Informativa Privacy — Protezione Dati B2B

1. Introduzione

Vonsel ("noi," "nostro," o "ci") gestisce una piattaforma web B2B di sales intelligence e generazione leads su vonsel.com (il "Servizio"). Siamo una società costituita secondo le leggi della Spagna e soggetta alla giurisdizione dell'Unione Europea.

Questa Informativa sulla Privacy descrive come raccogliamo, utilizziamo, archiviamo, condividiamo e proteggiamo le informazioni quando visiti il nostro sito web, crei un account, ti iscrivi ai nostri piani o interagisci in altro modo con il nostro Servizio. Spiega inoltre i tuoi diritti riguardo ai tuoi dati personali e come puoi esercitarli.

Questa Informativa sulla Privacy si applica a tutti gli utenti del Servizio, inclusi visitatori del sito web, utenti registrati, abbonati e clienti API. Accedendo o utilizzando il Servizio, riconosci di aver letto, compreso e accettato le pratiche descritte in questa Informativa sulla Privacy.

Questa Informativa sulla Privacy deve essere letta insieme ai nostri Termini di Servizio e alla nostra Cookie Policy, che forniscono informazioni aggiuntive su come operiamo il Servizio e interagiamo con i nostri utenti.

2. Informazioni che Raccogliamo

Raccogliamo diversi tipi di informazioni in base a come interagisci con il nostro Servizio. Le informazioni che raccogliamo rientrano in tre categorie: informazioni fornite direttamente, informazioni raccolte automaticamente e dati di contatto aziendali provenienti da directory pubbliche.

2.1 Informazioni Fornite dall'Utente

Quando crei un account, ti abboni a un piano o comunichi con noi, potresti fornire le seguenti informazioni:

Informazioni Account: Your name, email address, company name, job title, phone number, and any other details you provide during the registration process. This information is necessary to create and manage your account.
Informazioni di Pagamento: When you subscribe to a paid plan, you provide billing details such as credit or debit card number, expiration date, billing address, and tax identification number (VAT/NIF/CIF). Payment processing is handled by third-party payment processors; we do not store full credit card numbers on our servers.
Comunicazioni: When you contact us via email, contact forms, live chat, or other support channels, we collect the content of your messages, your contact details, and any attachments you send. This includes feedback, feature requests, bug reports, and support inquiries.
Contenuti Generati dall'Utente: Any custom notes, tags, labels, categories, pipeline stages, or other content you create within the Service when organizing and managing your leads and prospects.
Preferenze e Impostazioni: Your account configuration, notification preferences, dashboard layout preferences, saved search filters, and other settings you customize within the platform.

2.2 Informazioni Raccolte Automaticamente

Quando accedi o utilizzi il nostro Servizio, raccogliamo automaticamente determinate informazioni tecniche e di utilizzo:

Dati Tecnici: Your IP address, browser type and version, operating system, device type, screen resolution, language preferences, and time zone. This data helps us ensure compatibility and optimize the Service for different devices and environments.
Dati di Utilizzo: Pages visited, features used, searches performed, buttons clicked, time spent on different sections, navigation patterns, and interaction sequences. This data helps us understand how users engage with the Service and identify areas for improvement.
Log Data: Server logs that record requests made to our servers, including timestamps, URLs requested, HTTP status codes, referring URLs, and response times. We use this data for security monitoring, debugging, and performance analysis.
Cookies and Similar Technologies: We use cookies, local storage, session storage, and similar tracking technologies to maintain your session, remember your preferences, authenticate your identity, and collect analytics data. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.
API Usage Data: If you access our Service through our API, we log API calls including endpoints accessed, request parameters (excluding sensitive data), response codes, timestamps, and rate limit usage. This data is used for billing, security, and troubleshooting purposes.

2.3 Business Contact Data

A core function of our Service is to provide users with business contact data for B2B lead generation and sales prospecting purposes. This data is fundamentally different from personal data about private individuals. The business contact data we process includes:

Business Identity: Business name, trade name, legal entity name, and business category or industry classification.
Business Location: Street address, city, state/province, postal code, country, and geographic coordinates (latitude and longitude) as published on public maps and directories.
Business Contact Details: Business phone numbers, business email addresses, website URLs, and social media profile links (Facebook, Instagram, Twitter/X, LinkedIn, YouTube, and others) as publicly listed by the businesses themselves.
Business Reputation Data: Google Maps ratings, number of reviews, review content, and similar publicly visible reputation indicators.
Operational Information: Business hours, service descriptions, amenities, and other details that businesses voluntarily publish on public platforms.

All business contact data is sourced exclusively from publicly available sources, primarily Google Maps and other public business directories. Businesses voluntarily publish this information on these platforms with the express purpose of being found and contacted by potential customers, partners, and the general public. We do not collect data from private, restricted, or password-protected sources.

3. Legality of Business Data Processing

The business contact data provided through Vonsel is sourced exclusively from publicly available information. Understanding the legal basis and framework under which we process this data is important, and we are committed to transparency on this matter.

3.1 Public Availability of Business Data

The business data accessible through our Service has been made publicly available by the businesses themselves. When a business creates a listing on Google Maps, registers on a public business directory, publishes contact information on its website, or maintains a social media profile for commercial purposes, it does so with the explicit intention of being discoverable by and accessible to the public, including potential customers, suppliers, and business partners.

This data is not private or confidential. It is information that businesses actively choose to publish and maintain in the public domain. Any member of the public can access this same information by visiting Google Maps, opening a business's website, or viewing its social media profiles.

3.2 GDPR Legal Basis

The processing of publicly available business data through our Service is carried out under the legitimate interest legal basis as defined in Article 6(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interest assessment considers the following factors:

Legitimate Purpose: We process business data to facilitate B2B commercial prospecting, which is a recognized and legitimate business activity. Enabling businesses to find and connect with other businesses serves a genuine economic purpose that benefits all parties involved.
Necessity: The processing is necessary to provide our Service. Without the ability to aggregate and organize publicly available business data, the core function of our platform could not be delivered.
Balancing of Interests: The processing does not override the rights and freedoms of the data subjects. The data in question relates to businesses and their commercial activities, not to the private lives of individuals. The businesses have voluntarily made this information public, and its continued use for commercial contact purposes is consistent with the reasonable expectations of the data subjects.
Safeguards: We implement appropriate safeguards, including data accuracy measures, periodic data updates, and mechanisms for businesses to request removal of their data from our platform.

3.3 Spanish Data Protection Law (LOPDGDD)

In accordance with the Ley Orgánica de Protección de Datos Personales y garantía de los derechos digitales (LOPDGDD), the processing of data obtained from publicly accessible sources is permitted when it is proportionate and when the rights of the data subjects are respected. Our processing activities are consistent with the principles established by the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) regarding the use of publicly available data for commercial purposes.

3.4 ePrivacy Directive

Our Service provides business contact information that users may use for B2B commercial outreach. The ePrivacy Directive and its national implementations in EU member states generally distinguish between business-to-consumer (B2C) and business-to-business (B2B) communications. In most EU jurisdictions, B2B electronic communications are subject to less restrictive requirements than B2C communications. Nevertheless, we advise all users to verify and comply with the specific electronic communication regulations applicable in their jurisdiction before contacting businesses using data obtained through our Service.

3.5 No Private or Restricted Data

Vonsel does not scrape, hack, intercept, or access any private, restricted, or password-protected data. We do not collect personal data from private social media profiles, personal email accounts, personal phone directories, or any source that requires authentication or special access to reach. We do not purchase data from data brokers or other third-party providers who obtain data through non-transparent means. All information available through our platform has been made public by the businesses themselves or by public authorities in the course of their regulatory functions.

4. How We Use Your Information

We use the information we collect for the following purposes:

4.1 Service Delivery and Operation

To provide, maintain, and operate the Vonsel platform and all its features, including the Business Finder, Mapped CRM, data export, and API access.
To process and display search results based on your queries, filters, and geographic parameters.
To enable you to save, organize, tag, and manage your leads and prospects within the platform.
To generate AI-powered insights, review analysis, and outreach suggestions based on publicly available business data.

4.2 Account Management

To create, authenticate, and maintain your user account.
To process your subscription payments, generate invoices, and manage billing cycles.
To enforce usage limits and quotas associated with your subscription plan.
To communicate account-related information such as subscription confirmations, payment receipts, renewal reminders, and plan change notifications.

4.3 Analytics and Improvement

To analyze usage patterns, feature adoption, and user behavior in aggregate to understand how the Service is used and identify areas for improvement.
To conduct A/B testing, user experience research, and performance benchmarking to optimize the Service.
To detect, diagnose, and resolve technical issues, bugs, and performance bottlenecks.
To develop new features, products, and services based on aggregated usage insights and user feedback.

4.4 Communication

To respond to your inquiries, support requests, and feedback.
To send you important service-related notifications, including security alerts, maintenance schedules, policy updates, and changes to the Service.
To provide onboarding guidance, tips, tutorials, and best practices for using the Service effectively.

4.5 Marketing (With Consent)

With your explicit consent, to send you promotional communications about new features, special offers, product updates, educational content, and events related to Vonsel.
You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email, adjusting your notification preferences in your account settings, or contacting us at info@vonsel.com.
Opting out of marketing communications will not affect transactional or service-related communications that are necessary for the operation of your account.

4.6 Legal Compliance and Protection

To comply with applicable laws, regulations, legal processes, and governmental requests.
To enforce our Terms of Service, Acceptable Use Policy, and other agreements.
To protect the rights, property, safety, and security of Vonsel, our users, and the public.
To detect, prevent, and address fraud, abuse, security incidents, and other harmful or illegal activities.

4.7 GDPR Legal Bases Summary

For users in the European Economic Area (EEA), the legal bases under GDPR for processing your personal data are as follows:

Contract Performance (Art. 6(1)(b)): Processing necessary for the performance of our contract with you, including account management, service delivery, payment processing, and customer support.
Legitimate Interest (Art. 6(1)(f)): Processing necessary for our legitimate interests, including analytics, service improvement, security, fraud prevention, and the processing of publicly available business data for B2B prospecting purposes.
Consent (Art. 6(1)(a)): Processing based on your explicit consent, including marketing communications and non-essential cookies. You may withdraw your consent at any time.
Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with our legal obligations, including tax reporting, accounting requirements, and responses to lawful requests from public authorities.

5. How We Share Your Information

We do not sell your personal information to third parties.

We do not rent, trade, or otherwise commercially transfer your personal data to third parties for their own marketing purposes. We may share your information only in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party companies and individuals to perform services on our behalf and to assist us in operating the Service. These service providers have access to your information only to the extent necessary to perform their specific functions and are contractually obligated to protect your data and use it only as directed by us. Our service providers include:

Payment Processors: To securely process credit card transactions, manage subscriptions, handle refunds, and generate invoices. Payment processors are PCI-DSS compliant and handle your payment data in accordance with their own privacy policies.
Hosting and Infrastructure: Cloud computing providers that host our servers, databases, and application infrastructure. These providers maintain physical and logical security controls to protect the data stored on their systems.
Analytics Providers: Tools that help us understand usage patterns, measure performance, and improve the user experience. Analytics data is processed in aggregate and anonymized where possible.
Email and Communication Services: Providers that facilitate transactional email delivery (account confirmations, password resets, billing notifications) and, where you have consented, marketing communications.
Security and Fraud Prevention: Services that help us detect, prevent, and respond to security threats, unauthorized access attempts, and fraudulent activity.

5.2 Legal Requirements

We may disclose your information if we believe in good faith that such disclosure is necessary to:

Comply with applicable law, regulation, legal process, or enforceable governmental request.
Respond to a valid subpoena, court order, or other lawful request from a judicial or administrative authority.
Protect the rights, property, or safety of Vonsel, our users, or the public as required or permitted by law.
Detect, prevent, or otherwise address fraud, security issues, or technical problems.
Enforce our Terms of Service or other applicable agreements.

5.3 Business Transfers

If Vonsel is involved in a merger, acquisition, corporate reorganization, asset sale, bankruptcy proceeding, or similar transaction, your information may be transferred as part of the transaction. In such an event, we will notify you via email and/or a prominent notice on our website before your personal data is transferred and becomes subject to a different privacy policy. The acquiring entity will be bound by the commitments made in this Privacy Policy with respect to your personal data.

5.4 With Your Consent

We may share your information in other circumstances with your explicit consent or at your direction.

6. Your Rights

6.1 Rights for All Users

Regardless of where you are located, you have the following rights with respect to your personal data:

Right to Access: You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format where technically feasible.
Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You can update much of your account information directly through your dashboard settings.
Right to Deletion: You have the right to request the deletion of your personal data, subject to certain legal obligations that may require us to retain specific records (such as billing and tax records).
Right to Opt Out: You have the right to opt out of marketing communications at any time. You can do this by clicking the unsubscribe link in any marketing email, adjusting your preferences in your account settings, or contacting us directly.

6.2 Additional Rights for EEA and Spanish Users

If you are located in the European Economic Area (EEA) or in Spain, you have the following additional rights under the GDPR and the LOPDGDD:

Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data, when the processing is unlawful but you prefer restriction over deletion, or when we no longer need the data but you require it for legal claims.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as JSON or CSV) and to transmit that data to another controller without hindrance, where the processing is based on your consent or on a contract and is carried out by automated means.
Right to Object: You have the right to object to the processing of your personal data based on our legitimate interests (Article 6(1)(f) GDPR). Upon receiving your objection, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defense of legal claims.
Right to Withdraw Consent: Where we process your personal data based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR or applicable national data protection laws. In Spain, the competent supervisory authority is the Agencia Española de Protección de Datos (AEPD), which can be reached at www.aepd.es. You may also lodge a complaint with the supervisory authority of your habitual residence or place of work within the EEA.

6.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at:

Email: info@vonsel.com

When submitting a request, please provide sufficient information to allow us to verify your identity and locate your data. We may ask you to confirm your identity before processing your request to prevent unauthorized access to your personal data.

We will acknowledge your request within a reasonable timeframe and will respond substantively within 30 days of receipt. If your request is particularly complex or if we receive a high volume of requests, we may extend this period by an additional 60 days, in which case we will notify you of the extension and the reasons for it within the initial 30-day period.

We do not charge a fee for processing most requests. However, if your request is manifestly unfounded or excessive (in particular, if it is repetitive), we may charge a reasonable fee or refuse to act on the request, in accordance with applicable law.

7. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our retention practices vary depending on the type of data:

7.1 Account and User Data

We retain your account information, profile data, usage history, and associated records for the duration of your active account relationship with us. After your account is closed or terminated, we will retain your data for a period of 3 years to comply with legal obligations (including tax, accounting, and audit requirements), to resolve disputes, to enforce our agreements, and to facilitate account reactivation should you choose to return to the Service.

After the retention period expires, your personal data will be securely deleted or anonymized so that it can no longer be associated with you.

7.2 Payment and Billing Data

Transaction records, invoices, and billing history are retained for the period required by applicable tax and commercial laws, which is typically between 5 and 10 years depending on the jurisdiction. This retention is necessary to comply with our legal obligations and is based on the legal basis of legal compliance (Article 6(1)(c) GDPR).

7.3 Business Contact Data

Business contact data sourced from public directories is retained for as long as it remains publicly available, relevant, and useful for the purposes of our Service. We periodically review and update this data to ensure accuracy and to remove information that is no longer publicly available or that businesses have requested to be removed. Businesses or their representatives may request removal of their data from our platform at any time by contacting us at info@vonsel.com.

7.4 Technical and Usage Logs

Server logs and technical usage data are typically retained for up to 12 months for security monitoring, debugging, and performance analysis purposes, after which they are deleted or anonymized.

8. Sicurezza

We take the security of your personal data seriously and implement industry-standard technical and organizational measures to protect it against unauthorized access, alteration, disclosure, destruction, and loss. Our security measures include:

Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) protocols. Our website and API endpoints enforce HTTPS connections.
Encryption at Rest: Sensitive data stored on our servers, including account credentials and payment-related information, is encrypted at rest using industry-standard encryption algorithms.
Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. Our team members are bound by confidentiality obligations and are trained on data protection best practices.
Authentication Security: User passwords are hashed using secure, one-way hashing algorithms with salting. We support and encourage the use of strong, unique passwords.
Infrastructure Security: Our servers are hosted in professionally managed data centers with physical security controls, redundant power supplies, and environmental monitoring.
Monitoring and Incident Response: We continuously monitor our systems for security anomalies, unauthorized access attempts, and potential vulnerabilities. We maintain an incident response plan to address security breaches promptly and effectively.
Regular Security Reviews: We periodically review and update our security practices, configurations, and policies to address emerging threats and evolving best practices.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

If you become aware of any security vulnerability or suspect unauthorized access to your account or data, please notify us immediately at info@vonsel.com.

9. International Data Transfers

Vonsel is based in Spain within the European Union. Your personal data is primarily processed and stored within the EEA. However, some of our service providers may be located in countries outside the EEA, which may not offer the same level of data protection as the European Union.

When we transfer personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data in compliance with the GDPR. These safeguards include:

EU Standard Contractual Clauses (SCCs): We enter into data processing agreements incorporating the European Commission's Standard Contractual Clauses with service providers located outside the EEA, ensuring that your data receives a level of protection equivalent to that provided within the EU.
Adequacy Decisions: Where available, we rely on adequacy decisions issued by the European Commission, which recognize that certain countries provide an adequate level of data protection.
Other Approved Mechanisms: Where applicable, we may rely on other transfer mechanisms approved under the GDPR, such as binding corporate rules or certifications under recognized frameworks.

You may request information about the specific safeguards applied to transfers of your personal data by contacting us at info@vonsel.com.

10. Privacy dei Minori

The Vonsel Service is designed for business professionals and is not intended for use by children. We do not knowingly collect, solicit, or process personal data from anyone under the age of 16. If you are under 16, you must not use the Service, create an account, or provide any personal information to us.

If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information as promptly as possible. If you believe that a child under 16 has provided personal data to us, please contact us immediately at info@vonsel.com so that we can take appropriate action.

11. Modifiche a Questa Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will update the "Last Updated" date at the bottom of this page and post the revised Privacy Policy on our website.

For material changes that significantly affect how we collect, use, or share your personal data, we will provide additional notice through one or more of the following methods:

A prominent notice or banner on our website.
An email notification sent to the email address associated with your account.
A notification within your client dashboard upon login.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

12. Contatti

If you have any questions, concerns, or requests regarding this Privacy Policy, our data processing practices, or your personal data rights, please contact us:

Email: info@vonsel.com

Website: vonsel.com/contact