PrivacyPolicy
Last updated: 2026-05-01
The Wake Up Movement, S.L. (trading as Dcycle) Calle Luis Cabrera, 55, 28002 Madrid, Spain Tax Identification Number ESB88511373
Scope. This Privacy Policy explains how Dcycle processes personal data as a data controller – that is, data about visitors to our website, prospects, account administrators, and marketing contacts. Personal data that Dcycle processes as a processor on behalf of its customers (data uploaded into the platform by a customer) is governed instead by the Data Processing Agreement (available on request), not by this Policy.
1. Data Controller
The controller of your personal data is The Wake Up Movement, S.L. (trading as Dcycle), Calle Luis Cabrera, 55, 28002 Madrid, Spain, NIF ESB88511373.
Privacy contact: privacy@dcycle.io.
The Wake Up Movement, S.L. has not designated a Data Protection Officer under Article 37 GDPR; the contact above is an operational privacy contact.
2. Data We Collect
Data you provide directly: name, business email address, job title, company, and the content of any communications you send us (including support and sales enquiries).
Data collected automatically when you use our website: log data including IP address, browser type, device information, pages visited, and the time and date of visits, collected via cookies and similar technologies (see Section 9 and our Cookie Policy).
Data from third parties: where you connect an authorised integration to your account, we may receive data from integration partners including Datadis, SIFCO, and the customer’s ERP systems, to the extent necessary to provide the Services.
We do not knowingly collect special categories of personal data (Article 9 GDPR) through our website or marketing channels.
3. Purposes and Legal Basis for Processing
| Purpose | Legal basis (Article 6 GDPR) |
|---|---|
| Providing and operating the platform and your account | Performance of a contract |
| Responding to enquiries, demos, and sales conversations | Legitimate interests |
| Website analytics and security | Legitimate interests |
| Marketing communications | Consent |
| Compliance with legal and accounting obligations | Legal obligation |
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
4. Data Retention
- Account data: retained for the duration of the contract plus five (5) years following termination, in line with statutory limitation periods.
- Marketing data: retained until you withdraw consent or object.
- Log and analytics data: retained for up to thirteen (13) months.
- Support and enquiry communications: retained for three (3) years.
After the applicable period, data is deleted or anonymised, unless a longer retention period is required by law.
5. Data Sharing
We do not sell your personal data. We share personal data only with:
- Service providers (processors) who process data on our behalf under written agreements compliant with Article 28 GDPR;
- Authorised integration partners, where you have connected an integration;
- Competent authorities, where required by law or to defend our legal rights; and
- A successor entity, in connection with a merger, acquisition, or sale of all or substantially all of our assets.
6. International Transfers
Personal data processed under this Policy is stored and processed within the European Economic Area (EEA) wherever feasible. Where a transfer outside the EEA is necessary (for example, to certain website analytics or marketing providers), we rely, in order of preference, on: (a) an adequacy decision under Article 45 GDPR, including, where applicable, the EU-U.S. Data Privacy Framework; or (b) the Standard Contractual Clauses approved by the European Commission, with supplementary measures where required.
7. Your Rights
You have the right to: access your personal data; rectify inaccurate data; erase your data; restrict processing; data portability; object to processing; and withdraw consent. To exercise any of these rights, contact privacy@dcycle.io. We will respond within thirty (30) days.
You also have the right to lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos, AEPD) at www.aepd.es, or with your local supervisory authority.
8. Security
Dcycle maintains an Information Security Management System certified to ISO/IEC 27001:2022 by TÜV Rheinland. Measures include encryption of data in transit and at rest, access controls on a least-privilege basis, and regular security testing and audits. Further detail is available through the Dcycle Trust Center at https://security.dcycle.io (access on request).
9. Cookies
Our website uses cookies and similar technologies. Strictly necessary cookies are always active; analytics, marketing, and functional cookies are placed only with your consent. Full details, including the specific cookies used, are set out in our Cookie Policy.
10. Children’s Data
The Dcycle platform and website are intended for business use only. We do not knowingly collect personal data from individuals under the age of sixteen (16). If you believe we have inadvertently collected such data, contact privacy@dcycle.io and we will delete it.
11. Changes to This Policy
We may update this Policy from time to time. We will revise the “Last updated” date and, where the change is material, notify you by email or through the platform.
12. Contact
The Wake Up Movement, S.L. (trading as Dcycle) Calle Luis Cabrera, 55, 28002 Madrid, Spain Privacy contact: privacy@dcycle.io · Website: www.dcycle.io