Privacy Policy – UniBook

(pursuant to EU Regulation 2016/679 – “GDPR”)

1. Data Controller

The Data Controller of personal data is UniBook, with registered office at [……], contact e-mail: info@unibookhub.com.

2. Types of Data Collected

UniBook collects only the personal data strictly necessary for the use of the Platform and the management of transactions, including:

  • Personal details: first name, last name, date of birth;
  • Contact details: e-mail, phone number;
  • Login data: registration credentials;
  • Payment data: information transmitted to third-party providers (e.g., Stripe) for payment processing;
  • Usage data: history of published listings, reviews, and exchanged messages.

3. Purpose and Legal Basis of Processing

Data are processed for the following purposes:

  1. Managing the user account and providing the Platform’s services;
  2. Execution of sales transactions between users;
  3. Prevention and detection of fraud or unlawful conduct;
  4. Compliance with legal and tax obligations under current regulations;
  5. Service communications regarding changes to the rules or platform features;
  6. Sending promotional communications (only with the user’s consent).

The legal basis for processing is:

  • Performance of a contract (Art. 6.1.b GDPR);
  • Legal obligation (Art. 6.1.c GDPR);
  • User consent for promotional purposes (Art. 6.1.a GDPR).

4. Processing Methods

Processing is carried out using electronic and IT tools, adopting technical and organizational security measures appropriate to protect data from unauthorized access, loss, or unlawful disclosure.

5. Disclosure of Data to Third Parties

UniBook does not sell or transfer personal data to third parties for commercial purposes. Data may be disclosed only to:

  • Service providers essential to the operation of the Platform (e.g., Stripe for payments, Packlink for shipping);
  • Legal and tax advisors when necessary to protect the rights of the Data Controller;
  • Competent authorities in compliance with legal obligations or court orders.

All third-party providers are bound by data processing agreements compliant with the GDPR.

6. Data Retention

Data will be retained:

  • For the duration of registration on the Platform;
  • For up to 10 years after termination of the relationship, in compliance with tax and accounting obligations;
  • For a shorter period if required by law or at the user’s request (within legal limits).

7. User Rights

At any time, the user may exercise the rights provided for under the GDPR:

  • Access personal data;
  • Rectification or update;
  • Deletion (“right to be forgotten”);
  • Restriction of processing;
  • Data portability to another controller;
  • Objection to processing for legitimate reasons.

Requests may be sent to: info@unibookhub.com.

8. Disclaimer

UniBook is not responsible for:

  • Data entered incorrectly by the user or containing false information;
  • Personal data voluntarily shared by the user with other members of the Platform;
  • Improper use of data by third parties in violation of this document.

The user is solely responsible for the information and content they choose to publish or share within the Platform.

9. Changes to the Policy

UniBook reserves the right to modify this Policy at any time. Changes will be communicated to registered users and will take immediate effect from the date of publication.

10. Complaints

In case of violations or non-compliant processing, the user may file a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).