Privacy Policy

Last updated: February 2026

At PescaLog we take the protection of your personal data very seriously. This Privacy Policy describes how we collect, use, store and protect your personal information when you use our SaaS platform and our website, in accordance with the General Data Protection Regulation (GDPR - Regulation EU 2016/679) and Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).

1. Data controller

• Company name: JEK.MK-11, S.L.
• Tax ID (CIF): B-XXXXXXXX
• Registered address: Las Palmas de Gran Canaria, España
• Email: info@pescalog.app
• Data Protection Officer (DPO): dpo@pescalog.app

2. Data we collect

Depending on your relationship with PescaLog, we may collect the following categories of personal data:

2.1. Registration and account data

First and last name, professional email address, company or organization name, position or role within the company, and professional phone number (optional).

2.2. Platform usage data

Information about how you interact with our platform, including features used, frequency and usage patterns, content created or managed through the platform, user settings and preferences, and history of actions and activities within the platform.

2.3. Billing data

Company tax information (tax ID, company name, tax address), payment data (processed securely through our payment provider), and billing and subscription history.

2.4. Technical data

IP address, browser type and version, operating system, device identifiers, cookie data and similar technologies (see our Cookie Policy), and server access logs.

3. Purpose of processing

We process your personal data for the following purposes:

• SaaS service delivery: Creating and managing your account, providing you with access to the platform and its features, and offering technical support and customer service.
• Contractual relationship management: Processing payments, issuing invoices, managing your subscription, and communicating with you about aspects related to the contracted service.
• Commercial communications: Sending you information about new features, service updates, offers, and content that may be of interest to you, provided you have given your prior consent or there is a pre-existing contractual relationship.
• Service improvement: Analyzing platform usage to identify areas for improvement, develop new features, and optimize the user experience.
• Legal compliance: Meeting legal, tax, and accounting obligations, as well as responding to requests from competent authorities.
• Security: Detecting, preventing, and investigating fraudulent activities, unauthorized access, and other threats to platform security.

4. Legal basis for processing

The processing of your personal data is based on the following legal bases under Article 6 of the GDPR:

• Performance of a contract (Art. 6.1.b GDPR): Processing is necessary for the performance of the SaaS service contract that binds us, as well as for taking pre-contractual measures at your request (for example, activating a free trial period).
• Consent (Art. 6.1.a GDPR): For sending commercial communications and using analytical cookies, we request your express, free, informed, specific, and unambiguous consent. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal.
• Legitimate interest (Art. 6.1.f GDPR): For improving our services, fraud prevention, platform security, and sending communications related to services similar to those contracted. In these cases, we have carried out a prior balancing test to ensure that our legitimate interest does not override your fundamental rights and freedoms.
• Legal obligation (Art. 6.1.c GDPR): For compliance with applicable legal, tax, and accounting obligations, such as the retention of invoices and tax documentation.

5. Data recipients

Your personal data may be communicated to the following categories of recipients, exclusively to the extent necessary for the stated purposes:

5.1. Data processors

Service providers who process data on our behalf and under our instructions, with whom we have entered into the corresponding data processing agreements in accordance with Article 28 of the GDPR:

• Cloud infrastructure and web hosting providers.
• Transactional email service providers.
• Analytics and usage metrics service providers.
• Payment processing service providers.
• Communication service providers (messaging APIs).

5.2. No sale of data

PescaLog does not sell, rent, or trade your personal data to third parties under any circumstances.

5.3. International transfers

Some of our service providers may be located outside the European Economic Area (EEA). In such cases, we ensure that international data transfers are carried out with appropriate safeguards in accordance with the GDPR, such as:

• European Commission adequacy decisions (Art. 45 GDPR).
• Standard contractual clauses approved by the European Commission (Art. 46.2.c GDPR).
• Approved certifications and codes of conduct (Art. 46.2.e and 46.2.f GDPR).

You may request additional information about the safeguards applied to international transfers by contacting our DPO at dpo@pescalog.app.

6. Data retention

We will retain your personal data for as long as necessary to fulfill the purposes for which it was collected:

• Account and usage data: For the duration of the contractual relationship and, once terminated, for the applicable legal limitation periods.
• Billing data: For a minimum period of 5 years in accordance with Spanish tax regulations (General Tax Law) and 6 years in accordance with the Commercial Code.
• Commercial communications data: Until you withdraw your consent.
• Technical data and logs: For a maximum period of 12 months, unless a longer legal retention obligation applies.

Once the retention periods have elapsed, the data will be securely deleted or irreversibly anonymized.

7. Data subject rights

In accordance with the GDPR and the LOPDGDD, you have the following rights regarding your personal data:

• Right of access: To obtain confirmation of whether we are processing your personal data and, if so, to access it and the information provided for in Article 15 of the GDPR.
• Right to rectification: To request the correction of inaccurate or incomplete data.
• Right to erasure: To request the deletion of your data when, among other reasons, it is no longer necessary for the purpose for which it was collected.
• Right to restriction: To request the restriction of the processing of your data in certain circumstances provided for in Article 18 of the GDPR.
• Right to data portability: To receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller.
• Right to object: To object to the processing of your data in certain circumstances, including processing based on legitimate interest and direct marketing.
• Right not to be subject to automated decisions: Not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.

How to exercise your rights

You may exercise any of these rights by sending a request to our Data Protection Officer through:

• Email: dpo@pescalog.app
• Postal mail: JEK.MK-11, S.L. — Data Protection Officer, Las Palmas de Gran Canaria, España

The request must include your first and last name, the email address associated with your account, and a copy of your identity document. We will respond to your request within a maximum period of one month from receipt, extendable by two additional months in the case of complex or numerous requests, with prior notification.

Complaint to the supervisory authority

If you consider that the processing of your personal data violates current regulations, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD):

• Website: www.aepd.es
• Address: C/ Jorge Juan, 6, 28001 Madrid

8. Security measures

At PescaLog we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR. These measures include, among others:

• Data encryption in transit (TLS/SSL) and at rest.
• Role-based access controls with secure authentication.
• Regular backups with redundant storage.
• Continuous infrastructure monitoring and intrusion detection.
• Regular security audits and vulnerability assessments.
• Ongoing staff training in data protection and information security.
• Security incident management procedures in accordance with Article 33 of the GDPR.
• Data isolation between client companies (secure multi-tenancy) to ensure that each organization's data is strictly separated.

9. Changes to this policy

PescaLog reserves the right to modify this Privacy Policy at any time to adapt it to legislative, jurisprudential, or business practice changes. Any substantial modification will be notified to users through:

• Email to the address associated with your account.
• A prominent notice on the platform upon login.

We recommend that you review this policy periodically to stay informed about how we protect your personal data. The date of the last update is indicated at the beginning of this document.

10. Contact

For any questions related to the processing of your personal data or this Privacy Policy, you may contact us through:

• Data Protection Officer: dpo@pescalog.app
• General email: info@pescalog.app
• Postal address: JEK.MK-11, S.L., Las Palmas de Gran Canaria, España