Hoop Club S.p.A., in its capacity as data controller, hereby informs, pursuant to Article 13 of Regulation (EU) No. 2016/679 (“GDPR“), that the data provided by users (“Data Subject” or “User“) via the website www.hoopclub.it (the “Site“) will be processed as described below.

1. Data Controller

The Data Controller is Hoop Club S.p.A., with registered office at Via del Lauro 9, 20121 Milan (MI), Italy – Tax Code/VAT No. and Companies Register of Milan Monza Brianza Lodi No. 113439960967 (hereinafter, the “Company” or the “Data Controller“).

For any communication, the Data Controller provides the following email: privacy@hoopclub.it.

The Data Controller may appoint one or more data processors pursuant to Article 28 of the GDPR, who will provide specific processing services or support activities on its behalf, taking all necessary technical and organizational measures to protect the rights, freedoms, and legitimate interests of Data Subjects.

2. Description of Processing

The processing concerns the following personal data (“Personal Data” or “Data“) provided by the Data Subject when using the services on the Site:

Note: Although browsing data are not collected to identify individuals, such identification may be possible if combined with other information held by third parties (e.g., Internet Service Providers).

3. Processing Methods

Personal Data will be:

• processed using the operations defined in Art. 4(1)(2) GDPR, including collection, recording, storage, consultation, modification, use, interconnection, deletion, etc.;
• handled electronically and/or via automated systems;
• used through email or remote communication tools like phone, messaging, text, online chat, and social media.

4. Transfer of Personal Data

Data will be stored and managed within the European Economic Area (EEA) on servers of duly appointed third-party data processors.

If services are accessed in other countries, any cross-border data transfers will be strictly limited to what is necessary. Adequate protection measures will be taken, including, if applicable, Standard Contractual Clauses (SCCs) approved by the European Commission. In the absence of an adequacy decision (Art. 45(3) GDPR) or appropriate safeguards (Art. 46 GDPR), specific consent under Art. 49 GDPR will be requested.

More details can be obtained by emailing: privacy@hoopclub.it.

5. Security Measures

The Data Controller adopts appropriate security measures under Art. 32 GDPR to protect Data against loss, misuse, or unauthorized access. Processing is carried out using IT systems with organizational methods strictly aligned with the stated purposes.

6. Failure to Provide Personal Data

Providing Data may be:

• Mandatory: For the delivery of services and compliance with legal/regulatory obligations;
• Optional: For marketing or newsletter purposes.

Refusal to provide Data may make it impossible for the Company to provide services or access to the platform. Withdrawal of one or more consents may limit full access to features or services.

7. Data Retention and Deletion

Retention periods are listed in the table above. Once expired, Data will be deleted, and rights such as access, erasure, or portability can no longer be exercised.

Data will be stored on electronic systems (including portable devices), protected by appropriate security measures, and accessed only by authorized personnel.

8. Data Disclosure

Data may be disclosed to:

1. Employees and collaborators authorized to process Data;
2. Outsourced service providers (e.g., IT/software providers);
3. Public and private parties (e.g., legal/tax advisors, judicial offices) where required by contract or law;
4. Public authorities with legal access rights.

Data will not be disseminated publicly.

9. Data Subject Rights

Data Subjects may exercise the following rights under Chapter III of the GDPR:

1. Access (Art. 15): To verify processing and obtain Data in a standard format;
2. Rectification (Art. 16): To correct or complete inaccurate/incomplete Data;
3. Erasure (Art. 17): To have Data deleted without undue delay;
4. Restriction (Art. 18): To limit Data processing;
5. Portability (Art. 20): To receive Data in a structured, machine-readable format;
6. Objection (Art. 21): To object to processing based on legitimate interest;
7. Withdrawal of consent (Art. 7(3)): At any time, without affecting previous lawful processing.

10. Exercising Rights

To exercise rights, contact the Company via:

• Email: privacy@hoopclub.it
• Certified email (PEC): hoopclubspa@legalmail.it
• Registered mail: Hoop Club S.p.A., Via del Lauro 9, 20121 Milan, Italy

11. Right to Lodge a Complaint

If you believe your Data has been processed unlawfully, you may file a complaint with the Italian Data Protection Authority:

• Email: garante@gpdp.it or urp@gpdp.it
• Fax: +39 06 696773785
• Post: Piazza Venezia 11, 00187 Rome, Italy

Or bring a case before the competent courts.

12. Processors and Persons in Charge

An up-to-date list of processors and authorized personnel is available at the Data Controller’s headquarters.

13. Policy Updates

This policy may be modified or updated at any time. Should the Company intend to use Personal Data for purposes other than those stated, it will notify Users and seek specific consent where required.

Last updated: June 2025