Data processing

We collect and process some of your data to enhance your experience, offer you relevant content, and ensure everything works efficiently. Don’t worry! Your data is in good hands, and we treat it with complete confidentiality.

We only use what is necessary for you to enjoy to the fullest. If you want to know more, you can consult our Privacy Policy.

Data processing

This Data Processing Agreement is made between Comisionea S.L., a Spanish limited liability company with its registered office at Calle Virués, 4 bajo, 46002 Valencia, Spain (hereinafter, "Feending" or the "Company") and the party that electronically accepts or otherwise agrees or opts for this Data Processing Agreement, for example, by signing an order contract (the "Client"), specifying that the use of the Feending solution (hereinafter, the "Feending Solution") constitutes acceptance of this Data Processing Agreement.

PREAMBLE

In the context of the European Union Regulation 2016/679 (GDPR), this Data Processing Agreement aims to determine the rights and obligations of the Parties as defined by Data Protection Legislation, as defined herein.

In this regard, Feending is particularly sensitive to the privacy of its Users and the Client concerning the protection of their Personal Data, as well as to its obligations as a Data Processor, as appropriate, as described in this Data Processing Agreement.

It is expressly understood that this Data Processing Agreement forms an integral part of the main subscription contract that applies to the Parties concerning the provision of the Feending solution (hereinafter, the "Contract").

ARTICLE 1: DEFINITIONS

The terms used in this Data Processing Agreement and that have the first letter capitalized, whether in singular or plural, shall have the following meaning:

“Administrator” designates any person, employee, representative or third party duly authorized by the Client or one of its Administrators to access the administration panel of the Feending Solution.

“Client Contact Email” means the Client's email address communicated to Feending for the purpose of notifying relevant information about the Processing carried out by the Company.

“Data Controller” means the natural or legal person, public authority, or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“Data Processor” means a natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Controller.

“Data Protection Legislation” means the GDPR, as well as any legislation and/or regulation that implements or creates under the GDPR and the Electronic Privacy Legislation, or that amends, replaces, enacts, or consolidates it, and all other applicable national laws related to the processing of personal data and privacy that may exist under applicable law.

“Data Subject” means an identifiable natural person who is the subject of Personal Data.

“End User” means any User of the Feending Solution, who is neither an Administrator nor the Client, who may access the Feending Solution with the credentials provided by an Administrator and who interacts using the Feending Solution.

“GDPR” (General Data Protection Regulation): means Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC, and its European and national implementing laws.

“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on Personal Data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“User” means any Administrator or End User.

ARTICLE 2: PROCESSING OF PERSONAL DATA

Personal Data is collected and processed in the following manner.

2.1 Personal Data of Client Staff

In accordance with its subscription to the Contract and the availability of the Feending Solution, the Company collects information about the identification of the Client (trade name, legal form, business address, NIF or intra-European VAT number) and the Personal Data of contact (emails, billing contacts).

For the collection of the Personal Data of Client staff (including the Client Contact Email), the Company will qualify as Data Controller.

2.2 Personal Data of Users

The Personal Data of Users, which is processed through the use of the Feending Solution, is the sole responsibility of the Client, who collects and processes the Personal Data on its own account, understanding that the Client determines the purposes and means of the processing of Personal Data in accordance with the applicable Data Protection Legislation.

2.3 Processing of Users' Personal Data by the Company

The Client is informed that the Personal Data of its Users is collected solely for the purpose of executing the Contract and the Feending Solution to which the Client has subscribed. If the Client does not provide the required Personal Data, it will not be able to use the full functionality of the services.

The Client is informed that the Company conducts statistical analyses, as well as audience measurements, visits, and effective uses of the Feending Solution, but only after anonymizing the Users' Personal Data. Furthermore, these statistical analyses, as well as audience measurements, visits, and effective uses of the Feending Solution, are intended solely for Feending, excluding third parties, and with the sole purpose of optimizing and improving the functionalities of the Feending Solution.

The Client guarantees the accurate transmission of this information to the Users of the Feending Solution.

2.4 Client's Obligations as Data Controller

The Client, when using the Feending Solution, must be qualified as Data Controller of the Personal Data of the Users.

As Data Controller, the Client explicitly commits to:

  • Have a legal basis for collecting and processing its Personal Data before collecting, hosting. The Client confirms that it is informed that it can obtain the User's consent through a feature provided by the Company in the Feending Solution.

  • Collect Users' Personal Data only for specific, explicit, and legitimate purposes and not process them in a way that is incompatible with those purposes.

  • Maintain a record of the processing of Personal Data carried out through the Feending Solution.

  • Implement all necessary technical and organizational measures to ensure the security of the processing carried out, guarantee the protection of the rights of individuals affected by the processing, and comply with the requirements of the Data Protection Legislation.

  • Limit access to Users' Personal Data only to those authorized to do so, namely, to the Users of the Feending Solution.

  • Raise awareness and train staff members on the processing of Personal Data, the provisions of the Data Protection Legislation, and their consequences.

  • Never transfer, in any way, the Users' Personal Data to a third party, unless this transfer complies with the Data Protection Legislation.

  • Guarantee all rights regarding access, portability, deletion, rectification, opposition, and limitation of the Users' Personal Data collected during the use of the Feending Solution; if the Client requires the Company's assistance to do so, the Client commits to promptly notify any request to exercise any of the aforementioned rights to the Company.

  • Notify the relevant supervisory authority of any security breach that poses a serious risk to the rights and freedoms of Users within 72 hours of becoming aware of the breach.

  • After the termination of the Contract with the Company, and in case retention is no longer necessary, proceed to the deletion of the Users' Personal Data within a timeframe compatible with the Data Protection Legislation.

In the event that information is collected directly from Users, the Client, as Data Controller, commits to providing Users, as appropriate, the following information:

  • The information about the identity of the Client, as well as the name of the Data Controller.

  • The purpose of processing Personal Data.

  • The recipients of the Personal Data: the Client and the Company, as well as their subcontractors.

  • The retention period of Personal Data.

  • The existence of their rights regarding access, rectification, deletion, and portability of Personal Data, or any limitation or opposition to the processing of such data.

  • Where applicable, the right of Users to withdraw their consent regarding processing.

  • The right of Users to lodge a complaint with the competent supervisory authority if they believe their rights have not been respected.

  • The Client informs Users that refusal to provide the aforementioned data will make the Feending Solution unavailable for use.

In accordance with this Data Processing Agreement, the Client commits to carrying out all declarative formalities and/or requests for authorization and/or impact assessments, if necessary, as well as to ensuring mandatory compliance with the competent supervisory authority in light of the processing it carries out in relation to the use of the Feending Solution.

In the event that the Client has not yet carried out the aforementioned formalities, it explicitly commits to do so immediately.

The Client remains responsible for the Processing of Personal Data carried out under its own responsibility.

The Client must communicate the Client Contact Email to the Company.

2.5 Obligations of the Company as Data Processor

The use of the Users' Personal Data in the context of using the Feending Solution implies that Feending must be qualified as a Data Processor.

The object, duration, nature, and purpose of the processing of Personal Data, as well as the type of Personal Data being processed and the categories of Data Subjects, are listed in Annex 1.

The Contract, its Appendices, and this Data Processing Agreement should be considered as written instructions from the Client, qualified as the Data Controller, to Feending, qualified as the Data Processor, without prejudice to any additional instruction given in writing.

As a Data Processor and in accordance with the privacy procedures provided by Data Protection Legislation, Feending may only use Personal Data in accordance with the Client's instructions responsible for processing.

As a Data Processor, Feending commits to always present sufficient guarantees to ensure the implementation of necessary security and privacy measures.

Furthermore, Feending commits to:

  • Support the Client in fulfilling its obligations to respond to requests from Data Subjects to exercise their rights under the GDPR; when this assistance exceeds what is commercially reasonable, Feending and the Client will agree on the applicable financial terms for the continuity of assistance.

  • Maintain a record of the processing of Personal Data carried out through the Feending Solution.

  • Not transfer the Users' Personal Data to third parties, except for its subcontractors and as permitted by the Contract, its Appendices, and this Data Processing Agreement, and without notifying the Client in advance.

  • Allow the Data Controller to conduct an audit of the processing carried out by Feending, as well as of any appropriate technical and organizational measures that ensure the security of processing, respect for the rights of data subjects, and compliance with the requirements of Data Protection Legislation, specifying that the Client must notify the Company at least thirty (30) calendar days in advance by written notice. The audit will be carried out at the Client's expense and can only cover the appropriate technical and organizational measures guaranteeing the security of the processing, respect for the rights of data subjects, and the requirements of the GDPR. The Client will appoint an independent auditor who is not a competitor of the Company in the software as a service (SaaS) field, who has been pre-approved by the Company, and who agrees to a confidentiality agreement. The Company commits to cooperate with the auditor in fulfilling its mission by providing reasonably necessary information and answering their reasonable questions. A copy of the audit report prepared by the auditor will be provided to each Party and will be discussed collectively among the Parties during a meeting specifically organized for this purpose.

  • The Company commits to assist the Client in analyzing whether a data protection impact assessment is required for the processing of Personal Data by the Client. When the latter considers it necessary to conduct a data protection impact assessment, the Company commits to assist the Client in conducting the data protection impact assessment and, where applicable, in relation to the prior consultation with the supervisory authority. This assistance must be provided under the same conditions as those set forth in the first paragraph of this article.

  • Restrict access to Personal Data only to authorized personnel. In this context, the Company informs the Client that, according to their employment contracts, its staff is subject to confidentiality clauses that explicitly refer to Personal Data.

2.6 Data Breach

The Company will implement all technical measures to allow the detection of personal data breaches (as defined by Data Protection Legislation) and to inform the Data Controller of breaches within a reasonable timeframe.

In the event that a personal data breach occurs or has occurred, the Company will notify the Client by email without undue delay, and in any case, within 72 hours of becoming aware of the breach, using the Client Contact Email.

Without prejudice to the Company's legal obligations, the Client will be responsible for notifying the relevant authority(ies) and/or affected individuals of the breach.

Without prejudice to the Company's legal obligations, the Company will assist the Client to the best of its ability with the notification of the breach to the relevant authority(ies) and/or affected individuals.

The Company will treat any questions/requests from the Client related to the breach as a priority.

In the event of a breach, the Company will take all necessary and appropriate measures to restore Personal Data and/or limit the negative impact of the breach as much as possible (including, among other things, providing forensic assistance to the Client), understanding that the Company, when reasonably possible, will always consult the Client on the measures to be taken.

2.7 Appropriate Technical and Organizational Measures Implemented by Feending

Since the beginning of the Processing, the Company has implemented appropriate technical and organizational measures to ensure the security of the processing as well as respect for the rights of the individuals involved and the requirements of the GDPR.

The code of the Feending Solution and the processed Personal Data are hosted on Amazon and Google Cloud Platform servers, as both provide sufficient guarantees in terms of the required technical and organizational measures according to Data Protection Legislation.

The Client can consult the privacy policies of Amazon AWS and Google Cloud Platform at the following addresses:

https://cloud.google.com/security/privacy/

https://aws.amazon.com/compliance/gdpr-center/

The Company also performs a daily backup of the Personal Data stored on the Amazon and/or Google Cloud Platform servers. Personal Data is backed up once every hour. The Company keeps the last copy of each day for a period of thirty (30) days.

The Client has the ability to extract the Personal Data of end Users in an Excel spreadsheet from its administration module.

For any additional questions, the Company invites its clients to contact via email at soporte@feending.com.

2.8 Data Processor Service Providers

For the correct use of the services offered in Feending, it is required that the data be transferred outside the European space, for example, they may be transferred and stored in countries outside the European Economic Area (EEA). This is because we use remote servers to provide our services, which may be located outside the EEA or use servers outside the EEA, which is generally the nature of cloud-stored data. It may also be processed by personnel operating outside the EEA who work for one of our suppliers, such as our web server provider (Amazon Web Services and Google Cloud Platform), the payment processing provider (Stripe), or our marketing services provider (Hubspot). These services have their updated privacy policies.

This processing of data outside the EEA is covered by legal mechanisms to allow data transfer. If additional information is required about the international data transfer, please contact us at contacto@feending.com.

2.9 Data Retention Period for Personal Data

A. Personal Data of Client Staff

Subject to the mandatory retention period for all data related to client files, which is three (3) years from the end of the contractual relationship, the identification data of Client staff (including Client Contact Email) will be retained by Feending for a period not exceeding the subscription period of the Feending Solution, except for the legal archiving period.

B. Personal Data of Users

The Company informs the Client that it will delete Users' Personal Data within a period of thirty (30) to ninety (90) days after the termination of the Contract, without prejudice to any direct deletion request from Users.

Upon termination of the contractual relationship, the Company commits to return, free of charge and at the first request of the Client made by registered letter with acknowledgment of receipt, all Personal Data belonging to the Client that remains in the possession of the Company in accordance with the terms of this Data Processing Agreement in a standard format (Microsoft Excel, SQL, and CSV) within thirty (30) days following the same request.

The Company also commits to respond to any question raised by the Client within thirty (30) calendar days following receipt of the return request.

2.10 Client Responsibility

The Client remains solely responsible for the legality of the processing carried out during the use of the Feending Solution.

In addition, the Client remains solely responsible for the Personal Data it collects and processes as Data Controller. The Client commits to proceed with the collection and processing of Users' Personal Data in accordance with Data Protection Legislation.

The Client is informed that certain categories of Personal Data, called "sensitive," according to Data Protection Legislation, cannot be collected or processed without the explicit prior consent of the data subjects, or any other formalities provided by the applicable Data Protection Legislation (authorization request, impact assessment, etc.). The Client commits to never proceed with the collection and processing of sensitive Personal Data, except as provided by the Legislation. The Company disclaims any liability regarding the collection or processing of Sensitive Personal Data. The Client acknowledges and agrees that any potential sensitive personal data is subject to the same technical and organizational security measures that the Company implemented for non-sensitive Personal Data.

The Company, as Data Processor, disclaims any responsibility regarding the quality, relevance, and legality of Personal Data. Except as provided in this document, the Company cannot be held liable in the event of the collection or processing of Personal Data that violates the provisions of Data Protection Legislation.

The Client shall indemnify the Company, upon first request, against any damages incurred as a result of any action by a User or any third party due to the breach of this clause and/or any violation of any of its obligations as a data controller in accordance with Data Protection Legislation.

ANNEX 1. OVERVIEW OF PROCESSING

A. Duration of Processing

During the duration of the contractual relationship between the Parties, including the period covering the Data Reversibility clause of the Contract.

B. Nature and Purpose of Processing

The Personal Data will be processed for the purpose of providing the services established and agreed upon in the Contract. In this sense, Feending may carry out all types of processing operations.

C. Type of Personal Data Processed

  • Personal identification data (first name, last name, gender, profile photo, date of birth, spoken language, nationality, email, phone, address);

  • Electronic identification data (IP addresses, cookies);

  • Academic background and results;

  • Professional experience;

  • Current job;

  • Professional qualifications and certificates;

  • Hobbies and areas of interest;

  • Location data;

  • In general, any personal information submitted or published by a User (payment data, etc.).

D. Categories of Data Subjects

Users of the Controller, including, among others, members of the Controller's community, employees, collaborators, clients, prospects, suppliers, and subcontractors of the Controller.

E. Security Measures

The Data Processor will implement appropriate technical and organizational measures and regularly monitor compliance with these measures. This includes:

  1. Access control to the system: the Data Processor will take reasonable steps to prevent unauthorized access to computer systems, such as strong authentication procedures (passwords, two-factor authentication) and documented access approvals.

  2. Data access control: the Data Processor will take reasonable steps to prevent unauthorized access to Personal Data, such as providing access to personal data only as needed, confidentiality obligations, and locking workstations.

  3. Data transfer control: the Data Processor will take reasonable steps to ensure that personal data cannot be read, copied, modified, or deleted without authorization during electronic transmission, transport, or storage and that it is possible to verify and establish to which bodies the transfer of personal data is intended through facilities for data transmission (data transfer control), such as data encryption at rest and in transit.

  4. Input control: the Data Processor will take reasonable steps to ensure that it is possible to retrospectively verify and establish whether and by whom Personal Data has been entered, modified, or deleted in data processing systems, such as logging systems.

  5. Job control: the Data Processor will take reasonable steps to ensure that personal data is processed in accordance with the instructions of the Data Controller, such as entering into appropriate data processing agreements with subprocessors.

  6. Availability control: the Data Processor will take reasonable steps to prevent accidental destruction or loss of Personal Data.

Feending is powered by:

Company

Work with us

Contact

DEMO

Legal

Processing Agreement

Privacy Policy

© Copyright 2026 | Comisionea SL

Feending is powered by:

Company

Work with us

Contact

DEMO

Legal

Processing Agreement

Privacy Policy

© Copyright 2026 | Comisionea SL

Feending is powered by:

Company

Work with us

Contact

DEMO

Legal

Processing Agreement

Privacy Policy

© Copyright 2026 | Comisionea SL