Legal

Privacy Policy

We respect your privacy. This website collects minimal analytics and only processes data you explicitly provide, such as your email for the newsletter. Contact us to request access or deletion of your data.

Terms

By using this website you agree to use it lawfully and not to abuse any forms or contact methods provided. The content is offered as-is without warranties.

Cookies

We use essential cookies only to ensure core functionality and optional analytics that you may opt out of via your browser settings.

Web legal Terms

1. Company Identification

Legal Entity: Dealyv operates under the legal representation of MOST IBERIA GROUP S.L. (CIF ESB42580480) until its full incorporation as an independent entity.

Registered Office: Carrer Cirerer 7A, Denia, Alicante (Spain) — official address of MOST IBERIA GROUP S.L., registered under Spanish commercial legislation.

Jurisdiction: Spain (European Union)

Data Protection Officer (DPO): Anita Shneider Miro. Responsible for ensuring Dealyv's compliance with EU GDPR and Spanish data-protection law. She may be contacted via the details below.

Contact for Data Inquiries: info@dealyv.com

Company Registration: MOST IBERIA GROUP S.L. — registered in the Registro Mercantil de Alicante, Spain.

2. Data Collection Scope

2.1 Nature of the Data Processed

In the course of providing the Dealyv lead-qualification and automation services (the "Services"), MOST IBERIA GROUP S.L., acting on behalf of Dealyv, processes limited personal data that has been lawfully collected by its business customers (the "Controllers").

The categories of data that may be processed include:

• Identification data: first name, last name
• Contact data: telephone number, email address
• Communication content: initial inquiry message submitted by the lead
• Technical metadata: timestamps, message-status indicators, and conversion metrics

No additional categories of personal data are collected or inferred by Dealyv.

2.2 Source of the Data

All personal data processed by Dealyv originates exclusively from the Customer's own lead-generation systems, including their CRM platforms, lead forms, or authorised WhatsApp integrations.

• Dealyv does not obtain personal data from public sources, third parties, or data brokers.
• The Customer remains the Data Controller, and Dealyv acts solely as a Data Processor under Article 28 GDPR.

2.3 Purpose and Legal Basis of Processing

Dealyv processes personal data only for the following limited and explicit purposes:

• Lead Qualification and Communication Enablement – to determine engagement status and transmit qualified leads back to the Customer.
• Performance Analytics – to provide aggregated statistics on conversion efficiency and system operation.
• Service Improvement and AI Training – to enhance conversational performance using anonymised or pseudonymised datasets that do not contain personally identifiable information.

Processing is carried out pursuant to Article 6(1)(b) GDPR (contractual necessity) and Article 6(1)(f) GDPR (legitimate interest) of the Customer in optimising sales efficiency, with Dealyv acting under written instructions from the Controller.

2.4 Storage, Access and Data-Flow Controls

• Dealyv implements a "no-PII-outside-client-environment" principle.
• Personally identifiable information (PII) remains within the Customer's CRM or authorised WhatsApp environment.
• Dealyv's systems temporarily process pseudonymised operational data (e.g., engagement status, numeric conversion scores, error codes) strictly for functional execution.
• The original identifying data (name, phone, email) is not permanently stored in Dealyv infrastructure. It is used transiently to establish the authorised communication session and is thereafter returned to the Customer's environment.
• All personal data are encrypted in transit (TLS 1.3 or higher) and at rest (AES-256 or equivalent).
• Access is restricted to authorised personnel bound by confidentiality agreements.

2.5 Retention Periods

Dealyv retains only non-identifiable technical and performance metadata for as long as necessary to fulfil contractual obligations and ensure system security, not exceeding 90 days, unless longer retention is required by law or by explicit instruction of the Controller.

After expiration of the retention period, data are securely deleted or irreversibly anonymised.

2.6 Prohibition of Unauthorised Use

Dealyv shall not use, sell, lease, or otherwise disclose personal data for marketing, profiling, or any purpose other than those expressly defined herein and in the applicable Data Processing Agreement (DPA).

3. Data Processing & Storage

3.1 Role in Data Processing

For the purposes of the EU General Data Protection Regulation (Regulation (EU) 2016/679 – "GDPR"), MOST IBERIA GROUP S.L., acting on behalf of Dealyv, acts as a Data Processor, processing personal data solely on the documented instructions of its business customers (the "Controllers").

The Controllers remain responsible for determining the lawful basis of processing and ensuring compliance with data-subject notification requirements.

3.2 Hosting & Infrastructure

Dealyv's data-processing environment is hosted within secure, GDPR-compliant data centers located in the European Union (EEA) to guarantee that all personal data remain protected under EU data-protection law.

Following Dealyv's formal incorporation, certain customers who so elect may have their data processed within data centers based in the United Arab Emirates (UAE).

Any such transfer will occur only after prior written notification to the Controller and will be governed by Standard Contractual Clauses (SCCs) or equivalent safeguards in accordance with Articles 44–46 of the GDPR.

3.3 Security & Encryption Standards

Dealyv implements a "security-by-design and by-default" framework consistent with GDPR Articles 25–32.

Technical and organisational measures include:

• Data in Transit: Encrypted using TLS 1.3 or higher.
• Data at Rest: Encrypted using AES-256 or equivalent industry standards.
• Access Controls: Role-based permissions, least-privilege principles, and multi-factor authentication for authorised personnel.
• Logical Isolation: Each customer environment is logically separated using schema-agnostic data mapping, preventing cross-access between client datasets.
• Incident Response: Continuous monitoring of systems and prompt notification to Controllers of any confirmed personal-data breach in accordance with Articles 33 and 34 GDPR.

3.4 Retention and Deletion Policy

Dealyv aligns its processing with the six-month lifecycle of each lead managed on behalf of the Controller.

Operational and performance metadata are retained for up to 90 days following the conclusion of the lead's active lifecycle, unless a longer period is required by law or specified contractually.

After the retention period expires, all personal or pseudonymised data are securely deleted or irreversibly anonymised using verified erasure protocols consistent with industry best practices.

3.5 Cross-Border Transfers

Dealyv does not transfer personal data outside the EEA except when necessary for contractual performance and where adequate safeguards are applied, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission, or
• Equivalent transfer mechanisms under Articles 44–46 of the GDPR.

All subprocessors and infrastructure partners engaged by Dealyv are contractually required to maintain security and privacy protections equivalent to those mandated under EU data-protection law.

4. Third-Party Integrations & Sub-Processors

4.1 Use of Third-Party Processors

To deliver its AI-driven lead-revival and qualification services, Dealyv engages a limited number of verified technology partners ("Sub-Processors").

These partners provide secure infrastructure, communication channels, and natural-language processing functions essential to the operation of the platform.

All subprocessors are contractually bound to comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679) and to implement equivalent data-protection standards.

The categories of subprocessors engaged include:

• AI & Language Processing Engines: Enable text interpretation, conversational logic, and automated dialogue generation within the platform.
• Secure Messaging APIs: Facilitate communication flows between agents and their leads through authorised, encrypted channels.
• Automation and Workflow Engines: Execute and monitor AI conversation sequences and qualification workflows.
• Cloud Hosting & Infrastructure Providers: Offer EU-based data-center hosting, storage, and redundancy environments for service continuity.
• Customer Relationship Management Systems: Manage authorised B2B inquiries and maintain secure contact records for agency customers.

Each sub-processor operates under a written data-processing agreement that mirrors the obligations of Article 28 GDPR, including confidentiality, security, deletion, and audit rights.

4.2 Compliance and Safeguards

• All third-party processors engaged by Dealyv are bound by Standard Contractual Clauses (SCCs) or equivalent legal mechanisms for any non-EEA processing;
• Maintain appropriate industry certifications such as ISO 27001 or SOC 2;
• Demonstrate adherence to the GDPR principles of lawfulness, fairness, transparency, purpose limitation, and integrity.

Dealyv performs periodic due-diligence reviews of all subprocessors and provides prior notification of any material changes to its sub-processor list, ensuring Controllers retain oversight and objection rights.

4.3 Website Data and Analytics

Dealyv's public website is intended exclusively for business-to-business communication with real-estate agencies and developers.

• Collects only voluntary inquiry information submitted by agency representatives (e.g., name, business email, message);
• Does not collect or analyse data from end-users or consumer leads;
• Does not deploy marketing cookies, advertising pixels, or third-party tracking tools;
• Uses limited, anonymised server analytics solely for security monitoring and performance optimisation.

All inquiry data are used exclusively to respond to requests, establish business relationships, and provide information about Dealyv's services in accordance with Article 6(1)(b) GDPR (contractual necessity).

4.4 Updates to Sub-Processor List

Dealyv maintains an internal register of authorised subprocessors. Controllers will be notified of any intended changes at least 30 days in advance, with the right to object on reasonable data-protection or security grounds.

5. User & Client Rights

5.1 Data-Subject Rights

In accordance with Articles 15 to 22 of the EU General Data Protection Regulation (GDPR), any individual whose personal data are processed through the Dealyv system ("Data Subjects") retains the following rights:

• Right of Access – to obtain confirmation of whether their personal data are being processed and to receive a copy of such data.
• Right to Rectification – to request correction of inaccurate or incomplete information.
• Right to Erasure ("Right to be Forgotten") – to request deletion of personal data when processing is no longer necessary or lawful.
• Right to Restrict or Object to Processing – to limit processing under specific conditions or to object to further use.
• Right to Data Portability – to receive data in a structured, commonly used format and transmit it to another controller.

Dealyv facilitates these rights on behalf of its agency clients, who remain the primary Data Controllers. When a lead (end user) submits such a request directly to Dealyv, the request will be forwarded without delay to the relevant Controller for validation and fulfilment.

5.2 Submission of Requests

• By email: info@dealyv.com
• By direct message: through any verified communication channel previously used with Dealyv (e.g., WhatsApp or secure portal message).

To ensure authenticity, Dealyv may require verification of the requester's identity before processing any data-related request.

5.3 Response Time & Procedure

Dealyv and its represented Controllers will respond to all validated requests within 30 days of receipt, in accordance with Article 12(3) GDPR.

If a request is complex or involves multiple datasets, this period may be extended by up to two additional months, with prior written notice to the requester explaining the reason for delay.

5.4 Data Export & Portability for Agency Clients

For business customers (agency Controllers), Dealyv supports data-export functionality upon confirmation of a custom integration or via secure API connection.

Such exports are provided in a structured, machine-readable format consistent with Article 20 GDPR.

Dealyv ensures that exports contain only data belonging to the requesting Controller and that no other customer environments are affected.

5.5 Contact for Data Protection Inquiries

Data Protection Officer (DPO): Anita Shneider Miro

Email: info@dealyv.com

All privacy-related inquiries, complaints, or concerns regarding Dealyv's processing activities should be directed to the DPO. If an individual believes their data rights have been infringed, they also have the right to lodge a complaint with the Agencia Española de Protección de Datos (AEPD) or another competent supervisory authority within the EEA.

6. Legal Bases for Processing

6.1 Contractual Necessity

Dealyv processes personal data as necessary for the performance of a contract between its business customers (the Controllers) and Dealyv as their service provider. This includes all processing operations required to:

• Enable the qualification, reactivation, and communication of leads;
• Deliver AI-assisted follow-up and engagement logic;
• Provide analytics and performance reports directly linked to the contractual services.

Such processing is justified under Article 6(1)(b) GDPR ("processing necessary for the performance of a contract").

6.2 Legitimate Interest

Dealyv also processes limited pseudonymised and aggregated information to maintain and improve its services, ensure system security, and optimise operational performance. This activity is carried out under Article 6(1)(f) GDPR ("processing necessary for the purposes of legitimate interests") and is always balanced against the rights and freedoms of data subjects.

These legitimate interests include:

• Ensuring service continuity and accuracy of qualification outcomes;
• Enhancing AI logic to improve client results;
• Detecting misuse, fraud, or technical faults.

Where legitimate-interest processing is applied, Dealyv maintains internal documentation demonstrating the balancing test in accordance with Recital 47 GDPR.

6.3 Consent

When marketing communications or non-essential analytics are offered to agency customers, such processing is based on explicit, informed consent under Article 6(1)(a) GDPR. Customers may withdraw their consent at any time by contacting Dealyv or by using the unsubscribe or preference-management options provided in the relevant communication.

6.4 Compliance with Legal Obligations

In certain cases, Dealyv may process or retain specific records to comply with applicable legal or regulatory obligations, such as tax, accounting, or data-protection reporting requirements, pursuant to Article 6(1)(c) GDPR.