Privacy Policy of hotlead.it
This document describes how the personal data of users browsing the website hotlead.it (the “Site”) is processed, in compliance with Regulation (EU) 2016/679 (GDPR) and applicable data protection law.
1. Data Controller
Web Marketing System LTD
207 Regent Street, London, England, W1B 3HH – United Kingdom
Email: [email protected]
Website: https://hotlead.it
2. Categories of data collected
The Site collects the following categories of personal data:
- Usage data: IP address, browser type, operating system, pages visited, time and duration of the visit, referring URL. Collected automatically by the web server and the security system (Wordfence) for technical and protection purposes.
- Data provided voluntarily: first name, last name, email address, phone number, company name, business sector and any other information entered by the user in the contact form.
- Cookies: see the Cookie Policy section.
3. Purposes and legal basis of processing
| Purpose | Legal basis | Retention period |
|---|---|---|
| Responding to requests sent through the contact form | Performance of pre-contractual measures / consent (Art. 6(1)(b) and (a) GDPR) | 24 months from last contact |
| Site security, prevention of unauthorized access and cyber attacks | Legitimate interest of the Controller (Art. 6(1)(f) GDPR) | 30 days (system logs) |
| Technical operation of the site (WordPress session, language preference) | Legitimate interest / technical necessity (Art. 6(1)(f) GDPR) | Session duration or up to 12 months |
| Statistical traffic analysis (if enabled) | User consent (Art. 6(1)(a) GDPR) | 26 months (aggregated data) |
| Sending commercial communications or newsletters (if requested) | Explicit consent (Art. 6(1)(a) GDPR) | Until consent is withdrawn |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c) GDPR) | As required by applicable law (e.g. 10 years for tax records) |
4. Third-party services and tools used
4.1 WordPress (Automattic Inc.)
The Site is built on the WordPress platform, hosted on a server located within the European Union. WordPress uses technical session cookies necessary for the operation of the site.
4.2 Contact form and email system (Sendy)
The contact form on the Site submits the data entered by the user (name, email, phone and any additional fields) to our email and subscriber-management system based on Sendy, hosted at email.humandataincome.com and operated by Human Data Income Ltd acting as data processor on behalf of the Controller. This data is processed to respond to the user’s request and, where the user has given explicit consent, to send commercial communications or newsletters. The data is not sold or shared with unrelated third parties.
4.3 Wordfence Security (Defiant Inc.)
The Site uses Wordfence for protection against cyber attacks, malware and unauthorized access. Wordfence may collect and analyze IP addresses and traffic data for security purposes, on the basis of the Controller’s legitimate interest.
4.4 Yoast SEO (Yoast BV)
The Yoast SEO plugin is used for the technical optimization of the site. It does not directly collect users’ personal data.
4.5 Social sharing buttons (Easy Social Sharing)
The Site integrates sharing buttons to social platforms (Facebook, LinkedIn, X/Twitter). These buttons do not load third-party scripts automatically; sharing only occurs at the user’s explicit initiative. If the user interacts with the buttons, the privacy policies of the respective platforms apply.
4.6 Statistical analysis and marketing (future activation)
The Controller reserves the right to activate statistical analysis tools (e.g. Google Analytics 4) and remarketing tools (e.g. Meta Pixel, Google Ads) in the future. Such tools will be activated only with the user’s explicit prior consent via the cookie banner. If activated, this policy will be updated with the specific details of each tool.
5. Cookie Policy
The Site uses the following types of cookies:
| Cookie name | Type | Purpose | Duration |
|---|---|---|---|
wordpress_*, wp-settings-* |
Technical – necessary | WordPress session and preferences | Session / 1 year |
wordpress_logged_in_* |
Technical – necessary | Admin area authentication | Session |
pll_language |
Technical – necessary | Stores the user’s language preference (Polylang) | 1 year |
hl_consent |
Technical – necessary | Records the user’s cookie consent choice | 180 days |
| Analytics/marketing cookies | Analytics / Marketing (on consent) | Activated only with the user’s explicit consent | Variable |
Users can manage or disable cookies through their browser settings. Please note that disabling necessary technical cookies may impair the operation of the Site.
Guides for managing cookies in the main browsers:
Chrome ·
Firefox ·
Safari ·
Edge
6. Processing methods
Personal data is processed using IT tools, with organizational methods strictly related to the stated purposes. In addition to the Controller, data may be accessed by parties appointed as Data Processors (e.g. technical service providers, hosting providers), to the extent necessary to deliver the service and bound by specific agreements under Art. 28 GDPR.
7. Place of processing and non-EU transfers
Data is processed at the Controller’s operating premises and on the servers hosting the Site, located within the European Union.
Some third-party services listed in Section 4 may involve the transfer of data to third countries (e.g. the USA). In such cases, the transfer takes place on the basis of:
- Adequacy decisions of the European Commission;
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Certifications or codes of conduct recognized under the GDPR.
8. Data subject rights
Under Articles 15–22 GDPR, the user has the right to:
- Access (Art. 15): obtain confirmation as to whether or not personal data concerning them is being processed and, if so, receive a copy of that data.
- Rectification (Art. 16): request the correction of inaccurate data or the completion of incomplete data.
- Erasure (“right to be forgotten”) (Art. 17): request the deletion of their data, subject to certain conditions.
- Restriction of processing (Art. 18): request that the processing of their data be limited to certain purposes.
- Data portability (Art. 20): receive the data provided in a structured, machine-readable format and transmit it to another controller.
- Objection (Art. 21): object at any time to the processing of their data, in particular for direct marketing purposes.
- Withdrawal of consent: withdraw consent previously given at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- Complaint: lodge a complaint with the competent supervisory authority (in Italy, the Garante per la Protezione dei Dati Personali).
To exercise their rights, users may contact the Controller at [email protected]. Requests are handled free of charge within 30 days (extendable by a further 60 days in particularly complex cases).
9. Data security
The Controller adopts adequate technical and organizational measures to protect personal data from unauthorized access, loss, destruction or disclosure, including: encrypted HTTPS/TLS connection, application firewall, threat monitoring and regular system updates.
10. Changes to this policy
The Controller reserves the right to amend this policy at any time. Changes will be published on this page with the date of update indicated. In the event of substantial changes affecting consent-based processing, the Controller will collect users’ consent again where necessary.
Last updated: June 2026