Why A Privacy Policy?

This page will describe management of our web site as regards processing the personal data of users that visit us.
This information is provided – also in pursuance of Article 13 of the EU Regulation 2016/679 – to any entity having to do with the web-based services that are made available by Xin Shu APS (“Xin Shu”) via electronic networks as from the following address www.xinshuacademy.com, which corresponds to the home page of our official web site.

The information provided only applies to our web site and does not concern any web sites that may be visited by an user via external links.

Data Controller

Visiting this site may result into the processing of data concerning identified or identifiable persons.
The data controller is Xin Shu APS, with registered office in Rome (Italy), Via dei Fabbri Navali n. 15, 00122.

Data Protection Officer

The Xin Shu’s Data Protection Officer (DPO) can be contacted here: Xin Shu APS – Data Protection Officer, Via dei Fabbri Navali n. 15, 00122, Roma – Italy; e-mail: info @ xinshuacademy.com.

Place Where Data Is Processed

The processing operations related to the web-based services that are made available via this website are carried out at the offices of Xin Shu exclusively by technical staff in charge of said processing or else by persons tasked with such maintenance activities as may be necessary from time to time.
Depending on the user’s location, data transfers may involve transferring the user’s data to a country other than their own. Users are entitled to learn about the legal basis of data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Data Controller to safeguard their Data.

The purposes of processing

Any personal data that is provided by users requesting to be sent information materials such as bulletins, newsletters, reports, answers to questions, decisions and sundry provisions, etc. is only used to provide the service and/or discharge the tasks requested and is disclosed to third parties only if this is necessary for the said purposes.

The data concerning the user is collected to allow the Data Controller to provide its services, as well as for the following purposes: contacting the user; registration and authentication; access to third party services’ accounts; analytics, interaction with support and feedback platforms; managing support and contact requests; displaying content from external platforms; managing contacts and sending messages; manage hosting and backend infrastructure; interaction with external social networks and platforms; interaction with live chat platforms; infrastructure monitoring; handling orders, payments and shipments; user database management; interaction with data collection platforms and other third parties; advertising campaigns; managing web conferencing and online telephony.

Categories of Processed Data – Navigation Data

The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.
Such information is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties.
This data category includes IP addresses and/or the domain names of the computers used by any user connecting with this web site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user’s operating system and computer environment.

These data are only used to extract anonymous statistical information on website use as well as to check its functioning; they are erased immediately after being processed. The data might be used to establish liability in case computer crimes are committed against the website; except for this circumstance, any data on web contacts is currently retained for no longer than seven days.

Categories of Processed Data – Data Provided Voluntarily by Users

Sending e-mail messages to the addresses mentioned on this website, which is done on the basis of a freely chosen, explicit, and voluntary option, entails acquisition of the sender’s address, which is necessary in order to reply to any request, as well as of such additional personal data as is contained in the message(s).
Specific summary information notices will be shown and/or displayed on the pages that are used for providing services on demand.


This website and third-party tools used by this site make use of cookies to better perform and for purposes outlined in the dedicated Cookie Policy, which forms a whole with this Privacy Policy.

Optional Data Provision

Subject to the specifications made with regard to navigation data, users are free to provide the personal data either to be entered in the application forms submitted to the Office or referred to in contacting the Office to request delivery of information materials and other communications. Failure to provide such data may entail the failure to be provided with the items requested.

Processing Arrangements

Personal data is processed with automated means for no longer than is necessary to achieve the purposes for which it has been collected.
Specific security measures are implemented to prevent the data from being lost, used unlawfully and/or inappropriately, and accessed without authorisation.

Data Subjects’ Rights

Data subjects are entitled at any time to obtain confirmation of the existence of personal data concerning them and be informed of their contents and origin, verify their accuracy, or else request that such data be supplemented, updated or rectified (pursuant to Articles 15 to 22 of the Regulation).
The above Articles also provides for the right to request erasure of such data or the restriction of the processing concerning them, and to object to the processing of the data. Please contact the Xin Shu’s DPO (Xin Shu APS – Data Protection Officer, Via dei Fabbri Navali n. 15, 00122, Roma – Italy; e-mail: info @ xinshuacademy.com) to lodge all requests to exercise these rights.

Bearing in mind that the current development status of automatic verification mechanisms is such as not to allow ruling out errors and malfunctioning, it is hereby specified that this document as posted at https://xinshuacademy.com/privacy-policy is the Privacy Policy of this site and will be updated as necessary.