PRIVACY POLICY (PRIVACY STATEMENT)

Octoix (“Octoix,” “we,” “us,” or “our”) – operated as a Spanish sole proprietor (autónomo) by Roman Nuzhdin – is committed to protecting the privacy of individuals whose Personal Data we collect, use, and process in connection with our analytics services, website, and other offerings (the “Services”). This Privacy Policy (this “Statement”) explains our practices regarding the collection, use, disclosure, and protection of Personal Data and the rights available to individuals under Applicable Data Protection Law, including but not limited to the EU General Data Protection Regulation (“GDPR”) and the Spanish Organic Law 3/2018 of December 5 on Personal Data Protection and the Guarantee of Digital Rights (“LOPDGDD”).

  1. Scope and Applicability

1.1. Scope
This Statement applies to Personal Data collected by Octoix in the course of providing our Services globally (including to customers in the EU, the US, and elsewhere). It covers Personal Data about:

  • Our Customers and their authorized users (“Customer Information”); and
  • Individuals whose Personal Data we process on behalf of Customers as part of our Services (“Processed Data”).

1.2. Definition of Personal Data
Personal Data” means any information relating to an identified or identifiable natural person.

  1. Roles and Responsibilities

2.1. Data Processor
When we process Personal Data on behalf of a Customer as part of our Services (e.g., analyzing marketing data from sources such as Google Ads, Facebook Ads, LinkedIn Ads, Bing Ads, and Google Search Console), we act as a “processor” (or “service provider”), and the Customer acts as the “controller” (or “business”). In these cases, Customers determine the purposes and means of the Processing, and we process the Personal Data solely under their instructions.

2.2. Data Controller
For other types of Personal Data, such as Customer Information collected during account registration or visits to our website, we may act as the “controller.”

  1. Personal Data Collection and Use

3.1. Customer Information
We collect Customer Information when Customers sign up for our Services, communicate with us, or interact with our websites. This may include names, business contact details, user credentials, and billing information. We use Customer Information to:

  • Provide the Services,
  • Respond to inquiries,
  • Process payments,
  • Improve our offerings, and
  • Communicate with Customers.

3.2. Processed Data
The content of Processed Data is determined by the Customer. We only process such Personal Data under the Customer’s instructions to deliver the Services – for example, providing analytics and insights on marketing campaigns. We do not use Processed Data for our own independent purposes.

3.3. Non-Identifiable Information
We may collect, use, and share aggregated or de-identified data (which cannot reasonably be used to identify an individual) for various purposes, including improving the Services, developing new features, and conducting internal analytics.

  1. Lawful Basis for Processing (For EU/EEA/UK Residents)

4.1. Legal Bases
Where required by applicable law, we rely on the following legal bases to process Personal Data:

  • Consent: Where individuals have given valid consent.
  • Performance of a Contract: Where processing is necessary to provide the Services under an agreement with a Customer.
  • Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our Services or ensuring the security of our platform, provided that such interests are not overridden by individuals’ fundamental rights and freedoms.
  • Compliance with Legal Obligations: Where processing is necessary for compliance with a legal obligation.
  1. Disclosure of Personal Data

5.1. Disclosure
We may disclose Personal Data to:

  • Authorized personnel within Octoix who need to know the information to perform their duties.
  • Third-party service providers, such as hosting providers, payment processors, analytics providers, and other vendors, who assist us in providing the Services and are contractually bound to protect Personal Data.
  • Governmental or regulatory authorities, where required by law, court order, or legal process. Where lawful to do so, we will use reasonable efforts to provide notice to affected individuals.
  • Professional advisors, such as lawyers and accountants, in connection with legal claims, audits, and compliance.
  • In connection with any merger, sale, acquisition, or other business transaction, subject to confidentiality and data protection requirements.
  1. International Transfers

6.1. Transfers Outside the EEA/UK/Other Regions
We may transfer Personal Data to countries outside the European Economic Area (EEA), the UK, or other regions with comprehensive data protection laws, including the United States. Where such transfers occur, we will ensure that appropriate safeguards (such as Standard Contractual Clauses or adequacy decisions) are in place to protect Personal Data in accordance with Applicable Data Protection Law.

  1. Data Retention

7.1. Retention Period
We retain Personal Data for as long as reasonably necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The exact retention period depends on the nature of the data and applicable contractual or legal requirements.

7.2. Deletion or Anonymization
When Personal Data is no longer required, we will securely delete or anonymize it.

  1. Data Subject Rights

8.1. Rights
Subject to Applicable Data Protection Law (including the GDPR and LOPDGDD), individuals may have the right to request:

  • Access to Personal Data,
  • Rectification or deletion of Personal Data,
  • Restriction of or objection to certain Processing,
  • Portability of Personal Data, and
  • Withdrawal of consent at any time if Processing is based on consent.

8.2. Requests Involving Processed Data
If we process Personal Data on behalf of a Customer, individuals should direct any requests to the relevant Customer (the data controller). We will assist our Customers in responding to such requests, as required by law and our Data Processing Addendum (DPA).

  1. Security Measures

9.1. Safeguards
We implement appropriate technical and organizational measures to safeguard Personal Data from unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include, but are not limited to, access controls, encryption, secure hosting, and regular security assessments.

9.2. Breach Notification
In the event of a Personal Data Breach that requires notification, we will notify the affected Customer and/or individuals in accordance with Applicable Data Protection Law.

  1. Cookies and Tracking Technologies

10.1. Use of Cookies
We use cookies, pixel tags, and similar technologies to improve our website and Services, analyze usage, and personalize content. Individuals can control the use of cookies through their browser settings. Some website features may not function properly without cookies.

  1. Children’s Privacy

11.1. No Services for Children Under 16
Our Services are not directed to individuals under the age of sixteen (16). We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

  1. Changes to this Privacy Statement

12.1. Updates
We may update this Statement from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify Customers via email or through the Services. The “Effective Date” at the top of this Statement indicates when the latest revisions were made.

12.2. Acceptance
By continuing to use our Services after the revised Statement is posted, you acknowledge our updated practices.

  1. Contact Information

13.1. How to Contact Us
For any questions, concerns, or requests regarding this Statement or our data protection practices, please contact us at:

Email: hello@octoix.com
Mail:
Octoix (Autónomo: Roman Nuzhdin)
Avenida Prat de la Riba, 37, Piso 1, Puerta 1
43001, Tarragona, Catalonia
Spain

13.2. Complaints
If you are located in the EU/EEA or UK, you may also lodge a complaint with a supervisory authority if you believe our processing of your Personal Data does not comply with applicable law. In Spain, the relevant authority is the Agencia Española de Protección de Datos (AEPD).

Thank you for reading our Privacy Policy. By using our Services, you acknowledge that you have read and understood this Statement.

Related documents

Data Processing Addendum: https://octoix.com/dpa

Terms of Service: https://octoix.com/tos