AI Data Privacy and Protection Policy

Company: TESTMYTEAM POWERED BY AI, S.L.

Location: Spain

Effective Date: April 1st 2025

Owner: TESTMYTEAM POWERED BY AI, S.L.

Address: Calle Augusto Figueroa 37, 5C 28003 Madrid, Spain 

CIF: B21860382

 

1. Purpose

This policy outlines how TESTMYTEAM POWERED BY AI, S.L. collects, processes, stores, and protects data used in our AI system, ensuring compliance with GDPR and best practices for sensitive data protection.

2. Scope

This policy applies to all data collected, processed, or stored by TESTMYTEAM POWERED BY AI, S.L. in the operation of its AI system, including client-provided inputs such as call transcripts, sales data, or other related information.

3. Data Collection and Use

• Only data legally obtained and provided by clients will be processed.
  
  
• Data is used exclusively for AI-driven analysis, insights, and related services offered by TESTMYTEAM POWERED BY AI, S.L.
  
  
• Personal data will not be shared or sold to third parties without explicit consent.
  
  

4. Responsibility and Use of Outputs

• We are fully responsible for the outputs generated by our AI system, provided that the data you supply has been legally obtained.
  
  
• We ensure that the AI functions correctly and that its analysis is reliable.
  
  
• We are not responsible for how our clients use the outputs, which must be applied in accordance with applicable laws, regulations, and our recommendations.
  
  

5. Data Subject Rights

We respect all GDPR data subject rights. Individuals whose personal data is processed may:

• Request access to their data.
  
  
• Request rectification of inaccurate data.
  
  
• Request deletion (“right to be forgotten”).
  
  
• Object to processing of their data.
  
  
• Request data portability in a structured, machine-readable format.
  
  

Requests can be submitted via the email paul.de@testmyteam.ai ], and we respond within 30 days. All requests are logged for accountability.

6. Data Retention and Deletion

• Client data is stored only as long as necessary to provide our services.
  
  
• After the retention period or upon request, data is securely deleted from all storage and backups.
  
  

7. Data Processing Agreements (DPA)

• When processing client data, we sign a DPA with each client outlining roles, security measures, breach notifications, and data deletion obligations.
  
  

8. Legal Basis for Processing

• All personal data processing is based on a documented legal basis, including:
  
  
  • Consent from the data subject collected by the client.
    
    
  • Contractual necessity to deliver our services.
    
    
  • Legitimate interest, where applicable and balanced against individual rights.
    
    

9. Cross-Border Data Transfers

• Any transfer of data outside the EU will comply with GDPR safeguards, such as Standard Contractual Clauses (SCCs), ensuring adequate protection.
  
  

10. Privacy Notices

• Clients and data subjects are informed about:
  
  
  • What data is collected.
    
    
  • Why it is collected and how it is used.
    
    
  • Retention periods.
    
    
  • Rights under GDPR.
    
    
  • Contact information for questions or complaints.
    
    
• Privacy notices are provided on our website and in client agreements.
  
  

11. Oversight and Compliance

• TESTMYTEAM POWERED BY AI, S.L. designates a Data Protection Officer (DPO) in the person of Paul Desarnauts to oversee privacy, security, and GDPR compliance.
  
  
• Personnel handling data receive regular training on GDPR and data security.
  
  
• Any data breaches or incidents are documented, reported, and addressed promptly in compliance with GDPR.
  
  

12. Policy Review

• This policy is reviewed periodically to ensure ongoing compliance with GDPR, evolving regulations, and best practices in AI data management.