Last Updated: July 23, 2025
1. Data Controller
Southland 360 Ltd.
Bulevar España 2253, Piso 3
Montevideo, Uruguay
CEO: Axel von Schubert
Email: [email protected]
2. Collected Data & Purposes
We clarify what data we collect and for which purposes – promoting transparency.
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Name, Email, optional Company/Position | Contact, downloads, scheduling via Calendly/Google Meet | Consent (Art. 6 1 a GDPR) |
| Newsletter Email | Distribution via Mailchimp with Double-Opt-In | Consent |
| CRM Data (HubSpot) | Lead and contact management | Legitimate interest (Art. 6 1 f GDPR) |
| Analytics Data (anonymized IPs) | Web analytics via Google Analytics via Site Kit | Legitimate interest |
| Cookies & Consent Data | Storing of opt-ins via Borlabs Cookie | Consent |
| Elementor, WPForms, Cache-Plugin Data | Website and form functionality | Legitimate interest |
| Appointment Data (Calendly / Meet) | Scheduling and conducting online calls | Consent |
3. Tools & Plugins Used
We outline the services we use and their GDPR compliance.
- Hosting: MySiteArea – GDPR-compliant processor with SCCs, TLS, and backups
- Borlabs Cookie: Consent manager plugin with group-based opt-ins and logging
- Mailchimp, HubSpot, Calendly: US services with GDPR protections (DPA, SCCs, DPF)
- Google Analytics, Site Kit, Rank Math: Web analytics with IP anonymization and consent handling
- Elementor, WPForms, WP Rocket/LiteSpeed, Custom Post Type UI: WordPress form and optimization plugins
- Google Meet: Secure encrypted calls
- Social Plugins: LinkedIn, Facebook, Instagram – only activated after consent
4. Transfers to Third Countries
Data is transferred to the USA (Mailchimp, HubSpot, Calendly) and to MySiteArea servers outside the EU. Transfers are safeguarded via Standard Contractual Clauses and, where available, the EU-US Data Privacy Framework.
5. Data Retention
- Contact, scheduling, and download data: kept until deletion request
- CRM data: retained as necessary for business processes
- Analytics and cookie data: kept according to tool settings
6. Data Subject Rights & Withdrawal
You have rights to access, correct, delete, restrict, object, portability, and withdraw consent at any time. Consent can be withdrawn via cookie settings, unsubscribe links, or by emailing [email protected]. You also have the right to lodge a complaint with an EU supervisory authority.
7. Technical & Organizational Measures (TOMs)
We implement industry-standard security measures:
- TLS/HTTPS encryption
- Scheduled encrypted backups
- Role-based, password-protected access
- Vulnerability scanning, monitoring & updates
- Encrypted database and email transmission
8. Cookies & Consent Management
Our banner lets you manage which cookies to allow:
- Essential cookies (e.g. Elementor, WPForms)
- Statistics/Analytics cookies (Google Analytics)
- Marketing/Social media cookies (Facebook, LinkedIn)
Scripts only execute after your consent. Consent is logged and can be changed anytime.
9. Automated Decisions
We do not conduct profiling or automated decision-making under Art. 22 GDPR.
10. Internal Processing Records (Article 30 GDPR)
We maintain internal records of our processing activities, including tools, purposes, and legal bases.
11. Amendments
As of July 23, 2025. We will update this policy and publish changes promptly.