← GREEN BCN
Legal

Privacy Policy

How GREEN BCN collects, uses, stores and protects personal data. This policy applies to visitors and members of greenbcn.com and is governed by the EU General Data Protection Regulation (GDPR) and the Spanish Organic Law on Personal Data Protection and guarantee of digital rights (LOPDGDD).

Last updated: June 2026 · Jurisdiction: Spain (European Union)

1. Data Controller

The data controller responsible for your personal data is:

Brand / Trading name
GREEN BCN
Legal entity [REPLACE]
[COMPANY LEGAL NAME]
Registered address [REPLACE]
[REGISTERED ADDRESS], Barcelona, Spain
Tax ID [REPLACE]
[CIF/NIF]
General contact
contact@greenbcn.com
Privacy contact
privacy@greenbcn.com

[REPLACE] — Before going live, insert your registered company legal name, full registered address in Spain, and CIF/NIF in the fields above.

2. Contact

For any question about this Privacy Policy or your personal data, contact us at privacy@greenbcn.com or contact@greenbcn.com. We aim to respond within one month, as required by GDPR.

3. Purpose of Data Collection

GREEN BCN is a Barcelona membership and discovery platform for social clubs, culture and community. We process personal data to:

  • Operate the website and member platform (My Green Pass)
  • Review and process membership access requests
  • Manage accounts, subscriptions and payments
  • Respond to contact and support enquiries
  • Send service-related and optional marketing communications (where permitted)
  • Improve the platform through analytics (with consent where required)
  • Ensure security, fraud prevention and legal compliance

4. Legal Basis for Processing (GDPR Art. 6)

We process personal data on the following legal bases:

  • Consent (Art. 6(1)(a)) — Newsletter subscriptions, non-essential cookies (analytics, marketing), and optional marketing communications.
  • Contract (Art. 6(1)(b)) — Creating and managing your account, processing membership applications, delivering subscribed services, and payment-related processing.
  • Legitimate interest (Art. 6(1)(f)) — Platform security, abuse prevention, improving core services, and responding to enquiries — balanced against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)) — Retaining accounting and tax records as required by Spanish law.

5. Membership Request Processing

When you apply for access via our membership funnel, we collect data such as name, email, and information you provide in the application form. This data is used to evaluate eligibility, communicate about your request, and — if approved — create your member account. Processing is based on pre-contractual steps and/or contract performance.

6. Contact Forms & Support

When you contact us via forms, email, or live chat (Crisp, if enabled and consented), we process the information you submit to handle your enquiry. We may retain correspondence to resolve issues and improve support quality.

7. Newsletter Subscriptions

If you subscribe to a newsletter or marketing list, we process your email address and preferences based on your consent. You may withdraw consent at any time via unsubscribe links or by emailing privacy@greenbcn.com.

8. Payment Processing (Stripe)

Membership payments are processed by Stripe Payments Europe, Ltd. When you pay, Stripe collects payment card details and billing information directly. GREEN BCN receives limited transaction metadata (e.g. payment status, subscription ID, amount) to manage your membership. See Stripe's privacy policy at stripe.com/privacy.

9. Analytics

With your consent, we may use Google Analytics to understand aggregated site usage (pages visited, device type, general location). Analytics cookies are not loaded until you accept the Analytics category in our cookie banner. IP anonymisation is enabled where supported.

10. Your Rights (ARCO+ / GDPR)

Under GDPR and LOPDGDD, you have the following rights regarding your personal data:

  • Access — Obtain confirmation of whether we process your data and receive a copy.
  • Rectification — Correct inaccurate or incomplete data.
  • Erasure ("right to be forgotten") — Request deletion where legally applicable.
  • Restriction — Limit processing in certain circumstances.
  • Portability — Receive data you provided in a structured, machine-readable format.
  • Objection — Object to processing based on legitimate interests or direct marketing.
  • Withdrawal of consent — Withdraw consent at any time without affecting prior lawful processing.

How to exercise your rights: Email privacy@greenbcn.com with your request, full name, registered email, and a description of the right you wish to exercise. We may ask for identity verification. We respond within one month (extendable by two months for complex requests).

11. Third-Party Services

We use the following processors and service providers. Each processes data only as necessary for the stated purpose:

ProviderPurposeData involved
Cloudflare Hosting, CDN, DDoS protection and security IP address, request logs, technical identifiers
Stripe Payment processing and subscription management Name, email, payment method, transaction records
Google Analytics Website analytics (with consent) Usage data, device/browser info, pseudonymous identifiers
Google AdSense Advertising (with consent) Cookie identifiers, ad interaction data
Crisp Live chat support (with consent) Name, email, chat content, session metadata
Resend Transactional email delivery Email address, message content (e.g. account notifications)

Links to provider privacy policies are available on request or on each provider's website.

12. Data Retention

We retain personal data only as long as necessary for the purposes described. Default periods below may be adjusted by the business to meet operational or legal requirements:

  • Membership requests (not converted): up to 24 months
  • Membership requests (converted to member): duration of membership plus up to 5 years for account history
  • User accounts: duration of active membership plus legal retention periods after closure
  • Contact / support requests: 12–24 months unless a longer period is needed for dispute resolution
  • Payment and accounting records: 6–10 years per Spanish tax and commercial law (Ley General Tributaria, Código de Comercio)
  • Analytics data: per Google Analytics default settings, typically up to 26 months
  • Marketing consents and unsubscribe records: for the duration of the relationship plus applicable limitation periods

13. International Transfers

Some providers (e.g. Cloudflare, Stripe, Google, Crisp, Resend) may process data in the United States or other countries outside the European Economic Area. Where transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or provider certifications under GDPR Chapter V.

14. Complaints — Supervisory Authority

If you believe your data protection rights have been violated, you may lodge a complaint with the Spanish Data Protection Agency:

Agencia Española de Protección de Datos (AEPD)
Website: www.aepd.es
Address: C/ Jorge Juan, 6, 28001 Madrid, Spain

You may also contact us first at privacy@greenbcn.com so we can address your concern.

15. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical or business changes. The "Last updated" date at the top will be revised accordingly. Material changes may be communicated via the website or email where appropriate.

16. Data Controller Summary

Controller
GREEN BCN / [COMPANY LEGAL NAME] [REPLACE]
Address
[REGISTERED ADDRESS] [REPLACE]
CIF/NIF
[CIF/NIF] [REPLACE]
DPO
Not appointed [REPLACE if applicable]