Datenschutz- und Cookie-RichtlinieCasalini Libri s.p.a. informs that, pursuant to art. 13 of the European General Data Protection Regulation, no. 2016/679 ("Regulation") and Italian Legislative Decree 196/03 and subsequent amendments and additions, the personal data provided by the User in relation to the services provided on its platforms will be processed in accordance with the provisions of the Privacy Code and the Regulation, for the purposes stated below.
Data ControllerThe Data Controller is the company Casalini Libri s.p.a., with registered office in Fiesole (FI), Via Benedetto Da Maiano n. 3, postcode 50014, VAT no. 03106600483 (hereinafter, the "Data Controller").
Personal Data Protection OfficerThe Data Protection Officer (DPO) is Mr Massimo Di Menna (engineer). For all needs regarding the protection of personal data, including the exercise of the rights granted to the data subject by current legislation, please refer to the following contacts at the Data Protection Officer: email@example.com
Purpose, Legal Basis of Processing and Data Retention PeriodPersonal data will be processed for the following purposes and legal bases:
Dati tecnici di navigazioneThe computer systems and software procedures responsible for the operation of the website (such as Apple Store and Google Play) acquire in the course of their normal operation some of your Data whose transmission is implicit in the use of Internet communication protocols, smartphones and devices used. This category of data includes IP addresses or domain names used by Users who connect. For more information, please visit: https://www.apple.com/it/privacy/; https://www.google.com/intl/it_it/policies/privacy/
Legal Basis: the legitimate interest of the Data Controller in making the website usable and safe to browse (Article 6, par. 1, letter f, EU Regulation 2016/679).
Retention: Browsing Data is deleted after processing as it is used only to obtain anonymous statistical information about the use of the website and to check its correct functioning. The data could be used to ascertain liability in the event of any cybercrimes against the website: currently, except for this possibility, data concerning web contacts are not stored for more than 7 (seven) days.
Contacts by the User by email or telephone contactThe optional, explicit and voluntary sending of communications by email to the addresses indicated on this website entails the subsequent acquisition of the data communicated by the User, including their email address, and the User's consent to receive any messages in response to their requests. In this case, the provision of your email address and any other data you may provide is optional, but indispensable in order to be able to use the service and receive a reply to your request and, in their absence, we will not be able to proceed with processing. Personal data provided in this way is used solely for the purpose of fulfilling or responding to requests submitted and is only disclosed to third parties if this is necessary for that purpose. The data is stored for the period necessary to process the request and in compliance with current laws and regulations.
Legal Basis: processing is carried out for the fulfilment of a contractual and pre-contractual obligation assumed by the Data Controller with the service (Art. 6, para. 1, letter b).
Retention: Data provided voluntarily by the User is stored for the period necessary to fulfil the request and as permitted by applicable law and any contractual obligations that may have arisen.
Account creation and execution of orders through the platformThe User, by generating their account, provides the platform with the necessary data to enable them to place Orders in accordance with our Terms and Conditions. The data provided allows identification when accessing the account and gives transaction information when placing an order. Transaction information allows us to:
- process the order and allow the Partner (Supplier) business to issue the fiscal receipt (invoice);
- the platform does not store information about your credit card;
- notify the business of your order.
Retention: Data provided for the creation of the account is stored for as long as necessary to fulfil the purposes arising from the contract.
Soft spam activitiesThe Data Controller may send promotional communications by email to the User concerning Products and/or Services similar to those already purchased or re-propose the same without the need for the express and prior consent of the User pursuant to article 130, paragraph 4, of the Privacy Code, provided that the User does not exercise their right to object.
Legal Basis: this processing is based on art. 130, paragraph 4, of the Privacy Code as amended by Legislative Decree no. 101 of 2018.
Payment management - Banca SellaPayment management services allow the website to process payments by credit card, bank transfer or other means. The payment data will be processed by the Data Controller exclusively for the purpose indicated by the User during transmission, i.e. for the execution of the order; upon completion of the transaction, the data will be deleted, unless specifically requested by the User. In the event that the data used for payment is acquired directly from the operator of the payment service requested, such data will not be processed in any way by this website. Some of these services may also allow the programmed sending of messages to the User, such as emails containing invoices or payment notifications.
Method and location of the Data processing
Data processing methodsThe Data Controller processes Users' Personal Data using suitable security tools to protect against the unauthorised access, distribution, modification or destruction of Personal Data.
Processing is carried out using electronic and/or telematic tools, with organisational methods and logic strictly related to the stated purposes. In addition to the Data Controller, in certain cases, other parties involved in the organisation of the site may have access to the Data (administrative, sales, legal staff and system administrators) or appointed external categories (such as third-party technical service providers, mail couriers, hosting providers, IT companies and communication agencies) which can, if necessary, be appointed by the Data Controller to handle the Personal Data.
External parties appointed as External Data Processors include business partners (the suppliers).
The updated list of Data Processors can always be requested from the Data Controller.
Place and TimesData is processed at the Data Controller's operational facilities and at any other place where the parties involved in the processing are based. Data is processed for the time period necessary to provide the User with services, or for the time required for the purposes described in this document, and the User can always request that processing is discontinued or that data is deleted.
Data transferPersonal data will not be transferred abroad.
The Data Subjects' RightsData subjects - the identified or identifiable natural persons to whom the data refer - may exercise specific data protection rights, which are listed below:
- right of access: the right to obtain from the Data Controller confirmation as to whether or not personal data is being processed and, if so, to obtain access to personal data and detailed information on the origin, purposes, categories of data processed, recipients of communication and/or transfer of data, and so on;
- right of rectification: the right to obtain, from the Data Controller, the correction of inaccurate personal data without undue delay, as well as the integration of incomplete personal data, including by provision of an additional declaration;
- the right to deletion ("the right to be forgotten"): the right to obtain from the Data Controller the deletion of personal data without undue delay where: i. the data is no longer necessary in relation to the purposes of the processing; ii. the consent on which the processing is based is withdrawn and there is no other legal basis for the processing; iii. the personal data has been processed unlawfully; iv. the personal data must be deleted in order to comply with a legal obligation;
- right to object to processing: the right to object at any time to the processing of personal data whose legal basis is a legitimate interest of the Data Controller;
- right to limit the processing: the right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is illegal and/or the data subject has objected to the processing;
- right to data portability: the right to receive personal data in a structured, commonly used and machine-readable format and to transmit such data to another Data Controller, if technically feasible, only for cases where the processing is based on consent or contract and only for data processed by electronic means;
- right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject who considers that processing operations concerning them are in breach of the Regulations shall have the right to lodge a complaint with the supervisory authority of the Member State in which that person resides or habitually works, or of the State in which the alleged breach occurred.