Surprise SEO ยท C. de los Mineros 9, Carabanchel, 28025 Madrid, Spain
Surprise SEO, C. de los Mineros 9, Carabanchel, 28025 Madrid, Spain. Email: hola@surpriseseo.com. Phone: +34 640 712 874. NIF: B-XXXXXXXX. Registered in the Registro Mercantil de Madrid.
This Privacy Policy complies with: Reglamento General de Proteccion de Datos (RGPD, Regulation (EU) 2016/679); Ley Organica 3/2018 de Proteccion de Datos Personales y garantia de los derechos digitales (LOPD-GDD); Ley 34/2002 de Servicios de la Sociedad de la Informacion y de Comercio Electronico (LSSI-CE); and applicable regional legislation of Carabanchel, Madrid. The supervisory authority is the Agencia Espanola de Proteccion de Datos (AEPD), C. Jorge Juan 6, 28001 Madrid, www.aepd.es.
3.1 Contact Data: Name, email, phone, company name, billing address. Collected via quotes, orders, and contact forms. 3.2 Project Data: Website URLs, analytics access, search data, and business information shared for SEO purposes. Treated as strictly confidential. 3.3 Payment Data: Processed by Stripe (PCI DSS Level 1). We receive only last 4 digits, card brand, transaction amount, and date. 3.4 Communication Data: Emails, form submissions, and chat messages. 3.5 Technical Data: Plausible Analytics (cookieless, EU-hosted). No personal data collected for analytics.
4.1 Service Delivery (Art. 6(1)(b) RGPD): Processing SEO orders, delivering reports, managing projects, invoicing, customer support. 4.2 Legal Obligations (Art. 6(1)(c) RGPD): Tax reporting (Ley 58/2003 General Tributaria), invoice retention. 4.3 Legitimate Interest (Art. 6(1)(f) RGPD): Service improvement, fraud prevention, IT security. 4.4 Consent (Art. 6(1)(a) RGPD): Marketing communications. Withdrawable at any time.
SEO engagements require access to sensitive business data including website analytics, search performance, backlink profiles, and competitive intelligence. All such data is: (a) accessible only to assigned team members under NDA; (b) stored encrypted (AES-256) on EU servers; (c) never shared with third parties or other clients; (d) never used for competitive purposes; (e) permanently deleted within 30 days of engagement end upon request; (f) Google Analytics, Search Console, and other platform access credentials are stored in encrypted vaults and revoked upon engagement end.
You have the right to: (a) Access (Art. 15); (b) Rectification (Art. 16); (c) Erasure (Art. 17); (d) Restriction (Art. 18); (e) Portability (Art. 20); (f) Object (Art. 21); (g) Withdraw consent (Art. 7(3)); (h) Lodge complaint with AEPD. Contact: hola@surpriseseo.com. Response within 30 days.
Client data: Duration + 5 years (Art. 1964 Codigo Civil). Invoices: 6 years (Art. 30 Codigo de Comercio). SEO reports and analytics data: Deleted 30 days post-engagement unless retention agreed. Communications: 3 years.
TLS 1.3 in transit; AES-256 at rest; MFA for all staff; role-based access; encrypted backups in EU; NDA with all team members; 72-hour breach notification per Art. 33 RGPD.
Data processed within EU/EEA. Stripe (USA): EU-US Data Privacy Framework. Standard Contractual Clauses where applicable.
Data Protection: hola@surpriseseo.com. Address: C. de los Mineros 9, Carabanchel, 28025 Madrid, Spain. Phone: +34 640 712 874. AEPD: www.aepd.es.
Last updated: March 2026.
Online ยท Madrid