Legal

Privacy Policy

Last updated: May 15, 2026

This Privacy Policy explains how UBL processes personal data when users interact with the Italian Championship website, accounts, tickets, hospitality, payments, applications, cookies, and related services.

Introduction

This Privacy Policy explains how personal data is collected, used, stored, and protected when users visit italianchampionship.it, ultimateboxleague.com, and related UBL digital services.

This notice is provided under Articles 13 and 14 of Regulation (EU) 2016/679, the General Data Protection Regulation, and applies to the public website, account area, checkout, ticketing, hospitality, team application, contact, and support experiences operated by UBL.

This policy does not apply to third-party websites or services that may be linked from UBL pages. Those third parties are responsible for their own privacy notices.

Where a service is addressed to minors, users under 14 years of age must have consent or authorization from a parent or legal guardian where required by applicable Italian law.

Data Controller

The Data Controller is ASD CROSSTRAINING ITALIA, Via Spinelli 16, 80010 Quarto (NA), VAT No. 10214871211.

Privacy requests may be sent to info@italianchampionship.it.

No Data Protection Officer is currently listed for this service. If the Controller appoints one, this policy will be updated with the relevant contact details.

Personal Data We Process

Browsing, Security, And Technical Data

When users visit the website, the service may process IP address, browser and device information, user agent, request time, pages requested, referral information, system logs, error logs, security events, and data needed to deliver pages through Cloudflare Workers, CDN, and related infrastructure.

The website may also store local preferences such as theme, cookie consent, cart state, authentication/session information, and similar technical data needed to provide requested functionality.

Contact And Support Requests

When users contact UBL through website forms or email, UBL may process first name, last name, company name, email address, phone number, message content, request context, and related communication metadata.

This information is used to respond to the request, manage support, evaluate collaboration enquiries, and keep a record of the interaction where necessary.

Accounts And Authentication

For account access, UBL may process email address, display name, phone number, country, one-time-password or magic-link metadata, hashed tokens, redirect metadata, session token hashes, IP address, user agent, session expiry, and last-use information.

If a user signs in with Google, UBL may receive data made available by Google for authentication, such as account identifier, email address, and profile metadata needed to create or link the UBL account.

Orders, Tickets, Services, And Payments

For checkout, tickets, merchandise, and services, UBL may process purchaser name, email, phone, country, order number, order lines, payment status, payment provider, payment reference, transaction timing, ticket attendee name, attendee email, attendee phone, QR or redemption data, check-in status, receipts, and related support information.

Payments are processed through Stripe. UBL receives payment status and references needed to manage orders, but does not store full card numbers or card security codes.

Hospitality And Accommodation

For hospitality bookings, UBL may process purchaser and guest names, email addresses, phone numbers, country, dates of birth where required for accommodation or event operations, stay dates, room type, number of guests, booking reference, breakfast, parking, baby crib preferences, booking notes, payment data, and operational status.

Where needed, relevant booking information may be shared with hotels, accommodation providers, or event suppliers to provide the requested service.

Team Applications

For staff, judge, and media applications, UBL may process role, first name, last name, email, phone, country, city, date of birth where required, languages, dietary preference, allergies or intolerances, apparel size and apparel gender, availability, staff role preference, event crew experience, judging experience, judge course status, accommodation needs, recent IF3 event experience, media role, Instagram profile, portfolio link, volunteering preference, requested fee, fee details, and notes.

Dietary preferences, allergies, or intolerances may reveal health-related information. Users should provide only the information needed for safe event organization and role evaluation.

Cookies And Tracking

UBL processes cookie and local-storage preferences such as the consent state saved under ubl-cookie-consent. Marketing tracking through Meta Pixel is loaded only when the user gives marketing consent.

The cookie banner includes an analytics preference category, but no analytics provider is currently loaded by the website unless UBL adds one later.

Purposes And Legal Bases

  • Operate, secure, debug, and maintain the website and account services. Legal bases: performance of requested services and legitimate interest in security and service reliability.
  • Respond to contact, support, commercial, partnership, and event enquiries. Legal bases: pre-contractual steps requested by the user and legitimate interest in managing communications.
  • Authenticate users through OTP, magic link, session, or Google sign-in. Legal bases: performance of the account service and legitimate interest in preventing misuse.
  • Manage carts, checkout, orders, tickets, services, accommodation, event access, customer support, refunds, and receipts. Legal bases: performance of a contract, pre-contractual steps, and legal obligations.
  • Process payments and reconcile payment status with Stripe. Legal bases: contract performance and legal obligations related to payments, tax, accounting, and fraud prevention.
  • Evaluate and manage staff, judge, and media applications for UBL events. Legal bases: pre-contractual steps requested by the applicant, legitimate interest in event organization, and, where health-related data is voluntarily provided, explicit consent or necessity for event safety and accommodation of needs.
  • Send operational emails, account access emails, order communications, and support replies. Legal bases: contract performance, pre-contractual steps, and legitimate interest.
  • Measure and optimize advertising or marketing campaigns through Meta Pixel. Legal basis: user consent.
  • Comply with laws, respond to lawful requests, defend rights, and prevent abuse or fraud. Legal bases: legal obligation and legitimate interest.

Recipients And Service Providers

Personal data may be processed by authorized UBL personnel and by service providers acting as processors or independent controllers depending on their role.

  • Cloudflare, including Workers, CDN, security services, and R2 media storage, for hosting, delivery, security, and media infrastructure.
  • The Laravel backend and database infrastructure hosted on the OVH VPS/Hestia deployment used for UBL backend operations.
  • Email and mail delivery providers used by the backend, including Resend where configured, for transactional, support, and application emails.
  • Stripe for payment processing, payment status, fraud prevention, and related payment services.
  • Google where the user chooses Google sign-in.
  • Meta Platforms Ireland for Meta Pixel marketing and ad-measurement tracking, only after marketing consent.
  • Hotels, accommodation providers, ticketing, check-in, event, logistics, or service suppliers where necessary to provide requested bookings, tickets, hospitality, services, or event operations.
  • Professional advisors, public authorities, courts, or law enforcement where required by law or necessary to protect legal rights.

International Transfers

Some providers may process personal data outside the European Economic Area. Where this happens, UBL relies on applicable safeguards such as European Commission adequacy decisions, Standard Contractual Clauses, contractual commitments, or other transfer mechanisms permitted by GDPR.

Users may request further information about applicable transfer safeguards by contacting info@italianchampionship.it.

Retention

UBL keeps personal data only for as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law.

  • Contact and support requests are generally retained for up to 12 months after the last interaction, unless a longer period is needed for legal, contractual, or dispute reasons.
  • Team applications are generally retained for up to 24 months after submission or the relevant event cycle, unless longer retention is needed for disputes, safety, accounting, or legal obligations.
  • OTP and magic-link records are retained for the short operational period tied to expiry, abuse prevention, and security logging.
  • Session records are retained until expiry, logout, or replacement, plus any additional period needed for security, fraud prevention, and troubleshooting.
  • Orders, invoices, payment records, receipts, and fiscal/accounting information may be retained for up to 10 years where required by Italian or EU tax and accounting law.
  • Ticket, hospitality, check-in, service, and event operational data is retained for the event lifecycle and post-event support, then only as needed for accounting, legal, contractual, safety, or dispute purposes.
  • Cookie and consent preferences are retained until changed, reset, deleted by the user or browser, or refreshed after material changes to tracking practices.

User Rights

Under GDPR, users may exercise the rights available to them in relation to their personal data.

  • Right of access: obtain confirmation of processing and a copy of personal data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion where legal conditions apply.
  • Right to restriction: request that processing be limited where legal conditions apply.
  • Right to data portability: receive data in a structured, commonly used, machine-readable format where applicable.
  • Right to object: object to processing based on legitimate interest, including direct marketing where applicable.
  • Right to withdraw consent: withdraw consent at any time where processing is based on consent, without affecting processing carried out before withdrawal.
  • Right to lodge a complaint with a supervisory authority, including the Italian Data Protection Authority, the Garante per la protezione dei dati personali.

How To Exercise Rights

Requests may be sent to info@italianchampionship.it. UBL may need to verify the requester identity before acting on a request.

Requests are handled free of charge where required by law and answered within one month, unless an extension is allowed by GDPR due to complexity or number of requests.

Cookie And Tracking Notice

The website uses technical cookies, local storage, and similar technologies to provide requested functionality, remember preferences, maintain carts or sessions, secure the service, and record consent choices.

The website also offers optional consent categories. Users can accept all, use necessary-only mode, or customize choices from the cookie banner. Users can later reset their choice through the footer control labelled Cookie preferences.

Necessary Technologies

Necessary technologies include theme preferences, consent preferences, authentication/session-related storage, cart-related storage, security logs, and similar data required to operate requested website features. These do not require marketing consent.

Analytics

The banner includes an analytics category for future measurement tools, but no analytics provider is currently loaded by the website. If analytics tools are added, this policy will be updated and the relevant consent behavior will be applied where required.

Marketing

Meta Pixel is used only after marketing consent. It may help UBL measure advertising performance and understand whether marketing campaigns lead to website interactions. Users can withdraw consent by resetting cookie preferences.

Security

UBL adopts technical and organizational measures intended to protect personal data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include access controls, token hashing for authentication flows, infrastructure security controls, and operational safeguards appropriate to the nature of the data processed.

No internet service can be guaranteed as completely secure. Users should keep account access links, one-time codes, and devices secure.

Changes To This Policy

UBL may update this Privacy Policy to reflect changes in law, infrastructure, service providers, or website functionality. The latest version is published on this page with the last updated date.

Where changes materially affect consent-based processing, UBL will request consent again where required.