Privacy Policy

For the purpose of the Data Protection Act 1998 (the “Act”) [the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018], we, Alanto Ltd, are the data controller.

By continuing to use our portals, access our websites or by otherwise providing us with your information, you consent to the collection, storage, use and transfer of your information under the terms of this Policy.
You warrant that any data provided by you to us is accurate.

Lawful Basis for Processing

We process your personal data only where we have a lawful basis to do so, which may include:

• [Your consent (e.g., for direct marketing).]
• [The performance of a contract with you.]
• [Compliance with a legal obligation.]
• [Our legitimate interests, provided these are not overridden by your rights and freedoms.]

Marketing Consent

We may contact you by post, phone or email to ask for your views about our products and services, or to tell you about our products and services which we feel may be of interest to you [only where we have your explicit consent or are otherwise permitted by law in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR).]

[Opt-in: Where consent is required, we will ask you to actively indicate your agreement (for example, by ticking an unchecked box).]

[Opt-out: You may withdraw your consent or object to receiving marketing at any time by clicking the “unsubscribe” link in our emails or by contacting us at sales@alanto.co.uk.]

Microsoft Clarity

“We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimisation, fraud/security purposes, and advertising.

**[To protect your privacy:

• We use data masking to prevent sensitive personal information from appearing in session recordings.
• IP addresses are anonymised before storage.
• Recordings are retained for no longer than [insert retention period] and are automatically deleted thereafter.
• Access to this data is restricted to authorised personnel and protected by encryption.]**

For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.”

Security

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site or portals. Any transmission is at your own risk.

We are committed to ensuring that your information is secure.

In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures **[measures in line with Article 32 UK GDPR, including:

• Encryption of personal data both in transit (via TLS/SSL) and at rest;
• Access controls and multi-factor authentication to prevent unauthorised access;
• Regular security audits and penetration testing to identify and address vulnerabilities;
• Staff training on data protection, secure handling of personal data, and incident response procedures.]**