Privacy Policy
This Privacy Policy explains how BEAI Energy, S.L. collects, processes, stores, and protects your personal data when you visit bideval.ai or use the BidEval AI platform.
1. Data Controller
The entity responsible for processing your personal data is:
BEAI ENERGY, S.L.
CIF: B22623136
Registered Address: Calle Cardenal Spinola 2, Madrid, 28016, Spain
Email: beai@beaienergy.com
Website: www.beaienergy.com
2. Legal Framework
This Privacy Policy is governed by the following regulations:
- GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation).
- LOPDGDD — Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales (Spanish Data Protection Act).
- LSSI-CE — Ley 34/2002, de 11 de julio, de servicios de la sociedad de la información y de comercio electrónico (Spanish Information Society Services Act).
3. Categories of Personal Data Collected
We collect different categories of personal data depending on how you interact with our website and services:
a) Contact and Identification Data
When you submit our contact form or request a demo, we collect your name, email address, company name, and job title or position. This data is provided directly by you and is necessary to respond to your inquiry.
b) Navigation and Technical Data
When you browse our website, we automatically collect your IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and device identifiers. This data is collected through cookies and similar tracking technologies.
c) Platform Usage Data (Registered Users)
If you are a registered user of the BidEval AI platform, we process account credentials, usage logs, feature interaction data, uploaded bid documents, and evaluation results. This data is necessary for the performance of our contractual obligations to you.
4. Purposes and Legal Bases for Processing
We process your personal data for the following purposes, each supported by a specific legal basis under the GDPR:
| Purpose | Data Processed | Legal Basis |
|---|---|---|
| Responding to contact form inquiries | Name, email, company, message | Consent (Art. 6.1.a GDPR) |
| Providing demo and commercial information | Name, email, company, position | Legitimate interest (Art. 6.1.f GDPR) |
| Web analytics and site improvement | IP address, cookies, pages visited, device info | Consent (Art. 6.1.a GDPR) |
| BidEval AI service delivery (registered users) | Account data, usage data, uploaded documents | Contract performance (Art. 6.1.b GDPR) |
| Legal and regulatory compliance | Billing data, contractual records | Legal obligation (Art. 6.1.c GDPR) |
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
5. Recipients and Third-Party Processors
Your personal data may be shared with the following third-party service providers who act as data processors on our behalf. Each processor is bound by a Data Processing Agreement (DPA) and appropriate safeguards for international transfers:
| Processor | Service | Location | Safeguard |
|---|---|---|---|
| Vercel Inc. | Website hosting and CDN | United States | Standard Contractual Clauses (SCCs) pursuant to European Commission Decision 2021/914 |
| Google LLC (Google Analytics) | Web analytics | United States | EU-U.S. Data Privacy Framework (DPF) self-certification |
We do not sell, rent, or trade your personal data to any third party. Data is only shared with processors as strictly necessary for the purposes described in this policy.
6. International Data Transfers
Some of the third-party processors identified above are located outside the European Economic Area (EEA), specifically in the United States. In accordance with Chapter V of the GDPR (Articles 44-49), we ensure that any international transfer of personal data is protected by appropriate safeguards:
- Standard Contractual Clauses (SCCs): We use the European Commission-approved standard contractual clauses (Commission Implementing Decision 2021/914) to safeguard transfers to processors not covered by an adequacy decision.
- EU-U.S. Data Privacy Framework (DPF): Where applicable, we rely on the processor's self-certification under the EU-U.S. Data Privacy Framework, as recognized by the European Commission's adequacy decision of 10 July 2023.
You may request a copy of the applicable safeguards by contacting us at beai@beaienergy.com.
7. Data Retention Periods
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The specific retention periods are as follows:
| Data Category | Retention Period | Justification |
|---|---|---|
| Contact form submissions | 12 months from last communication | After this period, data is anonymized or deleted unless you initiate further contact. |
| Analytics cookies | Per cookie type (see Cookie Policy) | Ranging from 1 minute (_gat) to 2 years (_ga). Anonymized after expiry. |
| Contractual / account data | Duration of the contract + 5 years | Required for potential legal claims (Spanish statute of limitations). |
| Billing and invoicing data | 5 years from last transaction | Tax obligation under Spanish General Tax Law (Ley 58/2003). |
Once the retention period expires, personal data is securely deleted or irreversibly anonymized. We conduct periodic reviews of the data we hold to ensure compliance with these retention periods.
8. Your Rights Under the GDPR
Under the General Data Protection Regulation (Articles 15-22), you have the following rights in relation to your personal data:
Right of Access (Art. 15)
You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data and receive a copy of it.
Right to Rectification (Art. 16)
You have the right to request the correction of inaccurate personal data and the completion of incomplete data.
Right to Erasure (Art. 17)
You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.
Right to Restriction of Processing (Art. 18)
You have the right to request the restriction of processing in certain circumstances, such as when you contest the accuracy of the data or object to its processing.
Right to Data Portability (Art. 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller without hindrance.
Right to Object (Art. 21)
You have the right to object to the processing of your personal data based on legitimate interest, including profiling. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Right Not to Be Subject to Automated Decisions (Art. 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
How to Exercise Your Rights
You may exercise any of the above rights by sending a written request to beai@beaienergy.com, accompanied by a copy of your national ID or equivalent identification document. We will respond to your request within one (1) month of receipt, which may be extended by two further months where necessary, taking into account the complexity of the request.
If you believe your rights have not been adequately addressed, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD) at www.aepd.es, or with any other competent supervisory authority.
9. Data Protection Officer
BEAI Energy, S.L. has designated a Data Protection Officer (DPO) to oversee compliance with data protection legislation and to serve as a point of contact for data subjects and supervisory authorities.
You may contact our DPO at any time regarding matters related to the processing of your personal data or the exercise of your rights by writing to: beai@beaienergy.com (subject line: "Data Protection Officer").
10. Data Breach Notification
In accordance with Articles 33 and 34 of the GDPR, BEAI Energy, S.L. maintains procedures for detecting, reporting, and investigating personal data breaches. In the event of a breach that is likely to result in a risk to your rights and freedoms:
- Notification to the Supervisory Authority: We will notify the AEPD within 72 hours of becoming aware of the breach, providing the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to mitigate the effects.
- Communication to Data Subjects: Where the breach is likely to result in a high risk to your rights and freedoms, we will communicate the breach to you without undue delay, providing clear information about the nature of the breach and the steps you can take to protect yourself.
11. Updates to This Policy
BEAI Energy, S.L. reserves the right to update or modify this Privacy Policy at any time to reflect changes in our data processing practices, applicable legislation, or regulatory guidance. When material changes are made:
- We will update the "Last Updated" date at the bottom of this page.
- For significant changes, we will provide a prominent notice on our website or notify registered users via email.
- Where required by law, we will obtain your renewed consent before applying changes that affect the legal basis of processing.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data.
12. Children's Privacy
BidEval AI is a business-to-business (B2B) SaaS platform designed for professional use. Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16 years of age. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete such data from our systems. If you believe that a child under 16 has provided personal data to us, please contact us at beai@beaienergy.com.
13. Cookie Policy
This website uses cookies and similar tracking technologies. For detailed information about the specific cookies we use, their purposes, retention periods, and how to manage your cookie preferences, please refer to our dedicated Cookie Policy.
Last Updated: February 27, 2026