Acceptable Use Policy | Celestial Business

Effective Date: 11 May 2026

Last Updated: 11 May 2026

Version 1.1 — Amendments shown in bold

This Acceptable Use Policy (“Policy”) sets out the rules governing acceptable access to and use of the website located at https://www.celestbe.com (the “Website”), together with any related software, data services, reports, portals, content, communications, and business tools made available by CELESTIAL BUSINESS, S.L., a private limited liability company (sociedad de responsabilidad limitada) incorporated under Spanish law (CIF:B56911621) (“Celestial Business”, “we”, “us”, “our”).

The Website presents Celestial Business as a provider of professional business intelligence, legal records, financial information and related SaaS services for corporate users.

This Policy is intended to protect the Website, our systems, our users, our data assets, and legitimate commercial use of our services.

1. Introduction

Celestial Business provides business-focused digital services designed for professional and commercial users, including corporate intelligence and business data tools.

To maintain security, reliability, legal compliance and fair access, all users must comply with this Policy.

Use of the Website or Services in breach of this Policy may result in suspension, termination, legal action, reporting to authorities, or other remedial measures where appropriate.

2. Relationship to Terms and Conditions

This Policy forms an integral part of the Terms and Conditions governing use of the Website and related Services.

By accessing or using the Website, you agree to comply with:

this Acceptable Use Policy;
the Terms and Conditions;
the Privacy Policy;
the Cookie Policy; and
any additional contractual terms that may apply.

Where there is conflict between this Policy and a signed commercial agreement, that agreement may prevail for the relevant paid services unless otherwise stated.

3. Scope of this Policy

This Policy applies to use of:

the public Website;
informational pages;
contact forms;
inquiry forms;
business onboarding channels;
downloadable materials;
client dashboards or portals (if offered);
APIs (if offered);
data reports;
subscription services;
communications with us;
any connected technical systems.

4. Who This Policy Applies To

This Policy applies to:

visitors to the Website;
prospective customers;
customers;
business users;
contractors;
vendors;
partners;
authorised representatives;
anyone accessing our systems directly or indirectly.

If you act on behalf of a company or organisation, you must have authority to do so.

Where a user acts on behalf of a regulated entity (such as a law firm, financial institution, or compliance function), that user also remains personally responsible for ensuring their use of our Services complies with the professional and regulatory obligations applicable to them, including obligations under applicable legislation and sector-specific regulatory requirements.

5. Permitted Use of the Website and Services

You may use the Website and Services only for legitimate professional purposes such as:

learning about our offerings;
requesting commercial information;
conducting lawful business due diligence;
evaluating counterparties;
compliance review;
research for lawful internal business use;
accessing authorised services;
legitimate customer relationship purposes.

Use must be reasonable, proportionate and lawful.

6. Professional / Lawful Use Only

Corporate information, records and business data made available through the Website or Services are intended for lawful and professional use only.

You remain solely responsible for:

legal decisions;
compliance decisions;
lending decisions;
investment decisions;
tax decisions;
accounting decisions;
onboarding decisions;
commercial judgments.

Information should be independently verified before reliance, especially where time-sensitive or material decisions are involved.

Where our Services are described as providing due diligence tools, or compliance assistance, such descriptions refer to informational tools designed to assist Professional Users in their independent compliance processes. They do not constitute regulated KYC, AML, or due diligence services, and do not discharge any regulatory obligation applicable to the user under Directive (EU) 2015/849 (as amended), Spanish Ley 10/2010, or any sector-specific regulatory framework. Professional Users remain solely and exclusively responsible for their own compliance obligations.

7. Prohibited Conduct

You must not use the Website or Services to:

violate any law or regulation;
engage in fraud or deception;
harass or threaten others;
transmit abusive, defamatory or unlawful material;
infringe third-party rights;
misuse confidential information;
facilitate criminal conduct;
cause reputational harm through unlawful misuse.

You must not use our Services in any way inconsistent with their legitimate B2B purpose.

You must not use the Services for any purpose connected with: (i) money laundering, terrorist financing or sanctions evasion; (ii) bribery or corruption; (iii) insider dealing or market manipulation; (iv) fraudulent misrepresentation to a third party; or (v) any activity that would constitute a criminal offence in Spain, the EU, or any other jurisdiction in which you operate. We reserve the right to report suspected criminal activity to the relevant competent authorities, including the Servicio Ejecutivo de la Comisión de Prevención del Blanqueo de Capitales e Infracciones Monetarias (SEPBLAC) in Spain.

8. Unauthorized Access and Security Abuse

You must not:

attempt unauthorised access to systems, servers, APIs, accounts, admin areas or databases;
bypass authentication controls;
test vulnerabilities without written permission;
probe networks unlawfully;
escalate privileges;
intercept data unlawfully;
interfere with security controls;
circumvent rate limits or technical restrictions;
use stolen credentials.

You must not introduce:

malware;
ransomware;
spyware;
trojans;
harmful scripts;
malicious automation;
code intended to disrupt operations.

We may block suspicious traffic or access attempts.

Unauthorised access to computer systems or data is a criminal offence under Spanish Ley Orgánica 10/1995 (Código Penal), Articles 197 et seq. We will preserve evidence of security violations and cooperate fully with law enforcement and competent judicial authorities.

9. Scraping, Crawling, Bots and Automated Extraction

Unless expressly authorised in writing, you must not:

scrape Website content;
crawl data pages;
harvest email addresses;
mine reports;
bulk download materials;
use bots to collect information;
run automated queries intended to replicate our services;
extract structured datasets;
bypass robots.txt or technical controls;
use headless browsers for unauthorised extraction.

Repeated or large-scale automated access may be treated as abuse.

Unauthorised systematic extraction of data from our Website may infringe our database rights under Directive 96/9/EC (Database Directive) and its Spanish implementation, as well as our rights under the GDPR where personal data is involved. Such extraction may give rise to civil claims for damages and injunctive relief, in addition to any criminal liability under applicable law.

10. Misuse of Corporate Data / Reports

You must not use data, reports or records obtained through the Website or Services to:

create competing databases;
resell datasets;
provide shadow services;
publish bulk records without permission;
conduct unlawful surveillance;
blackmail or extort others;
stalk individuals;
discriminate unlawfully;
manipulate markets;
mislead third parties;
impersonate regulators or investigators.

Credit or solvency indicators, where available, are informational tools and not guaranteed outcomes.

Processing personal data obtained through our Services for purposes incompatible with those disclosed in our Privacy Policy is prohibited and may constitute a breach of GDPR Article 5(1)(b) (purpose limitation). Any use of data relating to natural persons must be independently assessed by the user against their own data protection obligations.

11. Intellectual Property and Database Rights

All intellectual property rights, database rights, software rights, trademarks, layouts, methodologies and proprietary content belong to Celestial Business or its licensors unless otherwise stated.

You must not without written permission:

copy substantial parts of content;
mirror the Website;
republish reports;
sublicense access;
commercially exploit protected materials;
remove proprietary notices;
reverse engineer protected tools.

Lawful statutory exceptions remain unaffected where mandatory.

12. User Content / Form Submissions

Where you submit information through forms or communications, you must ensure that content is:

accurate;
lawful;
non-infringing;
non-malicious;
not misleading;
professionally appropriate.

You must not submit:

spam;
unsolicited promotions;
offensive material;
false identities;
impersonation attempts;
malicious files.

We may disregard or remove inappropriate submissions.

Submitting false or misleading information during onboarding or KYC processes may constitute fraud under Spanish criminal law (Código Penal Article 248 et seq.) and may also constitute a breach of applicable legislation. We reserve the right to terminate access and report such conduct to the relevant competent authorities.

13. Compliance with Laws and Sanctions

You must comply with all laws applicable to your use, including where relevant:

anti-money laundering laws;
sanctions laws;
anti-bribery laws;
privacy laws;
export-control laws;
competition laws;
consumer protection laws where applicable;
anti-fraud rules.

You must not use our Services in connection with sanctioned persons, unlawful transactions, or prohibited jurisdictions where such restrictions apply.

Users are specifically prohibited from using our Services in connection with: (i) persons or entities designated on the EU Consolidated Sanctions List, UN Security Council Sanctions Lists, OFAC Specially Designated Nationals list, or any other applicable sanctions regime; (ii) transactions or activities prohibited by Spanish Ley 10/2010 or EU Regulation 2580/2001 (as amended); or (iii) jurisdictions subject to comprehensive EU, UN or US sanctions. Breach of this provision may result in immediate termination of access and mandatory referral to SEPBLAC or other competent authorities.

14. No Fraudulent or Misleading Use

You must not:

misrepresent affiliation with a company;
pretend to act for regulators;
use fake credentials;
conceal identity for unlawful purposes;
submit misleading inquiries;
obtain information by deception;
impersonate directors, officers or authorised representatives.

We may request verification where appropriate.

15. Monitoring and Enforcement Rights

To protect our business and systems, we may monitor usage patterns, logs, traffic and operational signals where lawful and proportionate.

All monitoring activity will be carried out in compliance with GDPR, the Spanish LOPDGDD, and applicable labour and employment law where internal personnel are concerned. Monitoring of user activity will not extend beyond what is necessary and proportionate for the purposes of security, abuse prevention, and legal compliance.

We may investigate suspected misuse and may take action including:

warnings;
request for explanation;
technical blocking;
throttling;
suspension;
access restrictions;
evidence preservation;
legal escalation;
regulatory reporting where required.

Nothing in this Policy obliges us to monitor all activity.

16. Suspension / Restriction / Termination of Access

We may suspend, restrict or terminate access immediately where reasonably necessary, including for:

breach of this Policy;
repeated abuse;
scraping attempts;
fraud indicators;
security risk;
sanctions concerns;
false identity use;
infrastructure attacks;
unpaid subscriptions (if applicable);
legal compliance reasons.

Serious or repeated abuse may result in permanent denial of access.

Where suspension or termination is implemented for reasons other than immediate security or sanctions risk, we will provide written notice as soon as reasonably practicable. Where we are required by law or a regulatory obligation to act without prior notice, we will notify the affected user as soon as the applicable legal restriction permits.

17. Reporting Violations

If you become aware of misuse, security concerns, suspicious activity or breaches of this Policy, please contact:

info@celestbe.com

Please provide reasonable detail so concerns can be assessed efficiently.

Reports of suspected misuse may also be made directly to SEPBLAC (Servicio Ejecutivo de la Comisión de Prevención del Blanqueo de Capitales e Infracciones Monetarias) at www.sepblac.es, or to the relevant national financial intelligence unit in your jurisdiction.

18. Changes to this Policy

We may amend this Policy periodically to reflect:

legal developments;
security risks;
technical changes;
service evolution;
operational needs.

Material amendments will be notified by prominent notice on the Website no less than 30 days before taking effect. Updated versions become effective when published on the Website unless otherwise stated.

Continued use after publication constitutes acceptance of the revised version.

19. Language Versions

This Acceptable Use Policy may also be made available in other languages for convenience, including Spanish.

In the event of conflict, inconsistency or ambiguity, the English version shall prevail, except where mandatory Spanish or EU law requires the Spanish-language version to govern transactions with Spanish-resident users, in which case the Spanish version shall apply to the extent required by law.

20. Contact Details

CELESTIAL BUSINESS, S.L.

CIF: B56911621

Calle Juan de Mena 10, Madrid, 28014, Spain

Email: info@celestbe.com