Privacy Notice

At Sito, we take your privacy seriously and are committed to protecting your personal data. This privacy notice will inform you about the types of personal data we collect, when we collect it, and how we use it.

Types of personal data collected and when it is collected

Visiting the Sito website
When you visit our website, we may collect information about your general location, which pages you visit, how long you stay on those pages, the device you use, and any links you may have clicked to get to our website. We also collect information about your IP address (although it is obfuscated). We use this information to ensure the functionality of our website and to measure the traffic to our website and individual pages. The legal basis for this is Section 6(1) of the Data Protection Act and Article 6(1)(f) of the EU General Data Protection Regulation (“GDPR”).

Participants in research studies
When we conduct research studies, we may collect personal data from participants, such as their name, contact information, and demographic information. We also may collect sensitive personal data, such as information about their health or financial status. We only collect this data with the participant's informed consent and will use it only for the purpose of the research study. The legal basis for this is Article 6(1)(a) of the EU General Data Protection Regulation (GDPR).

If you have given your consent to receive our newsletter, we will collect your contact information (name and email address) to provide you with the newsletter. You can withdraw your consent to receive our newsletter at any time by contacting us. The legal basis for this is section 6(1) of the Data Protection Act and art. 6(1)(a) of the GDPR.

Our website uses Google Analytics, which uses cookies to track information about your use of the website. Some of the information collected using cookies may contain personal data. For more information about our use of cookies, please see our cookie policy. We use this information based on our legitimate interests to improve our website. The legal basis for this is Section 6(1) of the Data Protection Act and Article 6(1)(f) of the GDPR.

Suppliers, vendors, and customers
When you contact us as a supplier, vendor, or customer – either on behalf of your organization or as a sole trader (not acting on behalf of an organization) – we will collect personal data to fulfill the contract we have with you or your organization. This may include information about your name, organization, position in the organization, telephone number, and email address. If you are an organization representative, the legal basis for our processing is art. 6(1)(f) of the GDPR. Our legitimate interests are that we need to process your personal data to fulfill the contract that we have with your organization or to reply to your queries. If the services are provided by you as a sole trader, the legal basis is art. 6(1)(b) of the GDPR, as the processing is necessary for the performance of the contract with you.

Do Not Track Disclosure
We support Do Not Track (“DNT”). DNT is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting your web browser's Preferences or Settings page.

Recipients of personal data

Some personal data is stored and processed by our processors in connection with our external hosting of website, Webflow. The storage and processing of this data is done in accordance with our agreements with these processors, which include appropriate security and confidentiality measures to protect your personal data from unauthorized use or access, accidental loss, damage, destruction, theft, or disclosure.

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purpose of satisfying any legal, accounting, or reporting requirements. Once the data is no longer needed, it will be securely deleted or anonymized.

Your rights

You have the right to request access to the personal data we hold about you, to request rectification or erasure of your personal data, and to request that we restrict the processing of your personal data. You also have the right to object to the processing of your personal data and to request that your personal data be transferred to another controller. If you wish to exercise any of these rights, please contact us using the contact information provided in clause 6.

Contact information

If you have any questions or concerns about how we process your personal data, or if you wish to exercise any of your rights, please contact us at

Changes to this privacy notice

We may update this privacy notice from time to time to reflect changes in our data processing activities or to comply with legal requirements. We encourage you to review this privacy notice periodically to stay informed about how we process your personal data.


If you have a complaint about how we have handled your personal data, you have the right to file a complaint with the relevant data protection authority.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for ensuring that we comply with data protection laws and regulations. You can contact our DPO at with any questions or concerns about our data protection practices.


We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. We regularly review and update these measures to ensure that they remain effective.

Data Processing Agreement

In case we are processing personal data on behalf of our clients, we will always sign a Data Processing Agreement (DPA) with them to ensure the secure handling and processing of their data. The DPA will include information on the nature, purpose, and duration of the data processing, the types of personal data processed, and the measures taken to ensure the security of the data.

International Transfers

If we transfer personal data to a third country, we will ensure that the country has an adequate level of data protection and that the data is transferred in compliance with the EU General Data Protection Regulation (GDPR) and other data protection laws.

Third Party Processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at:

Data Minimization

We will only collect, process, and retain the personal data that is necessary for the purpose for which it was collected. We will not collect, process, or retain personal data for any purpose other than the one for which it was collected.