Scroll Top

Privacy Policy

This Privacy Policy has been developed in accordance with the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data, hereinafter referred to as the GDPR, as well as Organic Law 3/2018 of 5 December on Data Protection and Digital Rights (hereinafter, LOPDGDD), and other applicable regulations.

The purpose of this Privacy Policy is to inform individuals who provide their personal data, and/or those they represent, about specific aspects concerning the processing of their data, including the purposes of the processing, contact details for exercising their rights, retention periods, and security measures, among other matters.

Who is responsible for the processing?

For data protection purposes, OPEN FINANCE, S.L. (hereinafter, OPEN FINANCE) is to be considered the Data Controller for the personal data processing carried out by this entity.

Below are the contact details of the Data Controller:

  • Controller identity: OPEN FINANCE
  • Tax ID (CIF): B97204671
  • Physical address: C/Monjas de Santa Catalina, 8, 2nd floor – 46002 (Valencia – Spain)
  • Email: info@openfinance.es
  • Phone: +34960454600

Who is the Data Protection Officer?

The Data Protection Delegate (DPD) is the person designated by OPENFINANCE to protect your privacy and attend to all issues related to the protection of personal data.

You can contact our DPD through the following ways:

E-mail: dpo@inversis.com.

Postal mail: Banco Inversis, Avenida de la hispanidad nº 6, Madrid (28042).

What personal data do we process?

All information collected by OPENFINANCE will be processed lawfully, fairly, and transparently.
Furthermore, the data requested for each processing activity will consist solely of the information strictly necessary to achieve the stated and informed purpose in each case.

Thus, the data collected will be adequate, relevant, and not excessive concerning the purposes for which they are processed. The data will be collected for specified, explicit, and legitimate purposes and will not be processed further in a manner incompatible with these purposes. The data will also be updated when necessary.

In general terms, within the various activities carried out by the organisation, the following types of data are collected:

  • Identification data
  • Administrative data
  • Commercial information
  • Transactions of goods and services
  • Financial and economic data

Where do personal data come from?

As a general rule, personal data are collected directly from the data subject. However, in some exceptional cases, data may be collected through third parties, entities, or services other than the data subject.

In such cases, this will be communicated to the data subject through the information clauses included in the various data collection methods, within a reasonable period or during the first communication made to the data subject.

What are the purposes and specific cases for processing personal data?

In general terms, personal data are processed for the following purposes:

  • Client area: Information provided via the platform to manage our services, where users can access contracts, invoices, reports, etc.
  • Contract fulfilment: To formalise purchase agreements, manage payment transactions, address any order-related issues, handle invoicing, and deliver purchase tickets and invoices.
  • Newsletter: To send updates, news, and information about our services or industry via the provided channels.
  • Contact: To respond to service-related inquiries or other questions from users.
  • Clients: To manage the sale of goods and services, including invoicing, accounting, collections, unpaid amounts, offers, quotes, contracts, customer service, and business relationships.
  • Potential clients: To track and pursue business opportunities.
  • Suppliers: To manage purchases, accounting, payments, delivery notes, orders, and business relationships.
  • Surveys: To conduct customer service and/or product quality surveys aimed at improving services.
  • Whistleblowing system: To handle complaints or inquiries about potential breaches of the organisation’s code of ethics or internal policies and to manage related investigations.

No personal data collected will be used to create profiles or make automated decisions.

All explicit purposes of each processing activity are outlined in the information clauses included in each data collection method (web forms, paper forms, notices, invoices, contracts, etc.).

What is the legitimacy of the data processing?

As a general rule, prior to the processing of personal data, OPENFINANCE informs you of the legal basis on which it establishes the legitimacy of the processing in question.

However, the organization may process personal information for the following purposes:

  • Fulfillment of Legal and regulatory obligations: by way of example and not limited to. General Law for the Defense of Consumers and Users, General Tax Law, Corporate Tax Law, Account Auditing Law, Value Added Tax Law, Civil Code, Commercial Code, as well as the existence of a specific law or regulation authorizing or requiring the processing of the data subject’s data, which shall be set forth in the corresponding informative clause.
  • Execution of a Contract: for the previous management of a contracted service or product, development of the execution of a contract or subsequent management derived from such operations.
  • Consent: there are treatments based on obtaining the express and unequivocal consent of the holder thereof, by incorporating informed consent clauses in the different information collection systems by providing consent through a statement or a clear affirmative action such as marking a box provided for that purpose or signing the appropriate document or by sending data through the means of contact indicated. Additionally, we inform you that we will only use personal information in accordance with this Privacy Policy and, in general, we will request your consent for uses for purposes other than those for which you initially granted them.
  • Legitimate interest: the processing of data based on the legitimate interest of the controller, will be established mainly for sending communications or commercial events on products or services similar to those contracted. According to article 21.2 of the Law of Services of the Information Society, this treatment will only be valid when, being a customer, you have not expressly refused at the time of data collection or in any of the communications we make.

For how long do we process personal data?

At openfinance.es personal data is processed for the time necessary to fulfill the purpose for which it was collected, as long as the service is provided or the labor or contractual relationship is maintained, there is a mutual interest and/or for the time foreseen in the corresponding regulations.

Once the established time criteria have been met, the data will be cancelled. Such cancellation will result in the blocking of the data being kept only at the disposal of the Public Administrations, Judges and Courts, to meet the possible liabilities arising from the treatment, during the period of limitation of these, after the aforementioned period will proceed to the destruction of the information.

With whom do we share personal data?

OPENFINANCE communicates your personal data to:

  • Companies of the group to which it belongs, as long as such communication is necessary for the provision of the contracted service, in particular we communicate your data to BANCO INVERSIS S.A.
  • Service providers that process your data in the name and on behalf of OPENFINANCE as a consequence of the provision of the contracted service.
  • Service providers outside of the European Union for the provision of the contracted service, or for the development of commercial actions to offer OPEN FINANCE products and services, as long as their prior and informed consent has been obtained.
  • Competent public organisms, Tax and Social Security Administrations, Courts and Tribunals when there is a legal obligation to communicate them.

Are international transfers made?

OPENFINANCE informs that, in general, no international transfers are made outside the European Economic Area (EEA).
In the event of a transfer of data outside the EEA, OPENFINANCE will have the appropriate guarantees to carry out such a transfer, in accordance with the requirements established by the General Data Protection Regulation.

What rights can you exercise?

According to European legislation the rights you have are the following:

  • Right of Access, the right to request information from the person responsible for a file on whether your personal data is being processed.
  • Right of rectification, right that allows the person concerned to request the modification of data that are inaccurate or incomplete.
  • Right of Opposition, the right of an individual to object to the processing of his or her personal data or the cessation of such processing.
  • Right against automated individual decisions, the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her or significantly affects him or her in a similar way.
  • Right of Limitation, the right to suspend the processing of the user’s personal data in certain cases.
  • Right of Deletion or Oblivion, the right to erasure of the personal data of the data subject.
  • Right of Portability, the right to request the controller to provide personal data in a structured and clear format to another controller.
  • Right to file a complaint with the competent supervisory authority if you consider that the processing does not comply with the regulations in force.

How to exercise your rights?

The applicant may exercise his/her rights through the following means:

  • Email to protecciondedatos@openfinance.es.
  • Postal mail to C/ Monjas de Santa Catalina, 8, 2ª Planta 46002 Valencia – Spain.

OPENFINANCE reserves the right to request additional information to confirm your identity.
In this sense, OPENFINANCE will respond to your request as soon as possible and taking into account the deadlines set forth in the regulations on data protection.
In any case, you can request the protection of the Spanish Data Protection Agency through its web page.

What could be the consequences of not providing the information?

The data requested in the fields marked with an asterisk (*) or those provided in the documents or media where the information is provided, are those strictly necessary in relation to the purpose for which they are collected, or for the provision of an optimal service to the person concerned or through a legal obligation imposed on the data controller or a requirement necessary to enter into a contract, being voluntary the inclusion of data in the remaining fields.

In the event that not all the data is provided, there is no guarantee that the information and services provided will be completely tailored to your needs.

Therefore, in the event that the required data is not provided or is provided incorrectly or incompletely, we will not be able to attend your request, making it impossible to provide you with the requested information or to carry out the contracting of the services.

Likewise, the user guarantees that the information transmitted in any of the forms is truthful, accurate and corresponds to his own data.

The services of our platforms are not intended for minors, so it is only allowed the registration of persons over 18 years, otherwise it is noted that any liability that may arise as a result of the use of our platforms will be borne by the parents or guardians of the minor.

What security measures do we have in place?

The security measures adopted by OPENFINANCE are those required, in accordance with the provisions of Article 32 of the GDPR.

In this sense, OPENFINANCE taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, has established the appropriate technical and organizational measures to ensure the level of security appropriate to the existing risk.

In any case, OPENFINANCE has implemented sufficient mechanisms to:

Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services.
Restore availability and access to personal data quickly in the event of a physical or technical incident.
Verify, evaluate and assess, on a regular basis, the effectiveness of the technical and organizational measures implemented to ensure the security of the processing.

Changes to this privacy policy

From time to time, this Privacy Policy may be revised in order to update changes in current legislation, update the procedures for collecting and using personal information, the appearance of new services or the exclusion of others. These changes will be effective upon their publication on the web, so it is important that you regularly review this Privacy Policy in order to remain informed about the changes.

Cookies
Openfinance SL utiliza cookies propias y de terceros. Pueden ser necesarias (para el funcionamiento de la web), de estadísticas (para mejorar la funcionalidad y estructura de la web), de experiencia (para el buen funcionamiento durante la visita) y de Marketing (para mostrar contenido y ofertas personalizadas, NO APLICA ACTUALMENTE). Nuestras cookies no implican la elaboración de perfiles. Lee nuestra política de cookies
Ajustes Rechazar todo Aceptar todo
Cookies
Elige qué tipo de cookies aceptar. Tu elección será guardada durante un año. Lee nuestra política de cookies
Guardar Rechazar todo Aceptar todo