ACCESSIAL — accessial.com Effective date: 01/04/2024 Last updated: 01/02/2026
1. Data Controller
The data controller responsible for the processing of your personal data is:
Accessial
Legal Name: GSDS Connection, S.L.
CIF: B70961149
Registered address: 18, Paseo de la Castellana, Madrid, Spain
Email: privacy@accessial.com
Website: https://accessial.com
For any queries related to data protection, please contact us at: privacy@accessial.com
2. Scope
This Privacy Policy applies to all personal data collected through:
- The website accessial.com and its subdomains.
- The purchase and use of our services, including Certified Talent Services and AI Workforce.
- Communications with us via email, contact forms, or other channels.
This Privacy Policy is drafted in accordance with:
- Regulation (EU) 2016/679 (General Data Protection Regulation — GDPR)
- Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales (LOPD-GDD)
- Ley 34/2002, de 11 de julio, de servicios de la sociedad de la información y de comercio electrónico (LSSI-CE)
3. Personal Data We Collect
3.1 Data You Provide Directly
| Data Category | When Collected | Examples |
|---|---|---|
| Account and purchase data | When you create an account or make a purchase | Name, email address, billing address, payment information |
| Onboarding data | When you complete the AI Workforce onboarding form | Business name, business description, desired agent responsibilities, platform accounts |
| Communication data | When you contact us | Email address, message content, attachments |
| Training session data | During AI Workforce training (Growth/Professional tiers) | Video call recordings (only with your explicit consent), notes, questions asked |
3.2 Data Collected Automatically
| Data Category | How Collected | Examples |
|---|---|---|
| Usage data | Website analytics | Pages visited, time on site, referral source, device type, browser |
| Technical data | Server logs | IP address, access times, error logs |
| Cookie data | Cookies and similar technologies | Session identifiers, preferences (see Section 10) |
3.3 Data Processed Through AI Workforce
When using the AI Workforce service, the AI agents may process data on your behalf within your own platforms. This data is processed in your own Third-Party Service accounts (Cloudflare, OpenRouter, Telegram) and is not stored by or accessible to Accessial after delivery, except in the following cases:
- Professional tier: During the support period, Accessial may access the Client’s Agent Environment for troubleshooting, updates, or reconfigurations, only with the Client’s authorization.
Important: Accessial does not have access to the content generated by your AI agents, the data in your connected platforms, or your OpenRouter usage logs, unless you explicitly share this information with us for support purposes.
4. Purposes and Legal Bases for Processing
| Purpose | Legal Basis (GDPR Art. 6) | Data Categories |
|---|---|---|
| Processing your orders and delivering services | Performance of a contract (Art. 6.1.b) | Account, purchase, and onboarding data |
| Issuing invoices and complying with tax obligations | Legal obligation (Art. 6.1.c) | Name, address, CIF/NIF, payment records |
| Providing customer support and technical assistance | Performance of a contract (Art. 6.1.b) | Account, communication, and technical data |
| Sending service-related communications (delivery updates, security alerts) | Performance of a contract (Art. 6.1.b) | Email address |
| Sending marketing communications about new services or features | Consent (Art. 6.1.a) | Email address |
| Improving our website and services | Legitimate interest (Art. 6.1.f) | Usage and technical data |
| Preventing fraud and ensuring security | Legitimate interest (Art. 6.1.f) | Technical and account data |
| Complying with legal obligations | Legal obligation (Art. 6.1.c) | As required by applicable law |
5. Data Sharing and Third-Party Processors
We share personal data only when necessary to provide our services or comply with legal obligations.
5.1 Service Providers (Data Processors)
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| WooCommerce / WordPress | E-commerce platform | Purchase and account data | EU/US |
| Payment processors (PayPal, Stripe, Klarna) | Payment processing | Payment and billing data | EU/US |
| Cloudflare | Website performance and security | IP addresses, technical data | Global (EU-adequate) |
| Google Analytics (if applicable) | Website analytics | Anonymized usage data | US (EU-US Data Privacy Framework) |
| Google Workspace | Transactional and marketing emails | Anonymized usage data | US (EU-US Data Privacy Framework) |
5.2 Third-Party Services in AI Workforce
The following Third-Party Services are used in the delivery and operation of AI Workforce. After delivery, these accounts belong to and are controlled by the Client:
| Service | Role | Client’s Data Involved |
|---|---|---|
| Cloudflare Workers | Hosts the Agent Environment | Agent configurations, task data in transit |
| OpenRouter | Routes AI model requests | Task prompts and AI model responses (tokens) |
| Telegram | Client-agent communication interface | Messages between Client and AI Coordinator |
| AI Model Providers (Anthropic, Google, OpenAI, etc.) | Process AI tasks via OpenRouter | Task content sent for processing |
Accessial is not the data controller for data processed within the Client’s own Third-Party Service accounts after delivery. The Client is responsible for reviewing and accepting the privacy policies and data processing terms of these services.
5.3 Legal Disclosures
We may disclose personal data when required by law, court order, or to protect our rights, safety, or property.
6. International Data Transfers
Some of our service providers and Third-Party Services may process data outside the European Economic Area (EEA). In such cases, we ensure that adequate safeguards are in place, including:
- EU-US Data Privacy Framework certification
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Account and purchase data | Duration of the business relationship + 5 years (Spanish tax obligations under Ley General Tributaria) |
| Invoicing and financial records | 6 years (Código de Comercio, Art. 30) |
| Onboarding form data | 1 year after delivery, then deleted unless needed for ongoing support |
| Communication records | 3 years from last communication |
| Marketing consent records | Until consent is withdrawn + 1 year for proof of compliance |
| Website analytics data | 14 months (if Google Analytics is used) |
| Professional tier support logs | Duration of support period + 1 year |
8. Your Rights
Under the GDPR and LOPD-GDD, you have the following rights:
| Right | Description |
|---|---|
| Access (Art. 15) | Obtain a copy of your personal data and information about how it is processed |
| Rectification (Art. 16) | Correct inaccurate or incomplete personal data |
| Erasure (Art. 17) | Request deletion of your personal data (“right to be forgotten”) |
| Restriction (Art. 18) | Restrict the processing of your data in certain circumstances |
| Portability (Art. 20) | Receive your data in a structured, machine-readable format |
| Objection (Art. 21) | Object to processing based on legitimate interests or direct marketing |
| Withdraw consent (Art. 7.3) | Withdraw previously given consent at any time |
| Automated decisions (Art. 22) | Not be subject to decisions based solely on automated processing |
How to Exercise Your Rights
Send a request to privacy@accessial.com, including:
- Your full name and email address associated with your account.
- The specific right(s) you wish to exercise.
- A copy of your ID document (to verify your identity).
We will respond within 30 calendar days. If the request is complex, this period may be extended by an additional 60 days, in which case we will inform you of the extension.
Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos — AEPD):
- Website: https://www.aepd.es
- Address: C/ Jorge Juan 6, 28001 Madrid, Spain
9. Data Security
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:
- HTTPS encryption for all website communications.
- Secure payment processing through PCI-DSS compliant providers.
- Access controls limiting data access to authorized personnel only.
- Regular review of security practices.
For the AI Workforce service, additional security measures include:
- Zero-trust architecture on Cloudflare Workers.
- Editor-only permissions for AI agents (never admin access).
- Prompt injection safeguards to prevent unauthorized data access by AI agents.
10. Cookies
10.1 What Are Cookies
Cookies are small text files stored on your device when you visit our Website. We use cookies and similar technologies in accordance with the LSSI-CE and GDPR.
10.2 Types of Cookies We Use
| Type | Purpose | Duration | Consent Required |
|---|---|---|---|
| Strictly necessary | Essential for the website to function (e.g., shopping cart, session management) | Session | No |
| Functional | Remember your preferences (e.g., language, login) | Up to 1 year | Yes |
| Analytics | Understand how visitors use the Website | Up to 14 months | Yes |
| Marketing | Track visits across websites to display relevant ads (if applicable) | Up to 2 years | Yes |
10.3 Managing Cookies
You can manage your cookie preferences through our cookie banner when you first visit the Website. You can also modify your preferences at any time by:
- Clicking the “Cookie Settings” link in our website footer.
- Adjusting your browser settings to block or delete cookies.
Please note that disabling certain cookies may affect the functionality of the Website.
10.4 Third-Party Cookies
Our Website may include cookies set by third-party services (e.g., Google Analytics, payment processors, social media widgets). These are governed by the respective third party’s privacy and cookie policies.
11. Marketing Communications
We will only send marketing communications with your explicit opt-in consent. You can unsubscribe at any time by:
- Clicking the “unsubscribe” link in any marketing email.
- Contacting us at privacy@accessial.com.
Service-related communications (e.g., order confirmations, delivery notifications, security alerts) are not marketing and will be sent as necessary for the performance of our contract.
12. Children’s Privacy
Our services are intended for business and professional use by individuals aged 18 and over. We do not knowingly collect personal data from children under 18. If we become aware of such data, we will delete it promptly.
13. AI-Specific Data Processing
13.1 During Setup (Accessial as Processor)
During the AI Workforce configuration period, Accessial may temporarily process Client data (business descriptions, platform credentials) to set up the Agent Environment. This data is used solely for configuration purposes and is not retained after delivery, except as described in Section 7.
13.2 After Delivery (Client as Controller)
Once the Agent Environment is delivered, the Client becomes the sole data controller for any data processed by their AI agents. Accessial has no access to or control over this data unless explicitly granted by the Client for support purposes.
13.3 AI Model Data Processing
When AI agents process tasks, the content is sent to AI model providers (via OpenRouter) for processing. The Client should be aware that:
- AI model providers may process data in accordance with their own data policies.
- OpenRouter’s privacy policy governs how token data is routed and processed.
- The Client is responsible for ensuring that data sent to AI models complies with applicable data protection regulations, particularly when processing personal data of third parties.
14. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with the updated effective date. For material changes, we will notify registered users via email.
15. Contact
For any questions or requests related to this Privacy Policy:
Accessial
Legal Name: GSDS Connection, S.L.
CIF: B70961149
Registered address: 18, Paseo de la Castellana, Madrid, Spain
Email: privacy@accessial.com
Website: https://accessial.com
