Legal information
Privacy Policy
Last updated: June 2025 · Domain: financessmartt.com
01
Data controller
🔒 FinancesSmartt is committed to protecting your privacy. This policy explains what personal data we collect, why we collect it, and what rights you have under the General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).
The data controller responsible for processing your personal data is: Trading nameFinancesSmartt Websitefinancessmartt.com Emailcontact@financessmartt.com CountrySpain Supervisory authorityAEPD — Spanish Data Protection Agency
02
Data we collect
We only collect data that is necessary for the purposes described in this policy. Depending on how you interact with our Site, we may collect the following categories of personal data:
Data you provide directly
When you fill in a contact form, subscribe to our newsletter, or send us an email, we collect your name, email address, and the content of your message.
Data collected automatically
When you visit our Site, we automatically collect certain technical information through cookies and similar technologies, including your IP address (anonymised where possible), browser type and version, operating system, pages visited, time and date of your visit, and referral source.
Data from third parties
We may receive aggregated and anonymised analytics data from providers such as Google Analytics. We do not purchase or receive personal data from data brokers or other third-party sources.
03
How we use your data
| Purpose | Data used | Legal basis |
|---|---|---|
| Respond to enquiries and contact form submissions | Name, email, message | Legitimate interest / Consent |
| Send newsletter and financial content updates | Email address, name | Consent |
| Analyse website traffic and improve content | Anonymised usage data | Legitimate interest / Consent |
| Display personalised advertising | Cookie identifiers | Consent |
| Comply with legal obligations | Any relevant data | Legal obligation |
| Ensure website security and prevent fraud | IP address, access logs | Legitimate interest |
04
Legal basis for processing
We rely on the following legal bases under Article 6 of the GDPR to process your personal data:
Consent (Art. 6(1)(a))
Where you have given us clear, affirmative consent — for example, by subscribing to our newsletter or accepting non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legitimate interests (Art. 6(1)(f))
Where processing is necessary for our legitimate interests and does not override your rights — for example, to analyse anonymous traffic data, improve site performance, and protect our systems from abuse.
Legal obligation (Art. 6(1)(c))
Where we are required to process your data to comply with a legal obligation imposed on us by EU or Spanish law.
05
How long we keep your data
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Specific retention periods are:
| Data type | Retention period |
|---|---|
| Contact form submissions | 12 months from last contact |
| Newsletter subscriptions | Until unsubscribe + 3 months |
| Analytics data (anonymised) | Up to 26 months (Google Analytics default) |
| Server access logs | 12 months |
| Data subject rights requests | 3 years (legal compliance) |
Once the retention period expires, your data is securely deleted or anonymised.
06
Sharing your data
We do not sell, rent or trade your personal data to third parties. We may share your data only in the following limited circumstances:
Service providers (data processors)
We work with trusted third-party providers to operate our Site and services, such as hosting providers, email delivery platforms, and analytics tools. These processors act on our instructions and are bound by data processing agreements that require them to protect your data in line with GDPR.
Advertising partners
If you have consented to advertising cookies, cookie identifiers may be shared with advertising networks (such as Google AdSense) to serve relevant advertisements. You can opt out at any time via our cookie settings.
Legal requirements
We may disclose your personal data if required to do so by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
07
International data transfers
Some of our third-party service providers (such as Google) are based in the United States and other countries outside the European Economic Area (EEA). When your data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:
— Standard Contractual Clauses (SCCs) approved by the European Commission.
— Adequacy decisions issued by the European Commission.
— Binding Corporate Rules or other approved transfer mechanisms.
ℹ️ You can request a copy of the safeguards we rely on for international transfers by contacting us at the address below.
08
Your rights
Under the GDPR and LOPDGDD, you have the following rights regarding your personal data. You may exercise them free of charge by contacting us:
Right of access
Request a copy of the personal data we hold about you and information on how it is processed.
Right to rectification
Ask us to correct any inaccurate or incomplete personal data we hold about you.
Right to erasure
Request deletion of your personal data when it is no longer necessary or if you withdraw consent.
Right to restriction
Ask us to pause the processing of your data in certain circumstances while a dispute is resolved.
Right to data portability
Receive your personal data in a structured, machine-readable format and transfer it to another controller.
Right to object
Object to processing based on legitimate interests or direct marketing at any time.
Right to withdraw consent
Withdraw consent at any time where processing is based on consent, without affecting prior lawful processing.
Right to lodge a complaint
File a complaint with the AEPD at www.aepd.es if you believe your rights have been violated.
We will respond to your request within one month of receipt. In complex cases, this may be extended by a further two months, of which we will notify you.
09
Children’s privacy
Our Site is not directed at children under the age of 14. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately and we will take steps to delete it.
Users between the ages of 14 and 18 may use our Site with the consent of their parent or legal guardian, in accordance with Article 7 of the LOPDGDD.
10
Security measures
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction or disclosure. These include:
— HTTPS encryption on all pages of the Site.
— Access controls limiting who can access personal data within our organisation.
— Regular review of our data processing activities and security practices.
— Use of reputable third-party providers with their own security certifications.
No method of transmission over the internet is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security. In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours as required by the GDPR.
11
Policy updates
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or for other operational reasons. The “Last updated” date at the top of this page will always indicate when the most recent revision was made.
Where changes are material, we will make reasonable efforts to notify you — for example, by displaying a notice on our Site or sending an email to newsletter subscribers. We encourage you to review this page periodically.
12
Contact & complaints
If you have any questions about this Privacy Policy, wish to exercise your rights, or have a concern about how we handle your data, please reach out to us: Emailcontact@financessmartt.com Websitefinancessmartt.com Response timeWithin 30 business days
If you are not satisfied with our response, you have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD): www.aepd.es.