We value your privacy

We use cookies and similar technologies to improve your browsing experience, deliver personalised content or ads, and understand how our site is used. By clicking “Accept All”, you agree to the use of these technologies as described in our Privacy Policy & Cookie Policy.

back to home
Posted May 12, 2025

Privacy Policy

In this privacy policy we explain how Alot Web Studio collects, uses and shares personal data through the following channels:

  • Our websites, digital services, products and software tools, when they include a direct link to this policy;
  • Direct contact with users, clients (current or potential), suppliers or other interested parties, via email, phone, mail or in-person meetings.

You will also find information about your rights regarding the processing of your personal data.

Data Controller

The data controller is:

Alot Web Studio

represented by Crivello Salvatore

Via C. Traina, 1/b

90010 - Ficarazzi (PA)

alot@alotwebstudio.com

Types of Data Collected

In relation to the services offered by Alot Web Studio, we may collect and process different categories of personal data, either provided directly by the user or collected automatically during interaction with our services.

Data Actively Provided by the User

We collect this data when the user fills out contact forms, sends communications, reaches out to us or interacts with us for business purposes.

This data may include:

  • Contact data: name, surname, email, and if provided, phone number, job title, company name, address;
  • Correspondence data: information contained in communications, such as project or service details, preferences, budget, or any additional information voluntarily shared.

Data Automatically Collected During Service Use

When you visit our website or use our digital services, we automatically collect certain technical and usage information related to your device and how you interact with us.

This data may include:

  • Technical data:IP address, browser type and version, language and time zone settings, operating system, and information about the device used;
  • Usage data:pages visited, time spent, actions taken (such as clicks, scrolling, interactions with page elements), referring URLs and navigation path within the site, user count, session statistics, as well as all data collected via tracking tools (cookies or similar technologies), useful for statistical analysis, site functionality, and, where applicable, marketing purposes (see our Cookie Policy for more details).

Mandatory Data and Responsibility

Unless otherwise specified, the requested data is necessary to provide our services. Failure to provide such data may prevent us from delivering or properly offering the service. For data marked as optional, the user is free not to provide it without affecting the availability or functionality of the service.

If you are unsure which data is mandatory or optional, please contact us for more information.

The user is also responsible for any third-party personal data provided, ensuring they have the right or consent to share such information.

Purpose of Data Collection

We use the following categories of personal data for the purposes listed below:

  • Contact data: to communicate with you regarding information requests, quotes, projects, or business collaborations.
  • Correspondence data: to respond to comments, specific questions, or other information you provide.
  • Technical and usage data:
    • provide, maintain, protect, and optimize the website and digital services;
    • analyze user interaction to improve functionality and content;
    • enable technical features such as tag management;
    • conduct aggregate statistical analysis;
    • perform marketing or remarketing activities where applicable and with your consent.

In addition to the purposes listed above, personal data may also be processed to:

  • ensure compliance with legal or regulatory obligations;
  • respond to requests from competent authorities or in the context of legal proceedings;
  • protect the legitimate rights and interests of the Data Controller, Users, or third parties;
  • prevent or detect fraudulent activities, abuse, or unlawful use of the services offered.

How We Process Your Data

We do our best to protect your personal data from unauthorized access, misuse, loss, or unauthorized modifications. We use digital tools and organizational measures designed to ensure that all processing is carried out securely, limited to the purposes for which the data was collected, and only by authorized personnel.

Location

Processing mainly takes place at the Data Controller’s headquarters and by authorized staff (administrative, sales, marketing, legal, system administrators) as well as third-party providers whose services we use. For more information, contact the Data Controller.

Some of our providers may process personal data in a country other than the one where the user is located, which may require data to be transferred to those countries. You can check our current provider list for more details.

International Transfers and Data Privacy Framework

For transfers to the United States, we work exclusively with providers certified under the EU-U.S. Data Privacy Framework (DPF). This mechanism, recognized by the European Commission, ensures an adequate level of protection for personal data transferred from the EU to the U.S.

DPF-certified providers ensure that:

  • personal data is processed according to appropriate security and confidentiality standards;
  • data subjects have access to redress mechanisms in case of disputes;
  • there are legal limitations to access by U.S. public authorities.

In the section Who We Share Your Personal Data With you can view the full list of our providers, including those certified under the DPF, with direct links to their official certifications and privacy policies.

Data Retention

We do not retain your data longer than necessary. The duration depends on the purpose for which the data was collected: we retain it as long as it is useful to provide the requested services, respond to legitimate requests, or comply with legal obligations (e.g., tax or accounting).

Once this period has passed, the data is securely deleted or, where possible, anonymized so that it can no longer be traced back to an identifiable individual.

Who We Share Your Personal Data With

Access to your data is limited to the Data Controller and authorized personnel (administrative, commercial, marketing, legal, system administrators). We share your personal data with third parties only when necessary and in accordance with applicable regulations, appointing them as Data Processors where appropriate. The categories of recipients include:

  • Service providers: we work with external parties (including affiliated companies) to perform technical, operational, or commercial activities on our behalf. These include hosting, data analytics, cookie management, technical maintenance, marketing services, and customer care. These parties process the data as Data Processors and only receive the information strictly necessary for their functions.
  • Partners or sponsors: in case of events, promotions, or special collaborations, and only with your consent, we may share data with involved third parties, for purposes clearly communicated before collection.
  • Legal obligations and rights protection: we may disclose data when required by law, by a competent authority, or when necessary to exercise or defend our legal rights in court, protect our users, or prevent fraudulent activities.
  • With your consent: outside the cases described above, your data will only be shared with third parties if you have given explicit and specific consent.

Currently Used Providers

  • Hostinger UK Ltd.

    United Kingdom

    Service:HostingPurpose:Hosting and managing the websiteProcessed data:
    Technical dataUsage data
    Useful links:
    Privacy Policy

  • Google Analytics 4 (Google LLC)

    United States

    Service:Traffic and user behavior analysisPurpose:Statistical analysis and performance monitoringProcessed data:
    Technical dataUsage data
    Useful links:
    Google official documentation-Partner Policy-Business Data Page-Privacy Policy-Opt-out-DPF

  • Google Tag Manager (Google LLC)

    United States

    Service:Centralized tag and technical script managementPurpose:Control and manage tracking scriptsProcessed data:
    Technical dataUsage data
    Useful links:
    Partner Policy-Business Data Page-Privacy Policy-DPF

  • CookieYes Limited

    Ireland - United Kingdom

    Service:Cookie consent and preferences managementPurpose:Store users’ consent preferencesProcessed data:
    Technical dataUsage dataConsent status
    Useful links:
    Privacy Policy

Your Data Protection Rights

Under applicable laws, you may have the right to access, update, correct, port, or delete certain personal data we hold about you, or to restrict or object to certain data processing activities we carry out in relation to that data.

To submit a request for access or deletion of your personal data, please contact us at: alot@alotwebstudio.com. If possible, specify the nature of your request and the right you wish to exercise. You can use the same contact channel to exercise other rights granted by applicable laws.

If you are entitled to such rights and your request meets the requirements set out by applicable regulations, we will process it within the time limits established by law. We may request additional information to verify your identity and ensure data security.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, please also refer to our section Additional Notice for Data Subjects Located in the European Economic Area (EEA), the United Kingdom and Switzerland for more specific information about your rights.

Cookies

Alot Web studio uses cookies to enhance the user experience and analyze our website’s performance. We may share information about your use of the site with our analytics, advertising, and social media partners. To learn more or manage your preferences, visit our Cookie Policy.

Minors

Our services are not intended for use by individuals under the age of 18. If you are a parent or guardian and believe we have collected personal data from a minor in violation of the law, please contact us.

If we become aware that we have collected personal data from a minor without parental or guardian consent, we will delete such data in accordance with applicable laws.

Additional Notice for Data Subjects Located in the European Economic Area (EEA), the United Kingdom and Switzerland

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR"), the United Kingdom GDPR ("UK GDPR"), and Swiss data protection law, this supplemental notice applies to users located in the European Economic Area (EEA), the United Kingdom, and Switzerland (collectively, “EEA+”) whose personal data processing is subject to such regulations.

This supplemental notice applies only if:

  • You are located in the EEA+ and access our services, or
  • We collect, transfer, or otherwise process your personal data in relation to the EEA+.

Role in Processing

Depending on the services used, we may act as either data controllers or data processors. In cases where we process personal data on behalf of our clients, they are the data controllers and we act as data processors, in accordance with applicable contractual agreements.

Legal Basis for Personal Data Processing

We process your personal data based on different legal grounds depending on the specific purpose of processing, as established by Regulation (EU) 2016/679 (GDPR):

  • Consent: when you have explicitly given us your consent for specific processing purposes (Art. 6(1)(a) GDPR). You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
  • Performance of a contract: when processing is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into a contract (Art. 6(1)(b) GDPR);
  • Legal obligations: when we are required to process data to comply with legal obligations (Art. 6(1)(c) GDPR);
  • Vital interests: in exceptional cases to protect your life or the life of another person (Art. 6(1)(d) GDPR);
  • Public interest or official authority: when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller (Art. 6(1)(e) GDPR);
  • Legitimate interests: when processing is necessary for the purposes of legitimate interests pursued by us, provided such interests are not overridden by your fundamental rights and freedoms (Art. 6(1)(f) GDPR).

Summary Table

Type of DataPurpose of ProcessingLegal Basis
Contact DataTo communicate with you regarding inquiries, estimates, projects, or business collaborationsPerformance of a contract
To send you marketing communications, promotions, or updatesLegitimate interest
to promote our services and activities

Consent
where required under applicable law, e.g., email marketing without a prior relationship
Correspondence DataTo respond to comments, specific questions, or other information voluntarily providedLegitimate interest
to respond to inquiries or comments sent spontaneously
Technical and Usage DataTo provide, maintain, protect, and optimize the website and digital servicesLegal obligation


Legitimate interest
to ensure the security and technical functioning of our systems
To improve and develop our products and services, including personalizationLegitimate interest
to offer high-quality and enhanced services

Consent
for non-essential cookies or optional tracking
Any type of data relevant under specific circumstancesTo perform the necessary activities to ensure compliance with national, state, provincial, and other applicable laws and to respond to government authority requestsLegal obligation


Legitimate interest
legal protection and cooperation with authorities, even in the absence of explicit obligation

Vital interest
in mitigating or emergency situations
Internal sharing with authorized individuals involved in projectsLegitimate interest
To ensure effective internal collaboration among authorized team members and optimize the processes and services offered.

Data Processing and Retention Period (EEA+)

Personal data collected is processed and retained only for the time necessary to fulfill the purposes for which it was collected, unless longer retention is required by applicable law.

  • Data processed for the performance of a contract will be retained until the contract is fully executed.
  • Data processed for the legitimate interest of the Controller will be retained until such interest is satisfied, unless otherwise required by law or the data subject’s objection.
  • Where processing is based on consent, data may be retained until the data subject withdraws consent.
  • If required by regulations or requested by competent authorities, data may be retained for longer than strictly necessary.

At the end of the retention period, the data will be permanently deleted or anonymized, making it impossible to exercise rights of access, rectification, erasure, or portability concerning the data.

Transfers to Third Countries and the United States

In some cases, your personal data may be transferred outside the European Economic Area, particularly to the United States.

When this occurs, we take appropriate measures to ensure an adequate level of data protection, including the use of the EU-U.S. Data Privacy Framework (DPF), where applicable.

For more details, please refer to the section Who We Share Your Personal Data With and the updated list of our providers.

Additional Data Subject Rights (EEA+)

Under applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK legislation, and the Swiss Federal Act on Data Protection, you have the right to:

  • Access your personal data and receive a copy of it.
  • Request correction of inaccurate or incomplete data.
  • Request deletion or restriction of processing of your data, within the limits allowed by law.
  • Object to the processing of your personal data, including for direct marketing purposes.
  • Withdraw your consent at any time if processing is based on consent.
  • Receive your data in a structured, commonly used, and machine-readable format and request its transfer to another controller (data portability).
  • Lodge a complaint with the competent supervisory authority.

To exercise your rights, you can submit a request to the Controller using the contact details provided in this document. Requests are free of charge and will be processed within the timeframe established by law.

Changes to This Privacy Policy and Contacts

Our business is constantly evolving, and this Privacy Policy may be subject to changes. If we make material changes, we will notify you promptly as required by law, updating the version on our website.

We encourage you to review our Privacy Policy periodically to stay informed about any updates.

If you have any questions or concerns regarding this Policy, you can contact us at: alot@alotwebstudio.com