Privacy Policy

Privacy Policy - Southland 360

Last Updated: July 23, 2025

1. Data Controller

Southland 360 Ltd.
Bulevar España 2253, Piso 3
Montevideo, Uruguay
CEO: Axel von Schubert
Email: [email protected]

2. Collected Data & Purposes

We clarify what data we collect and for which purposes – promoting transparency.

Data TypePurposeLegal Basis
Name, Email, optional Company/PositionContact, downloads, scheduling via Calendly/Google MeetConsent (Art. 6 1 a GDPR)
Newsletter EmailDistribution via Mailchimp with Double-Opt-InConsent
CRM Data (HubSpot)Lead and contact managementLegitimate interest (Art. 6 1 f GDPR)
Analytics Data (anonymized IPs)Web analytics via Google Analytics via Site KitLegitimate interest
Cookies & Consent DataStoring of opt-ins via Borlabs CookieConsent
Elementor, WPForms, Cache-Plugin DataWebsite and form functionalityLegitimate interest
Appointment Data (Calendly / Meet)Scheduling and conducting online callsConsent

3. Tools & Plugins Used

We outline the services we use and their GDPR compliance.

  • Hosting: MySiteArea – GDPR-compliant processor with SCCs, TLS, and backups
  • Borlabs Cookie: Consent manager plugin with group-based opt-ins and logging
  • Mailchimp, HubSpot, Calendly: US services with GDPR protections (DPA, SCCs, DPF)
  • Google Analytics, Site Kit, Rank Math: Web analytics with IP anonymization and consent handling
  • Elementor, WPForms, WP Rocket/LiteSpeed, Custom Post Type UI: WordPress form and optimization plugins
  • Google Meet: Secure encrypted calls
  • Social Plugins: LinkedIn, Facebook, Instagram – only activated after consent

4. Transfers to Third Countries

Data is transferred to the USA (Mailchimp, HubSpot, Calendly) and to MySiteArea servers outside the EU. Transfers are safeguarded via Standard Contractual Clauses and, where available, the EU-US Data Privacy Framework.

5. Data Retention

  • Contact, scheduling, and download data: kept until deletion request
  • CRM data: retained as necessary for business processes
  • Analytics and cookie data: kept according to tool settings

6. Data Subject Rights & Withdrawal

You have rights to access, correct, delete, restrict, object, portability, and withdraw consent at any time. Consent can be withdrawn via cookie settings, unsubscribe links, or by emailing [email protected]. You also have the right to lodge a complaint with an EU supervisory authority.

7. Technical & Organizational Measures (TOMs)

We implement industry-standard security measures:

  • TLS/HTTPS encryption
  • Scheduled encrypted backups
  • Role-based, password-protected access
  • Vulnerability scanning, monitoring & updates
  • Encrypted database and email transmission

8. Cookies & Consent Management

Our banner lets you manage which cookies to allow:

  1. Essential cookies (e.g. Elementor, WPForms)
  2. Statistics/Analytics cookies (Google Analytics)
  3. Marketing/Social media cookies (Facebook, LinkedIn)

Scripts only execute after your consent. Consent is logged and can be changed anytime.

9. Automated Decisions

We do not conduct profiling or automated decision-making under Art. 22 GDPR.

10. Internal Processing Records (Article 30 GDPR)

We maintain internal records of our processing activities, including tools, purposes, and legal bases.

11. Amendments

As of July 23, 2025. We will update this policy and publish changes promptly.