Privacy policy
This privacy policy explains how Esmerise processes personal data collected through esmerise.com, contact and demo forms, creator account registration, service billing and commercial communications relating to the Esmerise website and platform.
If you use an academy built on Esmerise as an end student or customer, the academy operator is normally the primary controller for that processing. In that context Esmerise generally acts as the infrastructure provider and as a processor or sub-processor under the applicable data processing arrangements.
1. Controller, scope and roles
When you visit esmerise.com, request a demo, contact us, create a creator account or purchase an Esmerise plan, Esmerise Group S.L. acts as the controller for that processing.
This notice does not replace the privacy policies published by creators for their own academies, checkouts, products or communities.
- Controller: Esmerise Group S.L.
- Registered office: Calle Italia, Island Village Heights, apto. 498/B, Costa Adeje 38660 Adeje, Santa Cruz de Tenerife, Spain
- CIF: B44935179
- Contact email: info@esmerise.com
- Website: esmerise.com
2. Data we process as controller
Website visitors, demo requests and marketing
We may process identity and contact data such as name, email, company, language, commercial preferences, data submitted in forms, request history, and technical information such as IP address, device, browser, visited pages and consent data.
If you complete forms for guides, webinars, demos or newsletters, we may use that data to respond to your request, deliver the requested material, follow up for compatible commercial purposes and measure campaign effectiveness where permitted.
Creator accounts, subscriptions, payments and support
When you create or manage an Esmerise account, we may process registration details, credentials, preferences, subscribed plan, technical logs, invoices, subscription status, payment history, support tickets and administrative communications.
Payment data is handled mainly through specialized providers. Esmerise may receive confirmation data, customer identifiers, payment status, the last four digits or equivalent information needed for accounting, fraud prevention, support and debt recovery.
Security, compliance and abuse prevention
We may process logs, IP addresses, session identifiers, security events and information related to breaches of our terms to protect the website, prevent fraud, investigate abuse, comply with legal obligations and defend our rights.
3. When Esmerise acts as a processor
For data that creators and their academies collect through the platform, Esmerise normally acts as a processor or sub-processor, following the customer's documented instructions and the applicable data processing agreement.
Typical examples include student data, orders, content access records, academy emails, community activity, forms, checkouts, videos and files uploaded to the platform. To exercise rights relating to that data, you should usually contact the relevant creator or academy operator first.
4. Lawful bases
The main lawful bases we rely on are: performance of pre-contractual steps and the contract when you request a demo or buy the service; compliance with legal obligations; consent, where required, for non-essential cookies and certain marketing communications; and legitimate interests for security, fraud prevention, service improvement, aggregate analytics and management of the commercial relationship.
Where we rely on legitimate interests, we assess that the processing is proportionate and does not override your fundamental rights and freedoms.
5. Recipients and service providers
We may share data with providers that help us operate the service or website, such as payment processors including Stripe, email and marketing tools including ConvertKit, consent and compliance tools such as iubenda, analytics and advertising services such as Google, Meta, TikTok and Microsoft, and hosting, storage, CDN, support and security providers.
We may also share data with professional advisers, public authorities or third parties where required by law or necessary to protect our rights.
6. International transfers
Some providers may process data outside the European Economic Area. Where that happens, we use appropriate GDPR transfer mechanisms, such as adequacy decisions or standard contractual clauses, together with supplementary measures where needed.
7. Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, for managing the contractual relationship, for tax and accounting obligations, for legal claims and for the applicable limitation periods.
Actual retention periods may vary depending on the category of data, account status, consents given, pending requests and applicable legal requirements.
8. Cookies and similar technologies
On the corporate website we use cookies and similar technologies for essential functions, preferences, measurement and, where you consent, advertising and remarketing. Further details are available in our cookie policy.
Non-essential measurement and marketing tools on esmerise.com are loaded only after consent through the banner or preference center, unless the law allows another legal basis.
9. Your rights
You can request access, rectification, erasure, restriction, portability and objection in the cases provided by the GDPR. You can also withdraw consent at any time for consent-based processing, without affecting the lawfulness of processing carried out before withdrawal.
To exercise your rights, write to info@esmerise.com. We may request reasonable additional information to verify your identity and handle the request correctly.
10. Complaints and contact
If you believe the processing breaches applicable law, you may contact us first so we can try to address the issue. You also have the right to lodge a complaint with the competent supervisory authority, in particular in the place where you habitually reside, work or where the alleged infringement took place.
Language
