Privacy Policy

4books LTD, with registered offices in Old Casino, 28 Fourth Avenue - Hove, East Sussex BN3 2PJ, United Kingdom, VAT 291 1869 78 (hereinafter, “Data Controller"), owner of the website 4books.com (hereinafter, the "Site"), who acts as Controller of the personal data of users who browse and who wish to use the service offered through the Site (hereinafter, respectively, the "Service" and "Users") provides as follows the Privacy Policy pursuant to art. 13 of Legislative Decree 196/2003 (hereinafter, the "Privacy Code") and pursuant to art. 13 of EU Regulation 2016/679 of 27 April 2016 (hereafter, "Regulation", the Regulation and the Privacy Code are together defined as "Applicable Regulations").

This Site and any services offered through the Site are reserved for individuals who are at least 18 years old. The Data Controller therefore does not collect personal data relating to subjects who are under the age of 18. Upon Users’ request, the Data Controller will promptly delete all personal data involuntarily collected and concerning the subjects under the age of 18.

The “Data Controller” takes the utmost account the right to privacy and protection of personal data of its Users. For any information in relation to this privacy policy, Users can contact the Data Controller at any time, using the following methods:

By sending a registered letter with return receipt to the Data Controller 4books LTD’ registered office Old Casino, 28 Fourth Avenue - Hove, East Sussex BN3 2PJ, United Kingdom

By sending an email to [email protected]

The Data Controller has not appointed the figure of the Data Protection Officer (DPO), as it is not subject to the designation obligation pursuant to art. 37 of the Regulation.

1. Purpose of the Data Processing

Users' personal data will be processed lawfully by the Data Controller pursuant to art. 6 of the Regulation for the following purposes:

a) contractual obligations and Service supply, to allow navigation of the Site and to use the Service or to implement the Site's Terms of Use, which are accepted by the User during the trial and/or purchase of the Service; fulfil specific User requests. The User data collected by the Data Controller, so that the Service can be used, include: the e-mail and the Billing Information (in particular, name, surname, company, address, city, ZIP code, country, province, e-mail). The additional data requested for payment purposes will not be processed by the Data Controller but by different and independent data controllers, providers of the chosen payment gateway.

Unless the User gives the Data Controller a specific and optional consent to the processing of their data for the further purposes set out in the following paragraphs, the User's personal data will be used by the Data Controller for the sole purpose of verifying the identity of the User (also by validating the e-mail address), thus avoiding possible scams or abuse, and to contact he User for service-related reasons only (e.g. sending notifications related to the Service).

Without prejudice to the provisions elsewhere in this privacy policy, the Data Controller will in no case make the Users' personal data accessible to other Users and/or third parties.

b) administrative and accounting purposes, or to carry out organisational, administrative, financial and accounting activities, such as internal organisational activities and activities related to the fulfilment of contractual and pre-contractual obligations;

c) legal obligations, or to fulfil obligations established by the law, by an authority, by a regulation or by European legislation.

The provision of personal data for the aforementioned processing purposes is optional but necessary, since failure to provide them will make it impossible for the User to browse the site and use the Service offered by the Data Controller on the Site.

The personal data that are necessary for the pursuit of the processing purposes described in this paragraph 1 are indicated with an asterisk.

2. Processing methods and data retention period

The Data Controller will process the personal data of Users through manual and IT tools, with logic strictly related to the purposes and, in any case, in order to guarantee the safety and confidentiality of the data.

The personal data of the Users of the Site will be stored for the period strictly necessary to carry out the primary purposes illustrated in the previous paragraph 1, or in any case according to what is necessary for the protection of the interests of both the Users and the Data Controller in civil law.

3. Scope of communication and data dissemination

The employees and /or collaborators of the Data Controller appointed to manage the Site may become aware of the Users' personal data. These subjects, who are formally appointed by the Data Controller as “Data Processors", will process the User's data only for the purposes indicated in this policy and in compliance with the provisions of the Applicable Regulations.

Third parties may become aware of Users’ personal data, acting as as "External Data Processors" on behalf of the Data Controller, such as, by way of example, suppliers of IT and logistical services functional to the operation of the Site, outsourced or cloud computing service providers, professionals and consultants.

Users have the right to obtain a list of any data processors appointed by the Data Controller, by sending a request to the Data Controller as indicated in the following paragraph 4.

4. Rights of Data Subjects

Users can exercise their rights guaranteed by the Applicable Regulations, by contacting the Data Controller in the following ways:

By sending a registered letter with a return receipt to the registered office of the Data Controller (4books LTD Old Casino, 28 Fourth Avenue - Hove, East Sussex BN3 2PJ, United Kingdom

By sending an email to [email protected]

Pursuant to the Applicable Regulations, the Data Controller informs that Users have the right to obtain information about (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic tools; (iv) the identity of the data controller and processors; (v) the subjects or categories of subjects whom the personal data may be communicated to, or who can have access to them as data processors or people in charge.

Furthermore, Users have the right to obtain:

a) access, updating, rectification or, when interested, the integration of data;

b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data which does not need to be stored for the purposes for which the data were collected or subsequently processed;

c) the certification that the operations referred to in letters a) and b) have been brought to the attention, also for what regards their content, of those whom the data have been communicated or disseminated to, except in the case in which this fulfilment proves impossible or involves the use of means manifestly disproportionate in relation to the protected right.

In addition, Users have:

a) the right to withdraw consent at any time, if the processing is based on their consent;

b) the right to data portability (right to receive all personal data concerning the user in a format that is structured, commonly used and readable via automatic device), the right to limit the processing of personal data and the right to erasure ("right to be forgotten");

c) the right to object:

i) in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;

ii) in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication;

iii) if the personal data are processed for direct marketing purposes, at any time, to the processing of their data carried out for this purpose, including profiling to the extent that it is connected to such direct marketing.

d) d) if they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State where they usually reside, where they work or where the alleged violation occurred ).

The Italian Supervisory Authority is the Italian Data Protection Authority, located in Piazza di Monte Citorio n. 121, 00186 - Rome (http://www.garanteprivacy.it/).

The Data Controller is not responsible for updating all the links that can be viewed in this Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.