WEBSITE PRIVACY POLICY

Privacy and Personal Data Protection Policy

In compliance with applicable law, MORE AND BETTER ENERGY, S.L. (the "Controller"), as operator of frikienergy.com (the "Website"), undertakes to adopt the technical and organizational measures necessary to ensure a level of security appropriate to the risk of the processed data.

Laws incorporated into this Privacy Policy

This Privacy Policy is adapted to current Spanish and European legislation on personal data protection on the internet and, in particular, complies with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the GDPR).
• Organic Law 3/2018 of 5 December on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD).
• Law 34/2002 of 11 July on Information Society Services and Electronic Commerce (LSSI-CE).

Identity of the Data Controller

The controller responsible for the processing of personal data collected through frikienergy.com is:

• MORE AND BETTER ENERGY, S.L.
• Tax ID (CIF): B44631976
• Registered with: Registro Mercantil de Madrid
• Representative: Sole Administrator
• Registered address: Calle Villablanca, 85 (Office 207), Madrid 28032, Spain
• Contact phone: +34915426042
• Contact email: contact@mobeenergy.com

Record of Processing Activities

In accordance with the GDPR and the LOPDGDD, personal data collected through the Website (e.g., via contact channels and the use of the tool) will be processed in order to manage user requests and provide the service. The Controller maintains a record of processing activities in accordance with the GDPR.

Principles applicable to processing

User personal data will be processed in accordance with the principles set out in Article 5 GDPR: lawfulness, fairness and transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; and accountability.

Categories of personal data processed

The Website may process the following categories of data:

• Identification and contact data (e.g., name, email address) when a user contacts us.
• Technical data associated with use of the Website (e.g., IP address, device/browser information, timestamps, logs for security and troubleshooting).
• Uploaded dataset content used to run simulations in the tool.
• Email address (submitted through the "pricing updates" / notification form).

Special categories of personal data: We do not intentionally process special categories of personal data (Article 9 GDPR). Users should not upload special categories of data or unnecessary personal data in datasets. If a user uploads personal data, the user must ensure they have a lawful basis to do so.

Legal basis for processing

As a general rule, the legal bases are:

• Consent when the user provides data through contact forms or similar channels (and where consent is the appropriate basis).
• Performance of a service / pre-contractual steps when the user uploads a dataset and requests an analysis (processing necessary to provide the requested output).
• Legitimate interest for essential security, fraud prevention, and service integrity (e.g., preventing abuse and ensuring the Website functions safely).

Where processing is based on consent, the user may withdraw consent at any time as easily as it was given. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

For notification emails requested via the form, the legal basis is the user's consent. The user may withdraw consent at any time by emailing contact@frikienergy.com with the subject "Unsubscribe", and we will stop sending these notifications.

Purposes of processing

Personal data is collected and managed for the purposes of:

• Providing the tool service (processing user-uploaded datasets to generate simulation outputs).
• Handling requests, questions, and communications sent by users.
• Ensuring Website security and proper functioning, including incident prevention, detection and troubleshooting.
• Operational and statistical improvements of the Website and its content (only where permitted and, where required, subject to consent).
• Sending advance notices about changes to the pricing policy and/or beta access terms, when the user requests to be notified.

How uploaded datasets are handled

Users may upload datasets to run simulations. These datasets are processed immediately to generate outputs and are not stored as files by the Controller after processing is completed.

However, limited technical traces may appear in standard security or error logs (e.g., a file name, an error code, or timing information) strictly for troubleshooting and security, but the tool is designed not to retain the dataset itself.

Data retention periods

Personal data will be retained only for the minimum time necessary for the purposes stated above and, in any event:

• Uploaded datasets: not stored as files after processing (see section above).
• Technical/security logs: retained for 60 days for security and troubleshooting.
• Contact messages/emails: retained for up to 12 months or until the request is resolved, unless a longer retention is required by law.
• Notification list (email): retained until the user unsubscribes, unless a longer period is required by law.

When data is collected, the user will be informed—where applicable—of the retention period or the criteria used to determine it.

Recipients of personal data

As a general rule, personal data will not be shared with third parties, except:

• where required by law, or
• where necessary to operate the Website through service providers acting as processors under the Controller's instructions.

Service providers (processors): The Website is hosted using Vercel as infrastructure/hosting provider. Vercel processes certain technical data on behalf of the Controller to deliver and secure the Website.

We may use email delivery/service providers to send these notifications. If we do, they will act as data processors under our instructions and this policy will be updated to identify them where required.

If international transfers occur (e.g., processing outside the EEA), appropriate safeguards will be applied (such as Standard Contractual Clauses) and the user will be informed as required by law.

Personal data of minors

In accordance with Article 8 GDPR and Article 7 LOPDGDD, only users aged 14 or older may lawfully provide consent on their own in Spain. If a user is under 14, consent must be provided by a parent/guardian.

Confidentiality and security of personal data

The Controller undertakes to adopt the technical and organizational measures necessary to ensure appropriate security and confidentiality, and to prevent unauthorized access, disclosure, alteration or loss of personal data.

The Website uses SSL/TLS encryption to secure communications.

If a personal data breach is likely to result in a high risk to the rights and freedoms of individuals, the Controller will notify affected users without undue delay, as required by law.

User rights

The user may exercise the rights recognized by the GDPR and the LOPDGDD:

• Right of access
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object
• Right not to be subject to a decision based solely on automated processing, including profiling (where applicable)

Links to third-party websites

The Website may include links to third-party websites not operated by the Controller. Those sites have their own privacy policies and are responsible for their own practices.

Complaints to the supervisory authority

If the user believes there is a breach of data protection law, they may lodge a complaint with the competent supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD).