Legal Document

Privacy Policy

Last updated: February 27, 2026

This policy is drafted to comply with GDPR, LOPDGDD and LSSI requirements. Complete the company details marked as [TO BE COMPLETED] before publishing to production.

1. Data Controller

Company: FLOO GLOBAL S.L.

Tax ID (NIF/CIF): [TO BE COMPLETED]

Registered address: [TO BE COMPLETED], Barcelona, Spain.

Privacy contact: contact@floo.es

Phone: +34 910 135 156

2. Applicable Regulations and Scope

This policy applies to personal data collected through FLOO websites, forms, and direct communications. Processing is carried out according to Regulation (EU) 2016/679 (GDPR), Spanish Organic Law 3/2018 (LOPDGDD), and Law 34/2002 on Information Society Services (LSSI).

3. Data We Process

  • Identification and contact data provided by users (name, surname, company, email, phone, message).
  • Commercial and pre-contractual data related to product or service requests.
  • Technical and security data generated during browsing (IP, events, device/browser metadata).
  • Marketing preferences and consent records when newsletter communications are enabled.

4. Purposes and Legal Bases

  • Handling requests and inquiries: pre-contractual measures and/or legitimate interest (Art. 6(1)(b), 6(1)(f) GDPR).
  • Managing business and contractual relationships: contract performance and legal obligations (Art. 6(1)(b), 6(1)(c) GDPR).
  • Sending commercial communications: explicit consent, withdrawable at any time (Art. 6(1)(a) GDPR).
  • Fraud prevention and platform security: legitimate interest (Art. 6(1)(f) GDPR).

5. Retention Periods

  • Inquiry data: up to 12 months from the last meaningful interaction.
  • Contract-related data: for the contract term and applicable statutory limitation periods.
  • Accounting and tax documents: as required by commercial and tax regulations.
  • Marketing data: until consent is withdrawn or an objection is received.

6. Recipients and Processors

FLOO may share data with service providers acting as data processors (hosting, email, infrastructure, support tools), under data processing agreements compliant with Article 28 GDPR. Data is not sold. Data disclosures to third parties only occur when legally required or expressly authorized.

7. International Transfers

FLOO does not generally transfer personal data outside the EEA. If a transfer is required, FLOO will implement appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses, or equivalent lawful mechanisms.

8. Your Rights

You may exercise your rights of access, rectification, erasure, objection, restriction, and portability by contacting contact@floo.es.

You may also lodge a complaint with the Spanish Data Protection Authority (AEPD): www.aepd.es.

9. Minors

FLOO services are not intended for children under 14 years old. If unauthorized minor data is detected, it will be deleted without undue delay.

10. Security and Policy Updates

FLOO applies appropriate technical and organizational measures to protect data confidentiality, integrity and availability. This policy may be updated due to legal, technical or operational changes. The current version is always the one published on this page.