Privacy Policy

Last updated: March 2026

1. Data controller

Full identification details of the data controller are set out in our Legal Notice. For data protection enquiries:

  • Controller: David Sitjes Domenech (BYEreview)
  • Contact email: privacy@byereview.com
  • Postal address: Carrer Sant Sebastià, 11, 25400 Les Borges Blanques, Lleida, Spain

2. Data we collect and purpose

When you submit the audit request form, we collect the following data:

  • Your Google Maps business URL: to carry out a preliminary feasibility study on the removal of reviews.
  • Professional email: to communicate the analysis results and, where applicable, a commercial proposal.
  • Phone number (optional): to contact you if we identify reviews requiring urgent action.
  • Business name and role: to personalise the proposal and verify that the request originates from the owner or authorised manager of the establishment.
  • Type of issue: to classify the case internally and assign the appropriate strategy.

We do not collect special categories of personal data. The Google Maps URL you provide is treated as confidential business information — the fact that a business has requested a review audit is not shared with third parties.

3. Legal basis for processing

We process your data on the following legal grounds, in line with UAE data protection legislation:

  • Consent: by ticking the checkbox on the form and submitting your request, you grant explicit consent for the processing of your data for the purposes described.
  • Performance of a contract or pre-contractual measures: if you formalise the engagement of our services, processing will be necessary for the performance of the contract.
  • Legitimate interest: for the preliminary viability analysis of your case based on publicly available data from your Google Maps listing.
  • Legal obligation: for the fulfilment of tax and regulatory obligations arising from the provision of the service.

4. Recipients of data

Your data is not sold nor shared with third parties for commercial purposes. It is only disclosed to:

  • Cloudflare, Inc.: as our web infrastructure provider (hosting, security, CDN). Cloudflare acts as a data processor and operates under appropriate data protection safeguards.
  • Tax authorities: when required for the fulfilment of invoicing and regulatory obligations.
  • Google LLC: strictly limited to the data necessary to process review reports through Google's official reporting channels. Your identity and contact details are not shared with Google.

Where personal data is transferred outside the UAE, we ensure that appropriate safeguards are in place, including contractual clauses and internationally recognised data protection frameworks.

5. Retention periods

  • Enquiries not converted into a contract: data is retained for a maximum of 3 years from the last point of contact.
  • Clients with a formalised contract: data is retained for the duration of the contract and, once terminated, for 6 years to meet tax and regulatory obligations.
  • Anonymised data: we may retain aggregated statistical data indefinitely, provided it does not permit the identification of any individual.

Once the stated retention periods have elapsed, data is securely deleted.

6. Your rights

Under UAE data protection legislation, you may exercise the following rights at any time:

  • Access: obtain confirmation of whether we process your personal data and request a copy thereof.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request the deletion of your data when it is no longer necessary for the purpose for which it was collected.
  • Objection: object to the processing of your data in certain circumstances.
  • Restriction: request that we restrict processing while a complaint or verification is being resolved.
  • Data portability: receive your data in a structured, commonly used and machine-readable format.

To exercise any of these rights, please send an email to privacy@byereview.com stating your identity and the right you wish to exercise. We will respond within 30 days.

If you believe that the processing of your data infringes applicable data protection legislation, you have the right to lodge a complaint with the UAE Data Office.

7. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted communications (HTTPS/TLS), restricted access to authorised personnel and storage within infrastructure protected by Cloudflare. However, no system is infallible and we cannot guarantee the absolute security of information transmitted over the internet.

8. Cookies

Information on the use of cookies is set out in our Cookie Policy.

9. Modifications

We reserve the right to update this policy to reflect changes in legislation or our internal processes. Any modification will be published on this page with the corresponding date of update.