PRIVACY POLICY


At Feebbo Solutions, S.L.U. (hereinafter, "Feebbo"), we take the protection of your personal data and privacy very seriously. This privacy policy clearly and transparently informs you about how we collect, use, protect, and manage your personal data, in accordance with applicable regulations, especially the General Data Protection Regulation (GDPR) and the Spanish Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD).

This Privacy Policy is available in all languages in which the Feebbo website is offered, to ensure that all users can understand it, regardless of their place of residence or browsing language. In case of discrepancy between language versions, the Spanish version will prevail as the main reference.


1. Data Controller and Regulatory Commitment.

Feebbo Solutions, S.L.U. (hereinafter, “Feebbo”), with tax ID B13515622, registered address at c/ Serrano, 42, 4º A, 28001 Madrid (Spain), and email info@feebbo.com as the data controller, declares its commitment to the protection of users' privacy and to diligent and lawful processing of any personal data provided. This Privacy Policy sets out the guidelines under which Feebbo collects, uses, retains, and, where applicable, discloses personal data, in accordance with current data protection laws, in particular, Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 (General Data Protection Regulation or “GDPR”) and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”). Feebbo ensures compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and proactive responsibility. In addition, Feebbo implements the technical and organizational measures necessary to ensure an adequate level of security for the risk. This policy is permanently accessible to users via the link on the homepage and footer of the Feebbo website.


2. Principles applicable to the processing of personal data

Feebbo, as the data controller, undertakes to process the personal data of data subjects in strict compliance with the principles established in Article 5 of the General Data Protection Regulation (GDPR), according to which:

  • Personal data will be processed lawfully, fairly, and transparently, always ensuring the data subject’s right to information.
  • Data will be collected for specified, explicit, and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
  • Only personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed will be processed (principle of minimization).
  • Necessary measures will be taken to ensure that data is accurate and kept up to date; any inaccurate data will be rectified or deleted without delay.
  • Data will be retained only for as long as necessary to fulfill the purposes for which it was collected, after which blocking measures will be applied in accordance with applicable law.
  • Processing will be carried out in a manner that guarantees the rights and freedoms of data subjects, in accordance with the GDPR and the LOPDGDD.
  • Appropriate technical and organizational measures will be implemented to preserve the integrity, confidentiality, and availability of personal data and to prevent unauthorized access, alteration, or loss.
  • All processing will be based on a legitimate ground in accordance with Article 6 of the GDPR, whether it is the explicit consent of the data subject, the performance of a contract, compliance with a legal obligation, Feebbo’s legitimate interest, or any other legal basis provided by law.

3. Data Protection Officer (DPO)

You may contact our Data Protection Officer (DPO) for any matter related to your rights or this policy: DPO: dpo@feebbo.com Postal address: Calle Serrano, 42-4ºA, 28001, Madrid.


4. What data do we process

Within the framework of the services offered through its website, Feebbo processes only the personal data provided directly by the user via the enabled forms, in strict compliance with the data minimization principle of Article 5.1.c) of the GDPR. The data collected through the registration form includes the following categories:

  • Identification data: first and last name.
  • Contact data: email address, phone number.
  • Postal data: full postal address.
  • Sociodemographic data: gender and date of birth.

This data is necessary to allow registration, management of the user account, and participation in the activities and services offered by Feebbo. The fields marked with an asterisk (*) in the data collection forms are mandatory. If you do not provide them, we may not be able to adequately process your request or provide the required service. The other fields are optional, but providing them may help us improve the service we offer. Feebbo does not collect especially sensitive data as defined in Article 9 of the GDPR (such as ideology, health, sexual orientation, union membership, or biometric data). Feebbo does not process geolocation data. At no time is data collected or processed that would allow identification of the user's precise geographic location, either via the website or through devices associated with browsing. The data provided will be processed as set out in this policy and will not be used for purposes incompatible with those communicated, unless required by law or court order.


5. Purposes of personal data processing

Feebbo will process the personal data of data subjects for the following purposes, in accordance with the principles of necessity, proportionality, and data minimization:

  • Management of requests and communications: Respond to and manage interactions initiated by users through the website, whether through forms, electronic documents, or communications sent by email. These requests may refer, among other things, to participation in surveys and market studies (including management of associated incentives or remuneration), processing of orders or tasks, requesting information about products, services, or contract conditions, subscription to newsletters or Feebbo’s blog, or any other interaction necessary to adequately meet the user's needs.
  • Commercial purposes: Send commercial communications about Feebbo’s own products or services, by ordinary or electronic means, only if the user has given explicit consent.
  • Data transfer to third parties: Communicate personal data to partner entities or third parties for commercial purposes, only in cases where the data subject has previously given explicit consent. See the section “Personal data transfer”.
  • Experience personalization: Tailor the content displayed on the website to the interests or preferences of the user, including the display of advertising or job-related content, where appropriate and non-intrusive.
  • User support and assistance: Manage inquiries, claims, or incidents related to the operation of the website, published legal texts, or any aspect related to personal data processing, ensuring adequate and lawful attention.

6. Lawfulness of processing

Feebbo will only process users' personal data when there is a valid legal basis under Article 6 of the General Data Protection Regulation (GDPR). The bases legitimizing the processing described in this policy are as follows:

  • Performance of a contract or pre-contractual measures (art. 6.1.b GDPR): To manage requests made by the user through the website, including participation in surveys, order processing.
  • Data subject’s consent (art. 6.1.a GDPR): For sending commercial communications, subscribing to newsletters, content personalization, or transferring data to third parties for commercial purposes. The user may withdraw consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal.
  • Compliance with legal obligations (art. 6.1.c GDPR): In cases where data processing is required by legal provisions of a fiscal, accounting, or data protection nature, among others.
  • Controller’s legitimate interest (art. 6.1.f GDPR): To ensure website security, prevent fraud, perform aggregate statistical analysis, improve service quality, and manage general interactions not strictly related to commercial purposes, provided that the fundamental rights and freedoms of the data subject do not prevail.

All data collection forms will expressly indicate whether the fields requested are mandatory or optional. Failure to complete mandatory fields may prevent proper handling of the request or access to certain services.


7. Retention period for personal data

Feebbo will retain the personal data of data subjects only for the time strictly necessary to fulfill the specific purposes for which they were collected, in accordance with the principles of storage limitation and proactive responsibility set out in Article 5.1.e) of the GDPR. Once these purposes have been fulfilled, the data will be properly blocked in accordance with Article 32 of the LOPDGDD, and will be available exclusively to the competent authorities, in particular the Spanish Data Protection Agency (AEPD), for the legally required periods depending on the possible liabilities arising from the processing. As a general rule, this blocked retention period is five (5) years. Once this period has elapsed, the data will be securely and permanently deleted by procedures that ensure their irreversible destruction or anonymization.


8. Recipients of personal data

Feebbo does not sell, rent, or transfer the personal data of data subjects to third parties. However, subject to the principles of necessity and proportionality, data may be disclosed to third parties only in the cases indicated below:

  • Processors: Certain service providers contracted by Feebbo, as data processors, will have access to personal data insofar as their involvement is necessary for the proper provision of ancillary services (including web hosting, sending electronic communications, technical support, and system maintenance). All have been selected according to strict compliance criteria and are contractually bound by agreements regulating their obligations in accordance with Article 28 of the GDPR.
  • Legal obligations: Data may be disclosed where necessary to comply with legal obligations, court requirements, administrative resolutions, or orders from competent public authorities.
  • Audits and compliance: Access to data will be provided to duly authorized external auditors, always under strict confidentiality commitments and only for regulatory compliance verification purposes.
  • Group entities: Data may be shared with other companies affiliated with Feebbo, where strictly necessary for internal administrative and operational purposes, and always on the basis of legitimate interest and with appropriate safeguards.
  • Measures to protect rights and interests: In exceptional situations, and to the extent necessary to protect the rights, security, or legitimate interests of Feebbo, its users, or third parties, information may be shared with competent authorities or sector organizations to prevent fraud, risks, or unlawful activities.

In addition, Feebbo may use irreversibly aggregated or anonymized data for statistical, analytical, or research purposes, provided that they do not allow direct or indirect identification of data subjects.

Some service providers contracted by Feebbo have access to personal data only to the extent necessary for the proper provision of support services, such as web hosting, sending electronic communications, technical support, and system maintenance. In addition, you may receive communications from third parties such as Alpine or Renault through Feebbo. All of these service providers have been selected based on strict compliance criteria and are contractually bound in accordance with Article 28 of the GDPR.


9. International transfers

Some of the processing carried out by Feebbo may involve the international transfer of personal data to recipients located outside the European Economic Area (EEA), especially in relation to the provision of technological services by certain suppliers operating from third countries or hosting their servers in such locations. These transfers may concern, among others, browsing data collected via cookies and similar technologies, in which case users can consult specific details in the Feebbo Cookie Policy. In all cases where an international data transfer takes place, Feebbo ensures that such operations are carried out in accordance with Articles 44 et seq. of the GDPR, adopting appropriate safeguards to protect the transferred personal data. In particular, standard contractual clauses approved by the European Commission have been signed with third-party recipients, and additional measures have been implemented where necessary to ensure a level of protection equivalent to that required by European regulations. Feebbo regularly monitors compliance with these safeguards and reserves the right to suspend any relationship with providers that do not offer an adequate level of protection.


10. Security Measures

Feebbo has adopted the necessary technical and organizational measures to ensure an appropriate level of security for the risk presented by the processing of personal data it carries out, in accordance with Article 32 of the General Data Protection Regulation (GDPR). In particular, mechanisms have been implemented to preserve the confidentiality, integrity, availability, and resilience of processing systems and services, as well as protocols that allow for the rapid restoration of availability and access to data in the event of a physical or technical incident. These measures have been selected considering the state of the art, implementation costs, the nature of the data processed, and the risks identified. However, Feebbo informs users that the transmission of information over open networks such as the Internet cannot be guaranteed as completely secure. Therefore, any communication of personal data via this channel is carried out under the exclusive responsibility of the data subject. Once the information is received, Feebbo applies robust security controls to prevent unauthorized access, misuse, alteration, or loss of personal data processed, and conducts periodic reviews of its security measures to adapt them to the evolution of risks and available technologies. In the event of a security breach affecting personal data, Feebbo will activate its internal breach management protocol, assess the risk to the rights and freedoms of data subjects, and, where appropriate, notify the incident to the Spanish Data Protection Agency within a maximum of 72 hours. If the risk is high, it will also inform the affected parties directly, in a clear and timely manner. Furthermore, Feebbo has internal information security policies that regulate in detail the procedures, controls, and responsibilities in the processing of personal data. These policies are reviewed periodically and align with the principles of the GDPR, ensuring proactive and diligent data security management.


11. Processing of minors' personal data

The Feebbo website is not intended for minors. Consequently, participation of persons under 14 years of age in surveys or forms available on the site is prohibited without the prior express authorization of their parents, guardians, or legal representatives, as established in Article 7 of the LOPDGDD. Such authorization must be duly proven when required by Feebbo, which reserves the right to exclude from processing any personal data sent without compliance with this requirement. To the extent that it is not technically possible to verify users’ age with certainty, Feebbo advises that ultimate responsibility for controlling minors' access to the platform lies with their parents or legal guardians. It is their responsibility to implement the necessary parental control mechanisms to prevent minors from providing personal data without adequate supervision. Feebbo declines any responsibility arising from failure to comply with this obligation by the legal guardians of the minor.


12. Data subjects’ rights

In accordance with Articles 12 to 22 of the General Data Protection Regulation (GDPR), data subjects may exercise the following rights with Feebbo in relation to the processing of their personal data:

  • Right of access: Obtain confirmation as to whether or not Feebbo processes personal data concerning them, and access such information.
  • Right to rectification: Request the modification of inaccurate or incomplete data, providing supporting documentation where necessary.
  • Right to erasure (right to be forgotten): Request the deletion of data when the purpose for which it was collected has disappeared, when consent has been withdrawn, or when they object to the processing, among other legally provided circumstances.
  • Right to restriction of processing: Request that their data be retained by Feebbo solely for the exercise or defense of claims, in cases provided by law.
  • Right to object: Object at any time, for reasons related to their particular situation, to the processing of their data when it is based on Feebbo's legitimate interest.
  • Right to data portability: Request the transmission of their data to another controller when the processing is based on consent or a contract, and is carried out by automated means.
  • Right to lodge a complaint with a supervisory authority: If they consider that the processing of their data infringes current regulations, they have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD), via its electronic headquarters www.aepd.es.

To exercise any of the above rights or make any query regarding the protection of your data, you may contact Feebbo’s Data Protection Officer through the following means: Postal mail: Feebbo Solutions, S.L.U. – Attn. Data Protection Officer, Calle Serrano, 42 – 4ºA, 28001, Madrid (Spain). Email: dpo@feebbo.com Feebbo will respond to all requests within the maximum period established by law and may request additional information to confirm your identity if necessary.


13. Processing of personal data using artificial intelligence

Feebbo informs that some of the personal data processing activities carried out may incorporate systems based on artificial intelligence (AI), used exclusively for lawful and specific purposes such as service optimization, aggregated data analysis, operational process improvement, or personalization of the user experience on the platform.

Under no circumstances will decisions be made that produce legal effects or significantly affect the data subject based solely on automated processing, including profiling, without meaningful human intervention, in accordance with Article 22 of the GDPR. Feebbo ensures transparency in the application of AI systems by informing about the general logic applied, the purposes of processing, and the possible consequences as required by the principle of adequate information. Where appropriate, data protection impact assessments (DPIAs) will be carried out, especially in cases where there may be a high risk to the rights and freedoms of data subjects.

All processing activities that incorporate AI are carried out in compliance with the principles established by the GDPR, including lawfulness, fairness, transparency, data minimization, accuracy, purpose limitation, integrity, and confidentiality. Feebbo applies appropriate technical, organizational, and security measures to ensure that the use of AI-based technologies is carried out in accordance with the legal framework and applicable ethical principles. Data subjects may exercise at any time their rights recognized by current regulations — including the right not to be subject to automated decisions without meaningful human intervention — by written communication to Feebbo’s Data Protection Officer through the following channels: Email: dpo@feebbo.com Postal address: Feebbo Solutions, S.L.U. – Attn. Data Protection Officer, Calle Serrano, 42 – 4ºA, 28001, Madrid (Spain). The processing carried out complies with the guidelines issued by the Spanish Data Protection Agency in its specific guide on the adequacy of AI to the GDPR, available at https://www.aepd.es/guias/adecuacion-rgpd-ia.pdf.


14. Modification of the Privacy Policy

Feebbo reserves the right to modify this Privacy Policy at any time, to adapt it to legislative or jurisprudential changes, to new interpretations issued by competent supervisory authorities (in particular, the Spanish Data Protection Agency), or to changes in internal data processing practices. Any substantial modification will be clearly and accessibly communicated through the usual channels, including the websites managed by Feebbo, with reasonable notice prior to its entry into force, where legally required. Users are encouraged to review this policy periodically to be informed of the prevailing terms at all times.

Last update: 01 August 2025.