Legal
Privacy Policy
How Scoringmy processes personal data in accordance with the GDPR and the LOPDGDD.
Last updated: October 2025
1. Identity of the data controller
El sitio web www.scoringmy.com (hereinafter, “ScoringMy” or “the Platform”) and its associated services are owned by PeopleXBrand Aceleradora S.L., with Tax ID (NIF) B-56994916, registered office at C/ Gregorio Benítez 10, 28043 Madrid (Spain) and contact email legal@scoringmy.com. PeopleXBrand Aceleradora S.L. (hereinafter, “PeopleXBrand” or “the Controller”) ensures the processing of personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).2. Purposes of processing
Personal data is processed for the following purposes:- Creating and managing user accounts, both individual and corporate, including manual registration or via Google Connect.
- Providing analysis, visualisation and recommendation services regarding digital professional presence.
- Sending informational communications or invitations to employees of corporate clients to take part in professional visibility programmes.
- Commercial, administrative and billing management with corporate clients.
- Analysis of public profiles of third parties or competitors for statistical or comparative purposes.
- Compliance with legal or contractual obligations.
3. Service types and categories of data processed
PeopleXBrand provides professional data analysis and visualisation services in three distinct forms, depending on the origin and purpose of the processing:3.1. Aggregated employee data (statistical)
Description: a global, anonymised analysis of a company’s team, without identifying individuals. Data processed: aggregated metrics and statistical ratios. Legal basis: legitimate interest of the client (art. 6.1.f GDPR). Role of PeopleXBrand: Data Processor on behalf of the client. Safeguards: the results do not allow individuals to be identified and are presented in fully aggregated form.3.2. Personal data of competitors and third parties (public)
Description: comparative analysis based on professional information obtained from LinkedIn or other publicly accessible sources. Data processed: name, job title, profile holder, posts and public metrics. Legal basis: legitimate interest (art. 6.1.f GDPR) of the client, based on market analysis and professional benchmarking. Role of PeopleXBrand: Data Processor. Ethical safeguards:- No automated or mass scraping is used.
- The data comes exclusively from public sources.
- No commercial databases are created and no individualised results are disclosed.
- The reports are for internal and confidential use.
3.3. Individual employee detail (registered users)
This processing takes place in two distinct phases, in accordance with the Platform’s functional flow:Phase 1 – Invitation and initial consent
Origin of the data: the client (company) provides the email addresses of its employees, acting as Data Controller. Purpose: to send an informational communication to the employee, inviting them to take part voluntarily in their company’s professional visibility programme. Role of PeopleXBrand: Data Processor, acting on behalf of the client (art. 28 GDPR). Legal basis: performance of the contract with the corporate client. Retention period: if the employee does not accept the invitation, the email and any associated data are deleted immediately.Phase 2 – Consent and individual access
Description: the employee gives their express consent and creates their account on ScoringMy. Data processed: name, email, job title, professional profile URL, digital presence metrics and personalised results. Role of PeopleXBrand: Data Controller. Legal basis: consentimiento del interesado (art. 6.1.a RGPD). Rights: the user may access, rectify or delete their data at any time from their account or by writing to legal@scoringmy.com.4. User registration and company creation
Registration on the Platform is carried out individually, providing name and email address, manually or through Google Connect. Once the account is created, the user may decide whether to use the service in a personal capacity or to create a company within their account.- If creating a company, the user declares that they act with sufficient authority on behalf of the organisation.
- Employee email addresses will be used exclusively to send informational invitations, with no personal data analysed until their consent is obtained.
- The user’s initial registration data (name and email) is processed on the basis of performance of the contract or the request to access the service.
5. Source of the data
The data processed may come from:- The data subject themselves (directly registered users).
- La company cliente (que facilita los email addresses of its employees).
- Publicly accessible sources (LinkedIn, corporate websites or professional directories).
6. Data retention
- Data of non-participating employees: deleted immediately after non-acceptance.
- Data of registered employees: retained until consent is withdrawn or the account is deleted.
- Statistical or aggregated data: retained in anonymised form indefinitely.
- Competitor data: retained for a maximum of 12 months to keep the reports up to date.
7. Data disclosure and processors
PeopleXBrand may disclose data to:- Technology providers acting as Encargados del Tratamiento (e.g., Hetzner, Sendinblue, ActiveCampaign).
- Clientes company, exclusively in aggregated or comparative reports.
- Competent authorities, where there is a legal obligation.
8. International transfers
Some providers may involve transfers outside the European Economic Area. PeopleXBrand ensures GDPR compliance through Standard Contractual Clauses o adequacy decisions issued by the European Commission.9. Roles in processing
PeopleXBrand may act as:- Data Processor, in analyses or invitations carried out on behalf of the client.
- Data Controller, when employees accept the invitation and access their individual account.
10. Rights of data subjects
Users may exercise their rights of access, rectification, erasure, restriction, objection and portability by writing to legal@scoringmy.com with the subject “Exercise of GDPR rights”, attaching a copy of their identity document. They may also lodge a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.11. Security and confidentiality
PeopleXBrand applies appropriate technical and organisational measures to ensure data security, including encryption, access control, backups, access logging and regular audits. Access to the data is restricted to authorised personnel trained in data protection and bound by confidentiality obligations.12. Ethical notice and analysis methodology
ScoringMy conducts all its analyses under ethical and transparency criteria:- No se realiza scraping automatizado ni masivo.
- Only public or voluntarily provided data is used.
- The reports are private, with no public or commercial distribution.
- No commercial databases are generated and no data is reused for other purposes.
13. Policy updates
PeopleXBrand may amend this policy due to legal or technical changes. Any significant change will be communicated before it takes effect. The current version will always be available at www.scoringmy.com, indicating the date of the last update.Controller: PeopleXBrand Aceleradora S.L.
Email: legal@scoringmy.com
Support: hello@scoringmy.com
Address: C/ Gregorio Benítez 10, 28043 Madrid