Legal
Privacy Policy
Pursuant to Art. 13 of EU Regulation 2016/679 (GDPR)
1. Data Controller
Personal data collected via the website risingkungfu.com is processed by:
Simone Armellini
Via Napoleonica 2/A — 25080 Mazzano (BS) — Italia
Tax Code: RMLSMN81C31D284W
Email: info@risingkungfu.com
The Controller has not appointed a Data Protection Officer (DPO) as the obligation under Art. 37 GDPR does not apply.
2. Data collected and processing purposes
The Website collects personal data in the following ways:
2.1 Navigation data
The software systems operating the Website automatically collect data transmitted by the user's browser: IP address, browser type and version, operating system, pages visited, date and time of requests.
- Purpose
- Traffic analysis, site security
- Legal basis
- Legitimate interests of the Controller — Art. 6(1)(f) GDPR
2.2 Contact form
Users who complete the contact form voluntarily provide their name, email address and message. Data is forwarded to the Controller via Netlify Forms and delivered to the Controller's email inbox. No CRM or profiling systems are used.
- Purpose
- Responding to information requests
- Legal basis
- Pre-contractual measures at the data subject's request — Art. 6(1)(b) GDPR
2.3 Newsletter
Users subscribing to the newsletter provide their name and email address. Data is managed via the Brevo (formerly Sendinblue) platform. Subscription is voluntary and users may unsubscribe at any time via the link in every email.
- Purpose
- Sending periodic communications on content, events and programs
- Legal basis
- Data subject's consent — Art. 6(1)(a) GDPR. Withdrawal possible at any time
2.4 Analytics data
The Website uses Google Analytics 4 to collect aggregated browsing data. IP addresses are anonymised before transmission to Google. No individual profiling is carried out.
- Purpose
- Traffic analysis and Website improvement
- Legal basis
- Data subject's consent — Art. 6(1)(a) GDPR, managed via cookie banner
3. Data processors and third parties
The Controller uses the following data processors pursuant to Art. 28 GDPR:
| Provider | Service | Country | Safeguards |
|---|---|---|---|
| Netlify Inc. | Hosting, form backend | USA | SCC |
| Google LLC | Analytics, Fonts | USA | SCC / DPF |
| Brevo SAS | Email marketing (newsletter) | France (EU) | GDPR |
| Cloudflare Inc. | Turnstile (anti-spam) | USA | SCC |
| Cloudinary Ltd | Image hosting | USA / UK | SCC |
SCC = Standard Contractual Clauses (Art. 46 GDPR) · DPF = EU–US Data Privacy Framework
4. Transfers to third countries
Some providers listed in the previous section are based in or process data in the United States. Transfers are carried out in compliance with Art. 46 GDPR through Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring adequate protection. Google LLC additionally adheres to the EU–US Data Privacy Framework.
5. Retention periods
| Data type | Duration |
|---|---|
| Contact form messages | 24 months from receipt |
| Newsletter data (Brevo) | Until unsubscription |
| Navigation logs | Maximum 12 months |
| Google Analytics | 26 months (default GA4 retention) |
| Technical cookies | Session duration (see Cookie Policy) |
6. Your rights
Under Arts. 15–22 GDPR, data subjects have the right to:
- Access (Art. 15) — obtain confirmation and a copy of data processed
- Rectification (Art. 16) — correct inaccurate or incomplete data
- Erasure (Art. 17) — request deletion of data ("right to be forgotten")
- Restriction (Art. 18) — restrict processing in certain cases
- Portability (Art. 20) — receive data in a structured, machine-readable format
- Objection (Art. 21) — object to processing based on legitimate interests
- Withdrawal of consent (Art. 7) — withdraw consent at any time without affecting the lawfulness of prior processing
To exercise these rights, contact the Controller at info@risingkungfu.com or PEC info@pec.simonearmellini.it. The Controller will respond within 30 days of receipt.
Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it) or the supervisory authority of their country of residence.
7. Security
The Controller adopts appropriate technical and organisational measures to protect personal data from unauthorised access, loss, disclosure or alteration, in accordance with Art. 32 GDPR. The website uses encrypted HTTPS/TLS connections for all client-server communications.
8. Changes to this Policy
The Controller reserves the right to update this policy at any time to reflect regulatory or operational changes. Updates will be published on this page with the revision date. We recommend checking this page periodically.