Skip to content
Insights Start expansion

Privacy policy

This is a plain-English privacy notice. If you have questions about how we handle your data, write to privacy@fintechpassport.eu and a partner will reply.

1. Who is the data controller?

Fintech Passport, S.L. — registered in Spain.

Contact for data-protection matters: privacy@fintechpassport.eu.

2. What data do we collect?

  • Strategy-call forms. Name, work email, company, existing license, target geographies, and the message you send. We collect this only when you submit a form on this site.
  • Direct emails. Whatever you choose to share when you write to us at hello@, partners@, or any office address.
  • Server logs. Standard web-server logs (IP address, user agent, timestamp, requested URL) kept by our hosting provider for security and debugging. We do not use these for analytics.
  • No tracking pixels, no advertising cookies, no third-party analytics. The only cookies set by this site are functional ones required by WordPress (e.g. for logged-in admin sessions).

3. Why we use it

  • To reply to your enquiry and, if relevant, to send a feasibility memo and a fixed-fee proposal.
  • To keep an internal log of conversations so a partner can pick up the thread on a future call.
  • To meet our legal obligations (for example, anti-money-laundering checks if we engage you as a client).

4. Legal basis

Under Article 6 GDPR our processing is grounded in:

  • Article 6(1)(b) — taking pre-contractual steps at your request (the strategy-call enquiry).
  • Article 6(1)(f) — our legitimate interest in maintaining a record of professional conversations and protecting the security of our infrastructure.
  • Article 6(1)(c) — compliance with legal obligations once an engagement is opened.

5. Who sees your data?

Only the partners and operating staff at Fintech Passport, S.L., plus our hosting provider acting as a processor under Article 28 GDPR:

  • Hostinger International Ltd. — web and email hosting (Lithuania / EU).

We do not sell, rent, or share your data with any other party. We do not use ad networks, marketing automation, or third-party analytics.

6. International transfers

All data is stored on EU-based infrastructure. We do not transfer personal data outside the European Economic Area. If that ever changes, we will update this notice and rely on Standard Contractual Clauses (SCC) for any third-country processor.

7. How long do we keep it?

  • Form submissions — 24 months from the date of submission, then deleted from the live site (we keep an off-site backup for a further 12 months for accident recovery).
  • Active engagement files — for the duration of the engagement plus the period required by Spanish law (typically 5 to 10 years depending on the document type).
  • Server logs — 30 days, rolling.

8. Your rights

Under GDPR (Articles 15-22) and Spanish law (LOPDGDD 3/2018) you have the right to:

  • Access your data and request a copy.
  • Rectify or erase data.
  • Restrict or object to processing.
  • Withdraw consent at any time, where processing is based on consent.
  • Data portability.
  • Lodge a complaint with the Spanish data-protection authority — Agencia Española de Protección de Datos (AEPD), aepd.es.

Send any rights request to privacy@fintechpassport.eu. We will reply within one calendar month.

9. Security

The site is served over HTTPS with HSTS. Form submissions are stored in WordPress with administrator-only access and an audit log. We do not collect special-category data (health, biometric, political). If you believe data has been compromised, write to privacy@fintechpassport.eu and we will respond within 72 hours.

10. Changes to this notice

We will update this page when our processing changes — for example, if we add a hosting region or a new processor. Material changes will be flagged at the top of the page. The current version is shown below.

Version 1.0 · published 28 April 2026 · controller: Fintech Passport, S.L. · contact: privacy@fintechpassport.eu