Information on Personal Data Protection
Information to the Data Subject pursuant to and for the purposes of Regulation (EU) No. 679/2016 (commonly known as the GDPR: General Data Protection Regulation), Legislative Decree No. 196 of June 30, 2003, and subsequent amendments, Directive 2002/58/EC (so-called “e-Privacy Directive”) and in compliance with the provisions of the Data Protection Authority.
Dear Data Subject/User,
In accordance with the aforementioned regulations, we provide below the information regarding the processing and protection of personal data, stating that the processing will be carried out in accordance with the principles of fairness, lawfulness, and transparency, protecting confidentiality.
By browsing and completing the registration process on the website: www.salonelibro.it and its dedicated social network pages, the Data Subjects/Users voluntarily provide their personal data.
Upon request from the User/Data Subject, in addition to the information contained in this privacy policy, further information may be requested from the Data Controllers using the contact details provided.
The following information is provided in a clear, simple, and intelligible manner.
IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLERS
The Cultural Association, Torino La Città Del Libro (VAT: 97841070010) and Salone Libro S.r.l. (VAT: 12057500014), hereinafter referred to as the "Data Controllers," in their capacity as joint controllers under Article 26 of the GDPR and based on the Joint Controllership Agreement, provide the following contact details:
Address: Via Pietro Giannone, 10, 10121 Torino, Italy
Email: privacy@salonelibro.it
CONTACT DETAILS OF THE DATA PROTECTION OFFICER
The Data Protection Officer (DPO) can be reached at the following email address: caltagirone@legaladvisory.it
PURPOSES AND LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA
The processing will pursue the following purposes supported by the following legal bases in order for the processing and protection of personal data to be lawful, as required by the GDPR:
WEBSITE NAVIGATION (PURPOSE): For browsing the website and the correct display of pages, multimedia content, and user interaction. Technical storage or access to already stored information is necessary only to transmit a communication over an electronic communications network, or to the extent strictly necessary for an information society service explicitly requested by the user.
LEGAL BASIS: Based on the execution of pre-contractual measures or contractual obligations; the provision of data is necessary for the establishment of the relationship and to fulfill the mandate.
SERVICES ON THE WEBSITE (PURPOSE): For the correct and complete execution of the assigned task or provision of requested services, such as sending optional, explicit, and voluntary messages to the contact addresses of the Data Controllers, private messages sent by users to institutional profiles/pages on social media (where this possibility is provided), as well as the completion and submission of forms, which involves the acquisition of the sender's contact details necessary to respond, as well as all personal data contained in the communications. Participation in events (cultural events and digital events) and related activities to access requested goods and services, the sale of educational and cultural products (e-commerce), through registration on portals or reserved areas of the website, and the correct management of legal obligations imposed by applicable regulations.
LEGAL BASIS: Based on the execution of pre-contractual measures or contractual obligations; the provision of data is necessary for the establishment of the relationship and to fulfill the mandate.
ACCESS TO ACTIVITIES (PURPOSE): To allow participation or access to events chosen by the User/Data Subject, communications will be sent through the contact details provided during registration containing technical information.
LEGAL BASIS: Based on the execution of pre-contractual measures or contractual obligations; the provision of data is necessary for the establishment of the relationship and to fulfill the mandate.
NEWSLETTER CATEGORIES:
Cultural Initiatives (Marketing Purpose): To be informed and gain exclusive benefits related to cultural initiatives organized or promoted by Salone and its Partners through email subscription to the Cultural newsletter.
LEGAL BASIS: Based on consent provided for this specific purpose until revocation.
International Initiatives (Marketing Purpose): To be informed and gain exclusive benefits related to international activities organized or promoted by Salone and its Partners.
LEGAL BASIS: Based on consent provided for this specific purpose until revocation.
Self-Publisher Initiatives (Marketing Purpose): To be informed and gain exclusive benefits related to initiatives for self-publishers organized or promoted by Salone and its Partners.
LEGAL BASIS: Based on consent provided for this specific purpose until revocation.
School Initiatives (Marketing Purpose): To be informed and gain exclusive benefits related to school initiatives organized or promoted by Salone and its Partners.
LEGAL BASIS: Based on consent provided for this specific purpose until revocation.
LEGAL COMPLIANCE: The correct management of legal, fiscal, and tax obligations of the Data Controllers in relation to the obligations imposed by current regulations, necessary to comply with legal obligations. The data may also be processed if necessary to assert or defend a right in court.
LEGAL BASIS: Necessary for the fulfillment of a legal obligation.
Users may at any time review the policy and modify previously given consents, verify and/or change the status of active services, and request additional services or cancel some.
BROWSING DATA
For operational and maintenance purposes, this website and any third-party services it uses may collect system logs, which are files that record interactions and may include personal data such as the user's IP address.
These data, necessary for the provision of web services, are also processed to obtain statistical information about service usage (most visited pages, number of visitors per time slot, geographic areas of origin, etc.) and to ensure the correct functioning of the services offered.
RECIPIENTS OF PERSONAL DATA
The data will not be disseminated, but may be communicated to third parties/partners where necessary for the provision of the service, and to individuals performing technical or organizational tasks for the provision of requested services. The third parties processing the data on behalf of the Data Controllers have been designated as Data Processors through specific written agreements.
The Data Controllers currently collaborate with third parties/partners to whom the data of users utilizing their services will be communicated. The categories of recipients of personal data include: public authorities and ministries, publicly owned companies, foundations, and associations, companies organizing fairs and digital events, publishing, energy, connectivity, IT, commerce, banking and insurance institutions, and event organization and communication agencies.
DATA RETENTION PERIOD AND CRITERIA FOR DETERMINATION
Personal data will be retained by the Data Controllers in accordance with current regulations, for no longer than necessary for the purposes for which they were collected and processed. In particular, personal data will be retained as long as the user maintains their account. Upon account deletion, the Data Controllers will ensure the correction or deletion of personal data within a reasonable time, in compliance with applicable laws.
INTENTION TO TRANSFER DATA TO A THIRD COUNTRY
Processing will primarily take place in Italy or in other EU countries. The user may at any time, by sending a communication to the Data Controller, request information on how this processing is carried out.
RIGHTS OF THE DATA SUBJECT AND THE RIGHT TO LODGE A COMPLAINT WITH THE SUPERVISORY AUTHORITY
The User/Data Subject may at any time exercise their rights, including:
Revocation of consent, if provided
Access to personal data
Rectification of personal data
Deletion (right to be forgotten) of personal data
Limitation of processing of personal data
Opposition to the processing of personal data
Not to be subject to decisions based solely on automated processing, including profiling
Portability of personal data (where applicable)
Obtain the essential content of the joint controllership agreement
The User/Data Subject has the right to lodge a complaint with the Data Protection Authority and/or any other competent Supervisory Authority, should they believe their rights have been violated.
COMMUNICATION OF DATA
The communication of data is optional, except for data marked as mandatory (often indicated by the * symbol), which are necessary for the provision of services; failure to provide these data may prevent the service from being delivered.
METHODS OF PROCESSING PERSONAL DATA
Personal data provided via registration for services are processed by the Data Controllers using electronic tools, stored in electronic databases with specific security measures to prevent data loss, illegal use, or unauthorized access. In addition to the Data Controllers, other persons involved in the organization may have access to the data (administrative, commercial, marketing staff, legal, system administrators), or external parties (such as third-party service providers, couriers, hosting providers, IT companies, communication agencies) appointed as Data Processors.
INFORMATION TO PROVIDE IF DATA IS OBTAINED FROM OTHER DATA CONTROLLERS (Art. 14 GDPR)
If personal data is provided by the Data Subject to a Controller other than the Data Controllers, these Data Controllers will, upon request, communicate the source of the personal data.
PROTECTION OF PERSONAL DATA OF MINORS UNDER 16 YEARS OF AGE
In accordance with the applicable law, minors under the age of sixteen are not required to provide personal information without parental consent, and in the absence of such consent, it will not be possible for the minor to submit requests via the website or portals.
LOCATION OF DATA PROCESSING
Personal data provided by the Data Subjects may be processed at the registered offices and subsidiaries of the Data Controllers, and at locations of authorized Data Processors, stored on servers in countries belonging to the European Union (EU), in compliance with personal data protection laws.
FINAL INFORMATION
The Data Controllers reserve the right to partially or fully modify the Privacy Policy or simply update its content (e.g., due to changes in applicable laws). Updates will be published, and users are invited to periodically review the information to stay informed about their rights.