1. Introduction

The protection of the personal data of its customers, employees and users is, for Arnoldo Mondadori Editore S.p.A. and all its subsidiaries within the meaning and for the purposes of Article 2359 of the Italian Civil Code, (hereinafter the “Mondadori Group”) a fundamental and indispensable value.

The Mondadori Group recognises the protection of personal data as an expression of respect for the dignity, freedoms and fundamental rights of individuals, and is committed to processing such data in accordance with the principles of lawfulness, fairness, transparency, security and accountability, adopting appropriate practices and measures to ensure that they are used in compliance with current legislation and the company’s ethical values.

This document (the “Privacy Policy”) has been drawn up in accordance with EU Regulation 2016/679 (the “GDPR”) and applicable European and national legislation, with the aim of describing the principles and methods by which the companies of the Mondadori Group – as further specified in paragraph 2 of this Privacy Policy – manage their websites and digital channels (the “Websites”) in relation to the processing of personal data relating to users/visitors who access them (the “Users”).

Please note that this Privacy Policy applies to the processing of data carried out on the Mondadori Group’s Websites and does not apply to processing carried out on other websites outside the Mondadori Group that the User may visit whilst browsing by clicking on links and/or banners on the Websites. Furthermore, this Privacy Policy does not replace the notices provided pursuant to Articles 13 and 14 of the GDPR by the companies of the Mondadori Group in their capacity as Data Controllers.

2. The Data Controllers

Each of the companies within the Mondadori Group, listed below, acts as a data controller in accordance with the relevant definition set out in Article 4(7) of the GDPR (each individually a “Data Controller” or collectively the “Data Controllers”), for the processing of personal data necessary for browsing their Websites.
To find out which companies within the Mondadori Group act as Data Controllers, along with their contact details, click here.

3. The Data Protection Officer

In accordance with Article 37 of the GDPR, the Mondadori Group has appointed a Data Protection Officer (“DPO”). You are free to contact the DPO regarding any matters relating to the processing of personal data and/or if you wish to exercise your rights as a data subject, as set out in paragraph 10 of this Privacy Policy, by sending a written communication to the email address dpo@mondadori.it.

For matters relating to the processing of personal data and/or if you wish to exercise your rights as a data subject in relation to the company:

• Edilportale.com S.p.A. You can contact the DPO by sending a written message to the email address dpo@edilportale.com.
• Edizioni Star Comics S.r.l. You can contact the DPO by sending a written message to the email address dpo@starcomics.com.
• Star Shop Distribuzione S.r.l. You can contact the DPO by sending a written message to the email address dpo@starshop.it.

4. Types of personal data processed and purposes of processing relating to browsing the Websites

It is worth noting that, in the digital environment, personal data is mainly collected through cookies and other tracking tools. The most common of these tools include navigation cookies, tracking pixels, behavioural profiling tools and device fingerprinting technologies. Whilst these tools are designed to personalise services and enhance the User experience, they must be used in an informed and transparent manner, in full compliance with current legislation and respect for fundamental human rights. On each Website, you will find a footer containing a detailed explanation of the cookies and tracking tools installed therein and how they work: you can always change your preferences regarding the use of cookies, with the exception of technical cookies, which are necessary for browsing the Website and do not require your specific consent.

Data provided voluntarily by Users
In addition to cookies and tracking tools, it is important to note that certain data is collected by the Data Controller because it is provided voluntarily by the User. This includes, for example, information provided in contact forms or dedicated forms, as well as in requests to subscribe to newsletters or services.

5. Methods of data processing and retention periods

The Mondadori Group regards the protection of personal data as a cornerstone of its operations, in full compliance with current legislation. All processing is carried out in accordance with the principles of fairness, lawfulness and transparency, collecting only the information that is strictly necessary and ensuring that it is handled by authorised and trained staff, with the aim of safeguarding its confidentiality.

Data may be processed either manually or using electronic means, with appropriate technical and organisational measures in place to safeguard its security, integrity and availability, and to prevent the risk of loss, unlawful use or unauthorised disclosure. We also ensure that any inaccurate data is corrected or deleted promptly, in accordance with the purposes for which it was collected.

Data is retained for as long as is strictly necessary, unless legal obligations require it to be retained for longer periods, in accordance with the principles set out in the GDPR.

Access to the Mondadori Group’s Websites is generally restricted to adults, with exceptions for children aged 14 and over, who are provided with a simplified privacy notice and specific safeguards: minors’ personal data is not used for advertising purposes and, where minors are under the age of 14, such data may only be provided with the consent of their parents or those exercising parental responsibility. In any event, the Data Controller accepts no liability for any false statements made by the minor.

Finally, where artificial intelligence tools, such as chatbots, are used, data processing is carried out in accordance with the relevant privacy notices and with the assurance that the information provided by Users will not be used to train artificial intelligence systems.

6. Redirects to external websites

Websites may contain tools for integrating with social networks, known as social plug-ins. These tools, which can be identified by the platforms’ official logos, allow you to integrate typical social media features directly into your website, such as the ‘like’ button or the option to leave a comment.

It is important to note that, when the User interacts with these plug-ins, the information generated is transmitted from the browser to the relevant platform and stored there. To ensure full transparency, we invite all Users to consult the privacy policy of each social network, which sets out the purposes and methods of data collection, use and storage, as well as the rights that may be exercised.

In this way, we reaffirm the Mondadori Group’s commitment to explaining how digital tools work and to promoting the responsible use of technology, whilst respecting the privacy and freedom of choice of each User.

7. Links to/from third-party websites

The Websites may contain links to pages managed by third parties. It is important to note that, once you have chosen to access such external websites, the management of your personal data and any login credentials is the sole responsibility of the respective third-party website operators.

In accordance with the principles of fairness and transparency, the Mondadori Group cannot be held liable for the use of the information collected by third parties. You are therefore encouraged to make your choices freely and with due regard for the protection of your privacy.

8. Recipients of personal data

Personal data collected by the Mondadori Group may be shared with specific parties, solely for the purposes stated and in accordance with confidentiality rules. Firstly, the processing may be entrusted to authorised persons who act under the direct responsibility of the Data Controller and who have been duly trained and appointed.

In addition, certain activities may be carried out by third parties who work with the Mondadori Group to provide technical or support services, such as IT companies or maintenance providers. In certain cases, data may also be disclosed to bodies or organisations that process it as independent data controllers, such as credit institutions, insurance companies, consultants or public authorities, always in accordance with the purposes set out in the privacy notices.

This section reaffirms the Mondadori Group’s commitment to ensuring that all data transfers are carried out with transparency, accountability and in accordance with the rights of data subjects.

9. Transfer of personal data

Personal data is processed primarily within the European Union, in accordance with the common data protection rules laid down by the GDPR. Should it become necessary, for technical or operational reasons, to involve parties located outside the European Economic Area, the Data Controller shall ensure that the level of protection remains substantially equivalent to that guaranteed by European legislation.

All transfers to third countries are governed by the mechanisms provided for in the GDPR, such as the European Commission’s adequacy decisions, standard contractual clauses or binding corporate rules. This ensures that personal data is always processed with the same care and security, regardless of where it is managed.

10. Rights of data subjects

As provided for in the GDPR, you may exercise the following rights vis-à-vis the Data Controller at any time:

• Right of access: you have the right to obtain from the Data Controller confirmation as to whether or not your personal data are being processed (or whether automated decision-making is taking place) and, if so, to obtain access to and/or a copy of such personal data (Article 15 of the GDPR).
• Right to rectification: You have the right to have your personal data rectified or supplemented if it is inaccurate or incomplete (Article 16 of the GDPR).
• Right to erasure (known as the ‘right to be forgotten’): in certain circumstances, you have the right to have your personal data erased without undue delay (Article 17 of the GDPR).
• Right to restriction of processing: in certain circumstances, you may request that processing be restricted (e.g., if you have objected to the processing, if you have exercised your right to rectification, and/or if the processing is unlawful). Where processing is restricted, your personal data will be processed – except for storage – only with your consent, or for the establishment, exercise or defence of legal claims, or to protect the rights of another natural or legal person, or for reasons of substantial public interest. In any case, we will inform you before this restriction is lifted. (Art. 18 of the GDPR).
• Right to data portability: You may, at any time, request and receive all your personal data processed by the Data Controller in a structured, commonly used and machine-readable format, or request that it be transmitted to another Data Controller without hindrance (Article 20 of the GDPR).
• Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data. If you object, the Data Controller will cease the processing to which you have objected, unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims (Article 21 of the GDPR).

To exercise any of your rights, simply contact the Data Controller using the contact details provided below:

• by writing to the Mondadori Group’s Data Protection Office at the parent company Arnoldo Mondadori Editore S.p.A., Via Mondadori 1, 20054 – Segrate (Milan);
• by sending an email to privacy@mondadori.it, for the attention of the Mondadori Group’s Data Protection Office;
• For D Scuola S.p.A., by sending an email to deascuola.privacy@deascuola.it;
• For De Agostini Libri S.r.l., by sending an email to the address dealibri.privacy@deagostinilibri.it;
• For Edilportale.com S.p.A., by sending an email to the email address privacy@edilportale.com;
• For Edizioni Star Comics S.r.l., by sending an email to info@starcomics.com;
• For Star Shop Distribuzione S.r.l., by sending an email to servizioclienti@starshop.it.

Please note that you may contact the Data Protection Officer (DPO) of the Mondadori Group, the DPO of Edilportale.com S.p.A., the DPO of Edizioni Star Comics S.r.l. or the DPO of Star Shop Distribuzione S.r.l. at any time, in accordance with the procedures set out in paragraph 3.

You also have the right to lodge a complaint with the supervisory authority.
For further information, please refer to the privacy policies available on the Websites.

11. Update to the Privacy Policy

This Privacy Policy has been last updated in April 2026 and applies to the Websites from the date of its publication; it supplements and completes the privacy notices provided by each company within the Mondadori Group on the individual Websites they manage. The possible introduction of new sector-specific regulations, as well as the ongoing review and updating of the general terms and conditions of use of the Websites, may necessitate changes to these terms. This Privacy Policy may therefore be subject to change over time, and we therefore encourage all Users to check this page regularly. It is hereby agreed that any changes to the privacy notices provided at the time of personal data collection will be communicated to each data subject by the Data Controller in the manner determined by the latter.