This Site and any services offered through the Site are reserved for individuals who are at least 18 years old. The Data Controller therefore does not collect personal data relating to subjects who are under the age of 18. Upon Users’ request, the Data Controller will promptly delete all personal data involuntarily collected and concerning the subjects under the age of 18.
By sending a registered letter with return receipt to the Data Controller 4books LTD’ registered office Old Casino, 28 Fourth Avenue - Hove, East Sussex BN3 2PJ, United Kingdom
By sending an email to [email protected]
The Data Controller has not appointed the figure of the Data Protection Officer (DPO), as it is not subject to the designation obligation pursuant to art. 37 of the Regulation.
1. Purpose of the Data Processing
Users' personal data will be processed lawfully by the Data Controller pursuant to art. 6 of the Regulation for the following purposes:
Unless the User gives the Data Controller a specific and optional consent to the processing of their data for the further purposes set out in the following paragraphs, the User's personal data will be used by the Data Controller for the sole purpose of verifying the identity of the User (also by validating the e-mail address), thus avoiding possible scams or abuse, and to contact he User for service-related reasons only (e.g. sending notifications related to the Service).
b) administrative and accounting purposes, or to carry out organisational, administrative, financial and accounting activities, such as internal organisational activities and activities related to the fulfilment of contractual and pre-contractual obligations;
c) legal obligations, or to fulfil obligations established by the law, by an authority, by a regulation or by European legislation.
The provision of personal data for the aforementioned processing purposes is optional but necessary, since failure to provide them will make it impossible for the User to browse the site and use the Service offered by the Data Controller on the Site.
The personal data that are necessary for the pursuit of the processing purposes described in this paragraph 1 are indicated with an asterisk.
2. Processing methods and data retention period
The Data Controller will process the personal data of Users through manual and IT tools, with logic strictly related to the purposes and, in any case, in order to guarantee the safety and confidentiality of the data.
The personal data of the Users of the Site will be stored for the period strictly necessary to carry out the primary purposes illustrated in the previous paragraph 1, or in any case according to what is necessary for the protection of the interests of both the Users and the Data Controller in civil law.
3. Scope of communication and data dissemination
The employees and /or collaborators of the Data Controller appointed to manage the Site may become aware of the Users' personal data. These subjects, who are formally appointed by the Data Controller as “Data Processors", will process the User's data only for the purposes indicated in this policy and in compliance with the provisions of the Applicable Regulations.
Third parties may become aware of Users’ personal data, acting as as "External Data Processors" on behalf of the Data Controller, such as, by way of example, suppliers of IT and logistical services functional to the operation of the Site, outsourced or cloud computing service providers, professionals and consultants.
Users have the right to obtain a list of any data processors appointed by the Data Controller, by sending a request to the Data Controller as indicated in the following paragraph 4.
4. Rights of Data Subjects
Users can exercise their rights guaranteed by the Applicable Regulations, by contacting the Data Controller in the following ways:
By sending a registered letter with a return receipt to the registered office of the Data Controller (4books LTD Old Casino, 28 Fourth Avenue - Hove, East Sussex BN3 2PJ, United Kingdom
By sending an email to [email protected]
Pursuant to the Applicable Regulations, the Data Controller informs that Users have the right to obtain information about (i) the origin of personal data; (ii) the purposes and methods of processing; (iii) the logic applied in case of processing carried out with the aid of electronic tools; (iv) the identity of the data controller and processors; (v) the subjects or categories of subjects whom the personal data may be communicated to, or who can have access to them as data processors or people in charge.
Furthermore, Users have the right to obtain:
a) access, updating, rectification or, when interested, the integration of data;
b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data which does not need to be stored for the purposes for which the data were collected or subsequently processed;
c) the certification that the operations referred to in letters a) and b) have been brought to the attention, also for what regards their content, of those whom the data have been communicated or disseminated to, except in the case in which this fulfilment proves impossible or involves the use of means manifestly disproportionate in relation to the protected right.
In addition, Users have:
a) the right to withdraw consent at any time, if the processing is based on their consent;
b) the right to data portability (right to receive all personal data concerning the user in a format that is structured, commonly used and readable via automatic device), the right to limit the processing of personal data and the right to erasure ("right to be forgotten");
c) the right to object:
i) in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
ii) in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication;
iii) if the personal data are processed for direct marketing purposes, at any time, to the processing of their data carried out for this purpose, including profiling to the extent that it is connected to such direct marketing.
d) d) if they believe that the processing that concerns them violates the Regulation, the right to lodge a complaint with a Supervisory Authority (in the Member State where they usually reside, where they work or where the alleged violation occurred ).
The Italian Supervisory Authority is the Italian Data Protection Authority, located in Piazza di Monte Citorio n. 121, 00186 - Rome (http://www.garanteprivacy.it/).
The Data Controller is not responsible for updating all the links that can be viewed in this Policy, therefore whenever a link is not working and/or updated, Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.