Politica de Privacidade

Effective date: 2026-06-12. Version: privacy_policy_v2_2. Replaces: privacy_policy_v2_1.

Privacy Policy — Pilotium

Layer 1 — Summary (Art. 11 LOPDGDD)

Layer 2 — Detail

A.1 Identity of the controller

Digital Technologies OÜ, an Estonian private limited company, registration code 16576446, VAT EE102558489, with registered seat at Harju maakond, Tallinn, Kesklinna linnaosa, Estonia, and place of central administration at Calle Conde de Altea 46, 46005 Valencia, Spain ("Pilotium", "we", "our"). Corporate representative for service of process in Estonia: Magrat OÜ (registration code 11730730, Tallinn, Estonia; § 631 Estonian Commercial Code). General contact: [email protected]. Data-protection contact for data subjects and customers: [email protected]. Data-protection contact for supervisory authorities: [email protected].

A.2 Roles

Pilotium acts as:

• Data controller for personal data of gym owners (account data, billing, support tickets) and for personal data we collect directly through our marketing site or public interactions.
• Data processor for personal data of leads, members and prospects of the gym owners that use our service. The gym owner is the controller of those data; Pilotium processes them on the gym's documented instructions, under the Data Processing Agreement (pilotium.cc/dpa, version dpa_v2_2).
• Independent controller for a narrow set of cross-tenant processing operations where Pilotium must set the means or purpose itself, in particular: AI-safety filters, cross-tenant abuse detection, fraud-prevention models, and infrastructure-level intrusion detection. Pilotium operates these purposes on the basis of Article 6(1)(f) GDPR — Pilotium's legitimate interest in service security — under a documented Legitimate Interest Assessment available on written request. Pilotium provides Art. 14 GDPR information for this independent-controller processing through this Policy and through specific point-in-time notices where appropriate.

A.3 What data we process

For gym owners (we are controller):

• Registration data: name, email, gym name, phone, role.
• Billing data: invoice details, wallet transactions, payment-method tokens held at Stripe (PAN data never reaches Pilotium).
• Usage data: pages viewed, actions taken, time on site, device and locale.
• Support data: tickets, attachments, recorded calls (where consent given).
• Client Content: photos, videos, logos, texts uploaded by the gym for use in marketing creatives.

For leads, prospects and members of gym owners (we are processor):

• Contact data: name, phone (in international format), email, social handles where provided.
• Conversation data: inbound and outbound WhatsApp / SMS / chat messages, including timestamps, message status, media references.
• Lead-source data: ad creative identifier, campaign identifier, landing-page parameters, UTM, CTWA reference.
• AI-derived data: qualification state, scored priority, persona tag, summary of interactions.
• Behavioural data on the gym's own surfaces: click events, form submissions, opt-in / opt-out events.

For visitors of pilotium.cc:

• Technical data: IP address, browser, OS, language, time zone, referrer.
• Cookie data: as described in our Cookie Policy.

For employees and contractors of the gym (acting on the gym's behalf inside Pilotium):

• Authentication and authorisation data: SSO identifiers, role assignments, access logs.

For partners and integrators:

• Integration credentials (encrypted at rest); audit-log entries of integration calls.

A.4 Legal bases

We rely on the following Article 6(1) GDPR legal bases:

• Art. 6(1)(b) — performance of contract. Account provisioning, billing, providing the service, delivering messages on behalf of the gym to leads who have initiated the conversation, processing data-subject-rights requests.
• Art. 6(1)(f) — legitimate interest. Service security and abuse prevention; logging and incident response; service-quality monitoring; fraud and bad-debt prevention (with respect to the Restricted Accounts Register, see Retention Policy row 3 — this Register is an internal file and does not constitute a fichero común de información sobre solvencia patrimonial within the meaning of Article 20 LOPDGDD); demonstrable accountability for audit purposes (including AI-event records under §A.10.5). Each Art. 6(1)(f) use is supported by a documented Legitimate Interest Assessment (LIA), available to data subjects on written request under Article 14 LOPDGDD.
• Art. 6(1)(a) — consent. Marketing communications to leads via WhatsApp, SMS or email (see §A.13); non-essential cookies (see §D Cookie Policy); AI training on aggregated anonymised data where additional consent is collected.
• Art. 6(1)(c) — legal obligation. Retention of accounting records under Estonian Raamatupidamise seadus § 12 and Spanish Código de Comercio art. 30; tax-credit-supporting documents under Ley 58/2003 art. 66 bis; record-keeping of data-subject requests under Art. 12(3)–(4) GDPR.
• Art. 9 GDPR special categories. Where a lead spontaneously mentions a special category of data (Art. 9(1) GDPR — for example, a medical condition while inquiring about training), Pilotium does not solicit, retain in identifiable form, or use for profiling such data, and applies a minimisation rule (Art. 5(1)(c) GDPR) to redact it from AI prompts and long-term memory. Where explicit consent under Art. 9(2)(a) is required for a specific service feature, it is captured separately from the marketing consent and is not bundled with any other purpose.

A.5 Retention

The full Retention Policy is at pilotium.cc/legal/retention (version retention_v2). Summary table:

A.6 Recipients and sub-processors

The full sub-processor list is at pilotium.cc/legal/subprocessors (version subprocessors_v2_1). It identifies, for each sub-processor, the country of establishment, service provided, categories of personal data processed, and the international-transfer mechanism. We give at least 30 calendar days' notice before adding, removing or substituting a sub-processor; you may object under Article 28(2) GDPR.

A.7 International transfers

Where personal data is transferred outside the European Economic Area, the transfer is governed by:

• An adequacy decision under Article 45 GDPR where applicable (in particular the EU-U.S. Data Privacy Framework where the importer is currently self-certified and active on the U.S. Department of Commerce list at dataprivacyframework.gov — Pilotium verifies active status before commencing reliance and annually thereafter and the list of importers Pilotium relies on under the DPF is published on the Sub-processor List);
• Standard Contractual Clauses 2021/914 (with the module specified per sub-processor in the DPA and the Sub-processor List); or
• Both, as belt-and-braces.

For each transfer outside the EEA, Pilotium maintains a Transfer Impact Assessment in accordance with EDPB Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data, version 2.0 of 18 June 2021. We re-perform the TIA on any material change to the law or practice of an importer country (SCC Clause 14(e)) and at least every 24 months.

Schrems-III contingency. If Implementing Decision (EU) 2023/1795 (EU-U.S. Data Privacy Framework) is invalidated or suspended, Pilotium will (a) suspend new DPF-based transfers within 30 days of the operative judgment and (b) complete transition to SCC 2021/914 with the supplementary measures described in our DPA Annex (TOMs) within 90 days, with a status update to affected customers at days 30, 60 and 90.

Where you wish to complain about an international transfer specifically, see the lead supervisory authority pointer in §A.15.

A.8 Your rights

You have the following rights under the GDPR:

• Right of access (Art. 15).
• Right to rectification (Art. 16).
• Right to erasure / "right to be forgotten" (Art. 17): we apply a two-stage process — soft delete at T+0 followed by hard delete at T+30, except where tax law requires blocking instead of erasure. See the Retention Policy for the full mechanism.
• Right to restriction of processing (Art. 18).
• Right to data portability (Art. 20): receive your data in a structured, commonly-used and machine-readable format (CSV / JSON), and have it transmitted directly to another controller where technically feasible.
• Right to object (Art. 21): you may object at any time to processing based on Article 6(1)(f) or for direct marketing. Where the legitimate interest is the Restricted Accounts Register, your objection is assessed under Article 21(1) on a "compelling legitimate grounds" basis.
• Rights related to automated decision-making and profiling (Art. 22): see §A.10 below.

A.8.7 Children and minors

We do not knowingly process personal data of minors below the digital-consent threshold (Spain: 14 years under Art. 7 LOPDGDD; Estonia: 13 years under § 8 IKS). If you become aware that a minor has provided personal data to us, please contact [email protected] and we will remove it without undue delay. The conversational AI is configured to detect signals that the interlocutor may be a minor and to hand off to a human in such cases. Note that the digital-consent threshold under Art. 8 GDPR does not apply directly to the conversational surface where the gym (not Pilotium) is the controller and the data subject's parent/guardian relationship is the gym's responsibility to verify where applicable (EDPB Guidelines 05/2020 §128).

A.8.8 How to exercise your rights

Write to [email protected]. We respond within one month of receipt of the request (Article 12(3) GDPR). We may extend the response time by two further months where the request is complex or numerous, informing you of any such extension within the first month, together with the reasons for the delay. We may need to verify your identity in a proportionate way before responding.

If you are not satisfied with our response, you have the right to lodge a complaint with the lead supervisory authority — the Agencia Española de Protección de Datos (AEPD) at www.aepd.es — or with the supervisory authority of your habitual residence, place of work, or place of the alleged infringement, including the Estonian Andmekaitse Inspektsioon (AKI) at www.aki.ee (Article 77 GDPR).

A.9 Specific processing activities

A.9.1 WhatsApp Business Cloud API

When a gym onboards via Meta Embedded Signup, Pilotium obtains a long-lived WhatsApp Business System User access token ("Pilotium System User token") issued by Meta to Pilotium's System User on the gym's WhatsApp Business Account (WABA). The token is issued under the scopes whatsapp_business_messaging and whatsapp_business_management; the public_profile scope is used for in-product display only. The WhatsApp platform entity contracting with the gym is WhatsApp Ireland Limited for EEA-established gyms (see Sub-processor Disclosure §4). The token grants Pilotium the ability to send and receive WhatsApp messages on the gym's behalf, manage the gym's WABA, create message templates, and read message-delivery status. The token is encrypted at rest with application-level encryption (AES-256 with authenticated integrity protection; the encryption key is held in server configuration outside the database, on EU infrastructure at Hetzner Falkenstein) and is revoked at the gym's request, on detection of abuse, or on contract termination + 30 days. See §A.9.7 for revocation and access termination.

A.9.2 WhatsApp Coexistence

Where the gym opts into WhatsApp Coexistence, Pilotium receives a one-time backfill of recent message history from Meta limited to (i) the last 6 months and (ii) a Meta-imposed cap on the number of recent conversation threads (approximately 250 threads as of the date of this Policy, as documented by Meta in the Coexistence onboarding specification, subject to change by Meta). Retention runs from the date of receipt by Pilotium, not from the original message timestamp.

In ongoing Coexistence mode (where the gym continues to use the WhatsApp Business App on a gym-controlled device alongside the Cloud API), Pilotium receives smb_message_echoes — copies of messages sent by the gym from the device. These echoes are stored for inbox completeness and audit but are excluded from automated AI processing to prevent reply loops.

A.9.3 AI conversational assistant

When the AI replies to a lead, the lead receives a clear disclosure at the start of the conversation, on any re-entry after >30 days of inactivity, and on any AI resumption following a human handoff, that they are interacting with an automated assistant operated by Pilotium on the gym's behalf, including a one-keyword route to a member of the gym's team (HUMANO / HUMAN and equivalents — see the full keyword set at pilotium.cc/legal/keyword-spec). Anthropic's Claude model is used through the Anthropic API under Anthropic's commercial terms: no lead data is used to train Anthropic's general-purpose models, and Anthropic applies only a limited retention window for trust-and-safety purposes. See §A.10 for the full AI Act transparency notice.

A.9.4 Meta Lead Ads and Click-to-WhatsApp

When a lead clicks on a Click-to-WhatsApp (CTWA) ad or submits a Lead Ad form, Pilotium receives the lead from Meta and immediately routes it to the gym's pipeline. Where the lead submitted via a Lead Ad form, the consent shown to the lead consists of two separate elements per Meta's Lead Ads Custom Disclaimer Policy: (a) the disclaimer text describing the processing (published at pilotium.cc/legal/whatsapp-consent, version whatsapp_marketing_consent_v2), and (b) a separate consent action implemented as a Meta "Multiple choice with one option" custom question with explicit "Yes, I agree" value; selecting it is the sole basis for marketing dispatch.

A.9.5 Embedded Signup pre-flow

Before the Meta Embedded Signup popup is shown to a gym owner, Pilotium displays the Embedded Signup pre-flow notice published at pilotium.cc/legal/embedded-signup-notice (version embedded_signup_preflow_v1), identifying the scopes Pilotium will obtain (whatsapp_business_messaging, whatsapp_business_management, public_profile), the actions Pilotium will take on the gym's behalf, and the route to revoke access at business.facebook.com → Business Settings → Integrations.

A.9.6 Marketing site analytics

The marketing site at pilotium.cc uses first-party analytics cookies (where consent is given) to measure traffic and improve the site; no analytics cookie is placed before affirmative consent. The consent banner offers Reject and Accept with equal visual prominence per EDPB Guidelines 03/2022. See our Cookie Policy at pilotium.cc/cookie-policy for the full inventory.

A.9.7 Token revocation and access termination

You may revoke Pilotium's access to your WhatsApp Business Account at any time via business.facebook.com → Business Settings → Integrations. Revocation is effective immediately at Meta. Pilotium honours Meta's Deauthorize Callback for immediate notification (see Data Deletion Callback policy §E.4) and additionally polls Meta's /debug_token endpoint at least once a day as a redundancy. On detection, Pilotium cryptographically shreds the corresponding wrapped data-encryption key within 24 hours. An audit-log entry is retained for 30 days and then pseudonymised under our standard procedure.

A.10 Artificial Intelligence and Automated Processing

This section is the AI Act transparency notice required by Art. 50 of Regulation (EU) 2024/1689. Current version ai_transparency_v2_2.

A.10.1 AI systems we operate

Pilotium has assessed and concluded that no system listed above falls within Annex III of Regulation (EU) 2024/1689. This assessment is reviewed annually and on any material configuration change. The Service is not authorised for use as, or within, an Annex III high-risk AI system (e.g. employment decisioning, credit scoring of leads, biometric categorisation, emotion recognition).

A.10.2 Transparency

When the conversational assistant initiates contact with you, or whenever the conversation resumes after a period of inactivity or after a human handoff, you receive a clear and prominent disclosure that you are interacting with an automated assistant and an immediate route to a member of the gym's team. The disclosure is provided clearly and distinguishably at the latest at the time of the first interaction, in accordance with Article 50(5) AI Act, and is repeated on each session resumption.

A.10.3 No solely-automated significant decisions

Pilotium does not take decisions about you that are based solely on automated processing and that produce legal effects or similarly significantly affect you (Article 22 GDPR). AI-assisted lead qualification produces a suggested priority score. A natural person at the gym reviews each score and retains discretion to override it, including the discretion not to contact a lead; the override is logged. This human involvement is meaningful within the meaning of the European Data Protection Board's Guidelines on Automated Individual Decision-making (WP251rev.01). You may at any time request human review of any such decision, express your point of view, and contest the outcome.

A.10.4 Training data and GPAI chain

We do not transmit your personal data to AI providers for the purpose of training their general-purpose models. We process your data on Anthropic's API under Anthropic's commercial API terms (no training on customer data; a limited trust-and-safety retention window operated by Anthropic) and on Google's Gemini API under the paid-tier terms of the Gemini API (no use of customer content to improve Google's models). Where we fine-tune models on aggregated anonymised data, no individual record is recoverable from the resulting model.

Pilotium does not act as a downstream provider of a general-purpose AI model within the meaning of Art. 53 AI Act; no fine-tuning that would re-qualify Pilotium as a GPAI provider is performed on the deployed systems. Anthropic (Claude) and Google (Gemini) are upstream GPAI providers under Article 51 AI Act; Pilotium relies on their Article 53 documentation and will pass through summary information to controller-customers on request. Kuaishou Technology is excluded from this provider-chain disclosure unless and until Kling is adopted in production, at which point the Privacy Policy, DPA, Annex G and Sub-processor List must be updated before use.

A.10.5 Records

We maintain records of significant AI-system events (system version in use, prompt-template version, response taken, human-handoff events, override decisions). The retention period is the audit-log retention period set out in our Data Retention Policy (currently 7 years). The legal basis is Article 6(1)(f) GDPR (Pilotium's legitimate interest in demonstrating accountability under Articles 5(2) and 32(1)(d) GDPR) read with Article 26(6) AI Act applied by analogy (the AI Act's 6-month minimum for high-risk systems is exceeded voluntarily as a precaution).

Where the underlying personal data has been erased under Article 17 GDPR, the corresponding event records are pseudonymised by replacing the personal identifier with an HMAC-SHA-256 keyed hash where the key is held by Pilotium's security team in a key-management facility not co-located with the audit log. Pilotium acknowledges that this is pseudonymisation within the meaning of Article 4(5) GDPR, not anonymisation.

We also maintain a Register of AI Systems (see Annex G) containing, for each system: name, provider, pinned model version, prompt-template version, deployment date, risk classification, DPIA reference (if any), Art. 4 literacy evidence, training-data flag, downstream propagation map, FRIA reference (if any).

A.10.6 Synthetic-content labelling (Article 50(2) and 50(4) AI Act)

Scope of obligation. Article 50 of Regulation (EU) 2024/1689 (AI Act) applies from 2 August 2026 (Article 113). Pilotium prepares its labelling controls for that effective date.

Provenance preservation (best practice, Article 50(2) flow-down). Article 50(2) places the marking obligation on the provider of the AI system (Anthropic; Google Ireland Limited via the Gemini API). Pilotium, as a downstream integrator, is not itself the obligated party under Article 50(2). As a best-practice flow-down and to support upstream-provider compliance, where an upstream provider applies a machine-readable provenance manifest to a generated creative (C2PA, SynthID, IPTC digitalSourceType=trainedAlgorithmicMedia), Pilotium preserves that manifest through the publishing pipeline.

Visible deployer-disclosure (Article 50(4)) — narrow scope with artistic-creative carve-out. Article 50(4) imposes a disclosure obligation on deployers of AI systems that generate or manipulate image, audio or video content constituting a deep fake, as defined in Article 3(60) (content that resembles existing persons, objects, places, entities or events and would falsely appear to a person to be authentic or truthful).

• Where a creative published on behalf of the gym constitutes a deep fake within that definition, Pilotium (or the gym, as the publishing deployer) applies a visible "AI-generated" label and, where technically supported by the destination platform (Meta's AI-content tag, TikTok's AI-generated-content toggle, Google Ads' equivalent), sets the platform's native AI-disclosure flag.
• Artistic-creative carve-out. Where the creative forms part of an evidently artistic, creative, satirical, fictional or analogous work or programme — which is the case for the substantial majority of stylised advertising creatives — the transparency obligation under Article 50(4) is limited to disclosure of the existence of such generated or manipulated content in an appropriate manner that does not hamper the display or enjoyment of the work, per Article 50(4) second subparagraph. The disclosure in §A.10.1 of this Privacy Policy (identifying the AI systems Pilotium operates for creative generation) satisfies the "appropriate manner" standard for creatives falling within the carve-out.
• Each creative's classification (deep fake / carve-out / not within Article 50(4) scope) is recorded in the Register of AI Systems (Annex G, field art_50_4_classification).
• Pilotium remains bound by destination-platform contractual policies (Meta Advertising Standards, TikTok Advertising Policy, Google Ads Policies), which may require labelling on a wider scope than Article 50(4). These platform obligations are honoured as a separate, contractual stack.

A.10.7 Children and vulnerable persons

The conversational assistant is configured to detect signals that the interlocutor may be a minor and to hand off to a human in such cases, in line with Recital 132 of the AI Act and the data-minimisation principle in Article 5(1)(b) GDPR. See also §A.8.7.

A.10.8 AI literacy (Article 4 AI Act)

Pilotium maintains an internal AI-literacy programme for personnel involved in the operation of the AI systems listed above (Article 4 AI Act, in force from 2 February 2025). Gym-owner deployers receive operational guidance materials at onboarding and on each material configuration change. Literacy evidence is recorded against each system in the Register of AI Systems (Annex G, field art_4_literacy_evidence).

A.10.9 Serious-incident reporting (Article 73 AI Act)

Pilotium operates a serious-incident reporting procedure under Article 73 AI Act for any high-risk system it may operate in future, and an internal-equivalent procedure for the limited-risk systems above. Customer cooperation under DPA §C.1.13 is required for the procedure to function across the deployer chain.

A.11 Security

We apply technical and organisational measures appropriate to the risks of the processing (Article 32 GDPR), described in detail in the TOMs Annex of our DPA (Annex H, version toms_v1_1). In summary:

• Encryption in transit (TLS 1.2+ with perfect-forward-secrecy cipher suites) and at rest (AES-256 with authenticated integrity protection for stored credentials, OAuth tokens and secrets; encryption keys held in server configuration outside the database, on EU infrastructure at Hetzner Falkenstein).
• Strict role-based access control with the principle of least privilege, SSH-key authentication, MFA on administrative interfaces, application passwords hashed with Argon2id (legacy bcrypt hashes remain supported for verification only).
• Network controls: Web Application Firewall + DDoS mitigation (Cloudflare), host firewall (UFW), intrusion prevention (fail2ban), DDoS mitigation at the edge.
• EU-resident hosting at Hetzner (Falkenstein, Germany); backups stored within the EU, encrypted at rest, restoration tested quarterly (and the restoration test verifies that erasure-flagged records are not silently restored).
• Continuous monitoring, structured logging, security-incident response procedures.
• PCI-DSS-certified payment processing (Stripe); card-PAN data is never stored by Pilotium.
• Confidentiality obligations on all personnel; background checks where lawful and proportionate.
• Periodic vulnerability review and regular review of the TOMs.

A.12 Breach notification

If a personal-data breach affects you, we will notify you without undue delay where the breach is likely to result in a high risk to your rights and freedoms (Article 34 GDPR). Where we are processor, we notify the controller (the gym) without undue delay and in any event within 48 hours of becoming aware of the breach (DPA §C.1.8). Where we are controller, we also inform the AEPD (and any other competent supervisory authority) under Article 33(1) GDPR within 72 hours of becoming aware of a notifiable breach.

A.13 Marketing communications

A.13.1 Pilotium-as-controller (to gym owners and prospects of Pilotium)

We send marketing communications to you about Pilotium's services only where you have given consent (Article 6(1)(a) GDPR) recorded in our consent log (consent_events, consent_type='marketing_pilotium'). You may withdraw consent by clicking the one-click unsubscribe link in any email (RFC 8058 List-Unsubscribe header) or by writing to [email protected]. Withdrawal takes effect across all channels within 72 hours.

A.13.2 Gym-as-controller (to leads of gyms using the Service)

Marketing communications are sent to you by the gym (the controller) — identified to you at the moment of consent with its registered legal name, registration or CIF number, and registered address as required by Article 21 Ley 34/2002 de Servicios de la Sociedad de la Información (LSSI) — and delivered technically through Pilotium acting as data processor. We deliver such communications only where the gym has obtained your consent under Article 6(1)(a) GDPR, recorded in consent_events (version whatsapp_marketing_consent_v2 for WhatsApp; email_marketing_consent_v1 for email).

You may withdraw your consent at any time, with the same ease as granting it:

• For WhatsApp: reply STOP, BAJA, UNSUBSCRIBE, CANCEL, END, QUIT, or PARAR to any message.
• For email: click the one-click unsubscribe link in any email (RFC 8058 List-Unsubscribe).
• By writing to the gym at the email address it identified to you in the consent text.
• By writing to [email protected].

Withdrawal takes effect across all channels within 72 hours and does not affect the lawfulness of processing carried out before the withdrawal. Re-opt-in after withdrawal requires a fresh affirmative consent action, not merely a re-engagement keyword; see the keyword specification at pilotium.cc/legal/keyword-spec (keyword_spec_v1_1).

A.13.3 Email marketing operational

Where you have consented to receive marketing emails from Pilotium or from a gym using Pilotium, each email carries (i) the sender's legal identification per LSSI Article 21, (ii) a one-click unsubscribe link honoured within 24 hours, and (iii) the List-Unsubscribe and List-Unsubscribe-Post: List-Unsubscribe=One-Click headers (RFC 8058). Unsubscribe events are recorded in consent_events with the same fields as a WhatsApp opt-out.

A.14 Cookies

See our Cookie Policy at pilotium.cc/cookie-policy (version cookie_policy_v2_2).

A.15 Lead supervisory authority and complaints

Pilotium's main establishment for the purposes of Article 4(16) GDPR is its place of central administration, located at Calle Conde de Altea 46, 46005 Valencia, Spain. Pilotium's lead supervisory authority is therefore the Agencia Española de Protección de Datos (AEPD) at www.aepd.es. Data subjects retain the right under Article 77 GDPR to lodge a complaint with the supervisory authority of their habitual residence, place of work, or place of the alleged infringement, including the Estonian Andmekaitse Inspektsioon (AKI) at www.aki.ee given the controller's registered seat in Tallinn. The AEPD and the AKI cooperate under the one-stop-shop mechanism (Articles 56 and 60 GDPR) for cross-border processing. For complaints specifically about international transfers, the AEPD operates a dedicated complaint pathway under its 2023 Strategic Plan.

A.16 Amendments

We may amend this Policy from time to time. Material amendments are notified by email to active customers and by publication on this page with a new effective date. The version history is retained in our audit log.

A.17 Contact

Data-protection contact for data subjects and customers: [email protected]. Data-protection contact for supervisory authorities: [email protected]. General contact: [email protected]. Postal address (place of central administration): Calle Conde de Altea 46, 46005 Valencia, Spain.

A.17.1 DPO designation

Pilotium is not strictly required to appoint a Data Protection Officer under Article 37(1) GDPR (no core-activity large-scale monitoring within the meaning of Article 37(1)(b) at present scale). Pilotium has voluntarily designated a Data Protection contact at [email protected] and operates the role with functional independence consistent with the spirit of Articles 38–39 GDPR, without formally triggering the full Articles 37–39 regime.