1. Introduction
This Privacy Policy describes how CINEFIVE SRL , with registered office in Via Roberto Tremelloni 15, 20128 Milan (MI), VAT number 14011770964, e-mail info@cinefive.it, collects, uses and protects the personal data of users who visit the site www.cinefive.it (hereinafter, "Site"). The processing of personal data occurs in compliance with **Regulation (EU) 2016/679 (GDPR)** and applicable national legislation.

2. Data Controller
The data controller is CINEFIVE SRL , with registered office in Via Roberto Tremelloni 15, 20128 Milan (MI). For any request regarding privacy, you can contact us at the e-mail address info@cinefive.it .

3. Types of data collected
While browsing our Site, we may collect the following categories of personal data:
- Identification data : name, surname, email address, telephone number, shipping and billing address.
- Payment data : information required to process payments (e.g. credit card, PayPal, bank transfer), processed by third-party providers compliant with GDPR.
- Browsing data : IP address, device information, cookies and tracking data (see Cookie Policy).
- Data provided voluntarily by the user : messages sent via contact forms, email or other communication channels.

4. Purpose of processing and legal basis
Personal data are processed for the following purposes:
- Order fulfillment and contract management (art. 6(1)(b) GDPR);
- Fulfilment of legal and tax obligations (art. 6(1)(c) GDPR);
- Direct marketing and newsletters , subject to the user's consent (art. 6(1)(a) GDPR);
- Improvement of user experience and analysis of web traffic (art. 6(1)(f) GDPR – legitimate interest).

5. Data retention
Personal data will be retained for the time necessary to achieve the purposes for which they were collected, in compliance with the principles of limitation of storage and data minimization:
- Data for contractual purposes : stored for 10 years (tax and accounting obligations);
- Marketing data : until consent is revoked;
- Browsing data : as indicated in the Cookie Policy.

6. Sharing and transferring data
Data may be shared with third parties only in the following cases:
- Service providers (e.g. couriers, payment systems, hosting services);
- Public authorities in case of legal obligation;
- Partners for marketing activities, only with the user's consent.
The data will not be transferred outside the EU, except to countries with adequate guarantees (art. 45-46 GDPR).

7. User rights
Users may exercise the following rights under the GDPR:
- Access to your personal data;
- Correction of inaccurate data;
- Deletion of data (right to be forgotten);
- Limitation of processing in certain circumstances;
- Objection to processing for legitimate reasons;
- Portability of data to another owner;
- Revocation of consent (without affecting processing prior to revocation).
Requests can be sent to the email address support@cinefive.it.

8. Data Security

We take appropriate security measures to protect personal data from unauthorized access, loss, alteration, disclosure or accidental or unlawful destruction. In particular:

• Encryption of sensitive data , where applicable;

• Firewalls and advanced protection systems to prevent cyber attacks;

• Access control to ensure that only authorised personnel can process data;

• Regular backups to prevent accidental data loss;

• Continuous monitoring of our systems for security breaches;

• Internal incident response procedures for the timely management of any security breaches.

Although we take all necessary measures to protect personal data, no computer system can guarantee absolute security. In the event of a data breach, we will notify the competent authorities and the affected users in accordance with applicable legal provisions.

9. Changes to this Policy
We reserve the right to change this Privacy Policy at any time. Changes will be posted on this page and, where appropriate, notified to users.