PRIVACY POLICY

The purpose of this policy is to inform interested parties about the various treatments carried out by this organization through the website and that affect their personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.

1. IDENTIFICATION AND CONTACT DETAILS OF THE DATA CONTROLLER

• Company: FOUNDSPOT S.L.
• CIF: B87946877
• Postal Address: Calle Alameda 22, 28014, Madrid
• Email: info@foundspot.com

DATA PROTECTION OFFICER

DATA SECURITY AND PRIVACY, S.L.

• Contact Phone: +34 963 122 868
• Email: infodpo@forlopd.es

2. PURPOSES OF PROCESSING YOUR PERSONAL DATA

USERS/VISITORS OF THE DATA CONTROLLER'S WEBSITE

We will process the personal data provided for:

• Responding to requests, complaints, and incidents communicated through our contact channels on the website.
• Understanding the behavior of the website user to detect potential cyber-attacks on our website.
• Complying with legal obligations directly applicable to us and regulating our activity.
• Protecting and exercising our rights or responding to any kind of claims.
• If applicable, sending commercial communications regarding the goods or services that make up our activity and/or news or bulletins related to our sector. Your refusal to provide authorization will prevent the entity from sending you information.
• If applicable, managing your participation in contests and promotions conducted by the entity. Your refusal to provide authorization will prevent you from participating.
• If applicable, sending satisfaction and/or quality surveys. Your refusal to provide authorization will prevent the evaluation of the provided service.
• Managing your registration on the entity's web platform and generating a username and password. Your refusal to provide authorization will prevent your registration on the platform.

CLIENTS

In addition to the purposes indicated in the "users/visitors of the website" section, we will process the personal data provided to:

• Manage the commercial relationship.
• Manage the provision of the services you have contracted.
• Handle the sending and receiving of the purchased product.
• Carry out administrative, accounting, and fiscal tasks.

3. LEGAL BASIS FOR PROCESSING

USERS/VISITORS OF THE DATA CONTROLLER'S WEBSITE

• On the consent you have provided to process your data for the specified purposes. Refusal to provide your personal data will make it impossible to process your data for the mentioned purposes.
• To comply with the legal obligations that apply to us. In this case, the interested party cannot refuse the processing of personal data.
• In our legitimate interest to protect our image, business, and track record by preventing attacks on our website. In this case, the interested party cannot refuse the processing of personal data, although they may exercise the rights recognized in the "rights" section of this policy.

CLIENTS

• Execution of a contract in which you are a party or application of pre-contractual measures. Refusal to provide your personal data will make it impossible to process your data for the mentioned purposes.
• On the consent you have provided to process your data for purposes unrelated to the development or execution of the existing contract. Refusal to provide your personal data will make it impossible to process your data for the mentioned purposes.
• To comply with the legal obligations that apply to us. In this case, the interested party cannot refuse the processing of personal data.
• In our legitimate interest to protect our image, business, and track record by preventing attacks on our website. In this case, the interested party cannot refuse the processing of personal data, although they may exercise the rights recognized in the "rights" section of this policy.

4. WEBSITE PLUGINS AND TOOLS

• CHAT BOT: website includes a chatbot channel to communicate with customer service. To initiate the conversation, we need your prior consent. However, please note that our provider applies its own privacy policy, so we recommend you review your settings on the service and read the privacy policy carefully. You can access it by clicking here.
• REDSYS: As part of our services, we use the Redsys payment gateway to process financial transactions and ensure that your payments are made securely and efficiently. We recommend that you review the Redsys privacy policy beforehand to understand how they handle your personal information by clicking here.
• USE OF GOOGLE APIS

  Our platform uses various Google APIs to enhance user experience and facilitate certain functionalities. Below, we detail how these APIs are used and what data may be collected:

  1. GOOGLE SIGN-IN: We use Google Sign-In to facilitate access and registration on our platform. This functionality allows users to log in using their Google account, and the following data is collected: name, surname, email address, and optionally, phone number. This data is used solely to identify the user within the application and for contact and communication purposes. The phone number is optional and only collected if the user decides to provide it. No additional information is stored or used.
  2. GOOGLE MAPS: We use Google Maps (API) to display interactive maps directly on our website and allow you to use its features. For these purposes, please note that by using the service, Google will collect and store information about your use. We inform you that the use of Google may involve International Data Transfers not based on an adequacy decision of the European Commission or the offering of adequate safeguards, so they do not have an adequate level of protection in accordance with the provisions of the GDPR. For relevant purposes, we inform you that this fact may involve certain risks for the protection of your personal data. Such risks may include that there is no equivalent supervisory authority and/or data processing protection principles and/or data subject rights. Therefore, we recommend that you read our provider's privacy policy carefully beforehand by clicking here.

For more information on how Google handles user data, please refer to the Google Privacy Policy.

5. DATA RETENTION PERIODS OR CRITERIA

The personal data provided will be kept for the time necessary to fulfill the purposes for which they were initially collected. Once the data is no longer necessary for the relevant processing, it will be duly blocked to be made available to the competent Public Administrations and Bodies, Judges and Courts, or the Public Prosecutor, during the period of prescription of the actions that may arise from the relationship maintained with the client and/or the legally established retention periods. Data blocking period:

• CIVIL CODE: Between 1 and 5 years, depending on the case, in accordance with the provisions of Articles 1964.2 and 1968.2 of the aforementioned legal body.
• COMMERCIAL CODE: For 6 years, in accordance with the provisions of Article 30 of the aforementioned legal body. This applies to commercial information related to (issued and received invoices, tickets, corrective invoices, bank documents, etc.).
• GENERAL TAX LAW: For 4 years, in accordance with the provisions of Articles 66 to 70 of the aforementioned legal body. This applies to information related to tax obligations.

6. AUTOMATED DECISIONS AND PROFILING

The website does not make automated decisions or profile creation.

7. RECIPIENTS

During the duration of the processing of your personal data, the organization may transfer your data to the following recipients:

• Judges and Courts.
• Law enforcement agencies.
• Other competent authorities or public bodies when the data controller has a legal obligation to provide personal data.
• Where applicable, to data processors providing services to us.

8. INTERNATIONAL DATA TRANSFERS

The organization does not conduct any International Data Transfers. Should international data transfers become necessary in the future, the level of protection in the destination country will be verified, and the guarantees required by regulations will be adopted.

9. SOCIAL NETWORKS

To involve you in our activities and keep you informed of our updates, we inform you that FOUNDSPOT SL has created a profile on Social Networks. All users have the opportunity to join our social networks or groups. However, please note that unless we directly request your data (e.g., through marketing actions, contests, promotions, or any other valid form), your data will belong to the respective Social Network, so we recommend that you read their terms of use and privacy policies carefully and configure your data processing preferences accordingly. Below, we provide the link to the privacy policies of the different Social Networks we are present on so that you can access their privacy policies and configure your profile at any time to ensure your privacy:

• Facebook: Facebook Privacy Policy
• Twitter: Twitter Privacy Policy
• Instagram: Instagram Privacy Policy
• Google +: Google Privacy Policy

10. RIGHTS

Interested parties may request more information about the processing of their personal data, as well as exercise their rights of access, rectification, and deletion at any time and free of charge. They can also request the limitation of the processing of their personal data, object to it, request the portability of their data (where technically possible), withdraw the given consent, and, where applicable, not be subject to a decision based solely on automated processing, including profiling. To do this, they can use the forms provided by the organization, or send a written request to the postal or email address mentioned in the heading. For relevant purposes, we inform you that you may be asked for your ID card or any other similar document to verify your identity, provided that this cannot be done by other less intrusive means. If you feel that your rights concerning the protection of your personal data have been violated, especially if you have not obtained satisfaction in exercising your rights, you can file a complaint with the competent Data Protection Authority (Spanish Data Protection Agency) through its website www.aepd.es. In compliance with the provisions of Article 21 of Law 34/2002 on information society services and electronic commerce, if you do not wish to receive further information about our services, you can unsubscribe by sending an email to info@foundspot.com with the subject “UNSUBSCRIBE”.

11. ACCURACY OF DATA

The interested party guarantees that the provided data is true, accurate, complete, and up-to-date; committing to inform of any changes regarding the data provided through the channels enabled for this purpose and indicated in point one of this policy. They will be responsible for any damage or harm, both direct and indirect, that may arise as a result of breaching this obligation. In the event that the user provides data of third parties, they declare that they have the consent of the interested parties and commit to convey the information contained in this clause, exempting the organization from any responsibility arising from the lack of compliance with this obligation.

12. MODIFICATIONS AND UPDATES

This privacy policy may be modified/updated based on legal requirements or to adapt this policy to the instructions issued by the Spanish Data Protection Agency or due to changes on our website. For this reason, we advise users to periodically visit our Privacy Policy. If you have any doubts about this policy, you can contact FOUNDSPOT SL through the forms provided by the organization, or send a written request to the postal or email address mentioned in the heading.