Privacy Policy

Last update: 19.09.2025

1. Introduction

Please carefully read this Privacy Policy, which is intended for users of the website bigdata.com (hereinafter, the “Website”), prepared pursuant to Articles 13 and 14 of the General Data Protection Regulation No. 2016/679 (hereinafter, “GDPR”), where we provide you with details regarding the processing of your personal data.

This Privacy Policy applies to any Bigdata.com website, application, product, software, or service that hyperlinks to this Statement (collectively, our “Services”). It does not generally apply to individuals whose personal information forms part of the content included within our products, although you can find further information on that topic here. By navigating the Website, the user declares to be at least 14 years old pursuant to Article 8 of GDPR and Article 7 of the Ley Orgánica de Protección de Datos y garantía de los derechos digitales no. 3/2018 (hereinafter, “LOPDGDD”).

We are committed to protecting personal data by maintaining high standards of information security. To this end, we have implemented an Information Security Management System (hereinafter, “ISMS”) certified to ISO/IEC 27001, demonstrating our adherence to stringent requirements regarding security, availability, confidentiality, and data integrity. These certifications reflect our ongoing commitment to processing personal data securely and in compliance with applicable data protection laws.

2. Who is the data controller?The data controller is RavePack International S.L.U. (hereinafter, the “Controller”, “Company”, “we” or “us”), with registered office in Centro Negocios Oasis, Local 8, Ctra Nacional 340, KM 176, Marbella, Malaga - 29602, Spain. The Controller can be contacted at the email address: legal@bigdata.com.

3. Who is the data protection officer?The Controller has appointed a data protection officer (“DPO”), who can be reached for any information regarding the processing of personal data, at the email address: privacy@bigdata.com.

4. What kind of data will we process?

We collect your personal information as follow:

1. Account setup and administration

When you create an account on the Website, we collect certain personal data necessary to provide you with access to and use of our Services, in accordance with Article 6(1)(b) of the GDPR (performance of a contract). The data collected may include your full name, address, job title, company name, phone number, email address, account login credentials, payment card details, tax information, and transaction history (collectively referred to as "Account Information").

1. Usage personal information

When you use the Website and our Services, we may collect certain usage and technical data necessary for the operation, security, and maintenance of our systems. This processing is based on our legitimate interests in ensuring the functionality and improvement of our Services (Art. 6(1)(f) GDPR).

This information may include:

• Operational status and diagnostic data (e.g. software errors, bugs, crash reports);
• Authentication logs and access records;
• Performance metrics and usage analytics;
• IP address and geographic location of access;
• Browser type, device identifiers, and other technical details.

We may also collect aggregated and anonymized data related to how features are used, in order to analyze service performance and identify the most accessed or valued functionalities. Such data does not identify individuals and is used exclusively for service optimization and statistical purposes.

1. User Files

We may collect personal data when you contact us, submit feedback, or upload content to the Website. This may include documents, files, data, or other information you voluntarily provide through our Services. The legal basis for this processing is the performance of a contract (Art. 6(1)(b) GDPR).

1. Social media information

The Website maintains an active presence on various social media platforms. When you interact with our content we may collect personal data either directly from you or receive it indirectly through the social media platforms, in accordance with the respective platform’s data-sharing policies. Please refer to the privacy policies of the respective platforms (e.g., LinkedIn, X. etc.) to understand how your data is handled by them.

1. Technical and device information

When you access the Website, we automatically collect certain technical data transmitted by your browser or device. This includes your IP address, browser type and settings, date and time of access, operating system, device type, and unique identifiers. This processing is necessary to ensure the security, functionality, and performance of the Website, and is based on our legitimate interest pursuant to Article 6(1)(f) GDPR.

1. Tracking Data

We use cookies, web beacons, pixels, and similar technologies to analyze how users interact with the Website, enhance user experience, and deliver personalized content and advertising. To improve data accuracy, certain analytics scripts may be loaded via our own proxy servers, enabling functionality even when ad blockers are active.

In accordance with Article 6(1)(a) GDPR, no tracking data will be collected or processed unless you have provided valid consent through our cookie management tools.

For details regarding the processing of personal data connected to the operation of cookies installed on the Website, please refer to the Cookie Policy available here.

5. Why are personal data processed and what is the legal basis for processing?

We process personal information for these service and business-related purposes.

Purpose

Description

Retention Period

Legal Basis

Account setup and Customer support

We use personal information such as your name, email address, phone number, and information about your device to set up and administer your account, provide technical and customer support and training, verify your identity, and send important account, subscription, and Service information.

Personal data are retained until the possible deletion of the account, and for a maximum of 12 months after account closure, unless a longer period is required for legal or contractual reasons.

Performance of a contract to which the data subject is a party Article 6(1)(b) GDPR.

Legal obligations

We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; (c) to prevent fraud, criminal activity, or misuse of Bigdata, (d) to enforce our terms and conditions; and (e) to protect our rights, privacy, safety, or property, or those of other persons.

Personal data is retained for a maximum period of 10 years, unless the applicable law provides otherwise.

Compliance with a legal obligation (Article 6(1)(c) GDPR), and Legitimate interest (e.g. fraud prevention, enforcement of legal rights) (Article 6(1)(f) GDPR).

Direct Marketing

We may process your personal data in order to send you newsletters, promotional communications, and updates about our products, services, events, and industry-related insights.

• For existing customers with whom we have an established contractual relationship, these communications will relate exclusively to services similar to those previously acquired, and aim to inform the client about product improvements, new service offerings, or relevant updates that may enhance the value and effectiveness of the services you already use.
• For new customers, marketing communications will only be sent based on your explicit consent, obtained through clear and specific checkboxes.

You may unsubscribe at any time by following the link provided in each communication or by contacting us directly at legal@bigdata.com.

For customers whose data processing is based on Legitimate Interests, personal data will be retained only as long as necessary to fulfill the purpose of the processing and will be deleted or anonymized after no more than 12 months from your last interaction, unless otherwise required by law.

Legitimate interests for existing customers (data collected before May 2025), with appropriate safeguards such as the right to object (opt-out), pursuant to Article 6(1)(f) GDPR.A Legitimate Interests Assessment (LIA) has been conducted in compliance with Article 6(1)(f) GDPR, ensuring that appropriate safeguards are in place, including your right to object to the processing of your personal data at any time under Article 21 GDPR.

For customers who have provided explicit consent, personal data will be retained until you withdraw your consent. In any case, data will not be kept for longer than 12 months from your last interaction (e.g., opening an email, clicking a link, or updating preferences). After this period, your data will be securely deleted or anonymized, unless further retention is required by applicable law.

Explicit consent for all new customers (data collected from June 2025 onwards), obtained via clear consent checkboxes, pursuant to Article 6(1)(a) GDPR and the requirements for valid consent under Article 7 GDPR.

You may unsubscribe or withdraw your consent at any time by following the link provided in each communication or by contacting us directly.

Legal defense

We process personal data to establish, exercise, or defend legal claims, and to manage disputes related to our services.

Personal data will be retained for the duration of the legal proceedings and for an additional period of 10 years thereafter, in accordance with applicable laws and regulations.

Legitimate interest (e.g. fraud prevention, enforcement of legal rights) (Article 6(1)(f) GDPR).

6. With whom my personal data are shared?

The Data may be shared, for the purposes referred to in point 5 above, with the following Recipients:

• subjects who typically act as data processors, such as: (i) companies in charge of the development and supply of IT applications, instrumental to the provision of services; (ii) subjects delegated to carry out technical maintenance activities; (iii) other companies of the Controller and/or distributors, involved in the maintenance and assistance activities provided by the Company to the user; (iv) persons, companies or professional firms that provide assistance and advice to Controller in accounting, administrative, legal, tax and financial matters.
• subjects, bodies or authorities to whom it is mandatory to communicate the Data by virtue of the provisions of law or orders of the authorities, or to prevent and/or identify any fraudulent activities or abuses in the use of the Website and the services offered by the Controller.
• companies that provide services and/organize events in partnership with the Company.

7. Who is authorized to process the data?

The Data may be processed by the Company’s staff and operators appointed to pursue the aforementioned purposes, who have been expressly authorized for processing by the Controller, have received appropriate operating instructions and are bound by professional secrecy.

8. Where do we process personal data ?

Personal data are processed at the headquarters of the Controller, as well as in the service that hosts the Platform. The Controller ensures that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers shall be carried out by means of appropriate safeguards, such as adequacy decisions,standard contractual clauses approved by the European Commission or other safeguards provided for in the GDPR.

9. Social Media Advertising (Custom and Lookalike Audiences)We use targeted advertising on third-party platforms (such as social media networks) to promote our services. This includes remarketing and audience targeting strategies aimed at reaching individuals who have shown an interest in our services or may be interested in them.

For this purpose, we may transmit personal data (such as email addresses) to third-party advertising providers, enabling them to display our advertisements on their platforms and to create Custom and Lookalike Audiences.

We currently use:

1. Meta (Facebook) Ads – Social media advertising via Meta Platforms Ireland Limited and its affiliates. For more information on data protection by Meta, please consult Meta’s Privacy Policy and Ad Preferences.
2. Microsoft Advertising: Advertising services provided by Microsoft. For more information on Microsoft's data protection practices, please refer to Microsoft's Privacy Statement and the Microsoft Advertising Network Policies.
3. Google Ads: Advertising services provided by Google. For more information on Google's data protection practices, please refer to Google's Privacy Policy and Advertising Policies Help.

The legal basis for such processing is either consent (Article 6(1)(a) GDPR) or, where applicable, our legitimate interest in promoting our services (Article 6(1)(f) GDPR), based on a prior relationship or interaction. You have the right to object to this processing at any time. If you wish to opt out, please send an email to: privacy@bigdata.com

Where data is transferred outside the European Economic Area (EEA), such transfer is carried out under appropriate safeguards, including the EU-U.S. Data Privacy Framework or Standard Contractual Clauses.

10. Which rights do data subjects have?

The User may exercise all the rights provided for by Articles 15-21 of EU Reg. no. 679/2016, at any time and without unjustified limitations, by contacting the Controller at legal@bigdata.com.Requests shall be filed free of charge and processed by the Controller within 30 days. Specifically,the User can:

• Obtain confirmation that processing is underway (Art.15);
• Obtain the rectification of inaccurate or incomplete data (Art. 16);
• Obtain the deletion of data without undue delay (Art. 17);
• Limit the processing to only part of the personal data (Art. 18);
• Receive a copy of the personal data in the possession of the data controller, in a commonly used and machine-readable format; obtain unhindered transfer to another Controller (Art. 20);
• Object to the processing of your personal data at any time. (Art. 21);

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use of a disclosure of your personal information, please submit to legal@bigdata.com.

11. Right to Object to Direct Marketing

In accordance with Article 21 of the GDPR, you have the right to object at any time to the processing of your personal data for direct marketing purposes. If you no longer wish to receive marketing communications from us, you may exercise your right to opt out by clicking the unsubscribe link provided in each communication or by contacting us directly at legal@bigdata.com. Upon receiving your request, we will promptly cease processing your data for direct marketing purposes.

12. How do we process personal data?

The processing is carried out using IT and/or manual tools designed to guarantee the appropriate security measures to prevent access, disclosure, loss, incorrect, unlawful or unauthorised use of the data.

13. Changes

The Controller reserves the right to modify and update the following Privacy Policy following any new provision of national or European law on the protection of personal data.