PRIVACY POLICY

Last updated: October 2025

1. Identity of the Data Controller

The website www.scoringmy.com (hereinafter, “ScoringMy” or “the Platform”) and its associated services are owned by PeopleXBrand Aceleradora S.L., Tax ID B-56994916, with registered address at C/ Gregorio Benítez 10, 28043 Madrid (Spain) and contact email legal@scoringmy.com.

PeopleXBrand Aceleradora S.L. (hereinafter, “PeopleXBrand” or “the Controller”) guarantees the processing of personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 (LOPDGDD).

2. Purposes of Processing

Personal data are processed for the following purposes:

  • Creating and managing user accounts, both individual and business, including manual registration or Google Connect login.
  • Providing analysis, visualization, and recommendations regarding digital professional presence.
  • Sending informational communications or invitations to employees of business clients to participate in professional visibility programs.
  • Commercial, administrative, and billing management with business clients.
  • Analysis of public profiles of third parties or competitors for statistical or comparative purposes.
  • Compliance with legal or contractual obligations.

3. Service Modalities and Types of Data Processed

PeopleXBrand provides data analysis and visualization services under three different modalities, depending on the origin and purpose of the processing:

3.1. Aggregated Employee Data (Statistical)

Description: global and anonymized analysis of a company’s team, without individual identification.

Data processed: aggregated metrics and statistical ratios.

Legal basis: the client’s legitimate interest (Art. 6.1.f GDPR).

PeopleXBrand role: Data Processor on behalf of the client.

Safeguards: results do not allow the identification of individuals and are presented fully aggregated.

3.2. Personal Data of Competitors and Third Parties (Public)

Description: comparative analysis based on professional information obtained from LinkedIn or other publicly accessible sources.

Data processed: name, job title, profile owner, publications, and publicly available metrics.

Legal basis: legitimate interest (Art. 6.1.f GDPR) of the client, based on market analysis and professional benchmarking.

PeopleXBrand role: Data Processor.

Ethical safeguards:

  • No automated or mass scraping is performed.
  • Data are obtained exclusively from public sources.
  • No commercial databases are created and no individualized results are disclosed.
  • Reports are for internal and confidential use.

3.3. Individual Employee Detail (Registered Users)

This processing occurs in two distinct phases, in line with the Platform’s functional workflow:

Phase 1 – Invitation and Initial Consent

Data origin: the client (company) provides employees’ email addresses, acting as the Data Controller.

Purpose: sending an informational communication to the employee, inviting them to voluntarily participate in the company’s professional visibility program.

PeopleXBrand role: Data Processor, acting on behalf of the client (Art. 28 GDPR).

Legal basis: performance of the contract with the business client.

Retention period: if the employee does not accept the invitation, the email and any associated data are immediately deleted.

Phase 2 – Consent and Individual Access

Description: the employee provides explicit consent and creates their ScoringMy account.

Data processed: name, email, job title, professional profile URL, digital presence metrics, and personalized results.

PeopleXBrand role: Data Controller.

Legal basis: consent of the data subject (Art. 6.1.a GDPR).

Rights: the user may access, rectify, or delete their data at any time from their account or by writing to legal@scoringmy.com.

4. User Registration and Company Creation

Registration on the Platform is individual, requiring name and email address, provided manually or via Google Connect.
Once the account is created, the user may choose to use the service personally or create a company within their account.

  • When creating a company, the user declares that they are duly authorized to act on behalf of the organization.
  • Employee email addresses are used exclusively to send informational invitations, and no personal data are analyzed until their consent is obtained.
  • Initial registration data (name and email) are processed based on the performance of the contract or the request for access to the service.

5. Source of the Data

The data processed may originate from:

  • The data subject (users who register directly).
  • The business client (who provides employee email addresses).
  • Publicly accessible sources (LinkedIn, corporate websites, or professional directories).

6. Data Retention

  • Non-participating employees: deleted immediately after non-acceptance.
  • Registered employees: retained until consent is withdrawn or the account is deleted.
  • Statistical or aggregated data: retained indefinitely in anonymized form.
  • Competitor data: retained for a maximum of 12 months to keep reports updated.

7. Data Disclosure and Processors

PeopleXBrand may disclose data to:

  • Technology providers acting as Data Processors (e.g., Hetzner, Sendinblue, ActiveCampaign).
  • Business clients, exclusively in aggregated or comparative reports.
  • Competent authorities when required by law.

No data are transferred to third parties for commercial purposes.

8. International Transfers

Some providers may involve transfers outside the European Economic Area.
PeopleXBrand ensures GDPR compliance through Standard Contractual Clauses or adequacy decisions issued by the European Commission.

9. Roles in Data Processing

PeopleXBrand may act as:

  • Data Processor for analyses or invitations performed on behalf of the client.
  • Data Controller when employees accept the invitation and access their individual accounts.

The change of role occurs automatically when the invited user provides consent.

10. Rights of Data Subjects

Users may exercise their rights of access, rectification, erasure, restriction, objection, and portability by writing to legal@scoringmy.com with the subject “GDPR Rights Request” and attaching a copy of their ID.

They may also file a complaint with the Spanish Data Protection Agency (AEPD):
www.aepd.es.

11. Security and Confidentiality

PeopleXBrand applies appropriate technical and organizational measures to ensure data security, including encryption, access control, backups, access logging, and periodic audits.

Access to data is restricted to authorized personnel trained in data protection and bound by confidentiality obligations.

12. Ethical Notice and Analysis Methodology

ScoringMy performs all analyses under ethical and transparent principles:

  • No automated or mass scraping is carried out.
  • Only public or voluntarily provided data are used.
  • Reports are private, with no public or commercial dissemination.
  • No commercial databases are created nor data reused for other purposes.

13. Policy Updates

PeopleXBrand may modify this policy due to legal or technical changes.
Any material modification will be communicated before it becomes effective.

The current version will always be available at www.scoringmy.com, indicating the date of the latest update.

Controller: PeopleXBrand Aceleradora S.L.
Email: legal@scoringmy.com
Support: hello@scoringmy.com
Address: C/ Gregorio Benítez 10, 28043 Madrid