Clientify
Demo
Request a demo
Sign up for free

¿Tu proceso de ventas es un laberinto sin salida? | 21 de Octubre 17:00h (Madrid)
Webinar | 21 de Octubre 17:00h (Madrid)
Sign up
Sign up

Política de privacidad

  1. Introduction.

 

1.1. Through this document, “Clientify, SL” (hereinafter also referred to as Clientify), as the owner of this Website and the Platform referred to as “Clientify” (hereinafter, the “Platform”), hereby informs you of its personal data protection policy, so that you may decide freely and voluntarily whether you wish to provide Clientify with the Personal Data that may be requested from you or that may be obtained during your visit to any of the Websites clientify.com and clientify.net.

 

1.2. Clientify reserves the right to modify this Privacy Policy to adapt it to legislative or jurisprudential developments, as well as to industry or consumer practices. In such cases, Clientify shall update any changes made on this page. Certain services or functionalities of Clientify’s Websites and the Platform may contain specific conditions with particular provisions regarding Personal Data Protection. For example, the use/integration of the Platform with messaging applications, contacts, social networks, implies responsible and lawful use by the user, always observing the principles and lawful bases for data processing as recognized by Regulation (EU) 2016/679 of April 27, 2016 (GDPR).

 

  1. Data Controller.

 

2.1. Identification:

  • Corporate Name: “Clientify, SL”.
  • Tax ID (NIF): B-04800249.
  • Registered Address: Calle Padre Luque, number 1, 1st Floor – Left; 04001 — Almería.
  • Main Website: clientify.com
  • Platform Website (Linked): clientify.net
  • Contact Email: [email protected]
  • Contact Phone: (+34) 667 84 00 66.

 

2.2. Clientify, as the controller of personal data (hereinafter, the “Controller”), informs you that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (GDPR), relating to the protection of natural persons regarding the processing of personal data, and the recent Organic Law 3/2018 of December 5 (LOPD-GDD) regarding the protection of personal data and the guarantee of digital rights.

 

  1. Information and Data Processed.

 

Merely identifying data (first and last name) and, where applicable, contact data (address, phone number, and email address). Details regarding payment methods and other data required to complete the process of acquiring the User License and its maintenance/management. Data uploaded to the Platform by the user for its use.

 

  1. Intended Processing Operations.

 

4.1. Clientify shall collect and process your data in the following situations:

  • When you browse this Website, under informed cookies.
  • When you interact with us on social networks, blogs, etc.
  • When you contact us by other means, such as telephone, email, postal mail, or fax.
  • When you complete any form on this Website or participate in any organized/sent survey.
  • When you register to use any of our additional services/demos, trials, etc.
  • When you acquire a Free Trial of the Platform’s use.
  • When you download our mobile application available for Android + iOS.
  • When you purchase a Platform User License through payment, we will request a series of billing data, credit card, or account number, always provided by the CLIENT, for the management of your account.
  • When you sign a document via our available electronic signature service.

 

4.2. For technical and security reasons, our Websites, Platform, and associated services and functionalities may feature technologies that enable us to verify usage, detect potential technical errors or IT incidents, collect information regarding patterns of use, or information about the operating system or the environment in which they are utilized.

 

  1. Intended Processing Purposes.

 

The data obtained in the referred processing operations are used to:

  • Respond to your queries, doubts or concerns, process your orders, including payment transactions.
  • Maintain and improve our Platform or services that you have requested from us, as well as provide customer service.
  • Conduct surveys with the objective of assessing and improving our web content, our Platform, and services to offer a better experience.
  • Send electronic commercial communications about our Platform and related services that you have previously requested.
  • Manage and send information regarding updates, improvements, latest news, and personalized information tailored to the service you maintain with us or that may be of your interest based on your customer profile.
  • Respond to the exercise of recognized rights under Regulation (EU) 2016/679 of the Parliament and Council of April 27, 2016, regarding personal data processing and the free movement of such data and which repeals Directive 95/46/EC (hereinafter, “GDPR”), as well as Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter, “LOPD-GDD”), as well as to queries and claims.
  • Manage potential job requests/received Curricula Vitae for possible open selection processes at Clientify.
  • Manage your registration in our WhatsApp service (I need my Official WhatsApp line).
  • Properly manage documents signed via our electronic signature service.
  • If you use the “I Have Data Everywhere” import option, we will manage the portability and download of your data in a structured and easy-to-read format. We will provide different systems and formats to perform portability in a coordinated and simple manner.

 

  1. What Personal Data Do We Process?

 

6.1. When filling out any of our forms, depending on the case:

6.2. In these forms, you may provide, among others, the following personal data:

  • Your first name, last name, and contact details (address, telephone numbers, and email address).
  • Other contact details and preferences.
  • Data necessary for the formalization and accreditation, if applicable, of documents signed via the available electronic signature service.

 

We collect your data if you contact us via the Website.

 

6.3. If you provide us with your personal data, such data must be truthful, and you must notify Clientify of any modifications to them, being responsible in any case for the truthfulness and accuracy of the data supplied at all times. The person who provides his/her personal data to Clientify declares to be of legal age, being fully responsible for such declaration.

 

  1. Description of Completed Processings.

 

7.1. Sending commercial advertising communications by email, SMS, WhatsApp, social networks or any other present or future electronic or physical means that allows commercial communications to be made. Such electronic commercial communications shall be conducted by the Controller and related to Platform services or to our collaborating companies or suppliers with whom we have reached promotional agreements. In these cases, such third parties will never have access to personal data, unless strictly necessary for the use or maintenance of the contracted Platform/service.

 

7.2. Actions requested by the user: Process requests or any kind of application regarding Clientify’s offered services that you submit through any of the contact channels available. If you use the “I Have Data Everywhere” import option, we will manage the portability and download of your data in a structured and easy-to-read format. Various systems and formats will be made available to facilitate portability in a coordinated and simple manner.

 

7.3. Data stored during your visit: When you access any of the Clientify Websites, our web servers generally store, among other data, information about the browser and operating system you use, the website from which you visit us, the pages you visit on our web site, and the date of your visit. For security reasons—for example, to be able to detect possible attacks on our Website—the IP address provided by your Internet service provider will also be stored for a period of seven days. Except for the IP address, personal data are only stored if you provide such information, for example, upon registration, survey, client registration, commercial promotion. Clientify utilizes your personal data for the technical administration of the Platform, management of clients, conducting service surveys, and for marketing purposes, only to the extent necessary, and always previously informing the data subject.

 

7.4. Newsletter subscription: In the event of a subscription to any of our present or future informational Newsletters, as stated, your consent to the use of your personal data for sending advertising or carrying out other marketing actions, these will be stored and used for such purposes, such as sending the aforementioned newsletters, Platform and functionality updates via communication channels such as email, postal mail, or any channel that you have authorized. We may use your data to create and maintain your profile and thus send you personalized information about advertising actions or promotions. Likewise, we may use the data you provide to analyze and improve the effectiveness of our Website services, advertising, marketing, market research, and commercial activities.

 

7.5. Submission of Curriculum Vitae by applicants: If an applicant sends his/her CV through our Website or our contact email ([email protected]), the applicant authorizes Clientify to analyze the documents sent, all content directly accessible through search engines (Google), the profiles maintained on professional social networks such as LinkedIn or analogous ones, data obtained in entrance tests and information revealed during the job interview, with the goal of evaluating his/her application and, if applicable, offering a position. If the candidate is not selected, Clientify may retain his/her Curriculum Vitae for future selection processes unless the candidate states otherwise through any of the aforementioned channels.

 

  1. Criteria for Data Retention.

 

8.1. Generally, the data supplied will be retained while there is a mutual interest in maintaining the processing purpose, and when no longer necessary for such purpose, will be deleted with suitable security measures to guarantee pseudonymization of data or total destruction thereof.

 

8.2. In particular, personal data provided by you will be kept for a period determined based on the following criteria:

 

  • Legal obligation to retain;
  • Duration of contractual relationship and attention to any liabilities arising therefrom; and
  • Request for erasure by the data subject in applicable cases.

 

8.3. In view of this general standard, the following variations may arise:

  • Disaggregated Data: will be retained indefinitely;
  • Client Data: retention period of 4 years (Art. 66 et seq. of the General Tax Law), retention period of 6 years Art. 30 of the Commercial Code regarding accounting books and invoices).
  • Data provided for newsletter subscription: from the time the subscriber consents until the consent is withdrawn; and
  • Data provided by applicants through submission of a CV: the CV may be kept for up to two years for future selection processes unless the applicant expresses the contrary.
  • In the case of a portability request, the right to portability does not extend the retention period of the data. Clientify will retain the data only for the duration of the original purpose or contractual relationship, and then block them for the time legally required under the applicable regulations (tax, commercial, labor).

 

  1. Communication of Data.

 

9.1. Clientify may share your personal data with:

The purpose of sharing data with the referred companies, which compose and integrate with the Controller, shall be the same as previously stated.

Professional service providers, such as attorneys, attorneys-at-law, notaries, registrars, or other similar professionals in certain cases.

Public bodies, courts, regulators, and other administrative authorities, when deemed necessary to comply with a legal or regulatory obligation, or otherwise to protect against claims against us or third parties, or the safety of persons, and to prevent, or in any other way fight, fraud or for security or protection reasons.

Any third party that purchases, or to whom we transfer, all or a substantial part of our assets and businesses. In the event of such sale or transfer, we shall use all reasonable efforts to ensure that the entity to which we transfer your personal data uses them according to this Privacy Policy.

In such cases, we will ensure that your data is used for suitable purposes in accordance with this Privacy Policy and the relevant contracts or clauses for data processing are signed (Standard Clauses), applying the same or similar security measures that Clientify uses.

 

9.2. We may share your personal data with our subsidiary, “Servicios de Programación Estructurada y Diseño de Páginas Web, SLU,” which manages the website www.findthatlead.com. We may also share your personal data with other affiliated/related companies, or with subsidiaries offering accessory services/functions, with your consent when required by law, as well as with any third party that purchases, or to whom we transfer, all or a substantial part of our assets and businesses. In the event of such sale or transfer, we shall use all reasonable efforts to ensure that the entity to which we transfer your personal data uses them according to this Privacy Policy. These entities may act as controllers, according to their personal data protection policies, or as contractors to perform tasks under the instructions we provide.

 

9.3. International Data Transfers. On July 10, 2023, the European Commission adopted a new adequacy decision to allow international transfers of personal data between entities of the European Union (EU) and the United States (USA) under the EU-U.S. Data Privacy Framework. After the decision of the Court of Justice of the European Union (CJEU) on July 16, 2020, known as Schrems II, international transfers of personal data to the USA were questioned due to the issues identified by the CJEU related to U.S. surveillance practices and the lack of mechanisms for European citizens to respond to interferences with their rights.

 

With the indicated adequacy decision, the European Commission recognizes that the USA guarantees a level of protection equivalent to that offered by the EU, but only when international transfers occur with entities certified under the new EU-U.S. Data Privacy Framework.

 

Therefore, in accordance with the above, personal data will circulate safely from the European Union to US companies participating in the Framework, without the need for additional data protection guarantees.

 

Rest of international transfers to the USA: Both the adopted safeguards and legislative changes in the USA will facilitate the use of guarantees such as standard contractual clauses or binding corporate rules.

 

This does not exclude the need for a transfer impact analysis (“Transfer Impact Assessment”) for any transfer outside the Data Privacy Framework. The adequacy decision guarantees the possibility of transferring data between the EU and the USA through a stable and reliable agreement that protects individuals and provides legal certainty to companies.

 

  1. Lawful Basis for the Informed Processing.

 

10.1. As a general rule, prior to processing personal data, Clientify obtains the data subject’s express and unequivocal consent by incorporating informed consent clauses in the various information gathering, use/download, and Platform contracting systems, based on the legitimate interest of CLIENT.

 

10.2. Notwithstanding the above, the lawful bases are as follows:

  • When processing is necessary for the execution of the User License contract or the data is necessary in a pre-contractual relationship context.
  • When the use of your personal data is necessary for the satisfaction of our legitimate interests or those of the companies with whom we have shared your personal data.
  • When data processing is necessary to comply with applicable sector legal/regulatory obligations in force at any given time, among which are those related to product and service marketing, consumer and user protection, organization of retail commerce, and other applicable regulations.
  • In accordance with the applicable Information Society Services Law (LSSI), if there is a previous relationship in the context of the sale of a Platform User License, the data may be used for sending electronic commercial communications regarding our Platform, unless you object in the manner provided for.
  • When deemed necessary to process your personal data to comply with a legal or regulatory obligation, or vital interest.
  • When we have your consent, for example, to collect technical information such as cookies data and similar technologies as described in the “Cookie Use Policy” document available at https://clientify.com/politica-uso-cookies on this Website.
  • Acceptance of a contractual relationship within the relevant social network context, and in accordance with their Privacy Policies when you visit any of our social profiles, detailed below:

 

  1. Recognized Rights.

 

These are your rights as a data subject or holder of personal data:

 

Right of access: You have the right to obtain confirmation from the company whether your personal data is being processed or not. In such case, Clientify will provide a copy of the personal data undergoing processing.

 

Right of rectification: You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you. Given the purpose of processing, you have the right to have incomplete personal data completed, including by means of an additional statement.

 

Right of erasure: You have the right to obtain, without undue delay, erasure of inaccurate personal data concerning you. Clientify shall be obliged to erase such personal data without delay when any of the following circumstances apply:

  • personal data is no longer necessary regarding the purposes for which it was collected or otherwise processed;
  • consent on which the processing is based is withdrawn and there is no other legal ground for processing;
  • you object to processing and there are no overriding legitimate grounds;
  • your data has been processed unlawfully;
  • your data must be erased to comply with a legal obligation;
  • or your personal data has been obtained regarding the offer of information society services to children (under 16 years).

 

Right to restriction of processing: Where your personal data processing has been restricted pursuant to a request from you, those data shall only be processed, except for their storage, with your consent or for the establishment, exercise, or defense of claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest. You have the right to obtain restriction of your personal data processing when any of the following conditions applies:

  • you contest the accuracy of your personal data, for a period enabling Clientify to verify their accuracy;
  • processing is unlawful and, as the data subject, you oppose the erasure of your personal data and request restriction of use instead;
  • Clientify no longer needs the personal data for the processing purposes but you require them for the establishment, exercise, or defense of claims;
  • You have objected to processing, pending verification whether Clientify’s legitimate grounds override those of the data subject.

 

Right to data portability: You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance from Clientify, when:

  • processing is based on your consent, and
  • processing is carried out by automated means.

 

Right to object: You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you based on public interests or legitimate interests of the Controller. Where personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data about you for such marketing. If you object to the processing of your data for direct marketing purposes, such personal data shall no longer be processed for such purposes.

 

Please remember that whenever the legal basis of processing your data is your consent, you are entitled to revoke that consent at all times and as easily as it was given. You also have the right to lodge a complaint with the relevant supervisory authority, generally the Spanish Data Protection Agency. For more information, you can visit their website at https://www.aepd.es. Finally, you have the right not to be subject to a decision by Clientify based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

 

  1. Contact Details for Exercising Your Rights.

 

Clientify, in application of articles 37 et seq. of Regulation (EU) 2016/679 of April 27, 2016 (GDPR), and LOPD-GDD 3/2018 of December 5, informs you that it has an internal manager appointed for Data Protection management whose contact details are as follows:

  • Registered Address: Calle Padre Luque, number 1, 1st Floor – Left; 04001 — Almería.
  • Contact Email: [email protected]
  • Contact Phone: (+34) 667 84 00 66

 

  1. Mandatory or Optional Nature of Data Provided.

 

13.1. Data collected via any contact forms enabled on this Website, data provided by you when participating in activities/events, promotions, etc. held by Clientify, or data supplied by you to manage the service relationship, shall be incorporated, depending on their purpose, into the Internal Processing Activities Register (Article 30 of Regulation (EU) 2016/679 of April 27, 2016). The Register of Processing Activities is available to the Supervisory Authority.

 

13.2. By ticking the corresponding checkboxes and entering data in different fields marked with an asterisk (*) in the contact forms or presented on paper forms, you expressly and freely accept that your data are necessary for Clientify to attend your request; inclusion of data in the remaining fields is voluntary. You guarantee that the personal data provided are true and are responsible for reporting any changes to them.

 

13.3. Clientify informs and expressly guarantees that your personal data shall not be transferred to third parties in any case, and that whenever it is planned to make any future transfer, your prior, informed, and unequivocal express consent will be requested, informing you about the transferee’s data and the purpose of the transfer. All data requested through the Website are mandatory, as they are necessary for the provision of optimum service. If not all data are provided, it cannot be guaranteed that the information and services provided are completely tailored to your needs.

 

  1. Security Measures.

 

14.1. In compliance with current legislation on personal data protection, and particularly Regulation (EU) 2016/679 of April 27, 2016 and recent LOPD-GDD 3/2018 of December 5, Clientify complies with all provisions of the regulations concerning the processing of personal data under its responsibility and with the principles described, according to which data are processed lawfully, fairly, and transparently in relation to the data subject, and are adequate, relevant, and limited to what is necessary for the purposes for which they are processed.

 

14.2. In all cases, Clientify has implemented sufficient mechanisms to:

  • Guarantee the confidentiality, integrity, availability, and resilience of processing systems and services at all times.
  • Restore availability and access to personal data quickly in the event of a physical or technical incident.
  • Regularly verify, assess, and evaluate the effectiveness of the technical and organizational measures implemented to guarantee the security of processing.
  • Pseudonymize and encrypt personal data, where applicable.

 

14.3. Clientify guarantees implementation of suitable technical and organizational policies to apply the security measures established by Regulation (EU) 2016/679 of April 27, 2016 and recent LOPD-GDD 3/2018 of December 5 in order to protect your rights and freedoms and has communicated appropriate information so that you may exercise them. Clientify has installed all technical means and measures at its disposal to prevent loss, misuse, alteration, unauthorized access, and theft of Personal Data provided by you. Notwithstanding, you should be aware that security measures on the Internet are not infallible.

 

14.4. The personal data incorporated into the Internal Processing Activities Register shall be processed with maximum confidentiality and security; the Data Controller indicated may send commercial information relating to NEWS OF THE Platform AND PROMOTIONS OFFERED BY Clientify. In this case, the sender undertakes to indicate its advertising purpose when making the delivery and to provide a simple, clear, and free system for opting out.

 

14.5. Platform services offered on the Website are intended exclusively for adults. If any service, promotional activity, event, or similar is offered that may result in the collection of minors’ Personal Data, Clientify will always request parental consent for minors to participate and for their Personal Data to be subject to automated processing as provided in this Privacy Policy.

 

14.6. As previously informed, the collection and automated processing of Personal Data have the objective of maintaining the commercial relationship, if any, established with Clientify, the management, administration, provision, expansion, and improvement of services that you decide to contract, register, or use, the adaptation of such services to your preferences and tastes, the study of your use of services, the design of new Platform services, sending service updates, sending, by traditional and electronic means, commercial information about the Platform and our company currently and in the future.

 

  1. Clientify and Social Networks.

 

15.1. For what purposes are we going to process your personal data?

  • To answer your queries, requests, or applications.
  • To manage the requested service, address your request, or process your application.
  • To engage with you in a community of followers.

 

15.2. What is the lawful basis for processing your data? Acceptance of a contractual relationship within the relevant social network context, and based on its Privacy Policies:

 

15.3. Clientify is, in all cases, the controller of the data of its followers, fans, subscribers, commenters, and other user profiles (hereinafter, followers). The processing that Clientify will perform with said data will be, at maximum, what the social network allows for corporate profiles. Thus, Clientify may inform its followers by any means allowed by the social network about its news, activities, promotions. Under no circumstances will Clientify extract data from social networks unless prior and express consent is obtained for that purpose. When, due to the nature of social networks, the effective exercise of the follower’s rights requires modification of his/her personal profile, Clientify will assist and advise to the extent possible.

 

  1. Right to Information.

 

Upon appropriate request, Clientify will immediately inform you in writing, in accordance with applicable law, if we have stored your personal data and which data it is. If you are registered on this Website, we offer you the possibility to personally consult your data and, if necessary, proceed to delete, modify, and/or update them.

 

  1. Clientify and GDPR 679/2016 and LOPD-GDD 3/2018 Compliance.

 

17.1. We inform you that protection of the data you entrust to us by contracting and contacting us is fundamental for Clientify; therefore, and in accordance with the applicable GDPR and LOPD-GDD regulations, and as a description of the measures carried out by Clientify, we detail the following:

  • We maintain a Register of Processing Activities (RAT) in accordance with Article 30 of the GDPR, available to the supervisory authority/data subject.
  • We have audited all entry channels for data in the company and Platform, and according to that identification, have established the legal bases for data processing in each case, under Articles 6 and 9 of the GDPR.
  • We inform all visitors/clients/providers/employees regarding data processing in accordance with Articles 13 and 14 of the GDPR.
  • We have established specific channels to address requests for rights regarding their data, specifically, the rights of: access, rectification and deletion, restriction of processing, data portability (Article 20 of the GDPR), objection, and automated decisions.
  • We have identified our data processors and have requested prior compliance guarantees to accredit completed procedures and thus retain said guarantees for possible applicants. Once processors have been evaluated, the corresponding processor contract has been signed in accordance with Article 28 of the GDPR.
  • We have conducted an external risk analysis to obtain a list of vulnerabilities and thus implement appropriate security measures in accordance with criteria set by the designated DPO and System Administrator appointed by Clientify.
  • Training and awareness actions for staff have been completed, conducted by our appointed DPO and tracked by a signed attendance control.
  • Regarding personnel, all employees and collaborators of Clientify have signed a confidentiality and privacy document, also informing us of computer equipment usage policies, confidentiality measures, and use of portable devices.
  • There is a contingency and business continuity plan based on proper organization and classification of information and secure backup against possible attacks, viruses, malware.
  • Clientify, as a responsible and compliance-aware company, recommends employees subscribe to INCIBE alert newsletters. For your interest and as encouragement for cybersecurity and prevention culture, links for subscription to different referred portals are:
  • ALERTS Incibe-cert: https://www.incibe.es/incibe-cert/simplenews/subscriptions/landing
  • ALERTS OSI: https://www.incibe.es/ciudadania/simplenews/subscriptions/landing
  • ALERTS INCIBE Companies: https://www.incibe.es/empresas/simplenews/subscriptions/landing
  • An internal protocol, known by all employees, exists to report security breaches; according to regulations, security violations regarding data must be notified to data protection authorities (Article 33 of the GDPR) and to subjects whose data has been compromised (Article 34 of the GDPR).
  • A Data Protection Officer, a System Administrator, and a Data Protection Delegate have been appointed, forming the “Clientify Crisis Cabinet.” Clientify offers the following email for data protection matters: [email protected]

 

17.2. Due to our volume of clients, it is impossible to individually sign agreements with all our clients, Data Controllers; therefore, acceptance of this Privacy Policy constitutes the conclusion of the data access agreement, as required under the GDPR. This data access contract that Clientify assumes as processor complies with the requirements set out in data protection legislation.

 

17.3. By contracting the Platform, you, as Data Controller, accept that Clientify acts as data processor, as well as the obligations set forth in the Data Access Agreement (Art. 28 of GDPR 679/2016), which contains the following:

 

Personal Data Access Agreement

 

  1. Introduction.

 

1.1. Through this document, “Clientify, SL,” domiciled in Almería (Spain), Calle Padre Luque, number 1, 1st Floor – Left, 04001; with contact email for the purposes of this agreement at [email protected] and Tax ID B-04800249, as the owner of the Websites clientify.com and clientify.net and of the Plataforma called “Clientify” (hereinafter, the “Platform”), hereby informs all interested parties seeking a Platform Use License of the conditions for Access to Personal Data arising from its use, whose simultaneous, complete, and express acceptance is essential to obtain the user license and to subsequently use the Platform.

 

1.2. For the purposes of this document, the Data Controller (hereinafter, the Controller) is understood as the natural or legal person holding a Platform Use License whose effective use may involve the processing of personal data owned by the Controller.

 

1.3. For the purposes of this document, the Data Processor (hereinafter, the Processor) is understood as the entity “Clientify, SL,” which grants the Controller a Platform Use License.

 

1.4. The Platform Use License agreement formalized herein entails a service provision by the Processor, consisting of managing certain aspects of the Controller’s internal management to improve the information and commercial management channels, governed by Clientify’s General Contracting Conditions, which the Controller states having accessed via https://clientify.com/condiciones-generales-de-contratacion; use of which may involve processing personal data owned by the Controller.

 

1.5. In compliance with Article 28 of Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016 (GDPR), and LOPD-GDD 3/2018 of December 5, this document, whose acceptance by the Controller confers contractual nature and is an integral part of the Platform Use License agreement formalized elsewhere, governs access by the Processor to personal data owned by the Controller, subject to the following…

 

CLAUSES

 

  1. Purpose of Data Processing Assignment. Through this agreement, the Controller enables the Processor to process the personal data owned by the Controller which are necessary to provide the service subject to the Platform Use License agreement formalized elsewhere.

Specification of data processing:

  • Collection
  • Structuring
  • Extraction/Portability
  • Communication
  • Destruction
  • Encryption
  • Retention

 

  1. Identification of data involved. To execute the services derived from this agreement, the Controller makes available to the Processor the information described below:
  • Information stored/uploaded by the Controller on the Platform, such as user data, employees, suppliers, clients, communications, notices and appointments, email management, contact agenda, and others similar to information uploaded by the Controller, own or third-party.
  • Identifying Data [First and Last Name, Personal ID, SS Number, Address, Telephone, Signature/Fingerprint, Image/Voice]
  • Personal Characteristics [Marital Status; Age; Family Data; Sex; Date and Place of Birth; Nationality; Language]
  • Economic, financial and insurance data [Income, earnings; contracts; Banking information; Payroll economic data; Credit card data]
  • Category of data subjects: Clientify client data: clients, suppliers, collaborators, others; and
  • Data hosted on the Platform: as many categories as types of processing stored by the Controller.

 

  1. Duration. This agreement remains valid while the Processor provides the Controller with the services regulated in the Platform Use License agreement. Once said agreement ends, the Processor must delete the personal data and any copies in its possession.

 

  1. Obligations of the Processor.

 

5.1. In general, observe all necessary organizational and technical provisions and undertake all acts required or recommendable to strictly comply with its obligations as Data Processor, consistent with applicable law and industry best practices.

 

5.2. Access the Controller’s personal data and use them only for the purposes specified in this assignment, always according to instructions provided by the Controller. Data may not be used for its own purposes.

 

5.3. Do not transfer or communicate, under any circumstances, Controller’s personal data to any third party, nor allow any form of third-party access, nor retain such data for conservation purposes.

 

5.4. Maintain a written record of all categories of processing activities performed for the Controller, with the minimum content under Article 30 of GDPR.

 

5.5. Do not communicate personal data to third parties, unless express authorization from the Controller is provided, in cases permitted by law. If the Processor must transfer personal data to a third country or international organization under EU or Member State law applicable to it, it will inform the Controller of such legal requirement in advance, unless prohibited by law for reasons of public interest.

 

5.6. Maintain confidentiality about personal data accessed under this agreement, even after its conclusion.

 

5.7. Ensure personal data is processed only by those employees or collaborators and subcontractors whose intervention is necessary for contractual purposes, who must have received the necessary training in data protection, guaranteeing confidentiality of the data, and ensuring all such persons have expressly and in writing acknowledged such obligation and security compliance.

 

5.8. Make documentation verifying compliance with the above obligation available to the Controller.

 

5.9. Assist the Controller in responding to the exercise of the following rights:

  • Access, rectification, erasure and objection,
  • Restriction of processing,
  • Portability, using the “I Have My Data Everywhere” feature
  • Not to be subject to automated individual decisions – including profiling.

 

When affected persons exercise the rights of access, rectification, erasure and objection, restriction of processing, data portability, and not to be subject to automated individual decisions, with the Processor, the Processor must notify the Controller by email immediately, and no later than the next business day after receiving the request, including any other information that may be relevant for resolving the request.

 

5.10. Right to information. The Controller bears responsibility for providing data subjects with information at the time of data collection.

 

5.11. Notification of Security Breaches. The Processor will notify the Controller without undue delay, and in any event within a maximum period of twenty-four (24) hours and by email, of any security breaches involving personal data in its charge where known, together with all relevant information for documenting and communicating the incident. Notification is not required where the breach is unlikely to pose a risk to the rights and freedoms of data subjects. If available, at least the following information will be provided:

  • Description of the nature of the data breach, including, where possible, the categories and approximate number of affected data subjects, and categories and approximate number of records affected;
  • Name and contact details of the Data Protection Officer or other contact point for more information;
  • Description of possible consequences of the data breach;
  • Description of measures taken or proposed to remedy the data breach, including measures taken to mitigate possible adverse effects.

 

If it is not possible to provide the information at the same time, and to the extent that it is not, the information will be provided in phases without undue delay.

 

The Processor must communicate security breaches to affected persons as soon as possible when the breach is likely to pose a high risk to the rights and freedoms of natural persons. Communication must be in clear and plain language and include, at least:

  • Explanation of the nature of the data breach;
  • Name and contact details of the Data Protection Officer or other contact point for additional information;
  • Description of possible consequences of the data breach;
  • Description of the measures taken or suggested by the Controller to remedy the breach, including measures adopted to mitigate possible adverse effects.

 

5.12. Support the Controller in conducting: Data protection impact assessments when appropriate, and in consulting with the supervisory authority when necessary.

 

5.13. Make available to the Controller all information necessary to demonstrate its compliance, as well as to allow for audits or inspections by the Controller or an authorized auditor.

 

5.14. Implement the following security measures. In all cases, the Processor must implement mechanisms to:

  • Guarantee the confidentiality, integrity, availability, and resilience of systems and processing services at all times;
  • Restore availability and access to personal data promptly in the event of a physical or technical incident;
  • Regularly verify, evaluate, and assess the effectiveness of technical and organizational measures implemented to ensure security of processing;
  • Pseudonymize and encrypt personal data, where applicable.

 

5.15. Appoint a Data Protection Officer, if required, and communicate his/her identity and contact details to the Controller. To this end, the contact with the officially appointed DPO before the AEPD is: Email: [email protected] Address: Calle Padre Luque, Nº 1, 1st Floor – Left; 04001 — Almería.

 

5.16. Subcontracting. If it is necessary to subcontract any processing, this must be communicated to the Controller in advance and in writing, at least five (5) days in advance, stating clearly and unequivocally the processing to be subcontracted and identifying the subcontractor and its contact details. Subcontracting may proceed if the Controller does not object within the set time.

 

Once its adequacy and GDPR security have been evaluated, the Processor is authorized to subcontract the services involved in the following processing:

 

For subcontracting with other companies, the Processor must notify the Controller in writing, clearly and unequivocally identifying the subcontractor and its contact details. Subcontracting may proceed if the Controller does not object within TEN (10) days.

 

The subcontractor, also qualifying as Processor, must comply equally with the obligations established in this document and the instructions of the Controller. The initial Processor is responsible for regulating the new relationship so that the new Processor is subject to the same conditions (instructions, obligations, security measures…) and requirements to ensure proper personal data processing and safeguarding the rights of affected persons. If the subcontractor fails to comply, the initial Processor remains fully responsible to the Controller regarding such obligations.

 

5.17. Data destination. Upon termination of the Platform Use License agreement, for any reason, the Processor undertakes to destroy the data once the services are completed. After destruction, the Processor must certify destruction in writing and deliver the certificate to the Controller.

 

Notwithstanding, the Processor may retain a copy with data duly blocked, as long as liabilities may arise from the performance of the service.

 

  1. Obligations of the Controller.

 

6.1. Deliver to the Processor the data referred to in Stipulation 3 of this agreement.

 

6.2. Conduct a personal data protection impact assessment of processing operations to be performed by the Processor, if applicable.

 

6.3. Conduct prior consultations as required.

 

6.4. Ensure, before and throughout processing, GDPR compliance by the Processor.

 

6.5. Oversee processing, including inspections and audits.

 

  1. Responsibility of the Processor.

 

7.1. The Processor will be considered Controller if it uses the data for another purpose, communicates or uses it, breaching this agreement. In these cases, the Processor is liable for any violations committed personally.

 

7.2. The Processor will indemnify the Controller against any damages arising from breach of obligations under this agreement. Processor’ liability includes all administrative penalties and/or judicial sanctions resulting against the Controller out of Processor’s breach of applicable data protection regulations and contractual requirements.

 

  1. Personal Data of the Contract Signatories: The personal data of the Controller and the Processor shall be incorporated into their respective Processing Activities Registers for the purpose of maintaining the contractual relationship formalized under this agreement. Data subjects whose personal data are incorporated into the said Registers may exercise their rights of access, rectification, erasure, restriction, forgetting, and objection by writing, together with valid identification, to the relevant controller, with the address as stated in the Platform Use License agreement. Parties undertake to promptly notify any modification to their personal data to keep information held in each party’s processing up-to-date and error-free. The Controller may retain personal data after the termination of the business relationship for the legally established limitation period. The purpose of collecting the signatories’ personal data is to develop, fulfill, and monitor the contractual business relationship formalized between the Controller and the Processor in this agreement. In particular, for GDPR purposes, the Processor expressly consents for its data to be communicated by the Controller to collaborating companies and the public administration for the maintenance of this contractual relationship.

 

  1. Applicable Law and Jurisdiction. The Controller and the Processor, expressly waiving any other jurisdiction that may correspond to them, submit to Spanish law and the competence and jurisdiction of the courts of the city of Almería (Spain) for any question or controversy that may arise in connection with the interpretation, execution, or enforcement of this agreement.

 

[End of the Personal Data Access Agreement.]

 

———0———

 

  1. Applicable Regulations.

 

If you wish to obtain more information about the regulations that assist, protect, and set your rights, the following are the laws that inspired this privacy policy and are relevant to you:

 

  1. Language.

 

This Privacy Policy is drafted in Spanish and English. Should there be any discrepancy between the Spanish and English versions, the Spanish version shall prevail.

 

  1. Contact.

 

Should you require any clarification regarding this Privacy Policy, wish to make any inquiries or claims, or exercise rights, please contact our internal security manager or our DPO by writing to the following email: [email protected], indicating in the subject: “Data Protection.”

 

This Privacy Policy was revised and updated on August 26, 2025.