This Privacy Policy explains how JEG SERVICES SRL, with registered office at Corso Umberto I #284 and contact email [email protected] (“JEG SERVICES SRL”, “we”, “us”, or “our”), acting as the Data Controller, collects, uses, stores, and protects the personal data of individuals who visit https://socialbeat.app, join the SocialBeat waiting list, or otherwise contact us for information about our services.

This Privacy Policy is provided in accordance with applicable data protection laws, including Regulation (EU) 2016/679 (“GDPR”) and any applicable national data protection legislation.

1. Data Controller

The Data Controller is:

JEG SERVICES SRL
Corso Umberto I #284
Email: [email protected]
Privacy contact: [email protected]

2. Personal Data We Collect

We may collect the following personal data through forms available on our website, landing pages, contact forms, waiting list forms, or similar tools, where such data is voluntarily provided by the user:

First name

Last name

Email address

Phone number

We may also process certain technical and browsing data strictly necessary for the operation, security, and maintenance of the website, as further described in our Cookie Policy or any dedicated privacy notice, where applicable.

3. Purposes of Processing

We process personal data for the following purposes:

a) to manage registration for the SocialBeat waiting list;
b) to contact users with updates regarding the launch of the service, early access opportunities, product features, registration openings, or other communications strictly related to the requested service;
c) to respond to requests for information, contact, or support;
d) to manage administrative, organizational, technical, and pre-contractual activities connected with a user’s request;
e) to comply with applicable legal or regulatory obligations and lawful requests from competent authorities;
f) where necessary, to establish, exercise, or defend our legal rights.

4. Legal Bases for Processing

We process personal data on one or more of the following legal bases:

Consent, where required, including for joining the waiting list and receiving service-related updates;

Pre-contractual steps taken at the request of the data subject, for example where a user asks to be contacted or requests information about the service;

Compliance with legal obligations to which we are subject;

Legitimate interests, where permitted by law, including interests in maintaining website security, managing our platform and operations, and protecting our rights and business interests.

5. Mandatory or Optional Nature of Data Provision

Providing personal data marked as mandatory in our forms is necessary for us to process a registration request, manage inclusion in the waiting list, or respond to an inquiry. Failure to provide such data may prevent us from processing the request or delivering the relevant service-related communication.

6. How We Process Personal Data

Personal data is processed using paper-based, electronic, and digital means, in accordance with the principles of lawfulness, fairness, transparency, data minimization, accuracy, integrity, confidentiality, and storage limitation.

We implement appropriate technical and organizational measures designed to safeguard personal data against unauthorized access, disclosure, alteration, loss, or destruction.

7. Use of GoHighLevel as a Service Provider

To manage contacts, registrations, the waiting list, communications, and lead organization, we use the GoHighLevel / HighLevel platform.

Where personal data is processed through that platform on our behalf, HighLevel acts as a data processor, in accordance with its contractual documentation and its Customer Data Processing Addendum (DPA).

Accordingly, personal data submitted through forms on our website may be stored, organized, accessed, and managed within the GoHighLevel CRM for the purposes set out in this Privacy Policy.

8. Data Processors and Third-Party Service Providers

For the purposes described in this Privacy Policy, we may engage third-party service providers that process personal data on our behalf, including, for example:

CRM service providers;

hosting and cloud infrastructure providers;

email and communication service providers;

technical support, maintenance, and development providers;

administrative, tax, legal, or IT consultants, where strictly necessary.

Where required by applicable law, such parties are appointed as data processors or are otherwise bound by appropriate contractual confidentiality and data protection obligations.

9. HighLevel Sub-processors

We note that GoHighLevel/HighLevel relies, according to its official documentation, on additional suppliers and sub-processors for the delivery of its services. Publicly identified sub-processors include, by way of example:

Google Cloud Services – data storage

Amazon Web Services, Inc. – data storage

Twilio – communication services

Mailgun – communication services

Stripe – payment services

OpenAI – AI-related functionality

HighLevel India – services and support

LeadConnector LLC – communication and support

This list may be updated by the provider from time to time. Users may therefore also refer to the provider’s official documentation for the most current information.

10. International Data Transfers

Because we use cloud-based systems, CRM platforms, and technology infrastructure provided by international vendors, personal data may be transferred to and processed in countries outside the European Economic Area (EEA).

Where this occurs, we take steps to ensure that such transfers are carried out in compliance with applicable data protection laws and that an adequate level of protection is afforded to personal data. These safeguards may include:

Standard Contractual Clauses approved by the competent authorities;

supplementary contractual, technical, and organizational measures, where appropriate;

other transfer mechanisms recognized under applicable law.

With specific regard to HighLevel, the provider states in its DPA that restricted transfers are managed in accordance with applicable contractual safeguards, including the Standard Contractual Clauses (SCCs), and that it adheres to the international transfer frameworks referenced in its official documentation.

11. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Unless otherwise required for legal, regulatory, or defense purposes, we apply the following retention criteria:

personal data collected for the waiting list: up to 36 months from the date of collection, unless consent is renewed, deletion is requested, or a contractual relationship is established;

personal data collected through contact or information requests: for the time necessary to handle the request and, thereafter, for 36 months;

personal data processed to comply with legal obligations: for the period required by applicable law;

personal data necessary for the establishment, exercise, or defense of legal claims: for as long as reasonably necessary for those purposes.

At the end of the applicable retention period, personal data will be deleted or anonymized, unless continued retention is required by law or otherwise justified on a lawful basis.

12. Data Subject Rights

Subject to the conditions and limitations set out under applicable law, individuals have the right to:

obtain confirmation as to whether we process their personal data and access such data;

request correction of inaccurate or incomplete personal data;

request deletion of personal data where applicable;

request restriction of processing in the cases provided by law;

object to processing, where applicable;

receive their personal data in a structured, commonly used, and machine-readable format, and request transmission of such data where technically feasible, where applicable;

withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal;

lodge a complaint with the competent supervisory authority.

13. How to Exercise Your Rights

Any request concerning the processing of personal data or the exercise of privacy rights may be sent to:

[email protected]

We will respond within the timeframes required under applicable law.

14. Separate Marketing Communications

If we intend to use collected personal data for direct marketing purposes, promotional newsletters, commercial offers, or other communications not strictly related to the waiting list or the user’s specific request, such processing will only take place on the basis of an appropriate legal basis and, where required, upon obtaining the user’s specific consent.

In such cases, this Privacy Policy and the relevant data collection forms will be supplemented with appropriate notices and dedicated consent mechanisms.

15. Security Measures

We maintain technical and organizational security measures appropriate to the nature of the personal data processed and the risks involved, in order to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

16. Minors

Our website and services are not intended for individuals under the age of 18, unless otherwise permitted under applicable law and, where required, authorized by a parent or legal guardian.

17. Changes to This Privacy Policy

We may amend or update this Privacy Policy from time to time, including to reflect legal, regulatory, technical, or business developments.

Any updated version will be posted on this page and will indicate the date of the latest revision. Where required, or where changes materially affect users’ rights or the way in which personal data is processed, we may take additional steps to provide appropriate notice.