berries.
legal // berries

privacy notice

this notice explains how berries lab sl processes personal data when you visit berries.co or submit a product through the site. it is published in accordance with regulation (eu) 2016/679 (the “gdpr”) and spain's organic law 3/2018 on data protection (lopdgdd).

01 · who is the data controller

controller (responsable del tratamiento)
entity
berries lab sl
nif
B72854060
address
paseo del mare nostrum 1508039, 08039 barcelona, españa
contact
privacy@berries.co

02 · what data we collect

we process the following categories of personal data:

  • submission data — when you apply through /apply: product name, urls, category, founder name and email, team details, traction metrics (mrr, arr, mau, dau, retention, gross margin, cac, payback, paid spend), pricing data, distribution gap diagnosis, and free-text context you provide.
  • contact data — name and email when you write to any berries inbox or join a partner conversation.
  • technical data — submission timestamp, referring page, ip address, and user-agent string, recorded automatically for security and basic analytics.

we do not knowingly collect special-category data (health, ethnic origin, political opinions, etc.). do not include such data in free-text fields.

03 · purposes and lawful basis

  • evaluate product submissions and decide whether to enter a label deal
    performance of pre-contractual measures (gdpr art. 6.1.b)
  • reply to your inquiries and maintain partner relationships
    performance of contract / legitimate interest (gdpr art. 6.1.b, 6.1.f)
  • improve our underwriting model using anonymised aggregate patterns
    legitimate interest (gdpr art. 6.1.f)
  • comply with legal, tax, and accounting obligations
    legal obligation (gdpr art. 6.1.c)
  • defend or exercise legal claims
    legitimate interest (gdpr art. 6.1.f)

04 · who can access your data

access is restricted to the operating team at berries on a strict need-to-know basis. we may also share relevant material with:

  • processors we engage to operate the site (hosting, email, basic analytics) — bound by data-processing agreements (gdpr art. 28).
  • specific advisors or capital partners on a confirmed deal, only after you have agreed to enter that deal — always under written confidentiality.
  • public authorities when required by law.

we do not sell, rent, or share your data with third parties for marketing purposes.

05 · international transfers

our processors may store data on infrastructure located inside or outside the european economic area. where data is transferred outside the eea, the transfer is covered by an adequacy decision of the european commission or by standard contractual clauses (gdpr art. 46).

06 · how long we keep it

  • submissions not signed — kept up to 24 months from receipt for evaluation, follow-up, and benchmarking, then deleted or anonymised.
  • signed-deal records — kept for the duration of the deal and the legal retention period thereafter (typically up to 10 years for tax and accounting purposes under spanish law).
  • technical logs — kept up to 12 months for security and abuse-prevention purposes.

07 · your rights

under the gdpr you have the right to:

  • access the personal data we hold about you;
  • rectification of inaccurate or incomplete data;
  • erasure (“right to be forgotten”) where applicable;
  • restriction of processing in certain circumstances;
  • data portability for data you provided to us;
  • object to processing based on legitimate interest, including for marketing purposes (we do not do marketing, but the right still applies);
  • withdraw consent at any time where processing relies on consent.

to exercise any of these rights, email privacy@berries.co with the subject “data request” and the email address you used. we will respond within 30 days. for deletion requests, use subject “delete my submission”.

08 · supervisory authority

if you believe we have not handled your data properly, you have the right to lodge a complaint with the spanish data protection agency (agencia española de protección de datos — aepd.es).

09 · cookies

berries.co uses only the strictly necessary cookies required to run the site (e.g. session integrity, security). we do not use advertising, profiling, or third-party tracking cookies. if this changes, this notice and a cookie banner will be updated accordingly.

10 · changes to this notice

we may update this notice from time to time. material changes will be reflected by updating the date below. continued use of the site after a change indicates acceptance of the updated notice.

11 · no partnership created

submitting a product or otherwise interacting with this site does not create a partnership, investment, employment, confidentiality, fiduciary, or commercial agreement. any such relationship requires a separate written contract, as set out in our legal notice.

last updated · 2026-05-29