Corporate address: Consell de Cent 436 Street, 3-1, Barcelona (08013), Spain.
Telephone: 930 094 598
Contact of data protection officer: firstname.lastname@example.org
LEGITIMATION AND PURPOSE
2.1 The User gives his consent to LEYPAL for the processing of personal data that he/she provides at the time of submitting a form or sending an email by making a query or request for a service, in order to be able to attend and manage his/her specific request, being the necessary data for the maintenance and fulfillment of said relationship. Likewise, the User gives his/her consent for a representative of LEYPAL to contact in order to respond to the request in a personalized way and better provide a service, taking into account that LEYPAL only provides its services to other legal persons, and in compliance with article 19 of Spanish Organic Law 3/2018, of December 5, on the protection of personal data and guarantee of digital rights.
2.2 LEYPAL also carries out the processing with the consent of the interested parties or based on their legitimate interest in the information of natural persons who are customers and suppliers or contacts of companies in order to maintain commercial relationships with customers, suppliers and collaborators, as well as to send them communications, invitations to events, and company information and to send them emails of various types that are part of the marketing and promotion activity.
2.3 Finally, LEYPAL performs data processing of Client Users for the execution of the service contract between the User and LEYPAL, following the Terms and Conditions or the specific contract signed between the parties. This processing is necessary so that LEYPAL can register and provide the requested service, as well as perform the billing and collection thereof and manage, maintain and control the contractual relationship with its customers.
2.4 In order to serve our customers, we request:
- If the client is a legal person, name and surname of one or more contact persons (depending on the roles), their position in the company, corporate email and contact telephone number. The consent granted by the proxies or authorized, for the purposes of article 21 of Spanish Law 34/2002, of July 11, on services of the information society and electronic commerce (LSSI), shall be understood as given both in its own name as in the legal entity they represent.
- If the customer is a natural person, he/she will be asked to provide additionally: Personal Identification number, postal address and personal bank details.
2.5 It is the responsibility of each interested party that the information provided is true, accurate, complete and up-to-date and only they will be liable for any direct or indirect damage or loss that may be caused as a result of the breach of such obligation.
2.7 The data of the Users are not transferred to third parties, and only international transfers are made within the European Union or country that has been declared of adequate level of protection by the European Commission, or through an appropriate protection mechanism, setting as an example the US companies that are regulated under the Privacy Shield. However, LEYPAL ensures strict compliance with the GDPR and as Data Controller, has ratified a data processing agreement for the processing of data with all its Data Processors.
2.8 The User may revoke this consent by written request addressed to the following corporate address: Consell de Cent 436 Street, 3-1, Barcelona (08013), Spain, or to the email address email@example.com.
2.9 LEYPAL processes the data confidentially. The data will be kept as long as the commercial relationship between the interested party and LEYPAL is maintained, and during the legally or contractually foreseen periods for the exercise of any action or claim available to the interested party or LEYPAL.
2.10 LEYPAL adopts the security levels required by the Data Protection Regulation approved by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, “GDPR”), having applied the appropriate technical and organizational measures to ensure a level of security appropriate to the risk that derives from the processing of personal data, such as the destruction, loss or accidental or unlawful alteration of personal data transmitted, preserved or otherwise processed, or unauthorized communication or access to such data, particularly susceptible to causing damage and physical, material or immaterial damages. However, the above, Internet security measures are not impregnable and there may be leaks due to malicious actions by third parties.
2.11 LEYPAL will block the data when they are no longer necessary or relevant for their purpose for which they have been collected, in accordance with the provisions of the legislation on data protection. However, you may continue to use the data for the purposes of sending commercial communications indicated above as long as the User does not revoke the consent given.
2.12 In the data collection forms, the fields that are marked with an asterisk or “required” will be mandatory, so if the User does not provide the corresponding data, LEYPAL may deny the corresponding service.
3.1 The rights that assist Users are:
- Right to request access to personal data related to the interested party.
- Right to request rectification or deletion.
- Right to request the limitation on the processing of his/her data.
- Right to object to the processing of data.
- Right to data portability.
- Right to erasure
3.2 The User may exercise the aforementioned rights with respect to the data sent by written request addressed to the following corporate address: Consell de Cent 436 Street, 3-1, Barcelona (08013), Spain, or to the email address firstname.lastname@example.org.
3.3 Likewise, the User has the right to withdraw the consent given at any time, through the same procedure, without affecting the legality of the processing based on the consent prior to its withdrawal, or where appropriate, in any of the conditions of legality of processing set out in article 6 of the GDPR. Those interested can file a claim with the competent Data Protection Control Authority, especially when they have not obtained satisfaction in the exercise of their rights.
DATA PROCESSING AS DATA PROCESSOR
4.1 LEYPAL as Data Processor, will process the personal data of the users or signatories provided by their clients for the provision of trust services in accordance with the order received and will keep them only for the time necessary to comply with legal and contractual obligations.
4.2 The data received may include, among others, the name and surname of the signer, official identification number (DNI, passport or other), handwritten signature, email address, telephone number, IP address, and technological platform used, which will allow collectively to prove the identity of the signer and the time and place from which a document was signed.
4.3 In the event that the handwritten signature is biometric, LEYPAL will ask the signer for his explicit consent, as part of the order requested by his clients to be able to offer the advanced electronic signature. Under no circumstances, Leypal will process biometric signature data without the signer’s consent, and if such treatment is accepted, this event will be reflected in the certifying document received by the signatory parties.
4.4 The data processed under the order received shall in no case be used for a purpose other than the provision of trust services, nor will they be transferred to third parties except to the administrative or judicial authority that requests them, and in cases where there is a legal obligation to do so. In no case, LEYPAL shall carry out commercial actions to the recipients of the trust services.
4.5 The clients of LEYPAL, as Data Controllers of the data of the users of products of LEYPAL, must inform them about LEYPAL and the data that it processes, since LEYPAL as Data Processor, only acts on behalf for the provision of trust services.
4.6 Leypal customers can request the signing of a Data Processing Agreement, requesting it to the following email: email@example.com.
4.7 The recipients of LEYPAL’s trust services can contact the data protection officer to clarify any question or doubt that the provision of the service may entail in relation to personal data to the following email: firstname.lastname@example.org.
5.1 LEYPAL reserves the right to modify this policy to adapt it to future legislative or jurisprudential developments, as well as to future uses that it plans to make of the personal data of the Users of the website or its products. If such modification affects you in relation to the processing of your data, for example, because some additional treatment will be performed, not previously reported, we would proceed to notify those affected.
Version 1.0. October 1st, 2019