occupy-library-milano-2024

Privacy Policy

Privacy Policy 

Editrice Bibliografica SRL operates in compliance with the general data protection regulations set out in  EU Regulation 2016/679 (EU Regulation 2016/679 of the European Parliament and of the Council of 27 April  2016 on the protection of individuals with regard to the processing of personal data and on the free  movement of such data and repealing Directive 95/46/EC).  

1. GDPR 

The General Data Protection Regulation (GDPR), officially Regulation (EU) No. 2016/679 and better known  by the acronym GDPR, is a European Union regulation on the processing of personal data and privacy.  With this regulation, the European Commission aims to strengthen and homogenise the protection of  personal data of EU citizens and EU residents, both within and outside the borders of the European  Union (EU). The text, adopted on 27 April 2016, was published in the European Official Journal on 4 May  2016 and entered into force on 25 May of the same year; it is operational as of 25 May 2018. The text  also addresses the issue of exporting personal data outside the EU and obliges all data controllers  (including those with a registered office outside the EU) that process data of EU residents to observe  and comply with the requirements. The European Commission’s main objectives in the GDPR are to  give citizens back control of their personal data and to simplify the regulatory environment for  international affairs by unifying and homogenising privacy laws within the EU. Since its entry into force,  the GDPR has replaced the contents of the data protection directive (Directive 95/46/EC) and, in Italy,  has repealed the rules of the code for the protection of personal data (Legislative Decree no. 196/2003)  that are incompatible with it. For more information see also https://www.garanteprivacy.it/il-testo-del regolamento. 

2. Data Controller – Data Processor 

3. Purpose and method of processing 

The Controller processes the personal data of Users for the following purposes: (a) to register on the Site or to proceed to purchase goods or services of the Controller; 

(b) to enable the use of the services reserved for registered Users as per the terms and conditions of use of the Site in which the provision of services at the request of the User such as notice services, the sending of messages to receive customer support, for the booking of goods and services, and for the issuing of reviews and comments by Users in special online forms is envisaged; 

(c) for the performance of any administrative, accounting and logistical activities related to the registration to the Site, the making of a purchase through the Site, as well as to comply with legal obligations; 

(d) for sending communications aimed at the promotion and/or direct sale of products or services similar to those already purchased/used by the User, without prejudice to the User’s right to object at any time; 

(e) for sending commercial communications on products and services of the Site and/or the Controller, special offers, promotions and news, coupons, by means of automated systems, e-mail (so-called newsletter), sms, mms, fax, or similar, and/or by means of the postal service (so-called marketing purposes); 

(f) for the analysis of the User’s preferences and consumption habits and the processing of the User’s personal preferences and interests by means of automated systems and the transmission of personalised offers via the Site (so-called ‘profiling’ purposes); 

(g) for statistical and historical purposes (only with anonymous and aggregated data). 

Personal data are processed by manual and electronic means and are stored in the electronic database  provided for this purpose. The personal data contained in the aforementioned automated information  system, as well as those stored in the electronic archives of the Data Controller, are processed in  compliance with the provisions of current legislation and the GDPR on security measures, so as to  minimise the risks of destruction, loss, modification, unauthorised disclosure or access, whether  accidental or unlawful, or processing that is not in accordance with the purposes of collection. Specific  security measures are observed to prevent data loss, unlawful or incorrect use and unauthorised  access.  

In addition, personal data are stored for the time necessary to achieve the above-mentioned purposes,  as well as to fulfil the legal obligations imposed for the same purposes. 

4. Type of personal data processed 

The Data Controller processes personal data freely entered by the User on the Site, or entered by the  User through links to social platforms (such as, in particular, personal data, tax codes, contact details,  telephone and/or fax numbers, e-mail addresses, data contained in comments or reviews, etc.), as well  as data of a technical nature independently generated (in particular, IP addresses, log files relating to  navigation on the Site, purchases made, etc.). 

Navigation Data

The computer systems and software procedures used to operate this website acquire, during their  normal operation, some personal data whose transmission is implicit in the use of Internet  communication protocols. This information is not collected in order to be associated with identified  interested parties, but by its very nature could, through processing and association with data held by  third parties, allow users to be identified. This category of data includes the IP addresses or domain  names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier)  notation addresses of the resources requested, the time of the request, the method used to submit the  request to the server, the size of the file obtained in response, the numerical code indicating the status  of the response given by the server (successful, error, etc.) and other parameters relating to the user’s  operating system and IT environment. This data is used for the sole purpose of obtaining anonymous  statistical information on the use of the site and to check its correct operation, and is deleted  immediately after processing. The data could be used to ascertain responsibility in the event of  hypothetical computer crimes to the detriment of the site. 

Data provided voluntarily by Users 

The optional, explicit and voluntary sending of electronic mail or other data through the forms present  on this site, or through any addresses indicated on this site, entails the subsequent acquisition of the  sender’s address, necessary to reply to requests, as well as any other personal data included in the  message. Specific summary information will be progressively reported or displayed on the pages of the  site set up for particular services on request (forms for the collection of consent to the use of data). The  user is free to provide the personal data indicated in the computer forms (forms) to request the Data  Controller to access the services offered. 

Failure to provide them may make it impossible to obtain what has been requested. The Data Controller will retain, within the terms of the law, the log files and IP addresses used when  making an online purchase, in order to prevent and ascertain any fraud in online transactions. With  particular reference to the plug-ins of social platforms, it should be noted that, by selecting the  corresponding option (“Log in via social network” or similar), the Data Controller will retrieve the data  required to register to the Site from such platforms. The Owner has no possibility of defining the  purposes and methods of the processing of Users’ data by said platforms to which it has adhered by  accepting their privacy policy and giving specific consents. 

5. Provision of data and consent to data processing – Consequences in the event of failure to provide data 

The provision of data for the purposes referred to in points (a), (b) and (c) of Article 3 above is  necessary and, therefore, failure to provide such personal data will make it impossible for the User to  complete the procedures for the purchase, sale, delivery and/or return of goods, to use the services 

reserved to registered Users or requested by the latter from time to time as indicated in the terms and  conditions of use of the Site, as well as the performance of administrative and accounting activities by  the Controller. Consent to the processing of personal data for the aforementioned purposes is not  required, in particular, pursuant to Article 6(1)(b) of the GDPR and current legislation. 

With reference to the purpose of the processing referred to in point (d) of Art. 3 above, consent to the  processing is not required pursuant to the legislation in force, without prejudice, however, to the User’s  right to object at any time to the sending of communications in the manner indicated below. With reference to the purpose of the processing referred to in points (e), (f), (g) of Art. 3 above, consent  to the processing of personal data is merely optional, it being understood that failure to provide such  consent will make it impossible (i) for the User to receive informative and/or commercial  communications relating to products and/or services of the Data Controller or third parties, including  those belonging to the product sectors indicated above, and to benefit from any promotions offered by  the latter, (ii) for the Data Controller to analyse the User’s consumption habits in order to process and  send specific offers based on the User’s tastes and preferences. 

6. Scope of data communication and Communication to Third Parties 

The personal data provided by the User for the purposes described in art. 3 above may be brought to  the attention of or communicated to the following recipients:  

– employees and/or collaborators in any capacity whatsoever of the Data Controller for the performance of administration, accounting and IT and logistical support activities;  – private individuals and/or legal entities (legal, administrative and tax consultancy firms, forwarding agents and couriers, any IT companies, any marketing companies and any other subjects) which the  Data Controller uses in the performance of the activities referred to in points of art. 3;  – all those subjects (including Public Authorities) who have access to the data by virtue of regulatory or administrative provisions. 

All personal data provided by Users in connection with the registration to the Site and the purchase  through the Site are not subject to dissemination. Personal data relating to the processing in question  shall not be disclosed in any way to third parties.  

All the Subjects listed above (natural and legal persons) have been informed of and have formally  accepted the Data Controller’s  

data processing management policy. 

7. Data Retention Period 

The Data Controller is entitled to keep the data in anonymised form for statistical and functional  purposes. Furthermore, personal data are kept for the time necessary to achieve the above-mentioned  purposes (Art. 3 Purposes and methods of processing), as well as to fulfil legal obligations imposed for 

the same purposes. 

8. Rights of the persons concerned 

Pursuant to GDPR 2016/679 (Chapter III Rights of the Data Subject Articles 12 to 23) and the legislation  in force, the User has the right to:  

a) lodge a complaint with the Control and Guarantee Authority (Art. 13 and 14 GDPR 2016/679) b) obtain confirmation of the existence or otherwise of personal data concerning him/her (Art. 15 GDPR 2016/679) and their communication in an intelligible form, receiving them in a structured, commonly  used and readable format with the possibility of transmitting them to another data controller (“Right to  portability”);  

c) obtain indications: (i) on the origin of the personal data, on the purposes and methods of processing, on the logic applied in the event of processing carried out with the aid of electronic instruments; (ii) on  the identification details of the Data Controller and of the External Data Processor(s); (iii) on the  subjects or categories of subjects to whom the data may be communicated or who may become aware  of the data in their capacity as designated representative on the State territory, data processor(s) or  person(s) in charge of processing.  

(d) to obtain (i) the updating, rectification or integration of the data concerning him/her or, in the event of a dispute as to whether the data is correct, the restriction of the processing of the same for the time  necessary for the appropriate checks,  

(ii) the transformation into anonymous form or the blocking of data processed in breach of the law, including data whose storage is necessary in relation to the purposes for which the data was collected  or subsequently processed (iii) certification to the effect that the operations as per the preceding points  have been notified, as also related to their contents, to the entities to whom or which the data were  communicated or disseminated, unless this requirement proves impossible or involves a manifestly  disproportionate effort compared with the right that is to be protected.  

e) to object, in whole or in part, (i) to the processing of 

personal data concerning him/her,  

even if pertinent to the purpose of collection,  

(ii) to the processing of personal data concerning him/her (Art. 21 GDPR 2016/679), provided for the purposes of commercial information or sending advertising or direct sales material or for carrying out  market research or commercial communication.  

f) to obtain the deletion of the data without undue delay (“Right to be forgotten” Art. 17 GDPR 2016/679) in the event that the data are no longer necessary in relation to the purposes for which they  were collected or otherwise processed, have been processed unlawfully or in the event that the User (i)  requests it or (ii) objects in whole or in part to the processing.  

g) obtain the restriction of processing (Art. 18 GDPR 2016/679) in the event that the data (i) are unlawfully processed but the User objects to their deletion, (ii) are necessary for the User to ascertain, 

exercise or defend a right, (iii) an assessment as to the legitimate grounds for processing by the  Controller is pending. 

Last updated: 27/12/2023