App Privacy Policy
Last updated: April 2026
Confidentiality and security are fundamental values at PLENIT. This means we are committed to ensuring the privacy of our Clients' personal data at all times and to collecting only the information we need, and nothing more.
Below, you will find all the necessary information about the personal data we collect, how we process it, and your rights.
1. Who processes my personal data?
Plenit Technology S.L. (hereinafter, "PLENIT"), with Tax ID No. B-65814709 and registered address at Calle Leganitos No. 47, 4th floor — 28013 Madrid, Spain, may act under either of the following two capacities:
- Data Controller: PLENIT will act as the data controller when it establishes relationships in its own name with data subjects or individuals who own the personal data (i.e., when PLENIT processes the personal data of its Clients or Partners as part of agreed terms and conditions signed between the parties).
- Data Processor: PLENIT will act as the data processor when it accesses the personal data of said Clients or Users to provide the services offered through its platform.
For this purpose, PLENIT provides an email address (dpd@plenit.com) available to all its Users or Clients.
PLENIT processes your data in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
2. Who oversees your personal data at PLENIT?
The Data Protection Officer (DPO) at PLENIT is responsible for ensuring compliance with data protection regulations within the organization.
You can contact PLENIT's Data Protection Officer at the following email address: dpd@plenit.com.
You can verify the appointment of our Data Protection Officer on the website of the Spanish Data Protection Agency via the following link.
3. Who are the groups of data subjects?
The personal data collected and processed may come from the following groups of data subjects:
- Clients or Partners and End Users of the PLENIT Platform:
- Companies that provided their data to formalize a service contract with PLENIT.
- Administrators and End Users of the PLENIT Platform.
- Suppliers:
- Companies that share with us the necessary personal data to formalize a service contract (identification, contact, address, bank account, etc.).
4. What personal data do we process?
Whether as a data controller or processor, we handle different types of personal data, including:
- Contact information, such as name, email address, and phone number.
- User account information, such as username and password.
- Payment information, including details of the physical and/or virtual card provided by PLENIT.
- Profile information.
- Information about product requests you wish to contract.
- Usage information, such as the frequency of application use and the services accessed.
5. For what purpose and on what legal basis do we use personal data?
At PLENIT, we process personal data to respond to information requests, address your inquiries, or provide the contracted services.
This personal data is processed for the legitimate purposes outlined below.
5.1. PLENIT as Data Controller
5.2. PLENIT as Data Processor
6. How do we protect personal data?
At PLENIT, we implement technical and organizational security measures to protect your personal data and prevent its loss, misuse, unauthorized access, or disclosure. Some of the measures we take include data encryption, restricted access to personal data, and regular training of our staff on data protection.
PLENIT is ISO 27001 certified. This internationally recognized standard promotes a risk-based methodology that enables organizations to better manage information security. It demonstrates that companies have implemented an Information Security Management System audited by an independent expert evaluator.
7. How do we store personal data?
We store your personal data on secure cloud servers located within the European Union. We maintain technical and organizational measures to ensure the security of personal data and to prevent its loss, misuse, unauthorized access, or disclosure.
8. Who has access to your personal data?
PLENIT will only share your personal data with third parties when necessary to provide our services, when you have requested something that requires a response from us, or when we are legally obligated to do so.
We may also share data with companies that provide services essential to the ordinary and administrative activities of the company, acting as data processors, within the scope of services such as:
- Payment and payment processing service providers.
- Technology service providers, such as cloud hosting providers and data analytics services.
- Legal and financial advisors.
- Regulatory and governmental authorities, when necessary to comply with our legal obligations or when legally required by them.
8.1. International Data Transfers
Currently, we do not share data with providers located outside the European Economic Area (EEA), meaning no international data transfers are performed. This is also communicated to our clients in the Data Processing Agreement signed with each of them.
Additionally, as data controllers, we may share personal data among the different subsidiaries of the group, based on corporate legitimate interest. In cases where such activities involve countries within the EEA and our subsidiaries located outside the EEA, international transfers are carried out under contract, incorporating the Standard Contractual Clauses approved by the European Commission: https://eur-lex.europa.eu/legal-content/ES/ALL/?uri=CELEX:32021D0914
9. How can I exercise my rights regarding my personal data?
Anyone has the right to obtain information about the data that PLENIT processes under their ownership. These are your rights:
- Data subjects have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
- Under certain circumstances, data subjects may request the restriction of the processing of their data, in which case it will only be retained for the exercise or defense of legal claims.
- In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. PLENIT will cease processing the data, except for compelling legitimate reasons or the exercise or defense of possible legal claims.
- Portability: The data subject has the right to receive the personal data concerning them, which they have provided to PLENIT, in a structured, commonly used, and machine-readable format, where: a) the processing is based on consent or a contract, and b) the processing is carried out by automated means.
We inform you of your right to file a complaint with the supervisory authority (www.aepd.es) if the exercise of your rights as outlined here has not been fulfilled.
To exercise these rights, you can contact dpd@plenit.com. When making your request, please provide the following information:
- Full name
- Contact email address
- The right you wish to exercise
- Details of your request
We will resolve your request within a maximum period of one month, and you will be notified via the email address provided.
10. What is the retention period for your personal data?
We will retain your personal data for as long as necessary to provide you with our services or to comply with our legal obligations. When your personal data is no longer needed, it will be securely deleted or anonymized.
For specific retention periods, please refer to the tables in Section 5 of this Privacy Policy.
11. Changes to our Privacy Policy
We reserve the right to update this Privacy Policy at any time. If we make significant changes to this Privacy Policy, we will inform you by posting a notice on our application or website, or through other appropriate means.
12. Contact
If you have any questions or concerns about this Privacy Policy or how we handle your personal data, you can contact us at our postal address: Calle Leganitos n.º 47, planta 4 — 28013 Madrid, or send us an email at dpd@plenit.com.