Privacy Policy 

Effective Date: March 6, 2026 | Last Updated: March 6, 2026

1. Who We Are

Piquiyo (“we,” “us,” or “our”) is a marketing agency providing fractional and full marketing team services to SaaS companies. Our website is located at piquiyo.com.

For the purposes of the General Data Protection Regulation (GDPR), Piquiyo acts as the data controller for personal data collected through this website.

If you have any questions about this policy or our data practices, please contact us at:

Email: privacy@piquiyo.com Website: https://piquiyo.com

2. What Data We Collect

2.1 Data You Provide Directly

When you interact with piquiyo.com — for example, by filling out a contact form, booking a discovery call, or subscribing to our content — we may collect:

  • Name and job title
  • Company name and website
  • Business email address and phone number
  • Information about your marketing needs or project scope
  • Any other details you share in free-text fields or communications

2.2 Data Collected Automatically

When you visit our website, certain technical data is collected automatically:

  • IP address and approximate location (country/city level)
  • Browser type, version, and operating system
  • Pages visited, time on site, and referring URLs
  • Device type and screen resolution
  • Cookie identifiers and session data

2.3 Data from Third Parties

We may receive information about you from third-party tools we use, such as CRM platforms, analytics services, or scheduling tools (e.g., if you book a call via Calendly or a similar service). We only use such data in accordance with those providers’ terms and this policy.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

Purpose Legal Basis
Responding to enquiries and proposals Legitimate interests / Pre-contractual steps
Delivering our services to clients Performance of a contract
Sending marketing emails or newsletters Consent
Website analytics and performance Legitimate interests
Complying with legal obligations Legal obligation

Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms. Where we rely on consent, you may withdraw it at any time (see Section 7).

4. How We Use Your Data

We use your personal data to:

  • Respond to enquiries and provide information about our services
  • Prepare and deliver proposals, contracts, and onboarding materials
  • Communicate about ongoing engagements and project updates
  • Send marketing communications (only where you have opted in)
  • Analyse website usage and improve our content and user experience
  • Comply with legal and regulatory obligations
  • Protect against fraud or misuse of our services

We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

5. Cookies and Tracking

We use cookies and similar technologies on piquiyo.com. A cookie is a small file stored on your device that helps us recognise you and improve your experience.

Types of cookies we use:

  • Essential cookies — Required for the site to function (e.g., session management). These cannot be disabled.
  • Analytics cookies — Help us understand how visitors use the site (e.g., Google Analytics). We anonymise IP addresses where possible.
  • Marketing cookies — Used to track engagement with our content or campaigns. Only set with your consent.

On your first visit, we will ask for your consent before placing any non-essential cookies. You can manage or withdraw your cookie consent at any time via our cookie banner or your browser settings.

For more information: allaboutcookies.org

6. Who We Share Your Data With

We do not sell your personal data. We may share it with:

  • Service providers — Trusted third parties who help us operate our business (e.g., CRM software, email platforms, analytics tools, scheduling tools). These providers are contractually bound to process data only on our instructions.
  • Client contacts — If you are an employee of a client company, relevant team members within Piquiyo will have access to your contact details to deliver services.
  • Legal authorities — Where required by law, court order, or to protect the rights and safety of our business or others.
  • Business successors — In the event of a merger, acquisition, or sale of our business, your data may be transferred. We will notify you in advance.

All third-party processors with whom we share EU personal data are required to provide appropriate safeguards under GDPR (e.g., Standard Contractual Clauses for transfers outside the EEA).

7. Your Rights Under GDPR

If you are located in the European Union or European Economic Area, you have the following rights:

  • Right of access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate or incomplete data.
  • Right to erasure — Request deletion of your data (“right to be forgotten”), subject to legal exceptions.
  • Right to restriction — Request that we limit how we process your data in certain circumstances.
  • Right to data portability — Receive your data in a structured, machine-readable format.
  • Right to object — Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior processing.
  • Right to lodge a complaint — You have the right to complain to your national data protection authority. In the EU, you can find your local authority at edpb.europa.eu.

To exercise any of these rights, contact us at privacy@piquiyo.com. We will respond within 30 days.

8. Data Retention

We retain your personal data only for as long as necessary:

  • Prospect and enquiry data — Up to 12 months from last contact, unless you become a client.
  • Client data — For the duration of the engagement and up to 5 years afterwards to meet legal and contractual obligations.
  • Marketing data — Until you unsubscribe or withdraw consent.
  • Website analytics data — Typically 26 months (or as configured in our analytics tools).

When data is no longer needed, we securely delete or anonymise it.

9. Data Security

We take appropriate technical and organisational measures to protect your personal data, including:

  • TLS/SSL encryption for data in transit
  • Access controls limiting data to authorised personnel only
  • Regular review of our data handling practices and third-party providers

No method of internet transmission is completely secure. In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

10. International Data Transfers

Piquiyo may use service providers located outside the European Economic Area (EEA). Where personal data is transferred internationally, we ensure appropriate safeguards are in place — such as the European Commission’s Standard Contractual Clauses (SCCs) — so that your data is protected to GDPR standards.

11. Children’s Privacy

Our services are intended for business professionals. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has submitted data to us, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically. For material changes, we will notify you by email or a prominent notice on our website.

13. Contact & Complaints

For any questions, data requests, or concerns:

Piquiyo Email: privacy@piquiyo.com Website: https://piquiyo.com

If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at aepd.es.