As Data Controller, Up S.r.l hereby informs you that, pursuant to and for the purposes of Art. 13 EU Regulation 2016/679 (General Data Protection Regulation, hereinafter GDPR), the data acquired and / or provided, will be processed, in accordance with the national and European legislation in force on the processing of personal data and as such, always in compliance with the transparency, lawfulness, appropriateness and protection of your privacy and of your rights.
We welcome you to 4books.com. We hereby introduce you to Up S.r.l., whose registered offices are in Via Valenza 5, CAP 20144, Milan, IT. (hereinafter, the "Owner"), owner of the 4books.com website (hereinafter, the "Site"), as the Data Controller of the personal data of users who browse and who want to use the service offered through the Site (hereinafter, respectively, the "Service" and the "Users") pursuant to art. 13 of the GDPR.
This Site and any services offered through the Site are reserved for individuals who have reached the age of eighteen. The Data Controller therefore does not collect personal data relating to persons under the age of 18. At the request of the Users, the Data Controller will promptly delete all personal data involuntarily collected and relating to subjects under the age of 18.
The Data Controller takes the utmost care in respect of the right to privacy and protection of the personal data of its Users. For any information in relation to this privacy statement, Users can contact the Data Controller at any time, through the following means:
By sending a registered letter with delivery notice to the registered office of the Up S.r.l. in Via Valenza 5, CAP 20144, Milan, IT.
By sending an email to firstname.lastname@example.org.
The Data Controller has appointed a Data Protection Officer who can be contacted at the email address email@example.com.
1. Purpose of data processing
The Users' personal data will be processed lawfully by the Data Controller pursuant to Art. 6 of the Regulation for the following processing purposes:
a) contractual obligations and provision of the Service, to allow navigation of the Site and to use the Service or to execute the Conditions of Use of the Site, which are accepted by the User during the trial and / or purchase of the Service; fulfill specific User requests. The User data which are collected by the Data Controller, so that the latter can use the Service, include the e-mail address and the Billing Data (specifically, name, surname, company, address, city, postcode, country, province, e-mail). The additional data requested for payment purposes will not be processed by the Data Controller but by different and autonomous owners, managers of the chosen payment circuit.
Unless the User gives the Data Controller a specific and voluntary consent to the processing of their data for the additional purposes set out in the following paragraphs, the User's personal data will be used by the Data Controller for the exclusive purpose of ascertaining the identity of the User (also by validating the e-mail address), thus avoiding possible fraud or abuse, and for the purpose of contacting the User for service reasons only (e.g.: sending notifications relating to the Service). Without prejudice to the provisions elsewhere in this privacy statement, in no case will the Data Controller make the Users' personal data accessible to other Users and / or third parties;
b) marketing purposes, with the express consent of the User, in order to send news on products, services or offers promoted by the Owner;
c) administrative-accounting purposes, or to carry out activities of an organizational, administrative, financial and accounting nature, such as internal organizational activities and activities functional to the fulfillment of contractual and pre-contractual obligations;
d) legal obligations, or to fulfill obligations established by law, by an authority, by a regulation or by European legislation.
The provision to the Owner of the personal data requested for collection on various occasions may be necessary for the pursuit of the purposes identified in the specific information, or they may be optional. The mandatory or optional nature of the provision is specified, from time to time, at the time of individual data collection, by adding a particular symbol (*) to the mandatory information. Any refusal to communicate certain data marked as mandatory makes it impossible to pursue the main purpose of the specific data collection: such refusal could, for example, make it impossible for the Data Controller to provide the services available. The provision of further data is optional and does not entail any consequence in relation to the pursuit of the main purpose of the collection. With the express consent of the User, personal data may be processed by the Data Controller for commercial and promotional purposes.
2. Processing methods and data retention times
The Data Controller will process the Users' personal data both manually and using IT, following protocol strictly related to the purposes themselves and, in any case, in such a way as to guarantee the security and confidentiality of said data.
The data are processed for the time necessary to perform the service requested by the User or in general to achieve the purposes for which they were collected. The User can always request the interruption of the processing or the deletion of data. Users' personal data are kept for the entire period necessary for the provision of the services and products requested. Furthermore, some data will be kept for longer periods by virtue of the obligations relating to fiscal-administrative-accounting fulfilments (10 years pursuant to Article 2220 of the Italian Civil Code). As regards marketing purposes, the retention period is 24 months.
3. Scope of communication and dissemination of data
The employees and / or collaborators of the Data Controller in charge of managing the Site may become aware of the personal data of the Users. These subjects, who are formally appointed by the Data Controller as "data processors", will process the User's data exclusively for the purposes indicated in this information and in compliance with the provisions of the privacy legislation in force.
Third parties who may process personal data on behalf of the Data Controller as "Data Processors" may also become aware of the Users' personal data, such as, by way of example, suppliers of IT and logistics services functional to the operation of the Site, outsourced or cloud computing service providers, professionals and consultants. Users have the right to obtain a list of any data processors appointed by the Data Controller, making a request to the Data Controller in the manner indicated in paragraph 4, below.
4. Rights of the interested parties
The Users can exercise the rights guaranteed to them by the Applicable Law, by contacting the Owner in the following ways:
By sending a registered letter with delivery notice to the registered office of the Data Controller (Up S.r.l. in Via Valenza 5, CAP 20144, Milan, IT).
By sending an email to firstname.lastname@example.org
Pursuant to the current privacy legislation, the Data Controller advises that Users have the right to obtain information pertaining to (i) the origin of the personal data; (ii) the purposes and methods of the processing; (iii) the criteria applied in the case of treatment carried out with the aid of electronic instruments; (iv) the identity of the owner and managers; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may learn about them as managers or agents.
Furthermore, Users have the right to obtain:
a) access, updating, rectification or, when relevant, integration of data;
b) the cancellation, the transformation into anonymous form or the blocking of data processed in violation of the law, including that which need not be kept for the purposes for which the data was collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data has been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means that are manifestly disproportionate to the protected right.
Furthermore, Users have:
d) the right to withdraw consent at any time, if the processing is based on their consent;
e) the right to data portability (right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device), the right to limit the processing of personal data and the right to cancellation (" right to be forgotten");
f) the right to object:
i) in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection;
ii) in whole or in part, to the processing of personal data concerning them for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
iii) if personal data is processed for direct marketing purposes, at any time, to the processing of their data for this purpose, including profiling to the extent that it is connected to such direct marketing.
g) the right to lodge a complaint, should they have reason to believe that the processing which concerns them violates the Regulation, with a supervisory authority (either in the Member State in which they usually reside, in which they work or in which the alleged violation has occurred). The Italian Supervisory Authority is the Guarantor for the protection of personal data, based in Piazza di Monte Citorio no. 121, 00186 - Rome (http://www.garanteprivacy.it/).
The Owner is not responsible for updating all the links that can be viewed in this Notice, therefore whenever a link is not functional and / or updated, Users acknowledge and accept that they must always refer to the document and / or section of the websites named in this link.