Privacy Policy

Privacy Policy – Sebastian Iskra Revenue Marketing

Privacy Policy

This Privacy Policy explains how Sebastian Iskra - Revenue Marketing (“we”, “us”, or “our”) collects, uses, and protects personal data when you visit our website (revenuemarketing.io) or otherwise interact with us. We are committed to safeguarding your personal information and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and Spain’s Organic Law 3/2018 of 5 December on Personal Data Protection and Digital Rights Guarantee (LOPDGDD).

1. Data Controller and Contact Information

The data controller responsible for processing your personal data is:

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you may contact us at the above email address. (At this time, no Data Protection Officer is mandated or appointed for our company.)

2. Applicable Law and Principles

Our privacy practices are designed to comply with the GDPR and the LOPDGDD. We process personal data lawfully, fairly, and transparently, only for specified and legitimate purposes. We collect and use only the data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed (data minimization). We take reasonable steps to ensure personal data is accurate and up to date, and we do not keep it for longer than necessary (storage limitation). We also implement appropriate security measures to protect personal data (integrity and confidentiality).

3. How We Collect and Use Personal Data

We may collect personal data from you in several ways, including when you visit our website, contact us, or use our services. Below we explain the categories of data we collect, the purposes for which we use it, and the legal bases that allow us to do so.

3.1 Visiting Our Website (Usage Data and Cookies)

Data collected: When you browse our website, certain technical and usage information is automatically collected by our web server and through cookies or similar tracking technologies. This may include your IP address, browser type and version, device identifiers, operating system, referral source, pages viewed, dates/times of access, and other browsing actions. We may also collect cookie identifiers and analytics data if you have consented to non-essential cookies (see Section 5 on Cookies and Analytics).

Purpose: We use this information to load and display the website correctly, maintain the security and performance of the site, and understand how visitors use our site so we can improve its content, user experience, and our services. For analytics data (e.g., Google Analytics), we use it to compile aggregate statistics on site usage and effectiveness of our marketing, never to identify you individually without your consent.

Legal basis: The processing of basic usage data and necessary cookies is based on our legitimate interest (Art. 6(1)(f) GDPR) in providing a secure, well-functioning website and improving our services. We have balanced this interest against your rights and consider this processing not intrusive (as it is limited to technical data). For any analytics or preference cookies, we rely on your consent (Art. 6(1)(a) GDPR), obtained through our cookie consent banner. You have the right to accept or reject such cookies (see Section 5).

3.2 Contacting Us (Contact Forms, Emails, Meeting Scheduler)

Data collected: If you contact us via email or through any contact form on our website (for example, to request information or ask a question), or if you schedule a meeting with us through our online scheduling tool, you will provide personal data such as your name, email address, phone number (optional), company name, and any information you choose to include in your message or meeting request.

Purpose: We will use this data solely to respond to your inquiry, provide the information or assistance you requested, and communicate with you about the scheduling or details of the meeting. If you use our meeting booking feature, the data is used to arrange and confirm the appointment. We may also save correspondence records for internal administrative purposes and to improve our customer service (for example, to reference earlier communications when you contact us again).

Legal basis: Processing your contact information in these contexts is necessary to take steps at your request prior to entering into a contract or to answer your inquiries, which is considered a legitimate interest of ours or as pre-contractual processing (Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR). If your inquiry could lead to a contract or business relationship, Art. 6(1)(b) applies. In other cases, we rely on our legitimate interest in responding to communications directed at us. In all cases, we only use the data you provide to handle your request.

3.3 Newsletter and Marketing Communications

Data collected: If you subscribe to our newsletter or opt-in to receive marketing communications from us (for instance, by providing your email to download a resource or to get updates), we will collect your name, email address, and potentially your company and preferences. We may also record your subscription consent and, when applicable, the time and date of consent (as part of our compliance record-keeping). Additionally, our email marketing system may note interactions with our emails, such as opens and link clicks, for statistical purposes.

Purpose: We use this information to send you periodic newsletters, industry insights, updates about our services, event invitations, or other marketing communications that you have requested or consented to receive. Our goal is to keep you informed about topics you find relevant and our offerings. Interaction data (opens/clicks) is used to measure engagement and refine our email content, not to profile you individually beyond your preferences for receiving our emails.

Legal basis: The sending of newsletters or marketing emails is based on your explicit consent (Art. 6(1)(a) GDPR). You will only receive such communications if you have actively subscribed or agreed (for example, by ticking a box or confirming via a double opt-in email, if applicable). You can withdraw your consent at any time (see Section 8 on Your Rights) by using the “unsubscribe” link provided in every marketing email or by contacting us at our email address. Withdrawal of consent will not affect the lawfulness of any emails sent prior to withdrawal.

3.4 Business Relationships and Services

Data collected: If you engage our services as a client or business partner, we will collect the personal information necessary to maintain our business relationship. This may include contact details of client representatives (name, work email, phone), billing information, contract details, and any other personal data provided during the course of service delivery (e.g., project-related communications).

Purpose: We use this data to execute and manage the contractual relationship, including providing marketing consulting services, managing accounts, processing payments, and communicating regarding the project or contract. We may also keep records required for legal and accounting purposes.

Legal basis: For clients and business partners, processing is necessary for the performance of a contract (Art. 6(1)(b) GDPR) or to comply with legal obligations (Art. 6(1)(c) GDPR), such as financial record-keeping. Additionally, certain communications to business contacts may be based on our legitimate interest (Art. 6(1)(f) GDPR) in maintaining the relationship. In Spain, business contact data used for professional communications may be processed under legitimate interest as per Article 19 of the LOPDGDD, ensuring only relevant professional data is used.

4. Cookies and Analytics

Our website uses cookies and similar technologies to enhance user experience and analyze website performance. When you first visit our site, you will be shown a cookie consent banner allowing you to accept or reject non-essential cookies. You can manage your preferences at any time via this banner or by adjusting your browser settings.

4.1 What Are Cookies?

Cookies are small text files that are stored on your device (computer, smartphone, etc.) by websites that you visit. They contain information that is transferred to your device’s hard drive. Cookies can be “first-party” (set by us) or “third-party” (set by external providers), and they can be session cookies (deleted when you close your browser) or persistent cookies (lasting for a defined period or until deleted).

4.2 Types of Cookies We Use

  • Strictly Necessary Cookies: These cookies are essential for the operation of our website and enable core functionality (such as security, network management, and accessibility). Without these cookies, the site may not function properly. They do not require user consent under applicable law.
  • Preference/Functional Cookies: If used, these cookies allow our website to remember choices you make (e.g., language preference) and provide enhanced, more personal features. They may be set by us or by third-party services we have added to our pages. We only use such cookies to the extent you have given consent, where required.
  • Analytics Cookies: These cookies (e.g., from Google Analytics) collect information about how visitors use our site – for instance, which pages are visited most often, how users navigate the site, or if error messages occur. The information is collected in an aggregated and anonymous form (we do not use it to identify you). Analytics cookies help us improve the way our website works. We will only set analytics cookies on your device if you consent via the cookie banner.
  • Marketing/Tracking Cookies: These cookies, if present, are used to track visitors across websites to display ads or marketing messages that are more relevant to them. We currently do not use advertising cookies or pixels on our site for third-party marketing. If that changes, we will request your consent explicitly before enabling them.

4.3 Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (Google Ireland Limited for EU), to understand how visitors engage with our website. Google Analytics uses cookies and similar technologies to collect data about website usage (see “Analytics Cookies” above). The information generated by these cookies (including possibly your IP address and user behavior data) is generally transmitted to Google servers. We have configured Google Analytics to enhance privacy:

  • We utilize Google Analytics 4 (GA4), which by design does not store individual IP addresses and uses anonymization measures. In prior versions or where applicable, we have enabled IP anonymization so that Google truncates/anonymizes the last octet of the IP address within the EU/EEA before storage.
  • Google Analytics data is processed in aggregate form. We do not use it to identify individual users, and we do not combine it with other data to profile users.
  • We have set appropriate data retention settings in Google Analytics (e.g., user-level and event data retention is limited, typically 14 months, and resets on new activity, as per Google’s options) to ensure personal data is not held longer than necessary.

Data transfer and safeguards: Google LLC is based in the United States, so analytics data may be transferred to and processed on servers in the USA. We have entered into the European Commission’s Standard Contractual Clauses (SCCs) with Google as part of our data processing agreement, to provide appropriate safeguards for this international transfer. Google also indicates compliance with the EU-U.S. Data Privacy Framework for eligible data transfers. Despite these measures, U.S. intelligence agencies might, in rare cases, access data for lawful purposes, and such transfers carry a potential risk to data privacy. By consenting to analytics cookies, you acknowledge and accept that your data may be processed in the U.S. under these conditions.

Legal basis: We only use Google Analytics with your consent (Art. 6(1)(a) GDPR). If you do not consent or if you withdraw consent, no analytics cookies will be set and no data will be collected through Google Analytics. This will not affect your ability to use our website. You can also opt-out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

For more information on Google Analytics data practices, you can review Google’s Privacy Policy and Google Analytics’ terms on Google’s website.

4.4 Cookie Consent Mechanism

In compliance with Spanish law (Law 34/2002 on Information Society Services, “LSSI”) and GDPR requirements, we implement a cookie consent mechanism. On your first visit, and periodically as needed, you will be presented with a banner requesting your consent for non-essential cookies (analytics and others). You have the choice to “Accept All”, “Reject All” non-essential cookies, or customize your preferences. Essential cookies (strictly necessary for the site to function) are always active and do not store personal data beyond what is needed for their purpose.

You can change or withdraw your cookie consent at any time. If you wish to adjust your preferences later, you can do so by clicking the “Cookie Settings” link (if available on our site) or by clearing cookies in your browser which will trigger the consent banner again upon your next visit. Additionally, most web browsers allow you to manage or block cookies through their settings.

5. Third-Party Services and Data Processors

In order to operate our website and provide our services, we rely on a number of trusted third-party service providers (processors) who may process personal data on our behalf. We ensure that all third-party processors we use are bound by appropriate data protection obligations (through contracts or Data Processing Agreements) and only process your data for the specific purposes we dictate, consistent with this Privacy Policy.

Below is a list of key third-party services we use, along with what they do and how they handle personal data:

5.1 Web Hosting and Infrastructure

Our website is hosted on servers provided by an external hosting company. This means that all data transmitted to our website (such as IP addresses in server log files, and any data you submit via the site) is stored and processed on the servers of our hosting provider. We have chosen a hosting provider that maintains high security standards to protect the data on its servers, including firewalls, encryption, and access control.

Provider: (Hosting Provider Name)
Location: Data centers in the European Union (or specify, e.g., Germany/Spain) or other jurisdiction

Relevant data & purpose: The host stores website content and data necessary for the website’s operation. It automatically logs certain data (IP address, time of access, pages accessed, etc.) in server logs for security, troubleshooting, and traffic analysis. This is necessary to provide the website to you (making it a part of our service to you as a user) and to safeguard against cyber attacks.

Legal basis: Hosting and processing by the provider is based on Art. 6(1)(f) GDPR (legitimate interest), our legitimate interest in having a reliable and secure hosting of our website. Insofar as storing and reading information in your device (like through cookies for load balancing or security) is required, it is exempt from consent as it is strictly necessary.

The hosting provider acts under our instructions and will not access or use your data except as needed to fulfill its hosting obligations. If our hosting provider is located outside the European Economic Area (EEA) or uses servers outside the EEA, we ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place to lawfully transfer any necessary personal data internationally.

5.2 Customer Relationship Management (CRM) and Forms – HubSpot

We use HubSpot, an integrated CRM and marketing platform, to manage our contact forms, meeting scheduler, and customer relationships. HubSpot is provided by HubSpot, Inc. (25 First Street, Cambridge, MA 02141 USA) and its European subsidiary HubSpot Ireland Limited.

Data and purpose: When you fill out a form on our site (such as a “Contact Us” form, newsletter subscription form, or when you schedule a meeting), the information you provide is transmitted to HubSpot’s servers. HubSpot helps us organize and store contact information (like your name, email, phone, company, etc.), track communications, and respond to you. The meeting scheduling tool on our site is also powered by HubSpot’s meeting feature, which collects your provided details to book a time on our calendar and sends you confirmation/reminder emails. HubSpot may set functional cookies to ensure form submissions and login for content (if any) work properly, and it may use analytics to give us insight into how forms are used (we have configured it to respect cookie consent preferences for tracking).

Legal basis: We process data via HubSpot based on the same legal bases explained in Section 3 for the relevant context (your consent for marketing/newsletter sign-ups, or legitimate interest / pre-contractual necessity for contact requests and meeting scheduling). HubSpot, as a processor, operates on our instructions.

Data location and transfer: HubSpot may store data on servers in the United States or in the European Union, depending on our account settings. We have a Data Processing Agreement with HubSpot that includes the EU Standard Contractual Clauses to cover any transfer of personal data to the USA or other countries lacking an adequacy decision. HubSpot has also certified under the EU-U.S. Data Privacy Framework as of the latest update, indicating its compliance with EU data protection principles for transferred data. We have enabled privacy features in HubSpot to support GDPR compliance (such as disabling cookie tracking for users who have not consented, and honoring opt-out preferences).

For more details on HubSpot’s privacy practices, you can refer to HubSpot’s Privacy Policy. Rest assured, any data you submit through our forms will be used strictly for the purposes stated at the time of collection and managed securely via HubSpot.

5.3 Email Marketing – Mailchimp

Our newsletter and marketing emails are managed using the service Mailchimp, operated by The Rocket Science Group LLC, based in Atlanta, GA, USA (now an Intuit company). Mailchimp is a widely-used email marketing platform.

Data and purpose: If you subscribe to our newsletter or other marketing communications, the information you provide (such as your email address, name, and any other fields) is transferred to Mailchimp and stored on their servers. We use Mailchimp to create, send, and track our email campaigns. Mailchimp helps us manage our subscriber list and provides insights into email delivery and engagement (for example, whether you opened an email or clicked a link). We use this information to improve our content and ensure we send relevant information to our subscribers. Mailchimp also ensures that we handle the subscriptions in a proper manner (e.g., managing opt-outs/unsubscriptions, and storing proof of consent and subscription dates for compliance).

Legal basis: The processing of your data for email marketing via Mailchimp is based on your consent (Art. 6(1)(a) GDPR), as explained in Section 3.3. We only add you to our mailing list if you have given consent, typically through a sign-up form and email confirmation (double opt-in) if applicable. You may unsubscribe at any time, and Mailchimp automatically ensures your address is suppressed from future mailings once you do.

Data transfer and safeguards: Mailchimp’s servers are primarily in the United States. Thus, your personal data (email, name, and any email engagement data) will be transferred to the USA for processing. We have executed Standard Contractual Clauses with Mailchimp through their Data Processing Addendum to protect your data during this transfer. Additionally, Mailchimp has committed to the principles of the EU-U.S. Data Privacy Framework as of the latest information, which provides an additional level of assurance for transatlantic data protection. We trust Mailchimp as it has robust security measures and a strong reputation for data protection. You can review Mailchimp’s own Privacy Policy for more details on how they protect personal data.

Mailchimp will not use your email address to contact you directly or share it with third parties, except as allowed in their terms (for example, to improve their service or as legally required). Our mailing list is only used for our communications and is not sold or shared externally.

5.4 Other Service Providers

In addition to the above, we may use other third-party services as needed to operate our business and website, such as:

  • IT and Security Services: We might employ cloud storage or backup services, IT support, or security monitoring services that could incidentally process stored data. Any such providers are contractually bound to confidentiality and data protection agreements.
  • Analytics and Tag Management: Aside from Google Analytics (covered in 4.3), we use Google Tag Manager to manage various scripts on our website. Google Tag Manager is a tool that deploys other scripts and tags and does not collect personal data itself. It may nonetheless send your IP address to retrieve scripts from Google’s servers. This use is justified by our legitimate interest in efficiently managing the technical aspects of our site.
  • Social Media and Plug-ins: We maintain a presence on platforms like LinkedIn. Our website may contain links to our social media profiles or share buttons. We do not embed social media plugins that automatically transmit your data to those platforms without your interaction. If you choose to follow a link to LinkedIn or any external site, be aware that those sites have their own privacy policies and we have no control over their data processing.

We will update this Privacy Policy to reflect any significant changes in our use of third-party processors. All our providers are selected for their commitment to data security and privacy.

6. Data Sharing and Disclosure

We treat your personal data with care and confidentiality. We do not sell or rent your personal data to third parties. We will only share your data in the following circumstances:

  • With service providers (processors): as described above in Section 5, we share data with third-party service providers who perform functions on our behalf (such as hosting, email delivery, data analytics, etc.). They are contractually obligated to only process data under our instructions and to implement appropriate security measures.
  • Within our organization: Personal data may be accessed by personnel of Sebastian Iskra – Revenue Marketing who need to process it for the described purposes. This includes our small team and trusted contractors, all of whom are bound by confidentiality and data protection obligations.
  • For legal obligations: We may disclose personal data if required to do so by law or in response to a valid request by a government or law enforcement agency (for example, to comply with tax, reporting, or other legal requirements).
  • To protect rights and interests: In rare cases, we may share data to establish, exercise, or defend our legal rights. For instance, if there is a dispute or legal claim, we might need to provide relevant information to our legal advisors or to a court. Likewise, if necessary, we may share data to investigate or prevent fraud or security issues.
  • Business transfers: If in the future our company undergoes a business transition such as a merger, acquisition, or sale of assets, personal data may be transferred to the successor entity. In such case, we will ensure the new owner will handle the data in line with this Privacy Policy and applicable laws, and we will notify you of any changes in data handling.

Whenever we share your data, we only share the minimum amount necessary for the specific purpose and, where applicable, in a pseudonymized or anonymized form.

7. International Data Transfers

As a company based in the European Union (Spain), we primarily process and store your data within the EU/EEA. However, as noted, some of our service providers are located in or may store data in countries outside the European Economic Area (for example, the United States). Whenever your personal data is transferred outside the EU/EEA, we will ensure that one of the following safeguards is in place:

  • European Commission Adequacy Decision: If the data is transferred to a country that the European Commission has determined provides an adequate level of data protection (an “adequacy decision”), your data will rely on that basis. (For example, transfers to countries like the UK, Switzerland, or others deemed adequate.)
  • Standard Contractual Clauses (SCCs): We will use the latest approved European Commission Standard Contractual Clauses (which are legal contracts) with the recipient of the data, obligating them to protect your data to EU standards. All our US-based providers (such as Google, HubSpot, Mailchimp) are engaged under SCCs via their data protection addenda.
  • Data Privacy Framework or Binding Corporate Rules: Where applicable, if a US recipient is certified under the new EU-U.S. Data Privacy Framework (as of 2023) or if a company has approved Binding Corporate Rules, we may rely on those mechanisms to safeguard the transfer.
  • Explicit Consent in certain cases: In the unlikely event we need to transfer data without the above safeguards, we would inform you and seek your explicit consent (Art. 49(1)(a) GDPR) or rely on another permitted derogation under GDPR Article 49 (for example, if the transfer is necessary for the performance of a contract with you, or for establishment/exercise of legal claims).

We are mindful of the legal landscape regarding international data transfers (following decisions like Schrems II). We continuously monitor our processors’ compliance and, if needed, implement supplementary measures (such as encryption in transit and at rest, minimization of data sent, etc.). If you have questions about the safeguards for transferring your data internationally, please contact us at our email address.

8. Data Retention and Deletion

We will not keep your personal data for longer than is necessary for the purposes for which it is processed, unless a longer retention period is required or permitted by law. In determining retention periods, we consider the nature of the data, the purpose of processing, and potential legal requirements (e.g., tax or accounting rules, applicable statutes of limitations).

Generally, we apply the following retention guidelines:

  • Website usage data (server logs): Our web server logs and security logs are typically retained for a short period (usually 7 to 30 days) unless we need to keep them longer to investigate security incidents or abuse. After that, they are automatically deleted or anonymized.
  • Analytics data: As mentioned in Section 4.3, Google Analytics data is retained as per our settings (currently 14 months for user-level data by default). Analytics reports do not contain personal data and may be kept longer (in aggregated form) for historical analysis.
  • Contact form inquiries and emails: If you contact us but do not become a client or engage further, we will retain your correspondence and the personal data within it for as long as necessary to address your query, and for a reasonable period thereafter in case you have follow-up questions. Typically, we review contact data periodically and delete data that is no longer needed (generally within 1-2 years). However, our email archives may retain communications for up to 5 years, stored securely, after which we delete or anonymize them, unless continued retention is needed (e.g., a legal matter).
  • Meeting scheduling data: If you scheduled a meeting but did not pursue services, we treat that similar to contact inquiries. The data in HubSpot related to meetings (name, email, etc.) will be retained for follow-up and then removed upon request or periodically if inactive.
  • Newsletter subscription data: We retain your email and related profile information for as long as you remain subscribed to our newsletter or marketing communications. If you unsubscribe, we will immediately stop sending you emails. We may keep your email on a suppression list to ensure we honor your opt-out (to not accidentally re-add you) as required by law. Mailchimp automatically handles this by marking unsubscribed addresses and we retain that for record-keeping. We periodically clean our mailing list to remove contacts that are inactive or bouncing.
  • Client and contract data: For clients with whom we have an ongoing contract or have completed a project, we retain contract-related personal data for the duration of the contract and thereafter as required by law. Spanish commercial and tax laws may require us to keep certain records (e.g., invoices with personal data) for up to 5 years (or longer if required by specific regulations). Project communications and files might be stored for a similar period after the project ends, in case of queries or follow-up work. After legal retention periods expire, we will securely delete or anonymize client personal data that is no longer needed.

When we delete personal data, we ensure it is removed from our active systems and backups are overwritten or also deleted when feasible. In cases where deletion is not immediately possible (e.g., data stored in secure archives), we will ensure it is not used for any other purpose and is kept securely until deletion is possible.

If you believe we are storing your personal data longer than we should, please contact us and we will review and securely delete it if appropriate.

9. Your Rights as a Data Subject

Under the GDPR and LOPDGDD, you have various rights regarding your personal data. We are committed to respecting your rights and ensuring you can exercise them. Your principal data protection rights include:

  • Right of Access: You have the right to obtain confirmation whether or not we are processing personal data about you, and if so, to request a copy of the personal data we hold about you, along with information on how we use it (as provided in this Privacy Policy).
  • Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. We encourage you to let us know if your information changes or if you notice any inaccuracies.
  • Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes it was collected, or when other conditions apply (for example, if you withdraw consent and no other legal basis exists, or if you believe the processing is unlawful). We will honor valid deletion requests, provided we have no other legal obligation to retain the data.
  • Right to Restrict Processing: You can ask us to restrict (pause) the processing of your personal data in certain situations – for instance, if you contest the accuracy of the data or have objected to processing (pending verification). During restriction, we will store your data securely and not process it further except to the extent permitted by you or required by law.
  • Right to Object: You have the right to object to our processing of your personal data when we process it based on legitimate interests (Art. 6(1)(f) GDPR) or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for those purposes immediately. If you object to processing based on other legitimate interests, we will re-evaluate our reasons and either cease processing or explain compelling legitimate grounds that override your rights.
  • Right to Data Portability: For data you have provided to us and that we process by automated means based on your consent or a contract, you have the right to request that we provide it to you in a structured, commonly used, machine-readable format, or transfer it directly to another data controller where technically feasible. This makes it easier for you to reuse your data across different services.
  • Right to Withdraw Consent: If we rely on your consent for any processing (e.g., sending newsletters or using certain cookies), you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing done before the withdrawal. You can withdraw by contacting us or, for cookies, by adjusting your cookie settings, and for emails, by clicking “unsubscribe”.
  • Right not to be subject to Automated Decisions: We do not carry out any decision-making based solely on automated processing, including profiling, which produces legal effects or similarly significant effects for you. If that ever changes, you would have the right to human intervention and to contest the decision.

Exercising your rights: You can exercise any of these rights by contacting us at contact@revenuemarketing.io with your request. Please clearly state which right you wish to exercise and provide necessary information to verify your identity (we may need to request additional information or proof of identity to ensure we do not disclose data to the wrong person). We will respond to your request as soon as possible, and in any case within one month as required by law (this can be extended by two further months for complex requests, but we will inform you if extension is needed).

Exercising your rights is free of charge. However, if requests are manifestly unfounded or excessive (for example, repetitive requests), the law permits us to either charge a reasonable fee to cover administrative costs or refuse the request. We will not refuse any request without a clear explanation.

Right to lodge a complaint: If you believe your data protection rights have been violated or you are dissatisfied with how we have handled your personal data or any request, you have the right to file a complaint with the supervisory authority in the country of your habitual residence, place of work, or where the alleged infringement occurred. Since our company is established in Spain, our lead supervisory authority is the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD). You can find information on how to submit a complaint on the AEPD’s website: www.aepd.es. The AEPD’s address is C/ Jorge Juan, 6, 28001 Madrid, Spain. We would, however, appreciate the chance to address your concerns before you approach the AEPD, so please consider reaching out to us first.

10. Data Security Measures

We take the security of your personal data seriously. We implement a variety of technical and organizational security measures to protect your information from unauthorized access, loss, alteration, disclosure, or destruction. These measures include:

  • Encryption: Our website is secured via SSL/TLS encryption (HTTPS). This means that data transmitted between your browser and our website (such as form submissions) is encrypted in transit, preventing eavesdropping. Where applicable, we also encrypt sensitive data at rest in our databases or cloud storage.
  • Access Control: Personal data is only accessible to those who need it to perform their duties. We restrict access to systems and databases to authorized personnel, and each such individual is subject to confidentiality obligations. Administrative access to our systems is protected by strong authentication (such as strong passwords and, where possible, two-factor authentication).
  • Data Minimization: We only collect and retain the minimum personal data necessary for the purposes described. By holding less data, we reduce the risk associated with data breaches. We also pseudonymize or anonymize data wherever feasible, especially for analytics or reporting purposes.
  • Monitoring and Testing: We keep our software, website platform, and plugins up to date to guard against security vulnerabilities. We employ security tools and monitoring to detect and respond to any suspicious activities or intrusions. Regular backups are performed to ensure data integrity, and we have disaster recovery procedures in place.
  • Third-Party Assurance: When we use third-party processors (as listed in Section 5), we vet their security practices. Our Data Processing Agreements require them to implement adequate security measures. For example, our hosting provider and cloud services maintain certifications like ISO 27001 or SOC 2, and providers like HubSpot, Google, and Mailchimp are known to invest heavily in security.

Despite all these precautions, no system can be 100% secure. However, we strive to use commercially acceptable means to protect your personal data. In the unlikely event of a data breach that poses a significant risk to your rights and freedoms, we will notify you and the appropriate authorities (like the AEPD) as required by Article 33/34 of GDPR.

We also encourage you to play a role in keeping your data secure. Please do not send us unnecessary sensitive information via email, and ensure that any passwords or access credentials you use are kept confidential and secure.

11. Children’s Privacy

Our services and website are not directed to individuals under the age of 16, and we do not knowingly collect personal data from children. In Spain, the law (LOPDGDD) requires parental or guardian consent for processing personal data of children under 14 years old. We do not intend to collect data from minors under 14. If you are under 14, please do not provide any personal information to us. If you are between 14 and 18, you should review this policy with your parent or guardian to ensure you understand it.

If we become aware that we have inadvertently collected personal data from a child under 14 without proper consent, we will take steps to delete that information as soon as possible. If you believe that we might have any information from or about a minor, please contact us so we can investigate and take appropriate action.

12. External Links

Our website may contain links to external websites or resources that are not operated by us (for example, a link to our LinkedIn profile, or references to articles). This Privacy Policy applies only to our website and our own processing of personal data. If you click on an external link, you will be directed to that third party’s site. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit. Nonetheless, we aim to only provide links to reputable sources and to clearly indicate when you are leaving our site.

13. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will modify the “last updated” date at the bottom of this policy. If the changes are significant, we may also provide a more prominent notice (such as a banner on our website or an email notification, if appropriate and feasible). We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Continued use of our website or services after any modifications to the Privacy Policy will constitute your acknowledgment of the changes and your agreement to abide by the updated terms, to the extent permitted by law.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please do not hesitate to contact us:

  • Email: contact@revenuemarketing.io
  • Mail: Sebastian Iskra – Revenue Marketing, Carrer dels Angels 8, 2° – 2A, 08001 Barcelona, Spain

We will be happy to assist you and address any issues to the best of our ability.

Last updated: April 8, 2025