top of page

Data Protection and Privacy Policy

1. Introduction

 

SFSavvy Me S.L. ("Company", "we", "us", or "our") is dedicated to ensuring the privacy and security of our customers' personal data. This policy explains how we collect, process, store, and protect personal data in accordance with the EU General Data Protection Regulation (EU GDPR), the UK General Data Protection Regulation (UK GDPR), and the UK Data Protection Act 2018.

​

2. Scope

 

This policy applies to all personal data processed by SFSavvy Me S.L. across its operations, including data collected from customers, website visitors, business partners, employees, and third parties. It governs all data processing activities, whether electronic or physical, and applies to our global operations where applicable.

It also highlights any differences between the EU GDPR and UK GDPR where relevant.

 

3. Principles of Data Protection

 

We adhere to the following principles when processing personal data:

  • Lawfulness, Fairness, and Transparency – We ensure that data is processed lawfully, fairly, and transparently.

  • Purpose Limitation – Personal data is collected for specified, explicit, and legitimate purposes and not used for unrelated activities.

  • Data Minimization – We collect only the personal data necessary for specific purposes.

  • Accuracy – We ensure data is accurate and kept up to date.

  • Storage Limitation – We retain personal data only for as long as necessary for legitimate business and legal purposes.

  • Integrity and Confidentiality – We implement appropriate security measures to protect data from unauthorized access, loss, or destruction.

  • Accountability – We take responsibility for data protection compliance and maintain appropriate records.

 

4. Data Collection and Processing

 

4.1 How We Collect Personal Data

We collect personal data through the following means:

  • Directly from individuals – When they register, use our services, communicate with us, or visit our website.

  • Automatically – Through cookies, analytics tools, and other tracking technologies.

  • Third Parties – Including business partners, public sources, and service providers.

 

4.2 Types of Personal Data Collected

The personal data we collect may include:

  • Identity Information – Name, date of birth, contact details, job title.

  • Financial Data – Payment details, transaction history.

  • Technical Data – IP addresses, device identifiers, browsing history, log files.

  • Communication Data – Correspondence, inquiries, and feedback provided to us.

  • Employment Data – If applicable, for hiring and personnel management.

 

5. Legal Basis for Processing Personal Data

​

We process personal data based on one or more of the following legal grounds:

  • Consent – When individuals give explicit consent for data processing.

  • Contractual Necessity – When processing is necessary for contract execution.

  • Legal Obligations – When required to comply with applicable laws.

  • Legitimate Interests – When processing is necessary for business operations without infringing individuals' rights.

  • Vital Interests – When processing is necessary to protect someone’s life.

  • Public Interest – When processing is required for official authority execution.

 

Differences Between EU GDPR and UK GDPR

 

The UK GDPR follows the principles of the EU GDPR but is governed under UK law following Brexit. The UK Information Commissioner's Office (ICO) enforces UK GDPR, while each of the EU member states has its own Data Protection Authority (DPA) oversees EU GDPR compliance. For cross-border processing, UK-based companies must appoint an EU representative if handling EU citizens' data and vice versa.

 

6. Data Sharing and Third-Party Disclosures

​

We do not sell or rent personal data. We may share data with:

  • Service providers – IT infrastructure, cloud services, payment processors.

  • Legal and regulatory authorities – When required for compliance or investigations.

  • Business partners – Under strict confidentiality agreements.

  • International Transfers – When required, we ensure compliance with data transfer mechanisms such as Standard Contractual Clauses (SCCs) or adequacy decisions.

 

Data Transfers Between the UK and EU

 

The UK has received an adequacy decision from the European Commission, meaning data transfers from the EU to the UK are permitted. However, businesses transferring data from the UK to the EU should implement safeguards like SCCs where required.

 

7. Data Security Measures

​

We implement strict security measures, including:

  • Encryption of sensitive data during storage and transmission.

  • Access controls, role-based permissions, and multi-factor authentication.

  • Regular security audits, penetration testing, and vulnerability assessments.

  • Incident response and data breach notification policies.

  • Employee training on data protection and cybersecurity best practices.

 

8. Data Retention Policy

 

We retain personal data only as long as necessary for:

  • Service delivery and contractual obligations.

  • Legal and regulatory compliance.

  • Fraud prevention, dispute resolution, and security purposes.

 

Once retention periods expire, data is securely deleted or anonymized.

 

9. Individual Rights Under EU GDPR and UK GDPR

​

Individuals have the following rights regarding their personal data:

  • Right to be Informed – Transparency about how data is collected and used.

  • Right of Access – Request a copy of their personal data held by us.

  • Right to Rectification – Correct inaccurate or incomplete data.

  • Right to Erasure – Request deletion of personal data ("right to be forgotten").

  • Right to Restrict Processing – Limit how their data is used.

  • Right to Data Portability – Obtain and reuse their data for their own purposes.

  • Right to Object – Object to processing based on legitimate interests.

  • Rights Related to Automated Decision-Making – Challenge automated decisions affecting them.

 

To exercise these rights, individuals may contact us at contact@sfsavvy.me.

 

10. Cookies and Tracking Technologies

​

We use cookies for:

  • Website functionality and user experience enhancement.

  • Analytics and performance monitoring.

  • Marketing and personalized content.

Users can manage cookie preferences via their browser settings or our website’s cookie consent tool.

 

11. Complaints and Contact Information

​

For privacy-related concerns, individuals can contact:

​

Data Protection Officer (DPO):
SFSavvy Me S.L.
C/ Almirante Cadarso 26, 46005 Valencia, Spain
contact@sfsavvy.me
 

If unresolved, individuals may lodge a complaint with:

  • EU Residents: The relevant Data Protection Authority (DPA) in their country.

  • UK Residents: The Information Commissioner's Office (ICO) at https://ico.org.uk.

 

12. Policy Updates

​

We may update this policy periodically. Any changes will be communicated through our website and appropriate channels.

Last Updated: 01 February 2025

Disclaimer

Privacy Policy

© 2024 by sfsavvy

bottom of page