Privacy Policy
1. Data Controller
Data Controller: Viafirma SL
Postal Address: Glorieta Fernando Quiñones, s/n. First floor, module 8, 41940 Tomares, Seville
Phone number: 954 155 244
Email: [email protected]
2. Data Protection Delegate
DPD: Techlegal Servicios Jurídicos y Tecnológicos SL (https://www.techlegal.es)
Contact Information: [email protected] / [email protected]
3. Treatments
Viafirma SL only processes the personal data indicated below:
A. Data Collected through the website
Purpose: To answer requests for information, contact and budgets sent through emails and contact forms on the website. If the interested party authorizes it, we will process their data in order to send information about our news and services.
Retention: The data subject’s personal data will be retained until such time as deletion is requested by the data subject
Legitimation: The legal basis for the processing of your data is your consent and where appropriate, is the implementation of pre-contractual measures at the request of the data subject (Art.6.1.b of the RGPD) for the preparation of quotations requested
Recipients: The communication of personal data is not foreseen except in the cases established by a legal obligation.
Ways of Obtaining: The personal data that we process have been obtained from the person concerned
The categories of data processed are as follows:
- Identification data
- Contact information
- No specially protected data are processed
B. Clients
Purpose: To provide services to our customers and send information about our products, support communications and news.
Conservation: The data will be kept for 5 years (Art. 1964 of the Civil Code).
Legitimation: Execution of the contract for the provision of the services requested by the interested party.
Recipients: The communication of personal data is not foreseen except in the cases established by a legal obligation.
Ways of Obtaining: The personal data we process have been obtained from the data subject himself.
The categories of data processed are as follows:
- Identification data
- Contact information
- Data on products or services contracted by the interested party
- No specially protected data are processed
C. Personnel Selection
Purpose: To participate in our company’s personnel selection processes
Retention: The candidate’s personal data will be retained until deletion is requested by the interested party and in any case for a maximum period of two years.
Legitimation: The legal basis for the processing of your data is the implementation of pre-contractual measures at the request of the data subject (Art.6.1.b of the GDPR)
Recipients: No communication of the candidate’s personal data is foreseen
Ways of Obtaining: The personal data that we process are obtained from the interested party through the resumes, forms or selection interviews that he/she carries out with us.
The categories of data processed are as follows:
- Identification data
- Personal characteristics
- Academic data
- Employment history data
- No specially protected data is processed.
D. Email list subscribers
Purpose:
- Send you information of your interest about our news, activities and services.
- Creation of a commercial profile to send you information tailored to your tastes and interests about our services.
Retention: The data subject’s personal data will be retained until deletion is requested by the data subject.
Legitimation: Consent of the interested party
Recipients: The communication of personal data is not foreseen except in the cases established by a legal obligation.
Ways of Obtaining: The personal data that we process have been obtained from the person concerned
The categories of data processed are as follows:
- Identification data
- Contact information
- No specially protected data are processed
E. Suppliers
Purpose: Supplier management
Conservation: The data will be kept for 5 years (Art. 1964 of the Civil Code).
Legitimation: Execution of the contract signed with the supplier
Recipients: The communication of personal data is not foreseen except in the cases established by a legal obligation.
Ways of Obtaining: The personal data that we process have been obtained from the person concerned
The categories of data processed are as follows:
- Identification data
- Contact information
- Goods and services supplied by the supplier
- No specially protected data are processed
F. Surveys
Purpose: To conduct surveys for the improvement of our products and services, marketing and commercial prospecting
Retention: Data will be retained for a maximum period of one year
Legitimation: Legitimate interest
Recipients: The communication of personal data is not foreseen except in the cases established by a legal obligation.
Ways of Obtaining: The personal data that we process have been obtained from the person concerned
The categories of data processed are as follows:
- Identification data
- Contact information
G. Webinars and Events
Purpose: To conduct surveys for the improvement of our products and services, marketing and commercial prospecting.
Retention: The data of event attendees will be retained until the end of the event. However, if you give your authorization to send commercial information, your data will be kept until you request its deletion.
Legitimation: The legal basis for the processing of your data is the execution of contractual or pre-contractual measures referring to the data subject’s request for participation in the event (Art.6.1.b of the GDPR).
Recipients: The communication of personal data is not foreseen except in the cases established by a legal obligation.
Ways of Obtaining: The personal data we process have been obtained from the data subject himself.
The categories of data processed are as follows:
- Identification data
- Contact information
H. Commercial Contacts
Purpose: Marketing and commercial prospecting.
Retention: The data will be retained until the request for deletion by the data subject.
Legitimation: Application of pre-contractual measures at the request of the data subject (Art.6.1.b of the GDPR) with respect to requests for information or quotations, consent of the data subject with respect to requests to send commercial information or newsletter subscriptions (Art. 6.1.A. of the GDPR) or the legitimate interest of the data controller with respect to personal data obtained from professional social networks, websites, guides or public directories.
Recipients: The communication of personal data is not foreseen except in the cases established by a legal obligation.
Ways of Obtaining: The personal data we process is obtained from the data subject, professional social networks, websites and public directories or directories.
The categories of data processed are as follows:
- Identification data
- Contact information
- Professional Data
I. Partners and Collaborators
Purpose: Partners and collaborators management
Conservation: Personal data will be kept as long as they are necessary for the purpose for which they have been collected, being applicable the regulations on civil and commercial contracts.
Legitimation: The legal basis for the processing of your data is the execution of contractual or pre-contractual measures referring to the participation of the data subject in our partner or collaborator program (Art.6.1.b of the RGPD)
Recipients: The communication of personal data is not foreseen except in the cases established by a legal obligation.
Ways of Obtaining: The personal data we process have been obtained from the data subject himself.
The categories of data processed are as follows:
- Identification data
- Contact information
- No specially protected data are processed
J. Complaints, suggestions and claims
Purpose: Management of complaints, suggestions and claims made by the interested party
Conservation: Personal data will be kept as long as they are necessary for the purpose for which they have been collected, being applicable the regulations on contractual and extra-contractual liability.
Legitimation: The legal basis for the processing of your data is the legitimate interest of the data subject in relation to the management and response to complaints, suggestions and claims made (Art.6.1.f of the RGPD).
Recipients: The communication of personal data is not foreseen except in the cases established by a legal obligation.
Ways of Obtaining: The personal data we process have been obtained from the data subject himself.
The categories of data processed are as follows:
- Identification data
- Contact information
- No specially protected data are processed
4. Data Processors
Viafirma works with third parties located outside the European Union that perform the functions of Data Processors:
- We use the cloud-based email services of Google LLC (www.google.com), based in the United States, with whom we have a Data Processing Agreement (DPA) based on standard clauses adopted by the European Commission.
- Viafirma has contracted personal data storage and processing services under the cloud modality with Zoho Corporation (www.zoho.com) based in the United States and with which it has the corresponding Data Processing Agreement (DPA) based on standard clauses adopted by the European Commission.
- In the contracting conditions signed by the client, the hosting service, the tool for sending notifications, for sending SMS and the service contracted for the storage and management of the contracted product will be specified.
5. Electronic signature software users
Viafirma informs the users of the software of all its products and electronic signature solutions that the data processing carried out as a consequence of the execution of said software is carried out by Viafirma as Data Processor, being the responsible for said processing the individual or legal entity that has contracted our products or services and has given access or has requested the signature of the document sent. If you wish additional information, you can exercise your rights in the ways and mechanisms indicated in this privacy policy.
6. Biometric signature
Viafirma informs users who use biometric signature to sign documents, that the biometric data processing derived from such signature (e.g. stroke or writing speed, pressure, acceleration), is carried out by Viafirma as a data processor, being the responsible for such processing the natural or legal person who has contracted the product or service from which the signature collection is derived.
The biometric data collected are treated under the legally established security measures proceeding to the encryption of the same. For additional information you can exercise your rights in the ways and mechanisms indicated in this privacy policy.
7. Stakeholder Rights
– Unsubscribe from our mailing lists – You have the right to obtain confirmation as to whether we are processing personal data concerning you – The persons concerned have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, to request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected. – In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims. – In certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. In these cases, your data will not be processed except for legitimate reasons or for the exercise or defense of possible claims. – In certain circumstances, you have the right to receive the personal data concerning you in a structured, commonly used, machine-readable format.
You can exercise your rights through the email address [email protected] or in person at our facilities, as well as obtain more information about your rights and access models for their exercise at the following web address:
Likewise, we inform you of your right to file a complaint with the Spanish Data Protection Agency if the request to exercise any right has not been properly satisfied or if for any other reason you consider that your personal data is not being treated correctly. To do so, you can contact the following web address https://sedeagpd.gob.es/
8. Security
Viafirma has several certifications in the field of information security that certify the fulfillment of security standards in the treatment of personal data.
Viafirma applies the security measures established in the following norms or standards for the treatment of your data:
- UNE-EN ISO/IEC 27001:2017
- NATIONAL SECURITY SCHEME (RD 311/2022)
- EIDAS (RGTO. UE 910/2014)
9. Location
Valid for
- Viafirma Mobile iOS and Android
- Viafirma Documents iOS and Android
- Viafirma Inbox iOS and Android
Use of localization in Viafirma’s mobile Apps
We collect and process location information when you use our services. We do not track the location of your device while you are using Viafirma but, in order to provide additional security to certain actions, it is necessary to track the location of the device at the moment of the operation. If you want to stop tracking the location of your device you can do it at any time by adjusting the device’s configuration.
10. Version
This privacy policy is dated 09/28/2023 and any changes to its terms will be posted on this website.