Privacy Policy
Last policy review: 13/05/2025
Who is the Data Controller?
SALESCALING SOFTWARE, S.L. Tax ID: B19825488 Postal address: C/ Crujiola, 6-Alsaca building, Tower 2, Floor 5, 38530, Candelaria (Santa Cruz de Tenerife) Email: [email protected]
If you wish to contact us regarding your Personal Data you can do so at the address indicated in the previous section. The Data Controller may alternatively be referred to as “SALESCALING”, the “Controller”, “Platform” or “we”.
Introduction
SALESCALING (owns the domain https://salescaling.com, https://app.salescaling.com) as well as this website and/or the web App and/or any other type of software developed, operated and/or maintained by SALESCALING (hereinafter the “Platform”).
Through this text, the Privacy Policy of SALESCALING is made available to the User (hereinafter also referred to as “User”, “Data Subject” or “you”) in order to describe the personal information we collect, the purpose for which we use it and, in general, the processes and ways in which we process it during the use and/or of the Platform by Users (both registered and unregistered depending on the processing) during their navigation through it.
SALESCALING may make this Privacy Policy available to the User in different languages. In that case, this Spanish version will prevail in the event of interpretive conflict.
Processing of personal data on behalf of our clients
When the Platform is integrated by our end customers within their business activity under a service contract, the Platform will process personal data for the provision of services on behalf of those customers, acting as a Processor.
In that case, that customer will be the Data Controller of the personal data that they share with, or enter into, the Platform.
The processing of personal data by SALESCALING as Processor will not be governed by this Privacy Policy, but by the provisions of the service contract between the Platform and the end customer, in accordance with the instructions and purposes specified therein, as well as the specific Data Processing Agreement and the privacy policy of the end customer that integrates our services, in compliance with the applicable data protection regulations.
Processing activities and purposes for which we process your data as data controllers
Processing we carry out as Data Controllers:
Platform functionality
Purpose: to allow the use of the Platform and navigation through it by Users ensuring the correct functioning of the Platform, to allow updates and technical maintenance, to improve navigability, security and performance.
Categories of data processed: Platform Usage Data by the User and application and device data; including the following: navigation and usage data, IP address, usage preferences, visits made, language, device information, browser type, device type and operating system, approximate location by region and country of access; as well as cookies; and anonymized statistical data. Likewise, if the User arrives at the Platform from an external source (such as, for example, through a link from a website or a third-party social network), the Controller will collect anonymous statistical information about the source from which the visitor came in order to better understand how users discover and reach the Platform and/or to improve the company's marketing and positioning strategies.
Categories of Data Subjects: Registered and unregistered users who use the Platform.
Method of collection: shared by the User through navigation of the Platform environment.
Legal bases: our legitimate interest in ensuring the adequate, updated functioning and in guaranteeing the improvement and security of the Platform and of the Users, and in knowing the origin and source from which the user comes; or the User's consent otherwise (e.g.: regarding cookies that are not necessary to ensure the functioning of the Platform)
Retention period: Usage Data will be kept for a maximum of 12 months from when they were collected, in accordance with Law 25/2007 on the retention of data in electronic networks. After that period, the data will be deleted unless required by a public authority. Anonymized statistical data may be stored indefinitely as they do not contain personal data.
Disclosure: the data collected may be communicated to our essential technology, IT and/or data hosting service providers to guarantee the purpose for which they were collected. Your data will not be sold to third parties.
Security and fraud prevention
Purpose: We collect and analyze Data of the Data Subject to ensure the security of our Users, prevent fraud, and carry out timely investigations and use the information for possible claims in our interest or that of third parties. This processing includes:
Collection of traffic data: We collect information about visits to our website, including IP addresses, browser type, pages visited, time spent and other browsing data.
Behavior pattern analysis: We use analytics tools to identify unusual or suspicious behavior patterns that may indicate attempts at fraud or unauthorized access.
Threat detection: We implement intrusion detection systems and other threat detection systems that analyze traffic in real time to identify and block malicious activities.
Identity verification: We use traffic data to verify users' identities and ensure that transactions and accesses are legitimate.
We keep detailed records of accesses and activities on our website to carry out security audits and respond quickly to any incident.
Collaboration with authorities: In case fraudulent or suspicious activities are detected, we may collaborate with the competent authorities by providing the necessary information for the investigation in compliance with a legal obligation. These processes allow us to protect the integrity of our website and the security of our Users, ensuring a safe and reliable digital environment.
Categories of data processed: Browsing and usage data, IP address, access logs, failed login attempts and suspicious activity, device information, browser type, device type and operating system, approximate location by region and country of access.
Category of Data Subjects: Users who use the Platform
Method of collection: shared by the User through navigation of the Platform.
Applicable legal basis: Compliance with legal obligations regarding access and activity logs. The processing will be based on the Controller's legitimate interest in investigating, detecting, preventing and prosecuting fraud, protecting its interests or those of third parties; as well as defending its interests against possible claims for contractual breaches or applicable regulations by Users and ensuring the correct and secure operation of the Platform, Users and third parties.
Retention period: Access and activity logs will be retained for 1 year, in accordance with Law 25/2007 on the retention of data in electronic networks. After that period, the data may be blocked for the legally provided periods to comply with regulatory obligations and statutory limitation periods if we consider there may be a risk of receiving a claim.
Disclosures to third parties: The data collected may be communicated to our essential technology, IT and/or data hosting service providers to guarantee the purpose for which they were collected, as well as to public authorities and law enforcement when required.
Provision of contracted services
Purpose: The processing is carried out with the purpose of ensuring the provision of the Platform's services consisting of:
The recording of conversations via video calls in video and audio format, as well as their transcription into text format and storage of the recordings and transcriptions. The data subject must be authorized to record and transcribe conversations in which third parties appear and must inform them of that circumstance and of their data protection rights.
The processing of the data subject's calendars to which access has been explicitly granted.
The processing of the data subject's emails to which access has been explicitly granted.
The processing will include the management of requests, mandates or prior and during-contract procedures and making communications about the operation of the service.
Likewise, data processing will be carried out to ensure registration on the Platform and to manage payments, among other derived processing that allow guaranteeing the provision of services and executing the contract.
If consent is obtained and the User configures it on their device, they may receive notifications on their device.
Categories of data processed:
Billing identification data: name and surname, identity or tax number, passport or similar
Contact data: including email address and phone number
Information related to the service, including audio and video recordings, which may contain images and voice recordings of the data subject and of third parties participating in the conversation
Payment data, including some digits of the bank card, security code and card expiration date, in case of contracting services through the Platform. However, payment data will be provided by the User and stored by the payment gateway provider made available to the User to make the payment for the services
Access data of registered Users, such as username, email address and, where applicable, the avatar designated by them on the third-party platform through which they sign in or register with SALESCALING (such as, for example, Google or Microsoft)
Categories of Data Subjects: Registered users who contract and use the Platform's services and third parties who participate in conversations with the data subject; and employees or staff dependent on end customers who contract the Platform's services to integrate it within their company.
Method of collection:
Directly from the data subject when the data is entered by them through the use of the Platform
Through the companies that have integrated the Platform's services into their company and share the data with the Platform for the provision of services
Legal bases: The processing is necessary for the performance of a contract in which the Data Subject or the company is a party or for the application, at their request, of pre-contractual measures.
Retention period: While the provision of services lasts and, after its termination, your data may be blocked during the legally provided periods to comply with regulatory obligations, including tax, commercial and anti-money laundering regulations, as well as during the statute of limitations period. Video and/or audio recordings will be retained for the period agreed in the service contract and/or by the plan or subscription contracted by the User.
Disclosures to third parties: Your data will not be disclosed in general. However, they may be disclosed to our external providers of essential technological, IT services, including cloud service providers, payment service providers, communications, generative artificial intelligence service providers, and/or communications when necessary to guarantee the purpose in compliance with the execution of the service contract. And, likewise, they may be shared with authorities when required by legal obligation or court order.
Sending commercial communications
Purpose: Sending commercial communications, offers, promotions, or similar, of the products offered by the Controller, according to the different possibilities:
Communications by email: Sending promotions and/or offers to the User's email address. The User may object to receiving commercial communications at any time by contacting the Controller's email address or, where applicable, via the option enabled within the email itself.
Push notifications: Sending promotions and/or offers to Users' devices when they voluntarily configure and consent to it. The user may stop receiving this type of notifications by configuring their device accordingly.
Third-party communications: Users may receive communications from third parties only when they have previously given their consent. Consent may be withdrawn at any time via the Controller's contact addresses.
Personalized communications: the sending of personalized communications according to Users' interests and preferences will require prior consent from them, and may be withdrawn at any time.
If the User wishes to stop receiving commercial communications they can object at any time by contacting the Controller via its postal address, email or through the channels enabled for the different communication modalities.
Data processed:
Identification data: name and surname
Contact data: email
Organization data: trade name
Data related to the User's preferences, if applicable
Method of collection: directly from the User.
Registered users or SALESCALING customers: directly from the Data Subject through their registration on the platform.
Unregistered users: directly from the Data Subject through their registration in forms, newsletter, and similar.
Legal bases:
Regarding registered Users or customers: it will be based on the Controller's legitimate interests in informing Users about contracted or similar products and relevant information, unless the User objects to such processing.
Regarding Users with whom there is no contractual relationship: consent will be required.
Consent will also be necessary for both registered and unregistered Users for the sending of push notifications, personalized communications, and third-party communications, until consent is withdrawn, opposition is expressed or the account is deleted by the User.
Retention period: Data will be processed until the User withdraws their consent. In case of user inactivity for 24 months, the Controller will stop sending commercial communications and will delete the data related to this processing. After the period or upon withdrawal of consent, the data may be blocked for the legally provided periods to comply with applicable regulatory obligations and statutory limitation periods.
Disclosure: Your data will not be disclosed to third companies, except to those that provide IT, technological and/or technical services, and only to guarantee the mentioned purposes. Your data will not be sold or disclosed to third parties except after informing the Data Subject and obtaining their prior consent.
Resolution of queries made by the User
Purpose: Ensure communication by Users with the Controller to make customer service inquiries, file complaints, or other similar matters, through any of the Controller's contact points including forms, email or postal addresses or others made available to the User.
Categories of data processed: Identification data, specifically name and surname and contact details, including email address and/or phone number.
Categories of Data Subjects: Users who make the inquiry.
Method of collection: Directly from the Users, when they contact the Controller directly or through external subcontracted providers for that purpose.
Legal bases: User consent or the Controller's legitimate interest in responding to an inquiry after having received the request.
Retention period: Once the purpose for which they were collected has been achieved, the data will be retained for a maximum period of 24 months, unless for reasons of legitimate interest or statutory limitation periods their retention is required for a longer period.
Disclosure: Your data may be communicated to our technology, IT and/or data hosting service providers, which are essential to guarantee the purpose for which they were collected. Your data will not be sold to third parties.
Internal analysis and development
Purpose: The Controller may collect and process anonymized usage data to analyze Platform behavior and usage, browsing patterns, features used by the User in order to improve the user experience and optimize features, analyze usage trends for the development of new tools or services, etc.
Categories of data: Anonymized data about platform usage, browsing patterns, and features used.
Categories of Data Subjects: Registered users and visitors of the platform (in anonymized format).
Legal bases: Legitimate interests in analyzing statistical and aggregated information to offer improved products and services to Data Subjects.
Method of collection: Data shared by the User in relation to the use of the Services.
Retention period: In order to fulfill the indicated purpose, the data may be stored and retained indefinitely, always in a disassociated or anonymous manner so that Data Subjects cannot be identified.
Disclosure: Your data will not be disclosed in general. However, they may be communicated to our external providers of essential technological, IT and/or data hosting services to guarantee the purpose for which they were collected, including automation service providers; or to authorities when mandatory by legal obligation or court order. Your data will not be sold to third parties.
Where do your data come from?
As a general rule, unless otherwise stated in specific sections of this Policy, all data come from the Data Subject, either through navigation or use of the Platform or by a communication made by the User through any of the means made available to them.
To whom do we disclose your data?
As a general rule the Controller will not disclose your Personal Data to third parties, except when the provision of a service implies the need for a contractual relationship and is strictly necessary for the management and maintenance of the relationship between the User and the Controller and/or to fulfill the purposes.
In such case, the disclosure will always be made for the strictly necessary time to allow the purposes and in accordance with data protection principles, by applying necessary and appropriate measures to guarantee the protection of Personal Data (including entering into a data processing agreement). Such processing will be carried out under the same or similar conditions, commitments and responsibilities in terms of privacy and data protection to which the Controller is subject. At the end of the assignment, said assignees or processors will return the Personal Data to the Controller and delete any copy in their possession.
In that sense, and strictly for the purpose of fulfilling the purposes described in this Policy, the Controller may disclose your Personal Data to the categories of recipients indicated below:
Essential service providers, including IT and technological services, such as, by way of example, payment gateway providers, cloud storage providers, communication sending providers, authentication and security service providers, and providers of artificial intelligence technologies, among other similar providers necessary to guarantee the purposes.
Public authorities, by court order or by legal imperative.
Companies and/or consultants that help us manage our services and comply with purposes.
You may request additional information about the disclosures made from the Controller through any of the contact points indicated in this Policy.
Do we transfer data to third countries or international organizations?
As a general rule, Personal Data will not be transferred to third countries or international organizations (“TTI” hereinafter).
However, in order to guarantee the purposes, TTIs may be made to our service providers that are essential to guarantee the purpose(s) for which they were collected. Also, regardless of whether SALESCALING does not make such TTIs directly, such TTIs may be made by the service providers.
In such case, the Controller will contract with providers that comply with the GDPR and by applying some of the safeguards provided for in art. 44 GDPR et seq., to guarantee an adequate level of security for the processing of Personal Data, including the adequacy decision (list of countries based on an adequacy decision) or by means of the European Commission's Standard Contractual Clauses (“SCCs” hereinafter).
For more information about international data transfers and the specific safeguards applied, you may contact us through the contact details indicated in this Privacy Policy.
Do we process special categories of personal data?
The Controller will not request nor process “special categories of personal data”, understood as data revealing “racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data aimed at uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation”, in accordance with Articles 9 and 10 of Regulation (EU) no. 2016/679.
However, if the user decides to share such information, such processing will be carried out in accordance with their consent.
Mode of processing
The processing of the data provided is based on the principles of lawfulness, transparency, purpose limitation and storage limitation, data minimization, accuracy, integrity and confidentiality, and will be carried out, in any case, subject to the provisions in Regulation EU 2016/679 and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights.
In particular, processing may be carried out using paper, IT and telematic tools, also in accordance with the provisions of Article 29 of Regulation EU 2016/679 and, in any case, with adequate means to guarantee security and confidentiality in accordance with the provisions of Article 32 of the same Regulation (EU) no. 2016/679.
Automated decisions
There is no automated decision-making process, not even for profiling purposes, in accordance with Article 13.2 letter f) of Regulation (EU) no. 679/2016.
Cookies
In addition to the processing set out in this Policy, the Controller may also collect Personal Data through the use of cookies and other analogous or similar tracking technologies, as described in the Cookies Policy accessible via the following link.
Retention of your personal data
As a general rule, the Controller will retain your Personal Data only for as long as necessary for the purpose for which they were collected at the outset, and for the maximum periods indicated in each of the processing activities referred to in this Policy.
Retention periods according to data type, purposes and applicable regulations:
Contractual documentation with clients
Commercial Code
6 years from contract termination
Anti-money laundering
Law 10/2010
10 years
Platform and web users
GDPR and LOPDGDD
5 years or until deletion request
Traffic data (IP, IMSI, IMEI, etc.)
LSSI and data retention law
1 year
Cookies and similar technologies
LSSI
18 months
Internal analysis and development (anonymized)
Art. 4.1 and Recital 26 GDPR
Indefinite
Legal limitation periods (generic)
Art. 1967 of the Civil Code
5 years
After the periods indicated above, the data will be automatically deleted, without prejudice to their subsequent retention in blocked form when necessary to comply with certain obligations, by legal provisions or liability, or requests and/or orders issued by Public Administrations and/or Supervisory Authorities, for some of the reasons indicated in the previous sections.
With regard to anonymous information, the Controller will apply what is described in Recital 26 of the GDPR, which states that “Therefore the principles of data protection should not apply to anonymous information, i.e. information which does not relate to an identified or identifiable natural person, or to personal data rendered anonymous in such a way that the data subject is not or no longer identifiable”. Consequently, this Regulation does not affect the processing of such anonymous information, including for statistical or research purposes.
What are the rights regarding your data?
In accordance with the GDPR, the Data Subject has the following rights in relation to their Personal Data:
Access to their data, which can also be consulted in the "my data" section.
Rectification of their data, because we also want to ensure that your information is accurate and up to date.
Erasure of their data.
Restriction of the processing of the data concerning them.
Objection to the processing of their data, when the legal basis for processing is our legitimate interest.
Withdrawal of consent, when the legal basis is their consent.
Portability of their data, when the legal basis for processing their data is their consent or the performance of a contract.
To exercise your rights, the Data Subject may contact the Controller through the addresses designated in this Policy.
Additionally, the Data Subject has the right to file a complaint with the Spanish Data Protection Agency (AEPD) if they have doubts or are not satisfied with the exercise of their rights or the processing we carry out. Their contact details are:
Spanish Data Protection Agency -Spain- (AEPD) Calle Jorge Juan, 6 Postal code: 28004 - Madrid Telephone assistance: +34 901 100 099 / +34 91 266 35 17 https://www.aepd.es
Last updated
Was this helpful?