BeeL.es

Privacy Policy

Last updated: January 26, 2026

1. Identity and Contact Details of the Controller

Data controller: Carlos Martínez García-Villarrubia

Tax ID: 49424598J

Data protection contact email: info@beel.es

Phone: +34 711 21 23 00

Website: beel.es

View full postal address

Tarragona, config.company.country

2. Purposes of Data Processing

The personal data we collect is used for the following specific purposes:

2.1. Waitlist management

  • Registration and management of beta program requests
  • Sending early access invitations
  • Communications related to product launch

2.2. Commercial communications and marketing

  • Sending product news, updates and improvements
  • Information about new features
  • Special offers and promotions for beta users
  • Newsletters and educational content about invoicing and Verifactu

2.3. Service analysis and improvement

  • Analysis of voluntarily provided feature suggestions
  • Understanding user needs and preferences
  • Continuous product and user experience improvement
  • Marketing campaign performance analysis (UTM parameters)
  • Website usage statistics via Google Analytics

2.4. Customer management (when the product is available)

  • User account and service contract management
  • Billing and payment management
  • Customer service and technical support
  • Handling inquiries, complaints and suggestions

2.5. Compliance with legal obligations

  • Compliance with tax and accounting obligations
  • Compliance with legal and regulatory requirements
  • Record keeping as required by applicable regulations

3. Legal Basis for Processing

The processing of your personal data is based on the following legal bases under the GDPR:

Explicit consent (Art. 6.1.a GDPR)

  • Waitlist: by providing your email and accepting the privacy policy
  • Commercial communications: specific consent to receive promotional information
  • Analytical cookies: consent through the cookie banner

Performance of a contract (Art. 6.1.b GDPR)

  • Service user account management
  • Provision of the invoicing service
  • Payment processing and billing

Legal obligation (Art. 6.1.c GDPR)

  • Compliance with tax and accounting obligations
  • Invoice retention under current regulations
  • Response to requests from competent authorities

Legitimate interest (Art. 6.1.f GDPR)

  • Internal analysis to improve the product and services
  • Fraud prevention and system security
  • Traffic source analysis for marketing optimization

The legitimate interest has been assessed considering proportionality and respect for your fundamental rights and freedoms.

4. Recipients and Data Processors

Your personal data may be shared with the following third parties acting as data processors, solely for the purposes described:

Hosting and storage services

Provider: Vercel Inc.
Purpose: Web platform hosting and data storage
Location: United States (with EU-approved standard contractual clauses)

CRM and contact management services

Provider: Attio
Purpose: Waitlist management, contacts and user relations
Location: European Economic Area

Transactional email services

Provider: Resend
Purpose: Sending invitation emails, notifications and communications
Location: United States (with adequate safeguards)

Analytics and statistics services

Provider: Google Analytics and Google Search Console (Google LLC)
Purpose: Website usage analysis and performance optimization
Location: United States (Google complies with the EU-U.S. Data Privacy Framework)

Conversion analytics services

Provider: DataFast
Purpose: Conversion funnel analysis, goal tracking and user experience optimization
Location: European Economic Area

Payment processing services

Provider: Stripe, Inc.
Purpose: Payment and subscription management (when the service is available)
Location: United States and European Union (PCI-DSS certified)

Safeguards: All our providers are contractually obligated to comply with the GDPR through data processing agreements that guarantee confidentiality, security and proper handling of personal data.

No third-party sharing: We do not sell, rent or share your personal data with third parties for their own commercial purposes. We only share data when strictly necessary to provide the service or when legally required.

5. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), specifically in the United States. This involves international data transfers subject to the following safeguards:

Implemented safeguards:

  • Standard Contractual Clauses (SCCs): Contracts approved by the European Commission ensuring an adequate level of protection
  • EU-U.S. Data Privacy Framework: Certified providers under this framework ensuring protections equivalent to GDPR
  • Impact assessments: Risk analyses and additional security measures to protect your data

Destination countries: United States (Vercel, Resend, Google Analytics, Stripe)

You can obtain more information about the specific safeguards implemented and request a copy by contacting us at privacidad@beel.es

6. Data Retention Periods

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

Waitlist

Period: Until product launch (November 2025) plus 6 additional months, or until you withdraw your consent.
Afterwards: Data will be deleted unless you become a customer or request to continue receiving communications.

Active customers

Period: During the contractual relationship and up to 6 years after contract termination (due to tax and accounting legal obligations).

Billing and accounting data

Period: Minimum 6 years from invoice issuance, in accordance with Spanish tax regulations (General Tax Law).

Commercial communication consents

Period: Until you withdraw your consent or 2 years from the last interaction (email open, click, etc.).
Action: After this period, we will request consent renewal.

Analytics and cookie data

Period: Anonymized data retained for up to 26 months (Google Analytics). User session data up to 2 years of inactivity.

Once retention periods have elapsed, your data will be securely deleted or anonymized so that it no longer allows your identification.

7. User Rights

In compliance with the GDPR, you may exercise the following rights regarding your personal data:

Right of access

You have the right to request information about what personal data we process about you, for what purposes, for how long and to which recipients it is communicated.

Right to rectification

You may request the correction of your personal data if it is inaccurate or incomplete.

Right to erasure ("right to be forgotten")

You may request the deletion of your personal data when it is no longer necessary, you have withdrawn your consent, you object to the processing or it has been processed unlawfully.

Right to restriction of processing

You may request the suspension of processing of your data while its accuracy or legality is being verified, or if you need us to retain it for claims.

Right to object

You may object to the processing of your data based on legitimate interest or for direct marketing purposes. In the latter case, we will immediately cease processing.

Right to data portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format (CSV, JSON), and to transmit it to another controller.

Right to withdraw consent

You may withdraw your consent at any time when processing is based on it, without affecting the lawfulness of prior processing.

How to exercise your rights?

You can exercise any of these rights free of charge by:

Response time: We will respond to your request within a maximum of 1 month from receipt. In complex cases, this period may be extended by an additional 2 months, and we will inform you accordingly.

Required documentation: To verify your identity, you must attach a copy of your ID or equivalent document.

Right to lodge a complaint with the supervisory authority

If you believe your rights have not been properly addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):

Spanish Data Protection Agency (AEPD)

C/ Jorge Juan, 6, 28001 Madrid

Phone: 901 100 099 / 912 663 517

Web: www.aepd.es

8. Protection of Children's Data

The BeeL.es service is intended exclusively for persons over 18 years of age.

We do not knowingly collect or process personal data of minors. If we detect that we have collected data from a minor, we will proceed to delete it immediately.

If you are a parent or legal guardian and believe your minor child has provided us with personal data, please contact us at privacidad@beel.es so we can delete it immediately.

9. Security Measures

The protection of your personal data is a priority. We have implemented appropriate technical and organizational measures to ensure information security:

Technical measures:

  • Communication encryption: Secure connection via SSL/TLS protocol (HTTPS) across the entire platform
  • Data encryption: Sensitive information encrypted at rest and in transit
  • Secure passwords: Password storage using hashing with robust algorithms (bcrypt)
  • Secure authentication: Authentication systems with secure tokens and protected sessions
  • Backups: Regular automatic backups with redundant storage
  • Firewalls and protection: Protection systems against unauthorized access and attacks
  • Monitoring: Activity logs and security incident detection systems

Organizational measures:

  • Limited access: Only authorized personnel have access to personal data, on a need-to-know basis
  • Confidentiality: All personnel with data access are subject to confidentiality obligations
  • Internal policies: Documented procedures for secure data processing
  • Regular reviews: Internal security audits and risk assessments
  • Continuous updates: Regular maintenance and updates of security systems
  • Incident management: Established protocols for rapid response to security breaches

Despite our efforts, no system is completely secure. If you detect any vulnerability or security incident, please contact us immediately at privacidad@beel.es

10. Cookie Policy

We use cookies and similar technologies on our website. For detailed information about which cookies we use, their purpose and how to manage them, please see our Cookie Policy.

When you first access our website, an information banner will be displayed where you can accept, reject or customize cookies according to your preferences.

11. Obtaining Consent

When data processing requires your consent, we follow these principles to ensure it is valid:

Active consent

Consent is obtained through clear positive action: checking a specific box (not pre-selected), clicking "I accept" or similar. Never through pre-checked boxes or inaction.

Specific and separate consent

We request separate consent for each distinct purpose (e.g., waitlist, commercial communications, analytical cookies). We do not bundle different purposes.

Prior information

Before giving your consent, you have full access to this privacy policy through a visible link in all forms.

Consent record

We maintain a record of when, how and for what you gave your consent, including the version of the privacy policy accepted.

Easy consent withdrawal

You can withdraw your consent at any time as easily as you gave it, through the unsubscribe link in each email or by contacting us.

12. Data Protection Officer (DPO)

Currently, as a sole proprietorship that does not carry out large-scale data processing or processing of special categories of data, we are not required to appoint a Data Protection Officer under Article 37 of the GDPR.

For any data protection inquiries, you can contact the data controller directly at privacidad@beel.es

13. Security Breach Notification

In compliance with Article 33 of the GDPR, we have established procedures for managing personal data security breaches:

72-hour notification commitment

In the event of a security breach that poses a risk to users' rights and freedoms, we will notify the Spanish Data Protection Agency (AEPD) within a maximum of 72 hours of becoming aware of the incident.

Internal procedure for security breaches:

  1. Immediate detection: Monitoring systems to identify security incidents
  2. Incident assessment: Analysis of the scope, nature of affected data and potential consequences
  3. Containment and mitigation: Immediate measures to stop the breach and minimize impact
  4. Notification to the AEPD: If applicable, notification within the deadline with all available information
  5. Communication to affected parties: If there is a high risk to rights and freedoms, direct notification to affected users with clear information about the incident and protective measures
  6. Documentation: Detailed record of the incident, measures taken and communications made
  7. Post-incident analysis: Review of causes and improvement of security measures to prevent future incidents

Transparency: In the event of a breach affecting you, we will inform you clearly and transparently about what data has been compromised, what risks it entails and what measures you can take to protect yourself.

14. Changes to this Privacy Policy

We reserve the right to modify this privacy policy when necessary to adapt to regulatory changes, new features or improvements to our services.

Any significant changes will be communicated through:

  • A prominent notice on our website
  • Email to registered users (when applicable)
  • Update of the "last updated" date at the top of this document

We recommend periodically reviewing this policy to stay informed about how we protect your information.

15. Contact Information

For any inquiries, exercise of rights or additional information about this privacy policy, you can contact us:

Data protection email: privacidad@beel.es

Phone: +34 711 21 23 00

Responsible: Carlos Martínez García-Villarrubia

Useful links

This privacy policy complies with:

Regulation (EU) 2016/679 (GDPR) • Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights (LOPDGDD) • Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE)