Back to Home

Privacy Policy — Fideliya

1. INTRODUCTION

Fideliya ("Company", "We", "Us", or "Our") operates the loyalty pass platform at https://www.fideliyapass.com (the "Service"). We are committed to protecting your privacy and ensuring you have a positive experience on our platform.

This Privacy Policy explains how we collect, use, disclose, and otherwise process Personal Data in connection with our Service. This Privacy Policy applies to:

  • Business Owners who create Accounts and operate Loyalty Programs
  • End Customers whose data is processed through Loyalty Passes
  • Visitors to our website

Legal Basis for Processing: Fideliya complies with the General Data Protection Regulation (GDPR), the Spanish Organic Law on Data Protection (LOPDGDD), and other applicable data protection laws.

2. DEFINITIONS

  • "Personal Data" means any information relating to an identified or identifiable natural person
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion
  • "Data Subject" means any natural person whose Personal Data is processed
  • "Business Owner" means an Account holder who operates a Loyalty Program
  • "End Customer" means a person holding a Loyalty Pass issued by a Business Owner
  • "Legitimate Interest" means our reasonable interest in processing data for business purposes that do not override your fundamental rights

3. CATEGORIES OF PERSONAL DATA WE COLLECT

3.1 Business Owner Data

When you create a Fideliya Account, we collect:

  • Identity Information: Full name, business name, email address, phone number
  • Business Information: Business address, industry type, number of employees, tax ID (optional)
  • Payment Information: Billing address, payment method details (processed by our payment provider — we do not store card numbers)
  • Account Information: Username, password hash, Account settings, preferences
  • Authentication Data: Authentication credentials, IP addresses, device information

3.2 End Customer Data

When an End Customer receives a Loyalty Pass, we collect:

  • Identity Information: Full name, email address (if provided)
  • Loyalty Data: Visit history, scan timestamps, points/visits accumulated, reward redemptions
  • Pass Information: Pass enrollment date, last scan date, pass status
  • Device Information: Device type, mobile app version (if applicable)

Important: Business Owners are responsible for obtaining explicit consent from End Customers before their data is collected. Fideliya acts as a Data Processor on behalf of Business Owners.

3.3 Gift Card Recipient Data

When a Business Owner sends a gift card, we collect the recipient's email address to deliver the gift card. The recipient's email is stored and associated with their loyalty account if they redeem the gift card.

3.4 Website Visitor Data

When you visit https://www.fideliyapass.com without creating an Account, we collect:

  • Usage Data: Pages visited, time spent, clicks, referrer URL
  • Device Information: Device type, operating system, browser type, IP address
  • Geographic Data: Country/region (derived from IP address)
  • Cookies: Session identifiers, analytics tracking

4. LEGAL BASIS FOR PROCESSING

We process Personal Data based on the following legal grounds:

Data Type Legal Basis Purpose
Business Owner Account Data Contract Provide Service and manage your Account
Payment Information Contract Process subscriptions and billing
End Customer Loyalty Data Consent (via Business Owner) Deliver Loyalty Program services
Gift Card Recipient Email Legitimate Interest Deliver gift card on Business Owner's behalf
Security & Fraud Prevention Legitimate Interest Protect against unauthorized access and fraud
Service Improvement Legitimate Interest Analyze usage patterns to improve Service
Legal Compliance Legal Obligation Comply with tax, accounting, and regulatory requirements
Website Analytics Consent (via Cookie Consent Banner) Understand user behavior and optimize experience

5. PURPOSES OF DATA PROCESSING

5.1 Service Delivery

  • Create and manage your Account
  • Generate and manage Loyalty Passes
  • Track loyalty activity (scans, visits, points)
  • Process payments and maintain subscription status
  • Send transactional emails (confirmations, receipts)
  • Deliver gift cards to recipients on behalf of Business Owners

5.2 Service Improvement

  • Analyze usage patterns to improve Service features
  • Conduct market research and user surveys
  • Debug technical issues and optimize performance
  • Develop new features and functionality

5.3 Legal Compliance

  • Comply with tax and accounting obligations
  • Respond to lawful government requests
  • Prevent and investigate fraud
  • Enforce our Terms of Service

5.4 Communication

  • Send administrative notices and policy changes
  • Respond to your inquiries and support requests
  • Send marketing emails (with opt-out option for Business Owners)

6. RECIPIENTS OF PERSONAL DATA

We may share Personal Data with the following categories of recipients:

6.1 Third-Party Service Providers (Data Processors)

We use trusted third-party service providers for authentication, payment processing, database hosting, email delivery, application hosting, and analytics. All processors are bound by Data Processing Agreements and comply with GDPR Article 28. A full list of our sub-processors is available upon request at contact@fideliyapass.com.

6.2 Legal and Law Enforcement

We may disclose Personal Data if required by law or legal process, including:

  • Court orders and judicial proceedings
  • Government agencies and regulatory bodies
  • Law enforcement investigations

6.3 Business Transactions

If Fideliya is acquired, merged, or undergoes bankruptcy, your Personal Data may be transferred to the acquiring entity. We will notify you of any such transfer.

6.4 Business Owners and End Customers

Business Owners can view End Customer data associated with their Loyalty Program. End Customers can access and manage their own loyalty data through their Account.

7. DATA RETENTION

7.1 Business Owner Data

  • Active Accounts: Retained for the duration of your subscription plus 30 days after termination
  • Payment Records: Retained for 7 years (Spanish tax requirements)
  • Legal and Compliance: Retained as required by law

7.2 End Customer Data

  • Active Loyalty Data: Retained for the duration of the Loyalty Program
  • Inactive Passes: Retained for 12 months after inactivity, then deleted
  • Upon Deletion Request: Deleted within 30 days, except where legally required

7.3 Gift Card Data

  • Pending Gift Cards: Retained until redeemed or for 12 months, whichever comes first
  • Redeemed Gift Cards: Retained as part of loyalty transaction history

7.4 Website Visitor Data

  • Analytics Data: Retained for 90 days
  • Cookies: Session cookies deleted upon browser closure; persistent cookies retained for up to 12 months

7.5 Backup and Logs

Backup copies and security logs may be retained for up to 90 days beyond the primary retention period.

8. YOUR DATA SUBJECT RIGHTS (GDPR)

As a Data Subject under GDPR, you have the following rights:

8.1 Right of Access

You have the right to request a copy of all Personal Data we hold about you. Submit requests to: contact@fideliyapass.com

We will provide information within 30 days in a structured, commonly-used, machine-readable format.

8.2 Right to Rectification

If your Personal Data is inaccurate or incomplete, you may request that we correct it. You can update your Account information directly in your Account settings.

8.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your Personal Data, except where:

  • Retention is required by law (tax, accounting, legal records)
  • Data is necessary to fulfill a contract
  • We have a legitimate interest in retaining the data

Submit erasure requests to: contact@fideliyapass.com

We will delete your data within 30 days and confirm deletion in writing.

8.4 Right to Restrict Processing

You may request that we limit processing of your Personal Data to storage only, pending resolution of a dispute about accuracy or processing legality.

8.5 Right to Data Portability

You have the right to receive your Personal Data in a structured, commonly-used, machine-readable format and to transmit it to another Data Controller without hindrance.

To exercise this right, submit a request to: contact@fideliyapass.com

We will provide your data in CSV or JSON format within 30 days.

8.6 Right to Object

You have the right to object to:

  • Processing based on Legitimate Interest
  • Direct marketing communications
  • Automated decision-making and profiling

8.7 Right to Lodge a Complaint

If you believe we are processing your Personal Data unlawfully, you have the right to lodge a complaint with your local Data Protection Authority. For users in Spain, contact the Spanish Data Protection Authority (AEPD).

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Cookies We Use

  • Essential Cookies: Maintain your login session, CSRF protection, security (required for Service to function)
  • Analytics Cookies: Track usage patterns — only with your consent
  • Preference Cookies: Remember your theme (dark/light mode) and language preferences
  • Security Cookies: Prevent CSRF attacks and unauthorized access

9.2 Cookie Consent

When you first visit Fideliya, we display a cookie consent banner. You may accept all cookies, customize your preferences, or reject non-essential cookies. Essential cookies cannot be disabled as they are required for the Service to function. You can change your cookie preferences at any time through the cookie settings link in our footer.

9.3 Third-Party Tracking

We do not use third-party advertising networks or social media tracking pixels. Our analytics are limited to first-party analytics tools for page-level and product usage tracking.

10. SECURITY AND DATA PROTECTION MEASURES

10.1 Technical Measures

  • Encryption in Transit: All data transmitted to/from Fideliya uses TLS 1.2+ encryption
  • Encryption at Rest: Sensitive data (passwords, payment info) are encrypted using AES-256
  • Database Security: Access to databases is restricted to authorized personnel only
  • Rate Limiting: API endpoints are protected against abuse with sliding-window rate limits
  • Tenant Isolation: Multi-tenant architecture ensures Business Owner data is strictly separated

10.2 Operational Measures

  • Access Controls: Role-based access to Personal Data
  • Incident Response: Documented procedures for security breach response
  • Vendor Management: Data Processors are vetted and monitored

10.3 Limitations

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security of your Personal Data.

11. INTERNATIONAL DATA TRANSFERS

11.1 Data Location

Fideliya stores data on servers hosted within Europe. Where data is transferred outside the EU/EEA, we maintain Standard Contractual Clauses (SCCs) and Data Processing Agreements to ensure GDPR-compliant data protection.

11.2 Third-Country Transfers

If Personal Data is transferred outside the EU/EEA, we ensure adequate safeguards under GDPR Chapter 5, including:

  • Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with processors
  • Compliance with applicable data transfer requirements

12. CHILDREN AND MINORS

Fideliya is not intended for use by children under 16 years of age. We do not knowingly collect Personal Data from children under 16. If we become aware that we have collected data from a child under 16, we will delete it immediately.

13. DATA PROCESSING AGREEMENT

For Business Owners processing End Customer data through Fideliya, we have a Data Processing Agreement (DPA) available upon request. The DPA governs our role as a Data Processor and includes:

  • Description of Processing Activities
  • Data Subject Categories
  • Types of Personal Data
  • Duration of Processing
  • Data Controller Instructions
  • Sub-processor Management
  • Data Subject Rights Assistance

Request a DPA copy at: contact@fideliyapass.com

14. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

If you are a resident of California, you have the following rights under CCPA:

  • Right to Know: Request information about data collected
  • Right to Delete: Request deletion of your data
  • Right to Opt-Out: Opt out of "sales" or sharing of data for targeted advertising
  • Right to Non-Discrimination: We do not discriminate against you for exercising your rights

To exercise California privacy rights, submit requests to: contact@fideliyapass.com

Note: Fideliya does not "sell" Personal Data in the CCPA sense. We do not share data with third parties for targeted advertising.

15. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy at any time. Material changes will be communicated:

  • Via email notification (for registered users)
  • Posted on our website with a prominent notice
  • Effective date listed at the top of this document

Your continued use of the Service after updates constitutes acceptance of the revised Privacy Policy.

16. CONTACT US

For questions, concerns, or to exercise your data rights, contact:

Fideliya — Privacy Inquiries Email: contact@fideliyapass.com Website: https://www.fideliyapass.com Address: Spain

Response Time: We aim to respond to all inquiries within 14 business days.

ANNEX A: DATA PROCESSING ACTIVITIES SUMMARY

Activity Data Type Purpose Legal Basis Retention
Account Management Business Owner data Provide Service Contract Duration + 30 days
Payment Processing Payment info Billing and subscriptions Contract 7 years
Loyalty Tracking End Customer data Deliver Loyalty Program Consent 12 months + inactive
Gift Card Delivery Recipient email Deliver gift on behalf of Business Owner Legitimate Interest 12 months
Service Analytics Usage data Improve Service Legitimate Interest 90 days
Customer Support Communication data Respond to inquiries Contract 1 year
Legal Compliance Account data Tax and legal requirements Legal Obligation 7 years
Marketing Email address Send promotions Consent/Legitimate Interest Until opt-out
Security All data Prevent fraud and attacks Legitimate Interest Incident-based

ANNEX B: GDPR ARTICLE 13/14 TRANSPARENCY NOTICE

As required by GDPR Articles 13 and 14, we confirm:

  • Data Controller Identity: Fideliya, Spain
  • Processing Purposes: Service delivery, legal compliance, service improvement
  • Legal Basis: Contract, consent, legitimate interest, legal obligation
  • Recipients: Third-party processors (listed above), legal authorities if required
  • Retention: As described in Section 7
  • Your Rights: Access, rectification, erasure, restriction, portability, objection
  • Automated Decision-Making: Fideliya does not use automated decision-making or profiling
  • Right to Lodge Complaint: With your local Data Protection Authority