Iniciar sesión

1. Introduction.

1.1. Through this document, “Clientify, SL” (hereinafter referred to as “Clientify”) as the owner of this Website and the application named “Clientify” (hereinafter referred to as the “Application”), informs you of its personal data protection policy to enable you to decide freely and voluntarily whether you wish to provide Clientify with the Personal Data that may be requested from you or obtained during your visit to any of the Websites clientify.com and clientify.net.

1.2. Clientify reserves the right to modify this Privacy Policy to adapt it to legislative or judicial developments, as well as to industry/consumer practices. In such cases, Clientify will update the changes introduced on this page. Certain services/features of Clientify Websites and the Application may contain specific conditions with particular provisions on Personal Data Protection. For example, the use/integration of the Application with messaging, contacts, or social media platforms (hereinafter, «SM») implies responsible and lawful use by the user, always respecting the principles and legal bases for data processing recognized by Regulation (EU) 2016/679 of April 27, 2016 (GDPR).

2. Data Controller.

2.1. Identification:

  • Corporate name: “Clientify, SL”
  • Tax Identification Number (NIF): B-04800249
  • Registered Address: Calle Padre Luque, número 1, 1º-Izquierda; 04001 – Almería
  • Main Website: clientify.com
  • Application Website (linked): clientify.net
  • Contact Email: [email protected]
  • Contact Phone: (+34) 667 84 00 66

2.2. Clientify, as the data controller for personal data (hereinafter referred to as “Controller”), informs you that such data will be processed in compliance with the provisions of Regulation (EU) 2016/679 of April 27, 2016 (GDPR) on the protection of natural persons regarding personal data processing and the recent Organic Law 3/2018 of December 5 (LOPD-GDD) on the protection of personal data and the Guarantee of Digital Rights.

3. Information and Data Processed.

Clientify processes basic identification data (name + surname) and contact details, if applicable (address, phone number, and email). This includes payment details and other data required to complete the acquisition process for the License of Use and its maintenance/management. It also includes data uploaded by the user in the Application for their use.

4. Foreseen Data Processing Activities.

4.1. Clientify will collect and process your data in the following circumstances:

  • When you browse this Website using cookies as disclosed.
  • When you interact with us via SM, blogs, etc.
  • When you contact us via other means such as phone, email, postal mail, or fax.
  • When you fill out a form on this Website or participate in a survey organized or sent by us.
  • When you register to use any of our additional services/Demos, trials, etc.
  • When you acquire a Free Trial of the Application.
  • When you download our mobile application available for Android + iOS.
  • When you purchase a License of Use for the Application through payment, we will request billing data, credit card details, or account numbers as provided by the CLIENT to manage your account.

4.2. For technical and security reasons, our Websites, the Application, and the services and functionalities associated with it may include technologies that allow us to verify usage, detect potential technical errors or IT issues, and collect information on usage modes, the operating system, or the environment in which it is used.

5. Intended Purposes of Data Processing.

The data collected in the aforementioned processing activities are used for the following purposes:

  • To respond to your questions, doubts, or concerns, process your requests, including payment transactions.
  • To maintain and improve our application or services requested by you, including providing customer support.
  • To conduct surveys aimed at evaluating and improving our Web content, application, and services to enhance the user experience.
  • To send electronic commercial communications regarding our application and related services that you have previously requested.
  • To manage and send information about updates, improvements, the latest news, and personalized information tailored to the service you maintain with us or that may be of interest to you based on your customer profile.
  • To respond to the exercise of rights recognized by Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, on the protection of natural persons with regard to personal data processing and the free movement of such data (hereinafter referred to as “GDPR”) and Organic Law 3/2018 of December 5 on the Protection of Personal Data and Guarantee of Digital Rights (hereinafter referred to as “LOPD-GDD”), as well as inquiries and claims.
  • To manage job applications/CVs received for potential open selection processes at Clientify.
  • To manage your registration for our WhatsApp service (Official WhatsApp Line required).

6. What Personal Data Do We Process?

6.1. When you complete any of our forms, depending on the case:

  • Free Trial: https://app.clientify.com/accounts/register/
  • Request an Online Demo: https://clientify.com/demo-gratuita-clientify
  • Request More Information on the Partner Program: https://clientify.com/conviertete-en-partner
  • Request More Information on the Digital Kit Program: https://clientify.com/kit-digital-crm-subvencion
  • Academy Registration: https://academia.clientify.com/mis-cursos/

6.2. The forms allow you to provide, among others, the following personal data:

  • Your name, surname, and contact information (address, phone numbers, and email).
  • Other contact details and preferences.

We collect your data when you contact us through the Website.

6.3. If you provide us with your personal data, they must be accurate, and you must notify Clientify of any changes to them. You are, in any case, responsible for the truthfulness and accuracy of the data provided at all times. The individual providing their personal data to Clientify declares that they are of legal age, being entirely responsible for such a declaration.

7. Description of Processing Activities.

7.1. Sending of commercial communications through email, SMS, WhatsApp, social networks, or any other electronic or physical means, present or future, enabling commercial communication. These electronic commercial communications will be carried out by the Controller and related to the services of the Application, our collaborating companies, or providers with whom we have reached a promotional agreement. In such cases, these third parties will never have access to personal data unless strictly necessary to manage the Application’s service, maintenance, or contracted usage.

7.2. User-requested actions: Processing of requests or any type of petition related to the services offered by Clientify that you submit through any of the provided contact channels.

7.3. Data stored during visits: When you access any of Clientify’s Websites, our web servers generally store, among other data, information about the browser and operating system you use, the webpage from which you visited us, the pages you visit on our website, and the date of your visit. For security reasons—for instance, to detect possible attacks on our Website—the IP address assigned by your Internet Service Provider will also be stored for a period of seven days. Except for the IP address, personal data will only be stored if you provide such information, for instance, during registration, participation in a survey, client registration, or commercial promotion. Clientify uses your personal data for the technical administration of the Application, client management, service-related surveys, and marketing tasks, strictly as necessary and always with prior notice to the data subject.

7.4. Subscription to newsletters: By subscribing to any of our informative newsletters, current or future, you consent to the use of your personal data for advertising purposes or other marketing actions. These data will be stored and used for such purposes, such as the aforementioned newsletter mailings, updates about the Application and its functionalities, via communication channels like email, postal mail, or any other means you have authorized. We may use your data to create and maintain an updated profile to send you personalized advertising or promotional information. Additionally, we may use the data you provide to analyze and improve the efficiency of the Website’s services, advertising, marketing, market research, and commercial activities.

7.5. Submission of CV by candidates: If a candidate submits a CV via our Website or to our contact email ([email protected]), the candidate authorizes Clientify to analyze the documents provided, all content directly accessible via search engines (Google), profiles maintained on professional social networks such as LinkedIn or similar, data obtained during assessments, and information disclosed during the job interview. This is for the purpose of evaluating their candidacy and, if applicable, offering a position. Should the candidate not be selected, Clientify may store the résumé for future job openings unless the candidate states otherwise through any of the aforementioned channels.

8. Data Retention Criteria

8.1. In general, the data provided will be retained as long as there is a mutual interest in maintaining the purpose of the processing. Once the data are no longer necessary for such purposes, they will be deleted using appropriate security measures to ensure pseudonymization or total destruction.

8.2. Specifically, personal data provided by you will be retained for the period determined based on the following criteria:

  • Legal obligations for retention;
  • Duration of the contractual relationship and management of any resulting liabilities; and
  • Deletion requests by the data subject where applicable.

8.3. The following variations apply to the general rule:

  • Disaggregated Data: Retained without a deletion timeframe.
  • Clientify Client Data: Retained for 4 years (Art. 66 et seq. of the General Tax Law) and 6 years (Art. 30 of the Commercial Code regarding accounting books and invoices).
  • Data provided for newsletter subscriptions: Retained from the time consent is given until it is withdrawn.
  • CV submitted by candidates: Retained for up to two years for future selection processes unless the candidate states otherwise.

9. Data Sharing.

9.1. Clientify may share your personal data with:

  • Companies, entities, and other organizations contracted by Clientify to provide services such as hosting, marketing, market analysis, and IT services.
  • For Clientify to provide services to the Client, third-party subcontractors providing specific services may be engaged. These subcontractors may be external providers located both inside and outside the European Union. Clientify ensures that all subcontractors meet the obligations and requirements assumed by Clientify under its Data Access Agreement. Specifically, their data protection levels comply with the standards required by relevant data protection laws. If the jurisdiction falls outside the European Union and is not on the European Commission’s list of jurisdictions offering adequate data protection levels under GDPR, a specific agreement will be established to ensure compliance with EU data protection laws. Subcontractors engaged for the proper functioning of the application include:
  • Amazon Web Services (Servers): https://repost.aws/es/knowledge-center/gdpr-compliance
  • Digital Ocean (Server Hosting): https://www.digitalocean.com/legal/gdpr
  • PayPal (Payment Gateway): https://www.paypal.com/es/webapps/mpp/ua/privacy-full?locale.x=es_ES
  • Stripe (Payment Gateway): https://stripe.com/es/privacy
  • Intercom (Technical Support Software): https://www.intercom.com/legal/privacy
  • Usercentrics A/S (Cookie Acceptance): https://www.cookiebot.com/es/google-analytics-rgpd/
  • G-Suite (Google) (Application Suite): https://cloud.google.com/security/gdpr?hl=es
  • SendGrid (Email Sending Servers): https://sendgrid.com/resource/general-data-protection-regulation-2/
  • Zapier, Inc.: https://zapier.com/privacy
  • Trideco Asesores, SLP (Legal Advisory): https://trideco.es/politica-privacidad/
  • ACV Asesores (Fiscal, Financial, and Accounting Services): https://www.acvasesores.com/aviso-legal/#lopd
  • Masalbe Servicios Globales, SL (External DPO Designated): https://masalbe.com/privacidad
  • Holded (Accounting Software): https://www.holded.com/es/politica-de-cookies
  • Bird (Email Sending Servers): https://bird.com/legal/privacy
  • Other companies or organizations where you have requested or consented to the sharing of your personal data.

The purpose of sharing data with the aforementioned companies, which collaborate with or are integrated with the Controller, will be consistent with the purposes previously disclosed.

Professional service providers, such as lawyers, solicitors, notaries, registrars, or other similar professionals, in specific cases.

Public authorities, courts, regulators, and other administrative bodies, where we believe it is necessary to comply with a legal or regulatory obligation or otherwise to protect ourselves, third parties, or individuals from claims, fraud, or threats to safety.

Any third party that acquires or to whom we transfer all or a substantial part of our assets or business. If such a sale or transfer occurs, we will make every reasonable effort to ensure that the entity receiving your personal data uses it in accordance with this Privacy Policy. 

In such cases, we will ensure that your data is used for purposes consistent with this Privacy Policy and appropriate contracts or clauses (such as Standard Clauses) will be signed, applying the same or similar security measures as those implemented by Clientify.

9.2. We may share your personal data with our subsidiary, “Servicios de Programación Estructurada y Diseño de Páginas Web, SLU,” which manages the website www.findthatlead.com. Additionally, we may share your personal data with related or affiliated companies that provide ancillary services or functionalities, with your consent when required by law, or with any third party that purchases or to whom we transfer all or a substantial part of our assets and business. In the event of such a sale or transfer, we will make every reasonable effort to ensure that the entity to which we transfer your personal data uses it in accordance with this Privacy Policy. These entities may act as data controllers in accordance with their own personal data protection policies or as data processors, performing tasks as instructed by us.

9.3. International Data Transfers. On July 10, 2023, the European Commission adopted a new adequacy decision to enable international transfers of personal data between entities in the European Union (EU) and the United States (US) under the EU-U.S. Data Privacy Framework. Following the ruling of the Court of Justice of the European Union (CJEU) on July 16, 2020, known as the Schrems II Judgment, international transfers of personal data to the US were questioned due to concerns identified by the CJEU, related to US surveillance practices and the lack of mechanisms for European citizens to challenge interferences with their rights.

With the aforementioned adequacy decision, the European Commission recognizes that the US provides a level of protection equivalent to that offered by the EU, albeit only when international transfers occur with entities certified under the new EU-U.S. Data Privacy Framework.

Therefore, personal data will securely flow from the European Union to US companies participating in the Framework without the need to establish additional data protection guarantees.

Other International Transfers to the US. Both the safeguards adopted and the legislative changes introduced in the US facilitate the use of guarantees such as standard contractual clauses or binding corporate rules.

However, it remains necessary to conduct a Transfer Impact Assessment (TIA) for any transfer carried out outside the scope of the EU-U.S. Data Privacy Framework. The adequacy decision ensures that data transfers between the EU and the US can occur through a stable and reliable agreement that protects individuals and provides legal certainty for businesses.

10. Legal Basis for Informed Processing.

10.1. As a general rule, prior to the processing of personal data, Clientify obtains the explicit and unequivocal consent of the data subject by including informed consent clauses in the various systems for collecting information, using/downloading, and contracting for our Application, and based on the legitimate interest of the CLIENT.

10.2. Notwithstanding the above, the legal bases for processing are as follows:

  • When processing is necessary for the execution of the License of Use agreement or when the data is required within the framework of a pre-contractual relationship.
  • When the use of your personal data is necessary for the satisfaction of our legitimate interests or those of the companies with which we have shared your personal data.
  • When the processing of data is necessary to comply with the laws and regulations governing the sector’s legal obligations in force at any given time, including those relating to the marketing of products and services, consumer protection, regulation of retail trade, and other applicable regulations.
  • In accordance with the applicable regulations on Information Society Services (LSSI), if a prior relationship exists within the context of the sale of a License of Use for the Application, the data may be used for the sending of electronic commercial communications related to our Application unless you object to this in the manner provided for such purpose.
  • When we deem it necessary to process your personal data to comply with a legal or regulatory obligation, or for a vital interest.
  • When we have your consent, for example, to collect technical information such as cookie data and similar technologies as described in the «Cookie Policy,» which you can consult at the following link: https://clientify.com/politica-uso-cookies, made available on this Website.
  • Acceptance of a contractual relationship within the corresponding social network environment and in accordance with its Privacy Policies in each case, when you visit any of our social media profiles detailed below:
  • Facebook: https://www.facebook.com/clientify/
  • Facebook México: https://www.facebook.com/clientifymexico/
  • YouTube: https://www.youtube.com/channel/UCfjDDOI0RW17b2PyswdjZCQ
  • Instagram: https://www.instagram.com/clientify_official/?hl=es
  • Instagram México: https://www.instagram.com/_clientifymx_/?hl=es
  • X: https://x.com/clientify
  • X México: https://x.com/ClientifyM

11. Rights of the Data Subject.

Those are your rights as data subject:

Right of Access: You have the right to obtain confirmation from the company as to whether or not personal data concerning you is being processed. Clientify, if applicable, will provide a copy of the personal data subject to processing.

Right of Rectification: You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you. Considering the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right of Erasure: You have the right to obtain, without undue delay, the deletion of personal data concerning you. Clientify is obligated to delete such data without undue delay when one of the following conditions applies:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You withdraw consent on which the processing is based, and there is no other legal ground for the processing.
  • You object to the processing, and there are no overriding legitimate grounds for the processing.
  • Your data has been unlawfully processed.
  • Your data must be erased to comply with a legal obligation.
  • The personal data was collected in connection with the offering of information society services to children (under 16 years old).

Right to Restriction of Processing: When the processing of your personal data is restricted upon your request, such data may only be processed (except for its storage) with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest. You have the right to obtain the restriction  of the processing of your personal data when any of these conditions are met:

  • You contest the accuracy of the personal data, for a period enabling Clientify to verify the accuracy of the data.
  • The processing is unlawful, and you oppose the erasure of the personal data, requesting instead the restriction of its use.
  • Clientify no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims.
  • You have objected to the processing, pending verification of whether Clientify’s legitimate grounds override your interests.

Right to Data Portability: You have the right to receive the personal data that concerns you, which you have provided to the Controller, in a structured, commonly used, and machine-readable format, and to transmit it to another data controller when:

  • Data processing is based on your consent.
  • Data processing is carried out by automated means.

Right to Object: You have the right to object at any time, for reasons related to your particular situation, to personal data that concerns you being processed based on public interests or legitimate interests of the Controller. When the processing of personal data is intended for direct marketing, you will have the right to object at all times to the processing of personal data that concerns you. In the event that you object to the processing of your data for direct marketing purposes, said personal data will no longer be processed for such purposes.

Right to Withdraw Consent: You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent prior to its withdrawal.

You also have the right to file a claim with the respective supervisory authority, generally the Spanish Data Protection Agency. For more information, you can go to its website at this link https://www.aepd.es. Finally, you have the right not to be subject to a decision by Clientify based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you.

12. Contact information to exercise your rights.

To exercise your rights, you can send a written communication to Clientify at the postal or email addresses provided in Section 2 of this Privacy Policy, including a photocopy of your national identity document or another equivalent identification document.

  • Address: Calle Padre Luque, número 1, 1°-izquierda; 04001 – Almería.
  • Contact email: [email protected]
  • Contact Phone: (+34) 667 84 00 66

13. Mandatory or Optional Nature of the Provided Information.

13.1. The data collected through any contact forms available on this Website, the data you provide as part of your participation in activities/events, promotions, etc., organized by Clientify, or the data you provide to manage the service relationship, will be incorporated, depending on their purpose, into the Internal Processing Activities Register (Article 30 of Regulation (EU) 2016/679 of April 27, 2016). The Processing Activities Register is available to the Supervisory Authority.

13.2. By checking the corresponding boxes and entering data in the different fields marked with an asterisk (*) in the contact forms or in forms presented on paper, you expressly, freely, and unequivocally accept that your data is necessary for Clientify to address your request. The inclusion of data in other fields is voluntary. You guarantee that the personal data provided is truthful and take responsibility for notifying any changes to it.

13.3. Clientify explicitly informs and guarantees that your personal data will not be transferred to third parties under any circumstances, and that, should any transfer be planned in the future, your prior explicit, informed, and unequivocal consent will be sought, informing you about the recipient of the data and the purpose of the transfer. All the data requested through the Website is mandatory, as it is necessary to provide optimal service. If all the requested data is not provided, the information and services offered may not fully meet your needs.

14. Security Measures.

14.1. In accordance with the current regulations on personal data protection, particularly Regulation (EU) 2016/679 of April 27, 2016, and the recent LOPD-GDD 3/2018 of December 5, Clientify complies with all provisions of the regulations regarding the processing of personal data under its responsibility, as well as the principles described therein, ensuring that data is processed lawfully, fairly, and transparently with respect to the data subject, and that it is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

14.2. In all cases, Clientify has implemented sufficient mechanisms to:

  • Guarantee the confidentiality, integrity, availability, and resilience of processing systems and services.
  • Restore the availability of and access to personal data quickly in case of physical or technical incidents.
  • Regularly verify, evaluate, and assess the effectiveness of the technical and organizational measures implemented to ensure data processing security.
  • Pseudonymize and encrypt personal data, where applicable.

14.3. Clientify guarantees that it has implemented appropriate technical and organizational policies to enforce the security measures established by Regulation (EU) 2016/679 of April 27, 2016, and the recent LOPD-GDD 3/2018 of December 5, in order to protect your rights and freedoms. It has communicated sufficient information to enable you to exercise these rights. Clientify has employed all technical means and measures within its reach to prevent the loss, misuse, alteration, unauthorized access, and theft of Personal Data provided by you. However, you should be aware that no internet security measures are completely invulnerable.

14.4. Personal data included in the Internal Processing Activities Register will be processed with maximum confidentiality and security. The Controller  may send commercial information related to APPLICATION NEWS and PROMOTIONS OFFERED BY Clientify. In such cases, the sender is committed to indicating the advertising purpose of the communication and to providing a simple, clear, and free-of-charge mechanism to opt out of receiving such communications.

14.5. The services offered in the Clientify application via the Website are exclusively intended for adults. If a service, promotional activity, event, or similar involves the collection of minors’ Personal Data, Clientify will always seek parental consent to enable minors to access the service, and their Personal Data will be processed automatically in accordance with this Data Protection Policy.

14.6. As previously mentioned, the collection and automated processing of Personal Data aim to maintain the business relationship established with Clientify, manage, administer, provide, expand, and improve the services you choose to subscribe to or use, align those services with your preferences, study your use of the services, design new services for our application, send service updates, and provide commercial information about our current and future services via traditional and electronic means.

15. Clientify and Social Media.

15.1. What are the purposes of processing your personal data?

  • Responding to your inquiries, requests, or petitions.
  • Managing the requested service, responding to your application, or processing your request.
  • Interacting with you within a community of followers.

15.2. What legitimizes the processing of your data? The acceptance of a contractual relationship within the context of the corresponding social network and its Privacy Policies:

  • Facebook: http://www.facebook.com/policy.php?ref=pf
  • YouTube: https://policies.google.com/privacy?hl=es-ES
  • Instagram: https://privacycenter.instagram.com/policy
  • X (formerly Twitter): https://x.com/es/privacy

15.3. Clientify will always act as the data controller for its followers, fans, subscribers, commentators, and other user profiles (hereinafter referred to as «followers»). Clientify’s processing of such data will comply with the permissions granted by the relevant social network for corporate profiles. Clientify may, therefore, inform followers via any social network channel about its news, activities, and promotions. Under no circumstances will Clientify extract data from social networks unless express consent is obtained. When the effective exercise of followers’ rights depends on modifying their personal profile within the social network, Clientify will assist and advise to the best of its ability.

16. Right to Information.

Upon request, Clientify will immediately inform you in writing, in compliance with applicable laws, whether it has stored your personal data and provide details of such data. If you are registered on this Website, you have the option to review, delete, modify, or update your data personally.

17. Clientify and Compliance with GDPR 679/2016 and LOPD-GDD 3/2018.

17.1. Protecting the data entrusted to us is a priority for Clientify. To this end, and in compliance with GDPR and LOPD-GDD regulations, Clientify implements the following measures:

  • Maintains a Processing Activities Register (RAT) under Article 30 of GDPR, available to the supervisory authority or interested parties.
  • Audits data entry channels within the company and application, establishing legal bases for data processing in accordance with Articles 6 and 9 of GDPR.
  • Informs all visitors, clients, suppliers, and employees about data processing in compliance with Articles 13 and 14 of GDPR.
  • Provides specific mechanisms to address requests related to data subject rights, including access, rectification, deletion, processing limitations, data portability (Article 20 of GDPR), objection, and automated decision-making.
  • We have identified our data processors and have requested prior guarantees of compliance that allow us to accredit the procedure carried out and thus maintain the aforementioned guarantees for potential applicants. Once the data processors have been evaluated, the corresponding data processor contract has been signed, in accordance with article 28 of the RGPD.
  • Conducts external risk analysis to identify vulnerabilities and implements security measures in collaboration with the designated DPO (Data Protection Officer) and System Administrator.
  • Provides staff training and awareness sessions led by the DPO.
  • Ensures that all employees sign confidentiality and privacy agreements covering the use of IT equipment and mobile devices.
  • Maintains a contingency plan to ensure data security against attacks, viruses, and malware, supported by proper data organization and secure backups.
  • Clientify, as a responsible company aware of regulatory compliance, recommends that its employees subscribe to INCIBE alert newsletters. In case it is of interest to you, and as a promotion of cybersecurity and a culture of prevention, the links to subscribe to the different portals referred to are detailed below:
  • ALERTS Incibe-cert: https://www.incibe.es/incibe- cert/simplenews/subscriptions/landing
  • ALERTS OSI: https://www.incibe.es/ciudadania/simplenews/subscriptions/landing
  • ALERTS INCIBE COMPANIES: https://www.incibe.es/empresas/simplenews/subscriptions/landing
  • There is an internal protocol, known to all employees, to report security violations (security breaches); According to the regulations, data security breaches must be notified to data protection authorities (Article 33 of the GDPR) and to the subjects whose data has been compromised (Article 34 of the GDPR).
  • We have appointed an Internal Data Protection Officer, a Systems Administrator and a Data Protection Officer who make up Clientify’s “Crisis Cabinet”. Clientify puts at your disposal the following contact email for issues related to data protection: [email protected]

17.2. Due to our volume of clients, it would be impossible to enter into individually signed agreements with all our clients – Data Controllers – therefore, acceptance of this Privacy Policy implies the conclusion of the data access agreement, in compliance with what is established in the GDPR. This data access contract that Clientify assumes in its capacity as data processor, complies with the requirements stipulated in the data protection regulations.

17.3. By contracting our application, you, as Data Controller, agree that Clientify acts as the Data Processor, as well as the obligations detailed in the Data Access Agreement (Art. 28 GDPR 679/2016), which has the following content:

Data Access Agreement for Personal Data.

1. Introduction.

1.1. By means of this document, “Clientify, SL,” with its registered office in Almería (Spain), located at Calle Padre Luque, número 1, 1-Izquierda, 04001; email address for contact purposes under this agreement at [email protected], and with Tax Identification Number (NIF) B-04800249, as the owner of the websites clientify.com and clientify.net and the application named “Clientify” (hereinafter referred to as the “Application”), hereby notifies all individuals interested in obtaining a License to Use the Application of the conditions governing Access to Personal Data derived from its use. Acceptance of these conditions in their entirety and without reservation is an indispensable prerequisite to obtaining the license and to the subsequent use of the Application.

1.2. For the purposes of this document, the Controller of Personal Data (hereinafter referred to as the “Controller”) is defined as the natural or legal person who holds a License to Use the Application and whose effective use of it may involve the processing of personal data for which they are responsible.

1.3. For the purposes of this document, the Processor of Personal Data (hereinafter referred to as the “Processor”) is defined as the entity “Clientify, SL,” which grants the Controller a License to Use the Application.

1.4. The License Agreement for the Use of the Application entered into by the parties includes the provision of services by the Processor. These services pertain to the management of certain internal processes of the Controller, aimed at improving the Controller’s channels of information and commercial management activities, as regulated by Clientify’s General Terms and Conditions, which the Controller declares having accessed via the website https://clientify.com/condiciones-generales-de-contratacion. The use of the Application may involve the processing of personal data for which the Controller is responsible.

1.5. In compliance with Article 28 of Regulation (EU) 2016/679 of the European Parliament and of the Council, dated April 27, 2016 (hereinafter “GDPR”), and the Spanish Data Protection and Digital Rights Act 3/2018 of December 5 (hereinafter “LOPD-GDD”), this document constitutes a contractual agreement, binding upon the Controller upon acceptance, and forms an integral part of the License Agreement for the Use of the Application, which is formalized in a separate document. This agreement regulates the Processor’s access to personal data for which the Controller is responsible, subject to the following:

TERMS AND CONDITIONS

2. Purpose of the Data Processing Agreement. Through this agreement, the Controller authorizes the Processor to process the personal data under the Controller’s responsibility, which are necessary for the provision of the services subject to the License Agreement for the Use of the Application, formalized in a separate document.

  • Details of the processing to be performed:
  • Data Collection
  • Structuring
  • Extraction
  • Communication
  • Deletion
  • Encryption
  • Storage

3. Identification of the Affected Information. For the execution of the services arising from this agreement, the Controller provides the Processor with the following information:

  • Data stored or uploaded by the Controller when using the Application, such as data of users, employees, suppliers, clients, communications, notices and appointments, email management, contact agendas, and similar information uploaded by the Controller regarding themselves or third parties.
  • Identifying personal data [Name, surname, ID number, social security number, address, phone number, signature/fingerprint, image/voice].
  • Personal characteristics [Marital status, age, family information, gender, date and place of birth, nationality, language].
  • Economic, financial, and insurance data [Income, rents, contracts, bank data, payroll details, credit card information].
  • Categories of data subjects include: Client data: clients, suppliers, collaborators, others.
  • Data stored in the Application: as many categories as the types of processing uploaded by the Controller.

4. Duration: This agreement shall remain valid as long as the Processor provides the services regulated by the License Agreement for the Use of the Application. Once the said contract is terminated, the Processor must delete the personal data and any copies in its possession.

5. Obligations of the Processor.

5.1. In general, comply with all applicable legal provisions, organizational and technical measures, and execute all acts necessary or advisable to ensure strict compliance with the obligations under current legislation and good practices within the industry as a Processor of personal data for which the Controller is responsible.

5.2. Access and use the personal data solely for the purposes outlined in this agreement and always in accordance with the Controller’s instructions. Under no circumstances may the Processor use the data for its own purposes.

5.3. Not disclose or transfer the personal data to third parties without the explicit authorization of the Controller, even for storage purposes, and not allow third-party access to the data.

5.4. Maintain a written record of all categories of processing activities performed on behalf of the Controller, including the minimum content required under Article 30 of the GDPR.

5.5. Do not disclose personal data to third parties unless expressly authorized by the Controller in legally permissible cases. If the Processor must transfer personal data to a third country or an international organization under EU or Member State law applicable to it, the Processor will inform the Controller of this legal requirement beforehand unless such law prohibits this disclosure for reasons of public interest.

5.6. Maintain the duty of confidentiality with respect to the personal data accessed under this agreement, even after the termination of its purpose.

5.7. Ensure that personal data is processed solely by those employees, collaborators, or subcontractors whose involvement is essential to fulfill the contractual purpose. These individuals must have received adequate training in data protection and must guarantee the confidentiality of the data. The Processor must also ensure that the employees, collaborators, or subcontractors accessing the data have expressly assumed this obligation in writing, together with a commitment to comply with the corresponding security measures.

5.8. Keep at the Controller’s disposal documentation evidencing compliance with the obligation established in the preceding section.

5.9. Assist the Controller in responding to the exercise of the following rights:

  • Access, rectification, erasure, and objection,
  • Restriction of processing,
  • Data portability,
  • The right not to be subject to automated individual decisions, including profiling.

When data subjects exercise their rights of access, rectification, erasure, objection, restriction of processing, data portability, or not to be subject to automated individual decisions before the Processor, the Processor must communicate this to the Controller via email. Such communication must be made immediately and, in no case, later than the next business day following the receipt of the request, along with any other information that may be relevant to resolving the request.

5.10. Right to Information. It is the Controller’s responsibility to provide the right to information at the time of data collection.

5.11. Notification of Security Breaches. The Processor shall notify the Controller without undue delay, and in any case no later than twenty-four (24) hours, via email, of any personal data security breaches within its responsibility of which it becomes aware. The notification must include all relevant information for documenting and reporting the incident. Notification is not required when the breach is unlikely to result in a risk to the rights and freedoms of natural persons. If available, at least the following information should be provided:

  • A description of the nature of the personal data security breach, including, where possible, the categories and approximate number of affected data subjects, and the categories and approximate number of affected personal data records;
  • The name and contact details of the data protection officer or another contact point where more information can be obtained;
  • A description of the potential consequences of the personal data security breach; and
  • A description of the measures taken or proposed to remedy the personal data security breach, including, where appropriate, measures to mitigate its possible adverse effects.
  • If it is not possible to provide all the information at once, and to the extent that it is not, the information will be provided gradually without undue delay.
  • The Processor must communicate security breaches to the data subjects as soon as possible if the breach is likely to result in a high risk to the rights and freedoms of natural persons. The communication must be written in clear and simple language and must, at a minimum:
  • Explain the nature of the data breach;
  • Provide the name and contact details of the data protection officer or another contact point where more information can be obtained;
  • Describe the possible consequences of the personal data security breach; and
  • Describe the measures taken or proposed by the Controller to remedy the personal data security breach, including, where appropriate, measures taken to mitigate possible adverse effects.

5.12. Support the Controller in carrying out: Data protection impact assessments, when appropriate, and prior consultations with the supervisory authority, when appropriate.

5.13. Make available to the Controller all information necessary to demonstrate compliance with its obligations and facilitate audits or inspections conducted by the Controller or another auditor authorized by the Controller.

5.14. Implement the following security measures. In any case, the Processor must implement mechanisms to:

  • Ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
  • Restore the availability and access to personal data quickly in the event of a physical or technical incident;
  • Regularly test, assess, and evaluate the effectiveness of the technical and organizational measures implemented to ensure processing security;
  • Pseudonymize and encrypt personal data, where applicable.

5.15. Appoint a data protection officer (DPO), if required, and notify the Controller of their identity and contact details. The official DPO contact details registered with the Spanish Data Protection Agency (AEPD) are as follows: Email: [email protected]; Address: C/ Padre Luque, Nº 1, 1º-Izquierda; 04001 – Almería.

5.16. Subcontracting. Should it be necessary to subcontract any processing activities, the Processor must notify the Controller in writing at least five (5) days in advance, specifying the processing activities to be subcontracted and identifying the subcontractor. The subcontracting may proceed if the Controller does not object within the specified timeframe.

Once its suitability and GDPR security has been evaluated, the Processor is authorized to subcontract with the companies the services that entail the following treatments:

  • Amazon Web Services (Servidores): https://repost.aws/es/knowledge-center/gdpr-compliance
  • Digital Ocean (Alojamiento de los Servidores ): https://www.digitalocean.com/legal/gdpr
  • PayPal (Pasarela de pagos ): https://www.paypal.com/es/webapps/mpp/ua/privacy-full?locale.x=es_ES
  • Stripe (Pasarela de pagos): https://stripe.com/es/privacy
  • Intercom (Software de soporte técnico): https://www.intercom.com/legal/privacy
  • Usercentrics A/S (Aceptación de cookies): https://www.cookiebot.com/es/google-analytics-rgpd/
  • G-Suite (Google) (Paquete de aplicaciones): https://cloud.google.com/security/gdpr?hl=es
  • Sendgrid (Servidores de envío de correo): https://sendgrid.com/resource/general-data-protection-regulation-2/
  • Zapier, Inc. https://zapier.com/privacy
  • Trideco Asesores, SLP (Asesoría jurídica): https://trideco.es/politica-privacidad/
  • ACV Asesores: servicios fiscales, financieros y contables. https://www.acvasesores.com/aviso-legal/#lopd
  • Masalbe Servicios Globales, SL: (DPO Externo designado.) https://masalbe.com/privacidad
  • Holded (Software de contabilidad): https://www.holded.com/es/politica-de-cookies
  • Bird (Servidores de envío de correos): https://bird.com/legal/privacy

To subcontract with other companies, the Processor must notify the Controller in writing, clearly and unequivocally identifying the subcontracting company and its contact information. Subcontracting may be carried out if the Controller does not express its opposition within a period of TEN (10) days.

The subcontractor, who will also have the status of Processor, is also obliged to comply with the obligations established in this document for the Processor and the instructions issued by the Controller. It is up to the initial Processor to regulate the new relationship so that the new Processor is subject to the same conditions (instructions, obligations, security measures…) and with the same formal requirements as him, regarding the adequate processing of personal data. personnel and the guarantee of the rights of the affected people. In the event of non-compliance by the sub-processor, the initial Processor will remain fully responsible to the Controller regarding the fulfillment of the obligations.

5.17. Destination of the data. The Manager undertakes, after the termination of the Application Use License contract, for whatever reason, to destroy the data once the service has been completed. Once destroyed, the Processor must certify its destruction in writing and must deliver the certificate to the Controller.

However, the Processor may keep a copy, with the data duly blocked, as long as responsibilities may arise from the execution of the service.

6. Obligations of the Controller.

6.1. Deliver to the Manager the data referred to in Clause 3 of this contract.

6.2. Carry out an evaluation of the impact on the protection of personal data of the processing operations to be carried out by the Processor, if applicable.

6.3. Make the appropriate prior consultations.

6.4. Ensure, prior to and throughout the processing, compliance with the GDPR by the Processor.

6.5. Monitor processing, including conducting inspections and audits.

7. Responsibility of the Manager.

7.1. The Processor will be considered Responsible in the event that the data is used for another purpose, communicated or used, in breach of this contract. In these cases, the Manager will be liable for any infractions incurred personally.

7.2. The Processor will compensate the Controller for any damages that may result from failure to comply with the obligations contracted under this contract. The responsibility of the Processor will include, in addition to the amount of any administrative sanction and/or condemnatory judicial resolution that may result against the Controller as a result of non-compliance by the Processor with current regulations on data protection and the obligations required in this contract.

8. Personal Data of the Signatories of the Contract: The personal data of the Controller and the Processor will be incorporated into the respective Records of Processing Activities (RAT) of each of them, with the purpose of maintaining the contractual relationship. established in this contract. Those affected, whose personal data are included in the aforementioned RAT, may exercise their rights of access, rectification, deletion, limitation, oblivion and opposition, by writing, together with a copy of a document that proves their identity, to the corresponding person responsible, designating themselves by The Processor uses the email address indicated in the Use License contract as the address for such purposes. The signatories undertake and are obliged to immediately communicate any modification to their personal data so that the information contained in the treatments of each part is, at all times, updated and does not contain errors. The Controller may keep your personal data after the termination of the business relationship and until the legally established limitation period. The purpose of collecting the personal data of the signatories of the contract is to develop, comply with and control the legal commercial relationship that is formalized between the Controller and the Processor in this contract. In particular, for the purposes of the provisions of the RGPD, the Processor expressly consents that his/her data may be communicated by the Controller to collaborating companies and the public administration for the purpose of maintaining this contractual relationship.

9. Governing Law and Jurisdiction: The Controller and the Processor expressly submit to Spanish law and the courts of Almería, Spain, for any disputes arising from the interpretation or execution of this agreement.

Up to this point, the Contract for Access to Personal Data.

——— 0 ———

18. Language.

This Privacy Policy is written in Spanish and English. In the event that there is any discrepancy between the Spanish and English versions, the Spanish version will prevail. The Spanish version is available here https://clientify.com/politicas-de-privacidad

19. Contact.

If you need any clarification about this Privacy Policy, wish to formulate any question or claim, or exercise your rights, please write to our internal Security Manager, or to our DPO through the following address: email: [email protected] indicating in the subject: “Data Protection”.

Drafting of Privacy Policy updated and revised as of January 20, 2025.

Ftl Neg

Soluciones para…

Todo tipo de Negocios
Inmobiliarias
Agencias de marketing
Escuelas y negocios formativos
Agencia de viajes
Kit digital

Módulos

Marketing
Ventas
Inbox Clientify
Inteligencia
Social
Telefonía IP

Recursos

Página de Asistencia
Blog
Hoja de ruta
Conexiones
Documentación API
Comparativas
Servicios de Implementación
Podcast
Grupo WhatsApp
Canal WhatsApp

Clientify

Nosotros
Precios
Academia Clientify
Contacto
Trabaja con nosotros
Programa de Afiliados
Kit de Medios
Mapa del Sitio

Legal

Condiciones generales
Políticas de privacidad
Aviso legal
Cookies
Política SGSI-Datos
Certificado ISO/IEC 27001
Certificado ISO/IEC 27001 (EN)
Bureau Veritas Clientify
Gpartner
Meta

© 2024 Clientify