Altura MediaBack to home

Privacy Policy

Last updated: 17 February 2026

1. Data Controller

Altura Media Ltd ("we", "us", "our") is the data controller responsible for your personal data. We are registered in England and Wales under company number 16752254, VAT registration number 505643406.

Registered office: 86-90 Paul Street, London, Greater London, England, EC2A 4NE.

Data Protection Officer: Zoltán Pallay-Farkas
Email: pallayfarkaszoltan@gmail.com

2. Scope and Legal Basis

This Privacy Policy applies to all personal data we collect through our website at altura-media.com and in the course of delivering our services. We operate in the United Kingdom and Hungary, and we comply with both the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR, Regulation 2016/679) as applicable to our Hungarian clients.

We process personal data only where we have a lawful basis to do so: performance of a contract, compliance with a legal obligation, our legitimate interests, or your consent.

3. Information We Collect

We collect the following categories of personal data:

  • Contact form data: Name, email address, phone number, and the content of your message, when you submit an enquiry through our website.
  • Transaction data: Billing information, payment history, and service tier details. Payment card data is processed directly by Stripe and is never stored on our servers.
  • Content data: Text, images, logos, and other materials you provide for your website project.
  • Communication data: Emails and correspondence between us during the course of our business relationship.
  • Technical data: IP address, browser type, device information, and pages visited. This is collected automatically by our hosting infrastructure.

We do not currently use analytics tracking tools on our website. If we introduce analytics in the future, this policy will be updated and a cookie consent mechanism will be implemented prior to activation.

4. How We Use Your Data

  • Contract performance: To deliver website design, development, and hosting services; to process payments for setup fees and monthly subscriptions; to communicate about your project status.
  • Legitimate interests: To respond to enquiries submitted via our contact form; to improve our services; to maintain the security of our systems; to keep internal business records.
  • Legal obligation: To comply with tax, accounting, and regulatory requirements including those of HMRC.
  • Consent: To send marketing communications where you have explicitly opted in. You may withdraw consent at any time.

5. Third-Party Processors

We share your data only with trusted third-party processors that are necessary for delivering our services:

  • Stripe (Stripe Payments Europe, Ltd.) - Payment processing. Stripe handles all card data directly and is PCI DSS Level 1 certified. We never receive or store your full card details. See Stripe's Privacy Policy.
  • Vercel Inc. - Website hosting and deployment infrastructure. Servers are located primarily in the United States. See Vercel's Privacy Policy.
  • Cloudflare, Inc. - DNS management and content delivery network (CDN). See Cloudflare's Privacy Policy.

We do not sell, rent, or trade your personal data to any third party. Data is shared with processors only to the extent necessary for them to perform their services on our behalf.

6. International Data Transfers

Some of our third-party processors (Vercel, Stripe, Cloudflare) operate in the United States. Where personal data is transferred outside the UK or the European Economic Area, we ensure appropriate safeguards are in place. These include:

  • EU-US Data Privacy Framework certification (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK Information Commissioner's Office (ICO)
  • Adequacy decisions issued by the UK Secretary of State or European Commission

7. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected:

  • Client project data: For the duration of the service agreement, plus 12 months after termination to allow for account reactivation or dispute resolution.
  • Financial and tax records: 7 years from the end of the relevant tax year, as required by HMRC.
  • Contact form submissions: 12 months from submission if no client relationship is established.
  • Marketing consent records: Until you withdraw consent.

After the applicable retention period, personal data is securely deleted or anonymised.

8. Cookies

Our website currently uses only essential cookies that are strictly necessary for the site to function. These do not require consent under UK GDPR or the Privacy and Electronic Communications Regulations (PECR).

We do not currently use any analytics, advertising, or tracking cookies. If we introduce non-essential cookies in the future, we will implement a cookie consent mechanism and update this policy accordingly.

9. Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data where there is no compelling reason for continued processing.
  • Restriction: Request that we limit how we process your data in certain circumstances.
  • Data portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at pallayfarkaszoltan@gmail.com. We will respond within 30 days. There is no fee for most requests, but we may charge a reasonable fee if a request is clearly unfounded or excessive.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data. These include encrypted data transmission via SSL/TLS across all our domains, secure hosting infrastructure on Vercel with automatic security updates, access controls limiting data access to authorised personnel, and Cloudflare DDoS protection and DNS security.

No method of transmission over the internet is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security.

11. Children's Privacy

Our services are designed for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email to existing clients. The "last updated" date at the top of this page indicates when this policy was most recently revised.

13. Contact and Complaints

For any questions about this Privacy Policy or how we handle your personal data, contact our Data Protection Officer:

Zoltán Pallay-Farkas
Altura Media Ltd
86-90 Paul Street
London, EC2A 4NE
United Kingdom
Email: pallayfarkaszoltan@gmail.com

UK residents: If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

EU/EEA residents: You may also lodge a complaint with the supervisory authority in your country of residence. For Hungarian residents, this is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH) at naih.hu.