statistical analysis and other business purposes.
  8. When You Post on Our Websites – If you post information on our blog or another part of our websites, the information that you post may be seen by other visitors to our websites, including your user name.

Starbucks Italy S.r.l. has appointed as external data processor Starbucks EMEA Limited. A list of all the external data processors appointed by Starbucks Italy S.r.l. is available at its registered office.

4. How Others Can Collect Your Information

When you use our websites or mobile applications, third parties may be able to collect device and usage information and location information across your different devices through mobile software development kits, cookies, web beacons and other similar technologies, provided you have consented to said processing of your information. These third parties collect this information for the following purposes and for other purposes consistent with their own privacy policies:

  1. To Display Ads for Products or Services – Some advertising companies may collect this information in order to display ads that are most relevant to you across your different devices and on our own and others’ websites and mobile apps. Please see the "Your Choices" section of this Statement for more information about opting in and out of targeted advertising and controlling the use of cookies, web beacons and other similar technologies.
  2. To Understand the Use of Our Services – Certain service providers may collect this information to help us understand how our websites and mobile applications are used and to assist us in improving the content and operation of our online properties. These service providers collect aggregate statistical usage data that is not matched or linked to any individual user.
  3. To Make the Services of Other Companies Work on Our Websites – Companies may use cookies, web beacons, and other similar technologies to enhance the operations of particular services and functionality of our websites and mobile applications (known as technical cookies). For example, Adobe can set and enable special cookies that are necessary to deliver video content for Adobe Flash Player. These cookies are called Flash cookies.
  4. To Link Your Activity on Our Websites to Your Social Networks – We have added certain features to our websites and mobile applications that allow social networks (such as Facebook, Twitter, and Google+) to track the activities of their members or collect certain information when they use our website or mobile applications. These features may include technologies called "plug-ins" and "widgets." Plug-ins create a direct link between two websites, and widgets are interactive mini-programs that provide other companies’ services on our websites. If you are concerned about the way a social network is tracking your activity, please contact the social network or review its privacy policy. For example, you can review Facebook’s data-use policy at https://www.facebook.com/about/privacy/.

See Section 6 "Cookies, Web Beacons and Similar Technologies" of this Statement for additional information.

5. What Are Your Rights With Regard To Your Personal Data?

You have the right, at any time in relation to your personal data, to

  1. obtain confirmation as to whether or not your personal data exists and to be informed of its content and source, verify its accuracy or request integration, updates or amendments;
  2. request the deletion, conversion to an anonymous form or restriction of your personal data processed in breach of the applicable law, and
  3. oppose its processing, in all cases, for legitimate reasons.

You may also revoke your consent, at any time, to receiving marketing communications and to profiling activities.

In addition to the above, from May 25th, 2018, the date of applicability of the General Data Protection Regulation, you will also have the right set out in Section 18(b). below.

In order to exercise the rights above, you can contact us as described in the "Contact Us" section of this Privacy Statement. In your request, please include your email address, name, address, and telephone number.

6. Cookies, Web Beacons and Similar Technologies

We and others may use a variety of technologies to collect information about your device and use of our websites and mobile applications. These technologies include cookies, web beacons, java scripts, entity tags, and HTML local storage. Most web browsers can be programmed to accept or reject the use of some or all of these technologies, although you must take additional steps to disable or control other technologies. For more information, please see the section of this Statement titled "Your Choices."

Cookies – Cookies are small data files that are sent from a website’s server and are stored on your device’s hard drive either for only the duration of your visit ("session cookies") or for a fixed period ("persistent cookies"). Cookies contain information that can later be read by a web server.

Web Beacons – Web beacons are small, transparent images that are embedded in web pages, applications, and emails that are sometimes called “clear gifs,” “single pixel gifs,” “page tags” or “web bugs.” We use web beacons to track the web pages you visit, to test the effectiveness of our marketing, and to find out if an email has been opened and acted on.

Java Scripts – Java scripts are code snippets embedded in various parts of websites and applications that facilitate a variety of operations including accelerating the refresh speed of certain functionality or monitoring usage of various online components.

Entity Tags – Entity Tags are HTTP code mechanisms that allow portions of websites to be stored or “cached” within your browser and validate these caches when the website is opened, accelerating website performance since the web server does not need to send a full response if the content has not changed.

HTML5 Local Storage – HTML5 local storage allows data from websites to be stored or “cached” within your browser to store and retrieve data in HTML5 pages when the website is revisited.

These and similar technologies are used for the following purposes:

Services and Functionality – Some of these technologies are required to allow you to access and use our websites or mobile applications and the various services and functionality we offer. Without these technologies, some of the services and functionality on our websites and mobile applications would not work properly.

Performance Monitoring – Some of these technologies help us analyse and estimate traffic and assess the volume of use of services and functionality on websites and mobile applications. They show us how visitors and customers interact with our digital properties, whether there are any errors, the degree to which certain web pages, applications, services or functionality are accessed and used and how they are performing or operating. When these technologies are used for performance monitoring, no information that identifies you is collected.

User Convenience – Some of these technologies enhance the ease of use of our websites and mobile applications and the services and functionality they make available by accelerating load and refresh times and remembering information that you have provided on prior visits to our websites or when you last used a website or mobile application service or functionality.

The above cookies are considered to be technical cookies

TECHNICAL COOKIES 
CompanyDomainCookie NamePurpose
Starbucksstarbucks.it_ga Used to distinguish users
Starbucksstarbucks.it_gat Used to distinguish users 
Starbucksstarbucks.it_gidUsed to throttle request rate 
Starbucksstarbucks.itASP.NET_SessionId Used to identify the user’s session on the server
Starbucksstarbucks.itTAFSessionId Used to maintain information about each visit to the website 

You may restrict the functionality of the aforesaid cookies by following the instructions in Section 10. Please note however that, by disabling the cookies, your use of the Site might be compromised.

Marketing and profiling cookies – Some of these technologies are used to tailor your experience on our website, within our mobile applications, or across your applications or devices by controlling the promotions, advertisements and other marketing messages that may appear when you access or use these or other digital properties. These technologies also help us learn which services and functionality you are using and how you are accessing information about us. We may use this information to personalise your visit to a website or use of a mobile application or to send you relevant promotions and advertisements.

Third party cookies - cookies installed by third parties other than Starbucks.

PROFILING COOKIES OR THIRD PARTY COOKIES  
CompanyDomainCookie NamePurposes Link to third party privacy policy
Google Inc.google.comNID Remember your preferences and other information https://www.google.com/ intl/en/policies/privacy/
Google Inc.play.google.comPLAY_PREFSGoogle Play preferences https://www.google.com/ intl/en/policies/privacy/
New Relic Inc.nr-data.netJSESSIONIDSession tracking https://newrelic.com/priv acy

You may restrict the functionality of the above cookies in the context of profiling advertisements as distributed by Starbucks by by following the instructions in Section 10. In that case, you will continue to receive advertising messages but they will not be customized to your interests.

PART II - YOUR CHOICES

7. Promotional Communication Choices

You can opt out of receiving promotional emails by informing us of your preference at the time you sign up for a Starbucks account, modifying your promotional preferences online in your account’s profile management section, or following the opt out instructions in the promotional emails we send you. Similarly, you may opt in to receive text messages, telephone calls and mailings. Where our mobile applications allow for the delivery of “push notifications,” you can also consent to receiving these notifications as well as opt-out by toggling the “Notifications” switches within our mobile applications to "off". With your prior consent, you may receive promotional messages, offers, news and information about Starbucks or our business partners within the mobile application itself. These “in app” messages are part of our mobile application’s functionality and cannot be turned off. If you do not want to receive “in app” messages, offers, news and information, do not download or use our mobile application.

Please note that if you do not consent to the receipt of promotional communications from us, we may still send you transactional communications, including emails about your accounts or purchases.

8. Location Information

You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third parties by (a) enabling and disabling location services within the device settings; or (b) accepting and denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings. Please note that your location may be derived from your WiFi, Bluetooth, and other device settings. See your device settings for more information.

9. Voice Transmissions

You can ensure you do not send us or any third parties any transmissions of your voice by not using the voice ordering feature that at the time of the download of the app or usage of the website is deactivated by default. In addition, you may be able to adjust the settings of your device so that your voice transmissions cannot be sent to us or third parties by (a) disabling microphone and speech recognition services within the device settings; or (b) denying certain websites or mobile applications permission to access microphone and speech recognition services by changing the relevant preferences and permissions in your mobile device or browser settings.

10. Cookies, Web Beacons and Similar Technologies

In addition to the information provided above, you may be able to reject cookies, web beacons, entity tags and HTML5 local storage by adjusting the appropriate settings in your browser. Each browser is different, but many common browsers (Internet Explorer, Chrome, Firefox, and Safari) have preferences or options that may be adjusted to allow you either to accept or reject cookies and certain other technologies before they are set or installed or allow you to remove or reject the use or installation of certain technologies altogether. If you want to learn the correct way to modify your browser settings, please use the Help menu in your browser or visit the following links:

Google Chrome: https://support.google.com/chrome/answer/95647

Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-websitepreferences

Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-deletemanage-cookies

Safari: https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471

11. Interest-Based Ads

Many advertising companies that collect information for interest-based advertising are members of the Digital Advertising Alliance or the Network Advertising Initiative, both of which maintain websites where people can opt out of interest-based advertising from their members. To opt-out on these pages, visit www.AboutAds.info and www.networkadvertising.org.

12. "Do Not Track" Technology

Subject to this Privacy Statement, some newer web browsers have a "Do Not Track" preference that transmits a "Do Not Track" header to the websites you visit with information indicating that you do not want your activity to be tracked. We currently do not respond to browser "Do Not Track" signals.

13. How to Manage Your Account Information

Information can be changed or removed from Starbucks accounts where applicable. As required by law for taxes and other record keeping purposes, we are unable to delete an account completely.

14. Use by Minors

We do not intend for our websites or online services to be used by anyone under the age of 18. If you are a parent or guardian and believe we may have collected information about your child, please contact us as described in the "Contact Us" section of this Statement.

15. Transfer of Data Abroad / EU-U.S. Privacy Shield

Your personal data may be transferred to countries within the European Economic Area or outside the EEA and in particular to the United States of America, whose data protection laws may be less stringent than your country’s. Starbucks will ensure that appropriate and suitable safeguards are in place to protect your personal data and that transfer of your personal data is in compliance with applicable data protection laws and in particular article 46 of the General Data Protection Regulation.

You have the right to request a copy of your personal data or to know where your personal data is stored by contacting Starbucks at the address indicated in Section 16 of this Statement.

In any case note that Starbucks Corporation participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Starbucks is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List here: https://www.privacyshield.gov/list.

Starbucks is responsible for the processing of personal data it receives, and subsequently transfers to a third party acting as an agent on its behalf, under the Privacy Shield Framework. Starbucks complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Starbucks is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Starbucks may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

Under certain conditions, more fully described on the Privacy Shield website here: https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

16. Contact us

We welcome your questions, comments and concerns about privacy. You can contact Starbucks Customer Relations by email at customerfirst@starbucks.com or by telephone at +44 8834 50 50.

17. What changes with the General Data Protection Regulation 679/2016/EU?

From May 25th, 2018, the date of applicability of the General Data Protection Regulation, the following provisions will apply in addition to those listed above:

  1. Data retention of your personal data We will retain your information only for the period necessary to fulfil the purposes for which the data was collected as outlined in this Statement; in particular:
    • Information collected for the purposes of Section 2(a) to (h) of this Privacy Statement is retained for the time of provision of the Starbucks products and services plus 10 years, equal to the length of the applicable statutory limitation period following the termination of such services;
    • Information collected for the purposes of Section 2(j) is retained for a period that changes depending on the cookie involved as indicated in the relevant policy;
    • Information collected for the purposes Section 2(k) is retained for the duration of the service required plus one year in respect of processing for the purposes of Section(k)(a) and two years in the in case processing for the purposes of Section2(j)(b).
    • At the end of the retention period your personal data will be either cancelled, anonymized or aggregated.
  2. Additional rights In addition to the rights as indicated in Section 5 of this Statement, you will also have – by contacting Starbucks according to the modalities of Section 16 - the right at any time to:
    • i. request to Starbucks limits the processing of your personal information where:
      • you contest the accuracy of the personal information until we have taken sufficient steps to correct or verify its accuracy;
      • the processing is unlawful but you do not want us to erase the data;
      • we no longer need the personal information for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
      • where you have objected to processing justified on legitimate interests grounds pending verification as to whether Starbucks has compelling legitimate grounds to continue processing.
    • ii. object to the processing of your personal information for legitimate interests;
    • iii. request the erasure of your personal information without delay; and
    • iv. request the data be made portable (when we are relying upon your consent or the fact that the processing is necessary for the provision of the Starbucks services and the personal information is processed by automatic means); Moreover, you will be able to lodge a complaint with the relevant supervisory authority, the Garante per il trattamento dei dati personali.
  3. Data Protection Officer
    Starbucks will notify through this Statement the contact details of the data protection officer, should it reach the conclusion that it is required to do so under the terms of the General Data Protection Regulation.