Privacy policy

01Data controller

The data controller of the personal data collected through funneld.net and related services is:

FUNNELD LTD operates from Spain and processes the personal data of its customers and users in accordance with Regulation (EU) 2016/679 (GDPR), the Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights (LOPDGDD), and any applicable sector-specific regulations.

02What personal data we collect

We only collect the personal data strictly necessary to provide the service, attend to commercial requests and comply with our legal obligations:

• Identification and contact data: first name, last name, business email, phone number, role and company name.
• Commercial activity data: sector, target location, ideal-customer profile, lead volume, sales brief, plan type and service configuration.
• Billing data: legal name, VAT/tax ID, billing address, payment method, invoiced amounts.
• Technical and browsing data: IP address, session identifier, browser, operating system, language, visited pages and time spent (via cookies and server logs).
• Communications: the content of emails, forms, chats or calls held with our team when necessary to provide the service or handle incidents.

We do not request or process special categories of personal data (health data, racial origin, political opinions, etc.) unless strictly necessary and supported by a specific legal basis.

03Purposes of processing

Your data is used exclusively for the following purposes:

• Responding to enquiries received through forms, email, phone or any other enabled channel.
• Providing the contracted service: defining the lead brief, identifying and qualifying commercial opportunities, delivering leads, support and managing the contractual relationship.
• Administrative, accounting and tax management: invoicing, accounting, responses to requirements from tax authorities and fraud prevention.
• Commercial communications about Funneld's products and services, only where express consent exists or a prior commercial relationship legitimises it.
• Product improvement and internal analytics on aggregated or pseudonymised data, without individual identification.
• Compliance with legal obligations applicable to Funneld's activity.

04Legal basis for processing

The processing of your data is based on one of the following legal grounds under article 6 of the GDPR:

• Performance of a contract (art. 6.1.b): to provide the contracted service and manage the commercial relationship.
• Compliance with a legal obligation (art. 6.1.c): tax, accounting and commercial obligations.
• Legitimate interest (art. 6.1.f): platform security, fraud prevention, product improvement on aggregated data and commercial communications about products similar to those already contracted.
• Consent (art. 6.1.a): for commercial communications to users with no prior contractual relationship, the use of non-strictly-necessary cookies and any other processing for which explicit consent is requested.

05Retention periods

We keep your data for the time strictly needed to meet the purposes for which it was collected:

• Contractual data: for the duration of the contractual relationship and, once terminated, for the legally required periods (6 years as a general rule for commercial obligations; up to 10 years for certain tax and anti-money-laundering obligations).
• Data of leads and prospects who do not become customers: up to 24 months from the last contact, unless you request earlier deletion.
• Marketing data: until you withdraw consent or unsubscribe.
• Cookies and technical data: according to the periods detailed in the Cookie policy.
• Communications and support: up to 36 months from the last interaction.

Once these periods elapse, your data will be deleted or securely blocked, retained only at the disposal of the competent authorities during the applicable statutory limitation periods.

06Recipients and processors

To deliver the service, we work with data processors who access your data on our behalf and always under a contract signed in accordance with article 28 of the GDPR. The usual categories are:

• Infrastructure and hosting providers (hosting, CDN).
• Transactional email and CRM providers.
• Payment gateways and billing providers.
• Analytics and error-monitoring tools.
• Support providers (chat, helpdesk, telephony).
• External advisors (accounting, tax, legal) when necessary.

FUNNELD LTD does not sell, rent or transfer your personal data to third parties for commercial purposes. We only disclose data to competent authorities when there is a legal obligation requiring it.

07International transfers

Some of our processors may be located outside the European Economic Area (EEA). When this happens, we guarantee a level of protection equivalent to that required by the GDPR through one of the mechanisms set out in Chapter V of the Regulation:

• Adequacy decisions by the European Commission, when the destination country has been recognised as adequate (for example, the United Kingdom).
• Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914).
• EU-US Data Privacy Framework for certified US providers, where applicable.
• Supplementary measures — technical and contractual (encryption, pseudonymisation) — when necessary.

You may request more information about the mechanisms applied or a copy of the safeguards by writing to dpo@funneld.net.

08Your rights

The GDPR grants you the following rights regarding your personal data:

• Access: to know what data of yours we process and obtain a copy.
• Rectification: to correct inaccurate or incomplete data.
• Erasure ("right to be forgotten"): to have us delete your data when no longer needed or where you withdraw consent.
• Objection: to processing based on legitimate interest, including direct marketing.
• Restriction: to have processing limited in specific cases.
• Portability: to receive your data in a structured, commonly used format.
• Withdrawal of consent at any time, without affecting the lawfulness of prior processing.
• Not to be subject to automated decisions with significant legal effects.

To exercise any of these rights you may email dpo@funneld.net stating the right you wish to exercise and attaching a copy of your identification document. We will respond within a maximum of one month, extendable to two months for complex requests, in accordance with art. 12.3 GDPR.

If you consider that the processing of your data does not comply with the regulations, you can file a complaint with the Spanish Data Protection Agency (www.aepd.es) or the supervisory authority in your country of residence.

09Security measures

We apply appropriate technical and organisational measures to ensure a level of security suited to the risk of processing, in accordance with article 32 of the GDPR. These measures include, among others, encryption in transit (TLS 1.2/1.3) and at rest (AES-256), least-privilege access control, multi-factor authentication, regular encrypted backups, audit logs and incident-response procedures.

For more information see our Security policy.

10Minors

Funneld services are intended exclusively for businesses and professionals of legal age. We do not knowingly collect personal data from minors under 14. If you become aware that a minor has provided us with data without authorisation, please contact dpo@funneld.net for immediate deletion.

11Changes to this policy

This Privacy policy may be updated to reflect legislative changes, service improvements or new functionality. The date of the last update is shown at the start of the document. If changes are substantial, we will inform you by email or via a prominent notice on the website.