Privacy Policy

Privacy Policy

At Boostomer SL, we take the privacy and protection of your personal data seriously. This Privacy Policy explains what data we collect, for what purposes, on what legal basis, with whom we share it and what rights you have, in accordance with Regulation (EU) 2016/679 (GDPR), the Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD), and Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE).

1. Data Controller

Controller: Boostomer SL
Tax ID (NIF/CIF): [to be completed]
Registered address: [to be completed]
Email: hello@boostomer.co
Data Protection Officer (DPO): [complete if applicable; otherwise remove this section]

2. Data We Collect

Depending on your interaction with us, we may process the following categories of personal data:

  • Identification and contact data: name, surname, company, job title, email address and telephone number provided through forms, email or meeting bookings.

  • Request-related information: details shared about your business, customer support operations and needs when requesting a CX diagnostic or consultation call.

  • Commercial relationship data: information required to manage proposals, contracts, invoicing and service delivery, including billing and payment details where applicable.

  • Browsing data: IP address, device and browser type, visited pages and information collected through cookies and similar technologies (see section 9).

We do not intentionally collect special categories of personal data (sensitive data). Please do not provide this type of information.

3. Purposes of Processing

We process your personal data for the following purposes:

  • Responding to enquiries and information requests.

  • Managing requests and bookings for CX diagnostics and consultation calls.

  • Preparing commercial proposals and quotations.

  • Managing contractual relationships and delivering contracted services.

  • Complying with legal, accounting and tax obligations.

  • Sending commercial communications regarding our services where we have an appropriate legal basis (consent or legitimate interest in existing business relationships).

  • Improving the Website and our services through usage analysis.

4. Legal Basis for Processing

  • Performance of a contract or pre-contractual measures: to manage your request, prepare proposals and deliver contracted services.

  • Consent: for marketing communications where required and for the use of non-essential cookies. You may withdraw your consent at any time.

  • Legitimate interest: to respond to enquiries, maintain business relationships, prevent fraud and improve our services, always balancing our interests against your rights and freedoms.

  • Compliance with legal obligations: to meet tax, accounting and other applicable legal requirements.

5. Data Retention Period

We will retain your data for as long as necessary to fulfil the purposes for which it was collected:

  • Data related to enquiries that do not result in a commercial relationship will be retained for the time necessary to manage the enquiry and for a reasonable additional period unless deletion is requested.

  • Client data will be retained for the duration of the contractual relationship and, afterwards, for the legally required limitation periods applicable to potential liabilities (generally up to 6 years for commercial obligations and according to applicable tax regulations).

  • Data processed on the basis of consent will be retained until consent is withdrawn.

6. Recipients and Data Processors

To provide our services, we may share your data with service providers acting as data processors, including:

  • Website hosting and website platform providers (for example, Framer).

  • Scheduling, meeting and email communication tools (for example, Google Calendar).

  • CRM, ticketing, customer support and automation platforms used in service delivery (for example, Salesforce, HubSpot, Zendesk, Freshdesk, Zoho, Gorgias, Aircall and WhatsApp Business), where relevant to the contracted project.

  • Advisors, accountants and professional service providers necessary for our operations.

We enter into the data processing agreements required under Article 28 GDPR with all processors. We may also disclose data to public authorities and government bodies where legally required.

7. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that appropriate safeguards are in place for these transfers, such as adequacy decisions by the European Commission or Standard Contractual Clauses, in accordance with applicable legislation.

8. Your Rights

As a data subject, you have the following rights:

  • Access: obtain confirmation as to whether we process your personal data and access such data.

  • Rectification: request correction of inaccurate or incomplete data.

  • Erasure: request deletion of your data where applicable.

  • Objection: object to certain processing activities.

  • Restriction: request restriction of processing in specific circumstances.

  • Portability: receive your data in a structured, commonly used format.

  • Withdraw consent: withdraw consent at any time, without affecting the lawfulness of prior processing.

You may exercise these rights by contacting hello@boostomer.co, indicating the right you wish to exercise and, where necessary, providing proof of identity.

If you believe we have not handled your request correctly, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) via its website: https://www.aepd.es

9. Cookies

The Website may use first-party and third-party cookies for technical, analytical and, where applicable, personalisation purposes. You can find detailed information and manage your preferences through our Cookie Policy [insert link if applicable] or via the Website’s cookie settings panel. Non-essential cookies will only be installed with your consent.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against loss, misuse, unauthorised access and disclosure, taking into account the state of the art and the risks associated with processing activities.

11. Minors

The Website and our services are intended for businesses and adult professionals. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor without the appropriate authorisation, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect legal changes or updates to our services. The current version will always be available on the Website, together with its latest update date. We recommend reviewing it periodically.

13. Contact

For any questions regarding this Privacy Policy or the processing of your personal data, please contact us at: hello@boostomer.co