Privacy Policy

Last updated: December 2025

1. Data Controller

The controller of your personal data is:

• Identity: Pablo Conde Muñoz
• Tax ID: 06588349E
• Postal address: Paseo Zorrilla 22 2ºB, 47006 Valladolid, Spain
• Email: info@consultbi.es
• Phone: +34 684 405 347

ConsultBI has not appointed a Data Protection Officer as it does not carry out large-scale data processing or process special categories of data.

2. What Personal Data Do We Collect and For What Purposes?

Data Collected	Purpose	Legal Basis	Retention Period
Name, surname, email	Order management and delivery of digital products	Performance of the contract (Art. 6.1.b GDPR)	Duration of the relationship + 6 years (tax obligations)
Billing address	Invoicing and compliance with tax obligations	Legal obligation (Art. 6.1.c GDPR) - General Tax Law	6 years from the invoice issue date
Tax ID (if invoice is requested)	Issuance of invoices in accordance with tax regulations	Legal obligation (Art. 6.1.c GDPR)	6 years from issuance
IP address, country of origin	Determination of the VAT applicable according to the customer's location	Legal obligation (Art. 6.1.c GDPR) - EU VAT Regulations	10 years (OSS requirements)
Browsing data (cookies)	Statistical analysis of the website using Google Analytics	Consent (Art. 6.1.a GDPR)	According to cookie type (see Cookie Policy)
Email (newsletter)	Sending commercial communications about new templates and services	Consent (Art. 6.1.a GDPR)	Until you request unsubscription + 3 additional years as history
Email, contact message	Response to queries and technical support requests	Legitimate interest (Art. 6.1.f GDPR) or performance of the contract	1 year from the last communication
User account data	Management of the customer area and access to downloads of purchased products	Performance of the contract (Art. 6.1.b GDPR)	Until you request account deletion + 6 years for purchase records

2.1. Data We Do NOT Collect

ConsultBI does NOT collect or store complete credit card data, CVV numbers, or any sensitive payment information. This data is processed exclusively by our payment processors (Stripe and PayPal) who act as independent data controllers. We only receive notifications of the outcome of the transactions (approved/rejected).

3. Data Recipients

Your personal data may be communicated to the following recipients:

3.1. Payment Processors (Independent Controllers)

• Stripe, Inc. (United States) - Credit card payment processor, certified under the EU-US Data Privacy Framework. Privacy policy: stripe.com/privacy
• PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg) - PayPal payment processor. Privacy policy: paypal.com/privacy

Note: Stripe and PayPal are independent controllers of payment data in accordance with PCI DSS. ConsultBI does not access complete card details.

3.2. Data Processors

• Google LLC (United States) - Google Analytics for web analytics, certified under the EU-US Data Privacy Framework
• Meta Platforms, Inc. (United States) - Facebook Pixel for advertising, certified under the EU-US Data Privacy Framework
• Google Ireland Limited (Ireland) - Google Ads for advertising
• Quaderno, Inc. (United States) - Billing management and international tax compliance
• Hosting provider: [To be specified according to your hosting] - Website and database hosting

3.3. Public Bodies

When legally required, your data may be communicated to:

• Spanish Tax Agency (tax obligations)
• EU Authorities (OSS VAT scheme)
• State Security Forces and Corps (in case of court order)

3.4. No Sale of Data to Third Parties

4. International Data Transfers

4.1. Transfers to the United States

Some of our providers are located in the United States. Transfers are made with the following guarantees:

• EU-US Data Privacy Framework: Stripe, Google, and Meta are certified under this adequacy framework recognized by the European Commission (Implementing Decision 2023/1795). You can verify the certifications at: dataprivacyframework.gov
• Standard Contractual Clauses: All processors have implemented the EU Standard Contractual Clauses approved in 2021

4.2. Transfers to Other Countries

We do not carry out systematic transfers to countries outside the European Economic Area other than those mentioned above, unless it is necessary to complete a transaction requested by you (for example, if you reside in a country outside the EU).

5. Your Rights as a Data Subject

In accordance with the GDPR, you have the right to:

5.1. Right of Access (Art. 15 GDPR)

You can request information about what personal data we process about you, for what purposes, for how long, and to which recipients it has been communicated.

5.2. Right to Rectification (Art. 16 GDPR)

You can request the correction of inaccurate or incomplete data. You can update your data directly from your customer area.

5.3. Right to Erasure or "Right to be Forgotten" (Art. 17 GDPR)

You can request the deletion of your data when it is no longer necessary, you withdraw your consent, or you object to the processing. This right has legal limitations, such as the obligation to keep tax data for 6 years.

5.4. Right to Restriction of Processing (Art. 18 GDPR)

You can request that the processing of your data be restricted in certain circumstances (for example, while the accuracy of the data is verified).

5.5. Right to Data Portability (Art. 20 GDPR)

You can request to receive your personal data in a structured, commonly used, and machine-readable format (CSV or JSON), as well as transmit it to another controller.

5.6. Right to Object (Art. 21 GDPR)

You may object at any time to the processing of your data for reasons related to your particular situation when the processing is based on legitimate interest. You can object to receiving commercial communications at any time by using the unsubscribe link in each email.

5.7. Right Not to Be Subject to Automated Decisions (Art. 22 GDPR)

ConsultBI does not make decisions based solely on automated processing that produce legal effects or significantly affect you.

5.8. How to Exercise Your Rights

5.9. Right to Lodge a Complaint with the Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):

• Web: www.aepd.es
• Address: C/ Jorge Juan, 6, 28001 Madrid
• Telephone: 901 100 099 / 91 266 35 17

6. Data Security

ConsultBI has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption: All communications are carried out using HTTPS protocol (TLS 1.3)
• Password storage: Passwords are stored with secure hashing (bcrypt), never in plain text
• Restricted access: Only the data subject has access to the stored personal data
• Backups: Periodic backups are performed with encryption
• Access control: Two-factor authentication available for the customer area
• Audits: Periodic review of systems and security updates

Despite these measures, no system is completely invulnerable. In the event of a security breach that may entail a high risk to your rights and freedoms, we will notify you within 72 hours in accordance with Article 34 of the GDPR.

7. Minors

ConsultBI's services are aimed at people over 18 years of age. We do not intentionally collect data from children under 14 years of age. If we detect that data from a minor has been collected without parental consent, we will proceed to its immediate deletion.

For users between 14 and 18 years of age, the consent of parents or guardians will be required for the processing of personal data.

8. Additional Information for Users by Region

8.1. For Users in the European Union

In addition to what is established in this Privacy Policy, EU users are guaranteed all the rights established in the GDPR. The supervisory authority is the Spanish Data Protection Agency (AEPD).

8.2. For Users in the United Kingdom

ConsultBI complies with the UK GDPR (United Kingdom General Data Protection Regulation). Your rights are equivalent to those of the EU GDPR. The supervisory authority is the Information Commissioner's Office (ICO):

• Web: ico.org.uk
• Telephone: 0303 123 1113

8.3. For Users in California (USA)

ConsultBI is a small business that does not reach the application thresholds of the CCPA/CPRA (annual revenues of less than $25 million and less than 100,000 California consumers processed). However, we voluntarily respect California's privacy principles.

8.4. For Users in Brazil

ConsultBI complies with the Lei Geral de Proteção de Dados (LGPD) for Brazilian users. The Autoridade Nacional de Proteção de Dados (ANPD) is the competent supervisory authority:

• Web: gov.br/anpd

8.5. For Users in Other Countries

ConsultBI is committed to respecting applicable local privacy regulations. If you have specific questions about how we process your data under the laws of your country, you can contact us at info@consultbi.es.

9. Cookies and Similar Technologies

The use of cookies on our website is detailed in the Cookie Policy, which specifies what cookies we use, for what purposes, who installs them, and how you can manage them.

10. Commercial Communications

10.1. Newsletter and Promotional Communications

If you subscribe to our newsletter, we will periodically send you information about:

• New Power BI templates available
• Updates to existing templates
• Special offers and promotions
• Educational content related to Business Intelligence

Legal basis: Explicit consent (Article 6.1.a GDPR and Article 21 LSSI-CE)

You can unsubscribe at any time by clicking on the "Unsubscribe" link present in all our commercial emails, or by sending an email to info@consultbi.es.

10.2. Transactional Communications

Regardless of your subscription to the newsletter, we will send you necessary communications related to your purchase:

• Order confirmation
• Product download link
• Electronic invoices
• Responses to technical support requests

These communications are necessary for the performance of the contract and do not require additional consent.

11. Modifications to the Privacy Policy

ConsultBI reserves the right to modify this Privacy Policy to adapt it to legislative, jurisprudential changes, or changes in our business practices.

Any modification will be published on this page with an indication of the date of the last update. If the changes are substantial and affect the processing of data already collected, we will notify you by email or by means of a prominent notice on the website.

We recommend that you periodically review this Privacy Policy.

12. Contact and More Information

For any questions, clarifications, or exercise of rights related to this Privacy Policy, you can contact: