5 CLUB s.r.l.
with registered office in Milan (MI), at Largo Augusto 3, 20122, Phone. +39 0165842660 - - Share capital € 50,000.00 = f.p. – tax code and VAT no. 10374400967 – No. REA MI - 2527113, as Data Controller, in accordance with Article 4 (paragraph 1), no. 7) and Article 24 of EU Regulation No. 2016/679 (hereinafter GDPR) on the protection of personal data, in fulfilment of the obligations laid down in Article 13 GDPR provides this Privacy Notice detailing the purposes and means for the processing of your personal data.

It is clarified that:

- Personal data (under Article 4, paragraph 1, no. 1) GDPR) identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the means ‘any information relating to an physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’;
- Processing (under Article 4, paragraph 1, no. 2) GDPR) means ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction’.

1. Data Controller and contact details
The Data Controller pursuant to Article 24 of GDPR, determining the purposes and means for processing, is the following:

5 CLUB s.r.l.
registered office: Largo Augusto 3, 20122 Milan (MI)
Phone +39 0165842660

2. Data processed
Browsing data
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. This information is not collected to be linked with specific data subjects, but due to its nature may, through processing and linkage, allow for the users to be identified. This data category includes the IP addresses and/or the domain names of the computers employed by any user browsing the website, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, the size of the returned file, a numerical code relating to server response status (successful, error, etc.), and other parameters related to the user’s operating system and computer environment. These data are necessary to use web-based services and are processed in order to extract statistical information on site usage and to assess its proper functioning. After these data are processed, they are erased. The data could be used in the event that judicial authorities establish that cybercrimes have been committed.
Data provided by the user on a voluntary basis
Sending e-mails, on the basis of the user’s free, voluntary, explicit choice, to the addresses provided on this website, as well as filling in and sending the forms made available on the website entail the acquisition of the sender’s contact information, which is necessary to provide a reply ,as well as of any and all the personal data communicated in that manner.

3. Processing purposes and legal basis
3.1 Your personal data are processed for the following purposes:
a) answering specific requests;
b) complying with legal and/or regulatory obligations: to fulfil statutory and/or regulatory obligations of a tax, administrative and accounting nature;
c) performing the relevant obligations upon or prior to executing or in performing an agreement to which the Data Subject is party, also of a tax nature;
d) protecting credit.
3.2 The processing of your personal data is based on Article 6, paragraph 1, letters b) and c) GDPR.

4. Nature of the disclosure
For the purposes set out in Article 3.1, letters a), b), c) and d) of this Privacy Notice, the data disclosure is necessary to reply to your requests and carry out the services provided by the Data Controller and a possible refusal determines the impossibility of providing the same. It is not necessary to acquire the consent of the Data Subject to carry out the processing referred to in Article 3.1, letters a), b), c) and d) of this Privacy Notice.

5. How data are processed
Data processing is done in paper, IT and telematic form, also with the help of electronic means, by specially authorised in-house persons and/or by third parties, according to logic purely related to the purposes of this Privacy Notice. The data are stored in electronic filing systems and, residually, on paper, in such a way as to guarantee the safety and confidentiality of the data. The processing of personal data is carried out in accordance with the principles on which the GDPR is based.

6. Recipients
Recipient means according to Article 4, paragraph 1, no. 9) GDPR, ‘a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing’.
It should be noted that, in relation to the above-mentioned purposes, personal data may be subject to communication to recipients cooperating with the Data Controller or for the fulfilment of statutory obligations. These recipients are bound by absolute confidentiality in relation to any information they may be aware of. Some categories are provided below.
- Authorities, public administrations and supervisory bodies for their institutional purposes.
- Affiliates, entities, consultants, consulting firms and professional firms cooperating with the Data Controller to achieve the aforementioned purposes and fulfil the obligations provided under law.
- Entities providing services for the management of the Data Controller’s computer system.
- Certified professionals in order to study and resolve any legal and contractual problems.
- Banks or similar organisations.

7. Where the data are processed
The data processing related to a contract is handled within a member state of the European Union or within a member state of the European Economic Area.

8. Dissemination and data disclosure
Your personal data are neither subject to disclosure nor transfer.
Disclosure to Third Parties, other than the Data Controller and the Data Processor - internal or external to the Company - identified and appointed under Articles 24 and 28 GDPR occurs where necessary.
In any case, processing by Third Parties shall occur in compliance with the principles of fairness, proportionality and necessity, and in compliance with the legal provisions in force.

9. Storage time
The data shall be stored in accordance with the principle of proportionality and in any case for the period necessary to fulfil the purposes set out in Article 3.1. of this Privacy Notice and, at any rate, not exceeding 10 tax years.

10. Data security
The Data Controller adopts the appropriate technical and organisational measures to ensure a level of security appropriate to protect data in order to prevent loss, unlawful or unfair use and unauthorised access.

11. Rights of the Data Subject
Pursuant to Article 13, paragraph 2, letter b) GDPR with respect to the processing of personal data, the following rights may be exercised with the aim of ensuring the unfair and transparent processing of such data:

11.1. Right of access by the data subject (Article 15 GDPR): in order to obtain from the Data Controller information as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations.
11.2. Right to rectification (Article 16 GDPR), right to erasure erasure (Article 17 GDPR), and right to restriction of processing (rt. 18 GDPR): to request from the Data Controller the rectification and the erasure of the personal data, and the right to restricting the processing of those data.
11.3. Right to data portability (Article 20 GDPR): to receive the personal data concerning him or her, which he or she has provided to a Data Controller, in a structured, commonly used and machine- readable format and have the right to transmit those data to another Data Controller, where technically feasible.
11.4. Right to object (Article 21 GDPR): to object to processing of personal data concerning him or her.

To exercise the rights mentioned in Article 13, paragraph 2, letters b) and e) GDPR, you may write to:

5 CLUB s.r.l.
registered office: Largo Augusto 3, 20122 Milan (MI)
Phone +39 0165842660

12. Right to lodge a complaint and right to a judicial remedy
In accordance with Article 13, paragraph 2, letter d) GDPR and Article 140 bis of Legislative Decree No. 196/2003, as amended by Legislative Decree No. 101/2018, we hereby state that should you believe that the personal data processing is carried out in breach of the provisions of the European Regulation or Personal Data Protection Code, you may lodge a complaint with the Privacy Supervisory Authority pursuant Article 77 GDPR or, alternatively, to seek a judicial remedy with the Judicial Authorities.