Privacy Policy

This Privacy Policy was last updated on June 16, 2026.

1. INTRODUCTION
Getlinko International, S.L. (hereinafter, “Getlinko”, “we” or “the company”) is the data controller for the personal data of website and platform users. This Privacy Policy describes what data we process, for what purpose, for how long, with whom we share it and what rights you have over it.
Personal data processing is carried out in compliance with:
• Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016 (GDPR)
• Organic Law 3/2018, of December 5, on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD)
• Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE)
Use of the platform and website implies knowledge and acceptance of this Privacy Policy.

2. IDENTITY OF THE DATA CONTROLLER
• Owner: GETLINKO INTERNATIONAL, S.L.
• Tax ID (CIF): B10858769
• Registered address: Rúa da Ponte, 4, mezzanine right, 36500 Lalín, Pontevedra, Spain
• General email: info@getlinko.com
• Privacy email: privacy@getlinko.com
• Website: https://getlinko.com

Data Protection Officer (DPO): Getlinko is not required to appoint a DPO pursuant to art. 37 GDPR, as its main activity does not consist of processing operations requiring large-scale regular and systematic monitoring, nor large-scale processing of special categories of data. For any data protection queries, you may contact us directly at privacy@getlinko.com.

3. PRINCIPLES APPLIED TO PROCESSING
Getlinko applies the principles set out in art. 5 GDPR:
• Lawfulness, fairness and transparency. Data is processed lawfully, fairly and transparently.
• Purpose limitation. Data is collected for specified, explicit and legitimate purposes.
• Data minimisation. We only collect strictly necessary data.
• Accuracy. We keep data up to date, erasing or rectifying inaccurate data.
• Storage limitation. We retain data only for as long as necessary for the processing purposes.
• Integrity and confidentiality. We apply appropriate technical and organisational measures.
• Accountability. We document and demonstrate compliance.

4. CATEGORIES OF DATA SUBJECTS AND DATA PROCESSED
This policy applies to four categories of data subjects, with differentiated processing for each:

4.1. Advertisers (clients who contract services)
Data processed:
• Identification: name, surname(s), national ID/passport (only when necessary for billing or verification)
• Contact: email, phone, postal address, preferred language
• Account: username, password (encrypted), optional profile photo
• Billing: company name, tax ID (NIF/CIF), tax address, intra-community VAT number if applicable
• Payment data: card data is processed by our payment provider (we do not store it directly); for each transaction we retain payment reference, amount, date and method
• Usage data: top-up history, orders, proposals, communications with publishers, comments and ratings
• Browsing data: IP, device, browser, access dates and times (see Cookies Policy)

4.2. Publishers (professionals offering services on the platform)
Data processed:
• Identification: name, surname(s), identity document
• Contact: email, phone, WhatsApp, postal address, preferred language
• Account: username, encrypted password, profile photo
• Professional profile: description, portfolio, ownership of declared media or blogs, social media
• Tax data: tax ID (NIF/CIF), tax regime, applicable VAT, tax residence certificate if applicable
• Banking and payment data: PayPal account or IBAN, account holder details
• Domain ownership verification: documentation proving media ownership
• Activity data: proposal history, published articles, balance withdrawals, ratings received

4.3. Website visitors (not registered)
Data processed:
• Browsing data: IP address, approximate geographic location, device, browser, operating system, pages visited, time spent
• Cookies and similar technologies (see Cookies Policy)
• Data voluntarily provided by the visitor when filling in contact forms, subscribing to the blog/newsletter or requesting information

4.4. Business contacts and leads
Data processed:
• Identification and contact: name, company, position, email, phone
• Interaction history: calls, emails, meetings, presented offers
• Enriched data from public sources (public LinkedIn, company website, etc.) limited to public professional information

5. PURPOSES AND LEGAL BASES FOR PROCESSING
Pursuant to art. 6 GDPR, each processing purpose has a specific legal basis:

# Purpose Legal basis (art. 6 GDPR) Affected categories
1 User account registration and management 6.1.b – Performance of contract Advertisers, Publishers
2 Provision of contracted services (publications, payments, wallet, ratings) 6.1.b – Performance of contract Advertisers, Publishers
3 Verification of identity, domain ownership and tax data 6.1.b Contract + 6.1.c Legal obligation Mainly Publishers
4 Payment processing 6.1.b – Performance of contract Advertisers, Publishers
5 Invoice issuance and accounting records 6.1.c – Legal obligation (VAT Law 37/1992, RD 1619/2012, General Tax Law 58/2003) Advertisers, Publishers
6 Fraud prevention, blacklist management, multi-account control 6.1.f – Legitimate interest in platform protection All categories
7 Operational and transactional communications (confirmations, reminders, balance expiry notices, T&C update notifications) 6.1.b – Performance of contract Advertisers, Publishers
8 Commercial communications about similar products and services to active customers 6.1.f – Legitimate interest (art. 21.2 LSSI-CE – existing customer, similar products, easy opt-out) Active Advertisers, Publishers
9 Customer service and support 6.1.b Contract + 6.1.f Legitimate interest All
10 Anonymised statistical analysis and service improvement 6.1.f – Legitimate interest in improving the service All
11 Analytical, personalisation and advertising cookies 6.1.a – Consent (cookie manager) Visitors and users
12 Compliance with anti-money laundering legal obligations 6.1.c – Legal obligation (Law 10/2010 AML/CTF) Advertisers and Publishers with relevant transactions
13 Defence of claims, litigation and obligations derived from T&C 6.1.f – Legitimate interest All

On email marketing to active customers: Getlinko sends commercial communications about products and services similar to those contracted to customers with an active account, pursuant to art. 21.2 LSSI-CE, which permits such communications without prior consent when data was obtained in the context of a contractual relationship. Each communication includes a free and easy opt-out link.

6. RETENTION PERIODS
Pursuant to the storage limitation principle (art. 5.1.e GDPR), data is retained for only as long as strictly necessary for each purpose:

Type of data / purpose Retention period
Active User account data Throughout the lifetime of the account
Data after voluntary account deletion 5 years from deletion (civil actions limitation, art. 1964.2 CC)
Accounting data, invoices and payment receipts 6 years (art. 30 Commercial Code + art. 70 General Tax Law)
Tax documentation of Publishers 6 years from the last tax year
Data related to anti-money laundering 10 years (Law 10/2010 AML/CTF)
Leads not converted into customers 2 years from last interaction, unless prior objection
Newsletter subscriber contact data Until the data subject unsubscribes
Platform access logs 12 months from log registration
Cookies As detailed in the Cookies Policy
Data related to litigation or claims Until final resolution + applicable limitation period

After the applicable period, data will be securely deleted or anonymised so that the data subject is no longer identifiable.

7. RECIPIENTS AND DATA PROCESSORS
Getlinko does not sell or transfer personal data to third parties for commercial purposes. Data may be communicated to:

7.1. Data processors (service providers)
The following providers process data on behalf of Getlinko under data processing agreements compliant with art. 28 GDPR:

Provider Purpose Location Guarantees
HubSpot, Inc. CRM, commercial management, email marketing, automations United States EU Standard Contractual Clauses (SCC) + EU-US Data Privacy Framework (DPF)
Twilio / SendGrid Transactional emails and notifications United States EU SCC + DPF
Intercom, Inc. Customer support and chat United States / Ireland EU SCC + DPF
Google Ireland Ltd. (Analytics, Tag Manager) Web analytics and site measurement Ireland (EU) + USA EU SCC + IP anonymisation + DPF
Payment provider Card payment processing EU / USA PCI-DSS compliance + EU SCC
PayPal (Europe) S.à.r.l. & Cie, S.C.A. Payments to publishers and collections Luxembourg (EU) Independent controller / EU GDPR
Raiola Networks, S.L. Website hosting Spain (EU) EU GDPR
External tax and accounting advisors Accounting and tax management Spain (EU) EU GDPR + professional secrecy

Getlinko maintains an up-to-date record of processing activities that includes all processors, accessible to the supervisory authority upon inspection.

7.2. Communication between platform members
To facilitate the interactions inherent to the marketplace, Getlinko shares certain information between Advertisers and Publishers when this is necessary to fulfil an order or proposal:
• When an Advertiser places an order or claim, the following is shared with the Publisher: Advertiser profile, name, prior ratings and assignment details.
• When a Publisher receives an order, the following is shared with the Advertiser: Publisher profile, media, price, deadline and work result.
This communication is necessary for the performance of the contract (art. 6.1.b GDPR).

7.3. Disclosures required by law
Getlinko will communicate personal data to competent authorities (Tax Agency, courts and tribunals, law enforcement, AEPD, SEPBLAC) when there is a legal obligation (art. 6.1.c GDPR).

8. INTERNATIONAL DATA TRANSFERS
Some of our data processors (HubSpot, SendGrid, Intercom, Google) have servers located outside the European Economic Area, mainly in the United States.
These transfers are carried out on the basis of:
• European Commission Adequacy Decision 2023/1795 (10/07/2023) recognising the EU-US Data Privacy Framework (DPF) as providing an adequate level of protection for US companies that have adhered to it
• Standard Contractual Clauses approved by the European Commission (Decision 2021/914) signed with each processor
• Additional technical measures such as encryption in transit and at rest, data segmentation and pseudonymisation where feasible
You may request a copy of the applicable safeguards by writing to privacy@getlinko.com.

9. DATA SUBJECT RIGHTS
As the owner of your personal data, you have the following rights recognised in arts. 15 to 22 GDPR:
• Right of access (art. 15): obtain confirmation as to whether we are processing your data and, where applicable, a copy of it.
• Right to rectification (art. 16): correct inaccurate or incomplete data.
• Right to erasure / “right to be forgotten” (art. 17): request erasure when data is no longer necessary for the purposes.
• Right to restriction of processing (art. 18): flag your data so it is only stored, not processed.
• Right to data portability (art. 20): receive your data in a structured format and transmit it to another controller.
• Right to object (art. 21): object to processing based on legitimate interest, including direct marketing.
• Right not to be subject to automated decisions (art. 22): that significantly affect you.
• Right to withdraw consent at any time when processing is based on consent.

How to exercise your rights
You may exercise any of these rights by sending an email to privacy@getlinko.com or by post to the registered address, indicating:
• The right you wish to exercise
• Full name and email address registered on the platform
• Copy of your national ID, NIE or equivalent identity document (required to verify your identity)
We will respond to your request within a maximum of one month from receipt (extendable to two months where the complexity or number of requests justifies it, with notification to the data subject).

Complaint to the supervisory authority
If you consider that the processing of your data infringes the GDPR, you have the right to file a complaint with the Spanish Data Protection Agency (AEPD):
• Website: www.aepd.es
• Address: C/ Jorge Juan 6, 28001 Madrid
• Electronic office: sedeagpd.gob.es
We recommend that, before contacting the AEPD, you attempt to resolve the matter by contacting us at privacy@getlinko.com.

10. MINORS
Use of the Getlinko platform is reserved for persons over the age of 16, pursuant to art. 7 LOPDGDD. Legal entities must act through a legal representative with sufficient authority.
Getlinko does not knowingly collect personal data from persons under 16 years of age. If we become aware that data from a minor has been collected without the appropriate consent of their parents or legal guardians, we will proceed to delete it immediately.

11. DATA SECURITY
Getlinko applies appropriate technical and organisational measures to ensure a level of security appropriate to the risk (art. 32 GDPR), including:
• Encryption of data in transit (TLS) and at rest
• Role-based access controls and two-factor authentication for administrators
• Encrypted and redundant backups
• Continuous platform monitoring
• Regular security audits
• Internal team training on data protection
• Data processing agreements with all providers
In the event of a security breach that may affect your personal data, Getlinko will notify the AEPD within 72 hours (art. 33 GDPR) and, if the risk to your rights and freedoms is high, will also notify you (art. 34 GDPR).

12. COOKIES AND SIMILAR TECHNOLOGIES
The website uses first-party and third-party cookies for technical operation, analytics, personalisation and advertising. You can view the details, configure your preferences or withdraw your consent at any time via the Cookies Policy (https://getlinko.com/politica-de-cookies/) and the cookie manager available on the site.

13. SOCIAL MEDIA
Getlinko maintains a presence on social media (Facebook, Instagram, LinkedIn, X/Twitter, YouTube). If you interact with our profiles, the processing of your data will additionally be governed by each social network’s own policies, over which Getlinko has no control.
Getlinko will process your data to manage its social media presence, share information about activities and respond to your interactions. We do not under any circumstances use follower profiles on social media to send personalised advertising.

14. EMBEDDED CONTENT FROM OTHER SITES
Website pages may include embedded content (videos, images, articles). This content behaves as if you were visiting the original site and may collect your data, install cookies and monitor your interaction in accordance with the corresponding provider’s policies.

15. ACCURACY AND TRUTHFULNESS OF DATA
As a User, you are responsible for the truthfulness and accuracy of the data you provide to Getlinko. You undertake to keep this information up to date, releasing Getlinko from any liability arising from inaccurate or outdated data.

16. UPDATES TO THE PRIVACY POLICY
Getlinko may update this Privacy Policy to adapt it to legislative or jurisprudential developments or corporate decisions. The current version will always be published on the website, with the date of the last update indicated.
Substantial modifications affecting essential rights of the data subject (new purposes, significant new recipients, changes to retention periods) will be notified by email at least 30 calendar days in advance to users registered on the platform.

17. CONTACT
For any queries, complaints or exercise of rights regarding data protection:
• Privacy-specific email: privacy@getlinko.com
• General email: info@getlinko.com
• Postal address: GETLINKO INTERNATIONAL, S.L., Rúa da Ponte, 4, mezzanine right, 36500 Lalín, Pontevedra, Spain

18. APPLICABLE LAW
This Privacy Policy is governed by Spanish and European Union law applicable to the protection of personal data.