Privacy Policy

Effective Date:

Welcome to alvarezsm.com (the “Website”). We are committed to upholding the highest standards of privacy and data protection. This Privacy Policy provides a detailed explanation of how we collect, use, store, disclose, and safeguard your personal data when you interact with our Website, services, or digital content. We believe that privacy is not just a legal obligation—it is a fundamental human right. Therefore, we treat your personal information with the utmost care, respect, and transparency.

We understand that as a visitor or user, you place your trust in us when sharing your data, and we take that responsibility seriously. To reflect our commitment to accountability and compliance, this Privacy Policy is designed in accordance with internationally recognized data protection frameworks, including but not limited to:

• General Data Protection Regulation (GDPR) – applicable to residents of the European Union and European Economic Area;
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) – for residents of California, USA;
• UK General Data Protection Regulation (UK GDPR) – for individuals in the United Kingdom;
• Personal Information Protection and Electronic Documents Act (PIPEDA) – for Canadian residents;
• Lei Geral de Proteção de Dados (LGPD) – Brazil’s General Data Protection Law.

In addition to regulatory compliance, we implement privacy-by-design principles in our operations and technology stack to ensure that your data is protected from the moment it is collected. We aim to be fully transparent in our practices and provide you with the tools and information necessary to make informed decisions about your data.

By accessing or using our Website, you acknowledge that you have read and understood this Privacy Policy and agree to the practices described herein. If you do not agree with any aspect of this Policy, we recommend that you discontinue the use of our Website and reach out to us with any concerns.

We encourage you to read this Privacy Policy in conjunction with our Cookie Policy, which outlines our use of cookies, tracking technologies, and how you can control them. Together, these documents provide a comprehensive overview of how we manage and protect your information.

1. Information We Collect

When you access, browse, or interact with alvarezsm.com (the “Website”), we collect a variety of personal and technical data to ensure optimal performance, security, and personalization of your experience. We collect this data either directly from you, automatically through your interaction with our systems, or via trusted third-party services. This information is essential for providing, maintaining, and enhancing our services in line with your preferences and expectations.

a) Information You Provide Directly

• Contact Information: When you reach out to us—whether through contact forms, email subscriptions, newsletter signups, or feedback submissions—we may collect personal identifiers such as your full name, email address, phone number, company name, job title, and any other relevant contact details you choose to provide.
• Service & Portfolio Inquiries: When submitting a request for our services, you may provide specific project-related information such as objectives, deadlines, budgets, creative direction, business goals, industry sector, or other customized data that allows us to understand your unique requirements and respond accordingly.
• Correspondence Records: We may keep a record of any communications between you and our team (e.g., emails, messages, support tickets) to improve customer service, resolve disputes, and track request history.
• User-Generated Content: If you choose to provide feedback, testimonials, reviews, or any form of user-generated content via our Website or affiliated platforms, we may collect and display this content—with your permission—for marketing or informational purposes.

b) Information Collected Automatically

• IP Address and Approximate Geolocation: Your IP address and associated location (at a city or region level) may be logged automatically for security monitoring, fraud prevention, localization of content, and analytics purposes.
• Device and Technical Information: Our systems may automatically collect details about the device and technology you use to access our Website. This includes, but is not limited to, your browser type, operating system, hardware model, device type, screen resolution, language preferences, and mobile network provider.
• Usage and Interaction Data: We track how you engage with our Website, such as pages viewed, duration of visits, navigation flow, mouse movements, link clicks, scroll behavior, form interactions, and time spent on each page. This behavioral data is essential for improving usability, content relevance, and overall site performance.
• Cookies and Similar Technologies: We use cookies, pixels, web beacons, and other tracking mechanisms to remember your preferences, enhance functionality, analyze traffic patterns, deliver tailored content, and improve advertising effectiveness. You can learn more about how we use cookies and your control options in our Cookie Policy.

c) Information from Third Parties

In certain cases, we may receive personal or aggregated data about you from trusted third-party partners. These sources may include:

• Analytics Providers: Such as Google Analytics or similar platforms, which help us understand how visitors engage with our site and identify areas for improvement.
• Advertising Networks: If you interact with one of our ads or campaigns on other platforms, we may receive performance metrics or user engagement data to assess campaign effectiveness and audience alignment.
• Social Media Platforms: If you interact with our content via social media (e.g., Instagram, LinkedIn, Twitter), we may receive profile-level information such as name, email (if publicly shared), and engagement data in accordance with your privacy settings on those platforms.
• Embedded Third-Party Content: Content embedded on our Website, such as YouTube videos, Google Maps, or social media feeds, may allow the respective third parties to collect data about your interaction with that content. These third parties operate under their own privacy policies, which we encourage you to review.

d) Sensitive Personal Data

We do not intentionally collect sensitive categories of personal data—such as health information, biometric data, political or religious beliefs, or data concerning minors—unless explicitly required and lawfully provided with your consent. If such information is voluntarily submitted, we will handle it with additional care and in accordance with applicable data protection laws.

e) Data from Publicly Available Sources

We may also obtain publicly available information—such as professional profiles or company contact data—from online directories or open web sources, primarily for outreach or business development purposes.

2. How We Use Your Information

We use the personal data we collect to deliver, personalize, and continuously improve your experience on alvarezsm.com. Our data usage practices are guided by principles of transparency, purpose limitation, and user control. Every piece of data collected is processed lawfully, fairly, and for specific, explicit, and legitimate purposes, in accordance with data protection regulations such as the GDPR, CCPA, and others globally.

• To Provide Services and Support: We use your information to respond to inquiries, process service requests, manage project communications, and provide technical or customer support. This ensures we deliver efficient and personalized assistance tailored to your needs.
• To Enhance User Experience: By analyzing usage data and feedback, we can optimize the Website’s layout, navigation, and overall user interface to better meet visitor expectations and create a seamless browsing experience.
• To Perform Website Analytics and Performance Monitoring: Tools like Google Analytics help us understand how users interact with our Website, including time spent on pages, traffic sources, bounce rates, and behavior flows. This information is crucial for measuring performance, identifying trends, and making data-driven improvements.
• To Conduct Marketing and Communications (with Consent): When you opt-in to receive updates, newsletters, or promotional content, we use your contact details to share curated messages, offers, and industry insights. You can withdraw your consent at any time via the unsubscribe link or by contacting us directly.
• To Personalize Content and Recommendations: Based on your browsing history and interaction with the Website, we may tailor content, project showcases, or service suggestions to reflect your interests and preferences.
• To Maintain Security and Prevent Abuse: We process data to detect, investigate, and prevent fraudulent activities, cyberattacks, unauthorized access, and misuse of our systems. This includes IP logging, device fingerprinting, and behavior analysis for threat detection.
• To Meet Legal, Regulatory, and Contractual Obligations: We may process personal data to comply with applicable laws, respond to lawful requests from public authorities, resolve disputes, enforce our terms and policies, and maintain necessary business records.
• To Facilitate Remarketing and Audience Insights: With your consent, we may use cookies and advertising tools to serve you relevant content or remarketing ads across other platforms (such as Google, Meta, or LinkedIn). This helps us re-engage visitors who have shown interest in our services.
• To Improve Data Accuracy and Service Relevance: Occasionally, we may enrich our records using trusted third-party data sources to maintain up-to-date contact details or better understand your professional profile and industry needs.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects without your explicit consent. Where required, we will notify you and give you the option to opt out or request human intervention.

3. Legal Bases for Processing (GDPR Compliance)

If you are located in the European Union (EU), European Economic Area (EEA), or the United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR require us to process your personal data under specific lawful bases. We take this responsibility seriously and ensure that each data processing activity we perform aligns with one or more of the following legal foundations:

• Consent: We rely on your freely given, informed, and unambiguous consent before processing any personal data for purposes such as subscribing to newsletters, receiving promotional content, or accepting non-essential cookies. You may withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Performance of a Contract: When you request services or enter into an agreement with us (for example, submitting a portfolio inquiry), we process your personal data as necessary to fulfill our contractual obligations — including communication, project planning, and service delivery.
• Legitimate Interests: We may process personal data when it is necessary for our legitimate business interests, provided those interests are not overridden by your fundamental rights and freedoms. This includes data processing for website analytics, service optimization, cybersecurity, direct marketing (where permitted), and business development activities.
• Compliance with Legal Obligations: In certain cases, we are legally required to process personal data to comply with applicable laws and regulations. This may include obligations related to taxation, fraud prevention, information security, and responding to lawful government or court requests.
• Vital Interests: Although rare, we may process your data when necessary to protect your vital interests or those of another natural person — such as in emergency or life-threatening situations.

When we process your personal data under the legal basis of legitimate interests, we always conduct a Legitimate Interests Assessment (LIA) to ensure that the processing is necessary, proportionate, and respectful of your privacy rights. If you have any questions about our lawful bases or how they apply to your specific case, please contact us directly.

4. Sharing Your Information

We are committed to maintaining the confidentiality and integrity of your personal data. We do not sell, rent, or trade your information for commercial gain. However, under certain carefully controlled circumstances, we may share your personal data with third parties strictly for operational, legal, or service-related purposes. Each such disclosure is carried out in accordance with applicable data protection laws and with the utmost respect for your privacy.

• Service Providers and Processors: We partner with reputable third-party service providers who support the core functions of our Website and business operations. These may include:
  • Web hosting and infrastructure providers
  • Email marketing platforms and communication tools
  • Analytics and performance monitoring tools (e.g., Google Analytics)
  • Payment processors and billing service providers (if applicable)
  • Customer relationship management (CRM) systems
  These partners are contractually bound to process your data securely, confidentially, and solely on our behalf, following our instructions and applicable legal requirements.
• Law Enforcement, Regulatory Authorities, and Legal Compliance: We may disclose your information to government agencies, courts, law enforcement officials, or legal counsel when we believe in good faith that such disclosure is:
  • Mandated by law, regulation, or legal process
  • Necessary to enforce our legal rights or defend against legal claims
  • Required to investigate, prevent, or respond to actual or suspected fraud, security breaches, or other unlawful activities
• Business Transfers and Structural Changes: If we are involved in a merger, acquisition, reorganization, sale of assets, or transition of services to another provider, your personal data may be transferred as part of that transaction. In such cases, we will ensure that the acquiring party is bound by data protection obligations no less protective than those set out in this Privacy Policy.
• Consent-Based Sharing: In specific scenarios, we may share your information with third parties based on your explicit consent. This includes cases where you authorize us to connect with social media accounts, integrate third-party widgets, or participate in joint marketing campaigns.

In all cases of data sharing, we ensure that:

• Only the minimum amount of necessary data is disclosed
• Appropriate safeguards (such as Data Processing Agreements or Standard Contractual Clauses) are in place
• Your rights and choices are preserved

If you would like more information about our third-party relationships or to request a current list of service providers, you can contact us at any time.

5. Data Retention

We retain your personal data only for as long as it is necessary to fulfill the specific purposes for which it was collected, as outlined in this Privacy Policy, and to comply with applicable legal, regulatory, or operational obligations. Our data retention strategy ensures that information is not stored indefinitely without justification, and that it is securely disposed of once no longer needed.

The duration for which we retain data varies depending on several factors, including:

• Purpose of Collection: For instance, data collected to provide you with services will be retained for the duration of the service relationship and for a reasonable period thereafter to manage follow-ups, renewals, or feedback.
• Legal and Regulatory Requirements: Certain jurisdictions mandate specific data retention periods for purposes such as tax, accounting, or compliance with consumer protection laws. We strictly adhere to these timeframes where applicable.
• Contractual Obligations: Where a contract or agreement exists, we may retain information for the duration of the contract and any applicable statutory limitation periods for claims or disputes.
• User Consent and Preferences: If you withdraw your consent for processing or request data deletion, we will assess the request and remove or anonymize your data, unless retention is legally mandated.
• Security and Fraud Prevention: We may retain certain data for a limited period to detect and prevent fraud, ensure the security of our Website, or resolve technical or security incidents.

Once your data is no longer needed, we take appropriate measures to ensure it is securely deleted, anonymized, or aggregated in a way that it can no longer be linked back to you. Secure deletion methods may include overwriting digital files, purging databases, or using encryption-based destruction.

You may request additional information regarding specific retention timelines or ask for your data to be erased or restricted by contacting us. We will respond to your request in accordance with applicable data protection laws, including the GDPR and CCPA.

6. Your Privacy Rights

We are committed to upholding your data protection rights as defined by global privacy regulations. Depending on your location and applicable law, you may have specific rights regarding the personal data we hold about you. These rights are designed to give you greater control over how your data is collected, processed, stored, and shared.

a) GDPR Rights (European Union / European Economic Area)

If you are located within the EU or EEA, your rights under the General Data Protection Regulation (GDPR) include:

• Right to Access: Request confirmation of whether we process your data and obtain a copy of that data.
• Right to Rectification: Request that we correct or complete your personal information if it is inaccurate or incomplete.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data where lawful grounds exist—e.g., when it is no longer needed or consent is withdrawn.
• Right to Restrict Processing: Ask us to temporarily suspend processing your data under specific conditions, such as during accuracy disputes.
• Right to Object: Object to processing based on legitimate interests, including profiling and direct marketing.
• Right to Data Portability: Receive your data in a structured, commonly used format and transmit it to another controller where feasible.
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: File a complaint with your local Data Protection Authority (List of Supervisory Authorities).

b) UK GDPR Rights (United Kingdom Residents)

If you reside in the United Kingdom, you have similar rights under the UK General Data Protection Regulation (UK GDPR), administered by the Information Commissioner’s Office (ICO).

c) CCPA / CPRA Rights (California Residents)

If you are a California resident, you are granted the following rights under the California Consumer Privacy Act (CCPA), amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal data we have collected, the sources of the data, purposes of collection, and third-party sharing or disclosure.
• Right to Delete: Request the deletion of your personal information, subject to certain lawful exceptions.
• Right to Correct: Ask us to correct inaccurate personal data maintained about you.
• Right to Opt-Out: Direct us not to sell or share your personal information. While we do not sell personal data, we still provide an opt-out mechanism to honor your preferences.
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights under the CCPA/CPRA.

d) PIPEDA Rights (Canada)

If you are located in Canada, your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) include:

• Right to Access: Request to view the personal data we hold about you and understand how it is being used.
• Right to Challenge Accuracy: Request correction of inaccurate or incomplete personal information.
• Right to Withdraw Consent: Revoke your consent for data processing, subject to legal and contractual restrictions.
• Right to Complain: Submit complaints to the Office of the Privacy Commissioner of Canada.

e) LGPD Rights (Brazil)

If you are a resident of Brazil, the Lei Geral de Proteção de Dados (LGPD) grants the following rights:

• Right to Confirm Processing: Verify whether your personal data is being processed.
• Right to Access: Access your personal data and request information about its use.
• Right to Correction: Rectify incomplete, outdated, or inaccurate data.
• Right to Anonymization or Deletion: Request deletion or anonymization of unnecessary or excessive data.
• Right to Data Portability: Transfer your data to another provider or service.
• Right to Withdraw Consent: Revoke previously granted permissions.
• Right to Lodge Complaints: File a complaint with the National Data Protection Authority (ANPD).

Exercising Your Rights

You can exercise any of the rights mentioned above by submitting a request to our privacy team. We may require verification of your identity before fulfilling such requests to protect your data from unauthorized access. Please contact us.

We will respond to valid requests within the timeframe mandated by the applicable privacy law governing your jurisdiction.

7. International Data Transfers

We operate in a global environment and may transfer, store, or process your personal information in countries outside of your home jurisdiction, including but not limited to the United States and other countries where our data hosting providers, service vendors, or technical partners are located.

These countries may have different data protection laws than your own, and in some cases, may not offer the same level of protection. However, we take comprehensive steps to ensure that your data remains safeguarded, regardless of where it is transferred or processed. These measures include, but are not limited to:

• Standard Contractual Clauses (SCCs): We rely on legally approved contractual terms issued by the European Commission and other regulators to ensure adequate protection when transferring data outside the EU/EEA.
• UK International Data Transfer Agreement (IDTA): For transfers from the United Kingdom, we utilize the IDTA or equivalent contractual clauses in compliance with the UK GDPR.
• Privacy Shield Framework (where applicable): In certain cases, we work with vendors who have self-certified compliance with relevant frameworks such as the EU-U.S. Data Privacy Framework or Swiss-U.S. Privacy Shield (subject to regulatory updates).
• Data Minimization: We limit data transfers to only what is necessary to fulfill the intended business or operational purpose.
• Vendor Due Diligence: We thoroughly vet our international service providers to ensure they meet our strict security and privacy requirements.

By using our Website or submitting your personal data to us, you acknowledge and consent to the transfer of your information to countries outside of your own, including jurisdictions that may not have equivalent data protection laws. Rest assured, we are committed to applying robust security controls and legal safeguards to maintain the integrity, confidentiality, and protection of your personal information.

If you would like more information about our international transfer mechanisms, or a copy of the relevant safeguards in place, please contact us.

8. Data Security

Safeguarding your personal information is one of our highest priorities. We employ a multi-layered security approach to protect your data against unauthorized access, accidental loss, unlawful processing, destruction, or disclosure. Our security framework includes a combination of technological, administrative, and organizational measures designed to maintain the confidentiality, integrity, and availability of your information.

a) Technical Safeguards

• Encryption: We use industry-standard encryption protocols, including TLS (Transport Layer Security), to encrypt data in transit. Sensitive data stored at rest may also be encrypted depending on the classification and processing purpose.
• Firewalls & Intrusion Detection: Our infrastructure is protected by regularly updated firewalls and advanced intrusion detection and prevention systems to monitor and defend against malicious activity.
• Regular Security Updates: All servers, applications, and devices are subject to routine software updates and vulnerability patching to reduce the risk of exploit-based attacks.

b) Organizational & Administrative Safeguards

• Access Control: Access to your personal information is restricted to authorized personnel only and governed by strict role-based permissions.
• Employee Training: Our staff undergo regular training on cybersecurity awareness and data protection best practices to ensure responsible handling of your information.
• Vendor Risk Management: Third-party service providers are assessed and vetted for compliance with data security and privacy standards before any data exchange occurs.

c) Ongoing Risk Management

• Security Audits: We conduct periodic internal reviews and, where necessary, third-party audits to evaluate our infrastructure and ensure compliance with evolving security standards.
• Incident Response: In the unlikely event of a data breach or security incident, we have an incident response plan in place to quickly contain, assess, and mitigate the impact. Where legally required, we will notify affected individuals and regulatory authorities in accordance with applicable laws.

Despite our diligent efforts and robust security practices, no internet-based platform can be entirely immune to risk. We encourage users to take their own security precautions as well—such as using strong, unique passwords; logging out after sessions; and maintaining updated antivirus software on personal devices.

If you have reason to believe that your interaction with our Website is no longer secure or you suspect a security issue, please contact us immediately.

9. Third-Party Links

Our Website may include links to third-party websites, services, applications, or embedded content (such as videos, maps, or social media feeds) that are not operated or controlled by us. These links are provided solely for your convenience, to offer additional resources or enhance your browsing experience. However, once you leave our Website by clicking on a third-party link, you will be subject to that entity’s own terms, policies, and data practices.

We do not own, manage, or have control over the privacy practices of these third-party platforms, and therefore, we cannot accept responsibility or liability for how your personal information is collected, used, stored, or disclosed by them. This includes, but is not limited to:

• Social media platforms (e.g., Instagram, LinkedIn, YouTube) you may access through share buttons or embedded content.
• External resources or portfolios hosted on third-party domains.
• Payment gateways or service providers used in connection with our services.

We strongly recommend that you review the privacy policies and terms of service of each third-party site or service you interact with, especially if you are submitting personal or sensitive data. Their policies may differ significantly from ours in terms of data collection, use of cookies, marketing practices, and security standards.

Inclusion of such links does not imply endorsement, affiliation, or partnership unless explicitly stated. If you have concerns about any external site linked from our platform, feel free to contact us.

10. Children’s Privacy

Protecting the privacy and safety of children is of utmost importance to us. Our Website is not intended for or directed to individuals under the age of 13 (or 16 in certain jurisdictions). As such, we do not knowingly collect, solicit, or retain personal data from children. We actively encourage parents and guardians to monitor their children’s online activities and to prevent them from submitting any personal information through our Website or services.

If we become aware that we have inadvertently collected personal information from a child under the age of 13 (or the applicable legal age in your jurisdiction), we will take immediate steps to delete such information from our systems. If you suspect that we have collected personal information from a child, please contact us immediately, and we will promptly investigate and address the situation.

We believe that ensuring the privacy and safety of children online requires joint efforts between service providers, parents, and guardians. We encourage you to help us protect children's privacy by educating them about safe online practices and the importance of not disclosing personal information without parental consent.

11. Updates to This Privacy Policy

We reserve the right to update, modify, or amend this Privacy Policy at any time to reflect changes in our data collection practices, the technologies we use, or to comply with legal requirements. As our services evolve or regulatory landscapes change, we may need to adjust the policy to remain compliant with applicable privacy laws, such as the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other global privacy frameworks.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal information. Whenever we make significant changes to this policy, we will provide a prominent notice on our Website or through other communication channels, if appropriate. The updated Privacy Policy will be posted on this page with a revised “Last Updated” date at the top.

Your continued use of the Website following the posting of any changes constitutes your acceptance of those changes. If you do not agree with the updated Privacy Policy, you may choose to discontinue your use of our Website or services.

For transparency, we will highlight major updates, including any changes that affect your rights or our data collection practices. If necessary, we will seek your explicit consent for significant changes, especially if the updates require new permissions or a different approach to data processing.

12. Contact Us

Your privacy is incredibly important to us, and we are committed to providing you with clear and accessible means to address any questions, concerns, or feedback you may have regarding this Privacy Policy, our data practices, or how we manage your personal information. If you have any queries or require further clarification, we encourage you to reach out to us directly.

Our dedicated privacy team is here to assist you and will respond to your inquiry promptly. We aim to address all requests in compliance with applicable privacy laws and regulations, including those outlined in the GDPR, CCPA, and other relevant legal frameworks. You can contact us via email.

For any concerns regarding the handling of your personal data or if you wish to exercise your privacy rights, please do not hesitate to get in touch. Our team is here to ensure that your rights are respected and that any issues are resolved in a timely manner.

If you are located in the EU or EEA, or any other jurisdiction with applicable privacy laws, we will respond to your data subject rights requests in accordance with those legal frameworks. For complaints or concerns about our compliance with privacy regulations, you may also contact the relevant supervisory authority in your jurisdiction.