This page describes how this site manages the processing of personal data of users who consult it. This is an information notice provided pursuant to EU Regulation 2016/679 to those who interact with web services accessible electronically from the address: www.extedendbook.org. The information is provided only for the Extended Book site and not for other websites that may be consulted by the user through links.

 

1. GDPR

The General Data Protection Regulation, officially Regulation (EU) 2016/679 and better known by the acronym GDPR, is a European Union regulation on the processing of personal data and privacy. With this regulation, the European Commission intends to strengthen and make more uniform the protection of personal data of European Union citizens and residents, both within and outside the European Union (EU) borders. The text, adopted on April 27, 2016, was published in the European Official Gazette on May 4, 2016, and entered into force on May 25 of the same year; it has been operational since May 25, 2018. The text also addresses the issue of exporting personal data outside the EU and obliges all data controllers (even with legal headquarters outside the European Union) who process data of EU residents to observe and comply with the obligations provided. The main objectives of the European Commission in the GDPR are to return to citizens control of their personal data and to simplify the regulatory context concerning international affairs by unifying and making privacy regulations within the EU homogeneous. Since its entry into force, the GDPR has replaced the contents of the Data Protection Directive (Directive 95/46/EC) and, in Italy, has repealed the provisions of the personal data protection code (Legislative Decree No. 196/2003) incompatible with it. For more information, also consult https://www.garanteprivacy.it/il-testo-del-regolamento

 

2. Data Controller - External Data Processor

The data controller of personal data is Puntomedia srl, with registered office at Via Lesmi 6 in Milan, 20123 VAT No. 10975510966, registered in the Milan Business Register and R.E.A. MI-2005105, email info@extedendbook.eu (the "Controller").

 

3. Purpose and Methods of Processing

Bold processes Users' personal data for the following purposes:

1. (a) for registration to the Site and to carry out any related activity (request for information and updates, literary challenges, etc.);

2. (b) to allow the use of services reserved for registered Users as per the Site's terms of use where the provision of services is at the User's request;

3. (c) for carrying out any administrative, accounting, and logistical activity related to Site registration, as well as to fulfill legal obligations;

4. (d) for the analysis of consumption preferences and habits and the processing of the User's personal preferences and interests through automated systems and the transmission of personalized offers through the Site (so-called "profiling" purposes);

5. (e) for statistical and historical purposes (only with anonymous and aggregated data).

Personal data are processed with manual and electronic tools and are stored in the designated electronic database. Personal data contained in the aforementioned automated information system, as well as those stored in the Controller's electronic archives, are processed in accordance with the provisions of current legislation and the GDPR regarding security measures, so as to minimize the risks of destruction, loss, modification, unauthorized disclosure or access, accidentally or illegally, or processing not in accordance with the purposes of collection. Specific security measures are observed to prevent data loss, illicit or incorrect use, and unauthorized access.

Furthermore, personal data are kept for the time necessary to achieve the aforementioned purposes, as well as to fulfill legal obligations imposed for the same purposes.
 

4. Types of Personal Data Processed

Bold processes personal data freely entered by the User on the Site, or inserted by the User through connection to social platforms (such as, in particular, personal data, tax codes, contact details, telephone and/or fax numbers, email addresses, data contained within comments or reviews, etc.), as well as technical data autonomously generated (in particular, IP addresses, log files relating to navigation on the Site, purchases made, etc.).

​

Navigation Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the site, URI (Uniform Resource Identifier) notation addresses of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Data Provided Voluntarily by Users

The optional, explicit, and voluntary sending of email or other data through forms filled out by the User involves the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message. Specific summary information notices will be progressively reported or displayed on the site pages set up for particular services on request (forms for collecting consent to use data). The user is free to provide the personal data reported in the computer forms (forms) of request to the Data Controller to access the services offered. Their failure to provide may result in the impossibility of obtaining what is requested.

 

5. Data Provision and Consent to Related Processing - Consequences in Case of Failure to Provide

The provision of data for the purposes referred to in points (a), (b), and (c) of Art. 3 above is necessary and, therefore, failure to provide the personal data in question will result in the impossibility for the User to receive information and participate in Bold activities. Consent to the processing of personal data for the aforementioned purposes is not required, in particular, pursuant to Art. 6, par. 1, lett. b), of the GDPR and current legislation.

With reference to the purpose referred to in point (d) of Art. 3 above, consent to processing is not necessary under current legislation, without prejudice, however, to the User's right to object at any time to the sending of communications according to the methods indicated below.

With reference to the purpose of processing referred to in points (e), (f), (g) of Art. 3 above, consent to the processing of personal data is merely optional, without prejudice to the fact that failure to provide it will make it impossible (i) for the User to receive informative and/or commercial communications relating to products and/or services of Bold or third parties, including those belonging to the product categories indicated above, and to benefit from any promotions offered by them, (ii) for Bold to analyze the User's consumption habits in order to develop and send specific offers based on the User's tastes and preferences.

 

6. Scope of Data Communication and Communication to Third Parties

Personal data provided by the User for the purposes described in Art. 2 above may be brought to the attention of or communicated to the following recipients:

• Employees and/or collaborators of Bold in any capacity for the performance of administration, accounting, and IT and logistical support activities;

• Private subjects, natural and/or legal persons (legal, administrative and tax consulting firms, shippers and couriers, any IT companies, any marketing companies and any other subject) that Bold uses in carrying out the activities referred to in the points of Art. 2;

• To all those subjects (including Public Authorities) who have access to the data by virtue of regulatory or administrative provisions.

All personal data provided by Users in relation to registration on the Site, purchase through the Site are not subject to dissemination. Personal data relating to the processing in question will not be communicated in any way to third parties.

All the aforementioned Subjects (natural and legal persons) have been informed and have formally accepted Bold's data processing management policy.

 

7. Data Retention Period

Bold has the right to keep data in anonymized form for statistical purposes and functional to its activities. Personal data are also kept for the time necessary to achieve the purposes indicated above (Art. 3 Purpose and methods of processing), as well as to fulfill legal obligations imposed for the same purposes.

 

8. Puntomedia srl

Pursuant to GDPR 2016/679 (Chapter III rights of the Data Subject articles 12 to 23) and current legislation, the User has the right to:

​a) Lodge a complaint with the Control and Guarantee Authority (Art. 13 and 14 GDPR 2016/679)

b) Obtain confirmation of the existence or not of personal data concerning him/her (Art. 15 GDPR 2016/679) and their communication in intelligible form, receiving them in a structured, commonly used and machine-readable format with the possibility of transmitting them to another controller ("Right to portability");

c) Obtain indications: (i) on the origin of personal data, on the purposes and methods of processing, on the logic applied in case of processing carried out with the aid of electronic tools; (ii) on the identification details of the Data Controller and the external Data Processor(s); (iii) on the subjects or categories of subjects to whom the data may be communicated or who may become aware of them as designated representative in the territory of the State, managers or appointees.

d) Obtain (i) the updating, rectification or integration of data concerning him/her or, in case of dispute about the correctness of the data, the limitation of their processing for the time necessary for appropriate checks,

(ii) the transformation into anonymous form or the blocking of data processed unlawfully, including data whose retention is necessary for the purposes for which the data were collected or subsequently processed, (iii) certification that the operations referred to in the preceding points have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, unless this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right.

e) Object, in whole or in part (i) to the processing of data concerning him/her, even if pertinent to the purpose of collection,

(ii) to the processing of personal data concerning him/her (Art.21 GDPR 2016/679), provided for the purposes of commercial information or sending advertising material or direct selling or for carrying out market research or commercial communication.

f) Obtain erasure without undue delay ("Right to be forgotten" Art. 17 GDPR 2016/679) in the event that the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, have been unlawfully processed or in the event that the User (i) requests it or (ii) objects in whole or in part to the processing.

g) Obtain restriction of processing (Art. 18 GDPR 2016/679) in the event that the data (i) are processed unlawfully but the User opposes their erasure, (ii) are necessary for the User to establish, exercise or defend a legal claim, (iii) a decision is pending on the legitimate grounds for processing by the Controller.

The above rights may be exercised by request to the Controller, at the email address info@extendedbook.eu with a simple request and without any motivation.

Every effort will be made to make the functionalities of this site as interoperable as possible with the automatic privacy control mechanisms available in some products used by users.

Furthermore, considering that the state of perfection of automatic control mechanisms does not currently make them free from errors and malfunctions, it is specified that this document, published at the address https://www.extedendbook.eu/privacy.html constitutes the "Privacy Policy" of this site which will be subject to updates (the various versions remain consultable at the same address).

​

9. Cookies

The description of the type of cookies used, their management of use and purposes, is referred to the "Cookie Policy" paragraph.