Kick Rocks Consulting ยท Via Sebeto 13, 80142 Napoli NA, Italy
Kick Rocks Consulting, Via Sebeto 13, 80142 Napoli NA, Italy. Email: hello@kickrocksconsulting.com. Phone: +39 081 335 3507. P.IVA: IT-XXXXXXXXXXX. Registered in the Registro delle Imprese di Naples.
This Privacy Policy complies with: General Data Protection Regulation (GDPR, Regulation (EU) 2016/679); Codice in materia di protezione dei dati personali (D.lgs. 196/2003, as amended by D.lgs. 101/2018); Provvedimenti del Garante per la protezione dei dati personali (including the Cookie Guidelines of June 10, 2021); D.lgs. 70/2003 (implementation of E-Commerce Directive 2000/31/EC); and Codice del Consumo (D.lgs. 206/2005) where applicable to consumer transactions. The competent supervisory authority is the Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma, www.garanteprivacy.it.
3.1 Contact and Account Data: Name, surname, email address, phone number, company name (if applicable), VAT number (P.IVA) for business clients, and billing address. Collected when you request a quote, place an order, or contact us via form, email, or phone. 3.2 Project Data: Documents, materials, briefs, and strategic information you share with us for the purpose of delivering our services. This may include confidential business information, financial data, or marketing materials. All project data is treated as strictly confidential. 3.3 Payment Data: Payment is processed by Stripe, Inc. (PCI DSS Level 1 certified). We do not store full card numbers. We receive from Stripe: last 4 digits of card, card brand, transaction amount, date, and Stripe customer ID. 3.4 Communication Data: Content of emails, contact form submissions, and chat messages exchanged between you and our team. 3.5 Technical Data: We use Plausible Analytics (cookieless, EU-hosted, GDPR compliant by design). No personal data is collected or stored for analytics purposes. No tracking cookies are used.
4.1 Service Delivery (Art. 6(1)(b) GDPR โ performance of a contract): Processing orders, delivering services, managing projects, issuing invoices, providing customer support. 4.2 Legal Obligations (Art. 6(1)(c) GDPR): Tax reporting and invoice retention per Italian tax law (D.P.R. 633/1972, Art. 39; D.P.R. 600/1973, Art. 22), anti-money laundering obligations (D.lgs. 231/2007) where applicable. 4.3 Legitimate Interest (Art. 6(1)(f) GDPR): Improving our services based on aggregated, anonymized usage patterns; preventing fraud and ensuring IT security; defending legal claims. 4.4 Consent (Art. 6(1)(a) GDPR): Marketing communications and newsletter. Consent is freely given, specific, informed, and unambiguous. You may withdraw consent at any time by clicking "unsubscribe" in any email or by contacting us.
All documents, briefs, strategies, financial data, and business information shared with us are treated with strict confidentiality. Specifically: (a) all team members sign Non-Disclosure Agreements (NDAs); (b) client materials are stored on encrypted servers (AES-256) within the EU; (c) access is restricted to team members directly involved in your project; (d) materials are permanently deleted within 30 days of project completion unless you request retention; (e) we sign your NDA or confidentiality agreement upon request before receiving materials; (f) for financially sensitive documents, additional access controls and audit logging are applied.
Under GDPR and Italian data protection law, you have the right to: (a) Access your personal data (Art. 15 GDPR); (b) Rectification of inaccurate data (Art. 16); (c) Erasure ("right to be forgotten," Art. 17); (d) Restriction of processing (Art. 18); (e) Data portability in a structured, machine-readable format (Art. 20); (f) Object to processing based on legitimate interest (Art. 21); (g) Withdraw consent at any time without affecting the lawfulness of prior processing (Art. 7(3)); (h) Lodge a complaint with the Garante per la protezione dei dati personali. To exercise your rights: email hello@kickrocksconsulting.com with subject "Privacy Request" or write to: Via Sebeto 13, 80142 Napoli NA, Italy. We will respond within 30 days. Identity verification may be required per Art. 12(6) GDPR.
Client data: Duration of business relationship + 10 years (Italian civil statute of limitations, Art. 2946 Codice Civile). Invoices and accounting records: 10 years (Art. 2220 Codice Civile; D.P.R. 600/1973). Project materials: Deleted 30 days after project completion unless extended retention is agreed in writing. Communication records: 3 years. Marketing consent records: Duration of consent + 5 years (as evidence of lawful processing). Tax-relevant data: Per Italian fiscal law retention requirements.
We share personal data only with the following categories of processors, each bound by Data Processing Agreements (Art. 28 GDPR): Stripe, Inc. (San Francisco, CA, USA โ adequacy via EU-US Data Privacy Framework) for payment processing; Plausible Insights Oร (Tallinn, Estonia โ EU) for privacy-focused analytics (no personal data shared); and email service providers for transactional and marketing communications (EU-based). We do not sell, rent, or trade personal data to third parties for their own purposes.
Your data is primarily processed within the EU/EEA. Where data is transferred to processors outside the EEA (Stripe, Inc. in the USA), transfer is protected by: the EU-US Data Privacy Framework adequacy decision; or Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914). You may request a copy of the applicable safeguards by contacting us.
We implement technical and organizational measures per Art. 32 GDPR: TLS 1.3 encryption for data in transit; AES-256 encryption for data at rest; multi-factor authentication for all staff accounts; role-based access controls; regular security audits and vulnerability assessments; encrypted backups stored in EU data centers; NDA agreements with all staff and subcontractors; and documented data breach response procedures (notification to Garante within 72 hours per Art. 33 GDPR).
Data Controller: Kick Rocks Consulting, Via Sebeto 13, 80142 Napoli NA, Italy. Email: hello@kickrocksconsulting.com. Phone: +39 081 335 3507. Supervisory Authority: Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma, Italy. Website: www.garanteprivacy.it. Email: protocollo@gpdp.it. PEC: protocollo@pec.gpdp.it.
Last updated: March 2026.
Online ยท Naples