Data Controller Information
- Corporate Name: INVOFOX INC, BRANCH IN SPAIN
- Trade Name: INVOFOX
- Registered Office: C/ Aranjuez 2 – 28039 – Madrid – MADRID
- Tax ID (CIF): W0265699I
- Email for communications regarding data protection: Contact
You may also contact our Data Protection Officer (DPO) directly at the following email address: DPO.
Applicable Regulations
Our Privacy Policy has been designed in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation), and Organic Law 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.
By providing us with your data and accepting our Privacy Policy, you declare that you have read and understood it, and you give your clear and explicit consent for the processing of your personal data in accordance with the purposes and terms stated herein.
The Company may modify this Privacy Policy in order to adapt it to legislative, jurisprudential, or interpretative changes from the Spanish Data Protection Agency.
These privacy conditions may be supplemented by the Legal Notice, Cookie Policy, and the General Terms and Conditions that, where appropriate, apply to specific products or services, in the event that such access involves any particularity regarding the protection of personal data.
Data Protection Officer (DPO)
The following entity has been appointed as the Data Protection Officer:
- Equal Consulting, S.L.P.
- Tax ID (CIF): B86823267
- Address: C/ Santa Engracia, 17 – 6th Floor, 28010, Madrid
- Phone: +34 914 456 569
- Email: Equal DPO
Principles According to the European General Data Protection Regulation (GDPR)
We are committed to processing the personal data (hereinafter referred to as "data") provided to us in accordance with the following principles established by the General Data Protection Regulation (GDPR):
- Lawfulness: We will only collect your personal data for specific, explicit, and legitimate purposes, and we will not process your personal data in a manner incompatible with those purposes.
- Legal Basis: In accordance with Article 6 of the GDPR, your personal data will be processed only when you have given your explicit consent as an expression of your free and informed will. Your personal data may also be necessary to enter into a contract, agreement, or service in which you are a party; to fulfill legal obligations; to protect the vital interests of yourself or another natural person; to carry out a task in the public interest or in the exercise of official authority vested in the controller; or to satisfy the legitimate interests pursued by the controller, provided these do not override your fundamental rights and freedoms or your right to personal data protection.
- Fairness and Transparency: In line with Article 5 of the GDPR, we ensure transparency by informing the data subject of the existence of data processing activities and their purposes.
- Data Minimization: We limit the collection of personal data to what is strictly relevant and necessary for the purposes for which they are collected.
- Purpose Limitation: We will collect your personal data only for specific, explicit, and legitimate purposes, and we will maintain consistency in how the data is processed.
- Accuracy: We will keep your personal data accurate and up to date.
- Data Security: We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks and nature of the data, in order to prevent unauthorized disclosure, access, loss, or alteration—essentially, to prevent any form of unlawful processing.
- Anyone who has given their consent for the collection of data has the right to request any of the following actions regarding their data: the right of access, rectification, objection, erasure, restriction of processing, data portability, and not to be subject to automated individual decision-making. The exercise of these rights is free of charge and must be processed within one month, which may be extended by two additional months under exceptional circumstances such as the number or complexity of requests.
- Storage Limitation Principle: Data will be retained only for the time necessary and for the purposes of processing, without undue delay. During that period, users and clients may request access to their own data at any time.
Purpose of Personal Data Processing
The processing of your personal data is carried out for the following purposes:
- To provide you with information related to the products and services offered by our company, as detailed on this website.
- To facilitate the contracting of our services through the acceptance of the corresponding quote/order and/or the signing of a commercial agreement.
- To send you news and updates about our company, as well as updates to our catalog of products and services, via email and/or postal mail—provided that you are a customer or that you have expressly and independently consented to receive such communications in accordance with Article 21 of the Spanish Law on Information Society Services and Electronic Commerce (LSSICE).
In any case, you will always be guaranteed the option to express your wish to unsubscribe from this type of communication at any time, and the company will process your request immediately.
Use of Cookies
When you visit or log in to our website, we and our partners may use cookies or similar tools to link your activity to other information they already have about you, such as your email address or home address. This information may then be used to send you marketing messages or other communications to those addresses. You can opt out of receiving this advertising by visiting: https://app.retention.com/optout
You also have the option to object to the collection of your personal data in accordance with the General Data Protection Regulation (GDPR). To exercise this right, please visit: https://www.rb2b.com/rb2b-gdpr-opt-out.
You can find more information about how email-based retargeting and Retention.com work by visiting: https://support.retention.com/en/articles/8826312-how-retention-com-attribution-works
-California Residents:
If you live in California, you have the right to request that companies do not sell your personal information. To do this, simply send an email to support@retention.com. In your message, please indicate that you want to stop the sale of your personal information. You may also designate someone else to send this request on your behalf. Be sure to include the email address of the person wishing to opt out. Any personal information you share in your email will be used solely to process your request.
You can find the CCPA Opt-Out Form here: https://app.retention.com/ccpa_details/
-European Residents:
Retention.com carefully follows GDPR privacy rules. To support this, we use a tool in our scripts called geofencing. This tool works through your browser and helps in two important ways:
- Location-Based Use: Our services are configured for users who registered on U.S.-based websites. We do not use your real-time IP address to decide whether to collect or use your data. Instead, if you provided consent on a U.S. website, we retain that data—even if you later browse from another country.
- GDPR Compliance: Since we limit our services to users of U.S.-based websites, we ensure that our data practices comply with GDPR regulations. This is part of our commitment to respecting privacy laws worldwide.
Data Retention Period
We will retain your personal data from the moment you grant us your consent until you revoke it or request a restriction on processing. In such cases, your data will be blocked during the limitation periods for any obligations that may arise from the processing and/or for the legally applicable periods. During this time, the data will be kept available to the competent authorities for the purpose of addressing any potential liabilities resulting from the processing.
In accordance with Article 17.3 of the GDPR, data blocking is understood as the right of "retention" as an exception to the obligation of erasure. This means that the data will not be used or accessible to anyone and will only be used in case of a legal requirement or liability claim related to them. Once the applicable legal limitation period has expired, the data will be permanently deleted.
Legal Basis and Data Collected
The legal basis for the processing of your data is the express consent you grant through a positive and affirmative action (such as filling out the corresponding form and checking the box to accept this policy) at the time you provide us with your personal data.
Consent to Process Your Data
By filling out the forms, checking the box "I accept the Privacy Policy," and clicking to submit the data, or by sending emails to the Company via the designated email accounts, the User declares that they have read and expressly accepted this Privacy Policy, and grants their unequivocal and express consent to the processing of their personal data in accordance with the stated purposes.
The data collected is necessary to respond to your request for information or, in the case of service contracting, is adequate, relevant, and not excessive in relation to the specific scope and purposes.
Nevertheless, this consent may be revoked at any time by the data subject by unsubscribing through any of the means provided to the user. In the case of service contracting, the user must use the channels made available to them to cancel the service, and data processing will cease from the moment of cancellation.
Categories of Data
The data collected through the contact form pertains to the category of identifying data, which may include: the contact person's first and last name, email address, and phone number, all of which are required in order to establish contact.
Additionally, the user may indicate the "Subject" of their inquiry and include any relevant information in the comments section to help resolve their request. If the user includes personal data in this section, such information will be handled in accordance with the same criteria set forth in this Privacy Policy.
Security Measures
As part of our commitment to ensuring the security and confidentiality of your personal data, we inform you that the necessary technical and organizational measures have been adopted to safeguard personal data and to prevent its alteration, loss, unauthorized processing or access, taking into account the state of technology, the nature of the stored data, and the risks to which it may be exposed, in accordance with Article 32 of the EU GDPR 679/2016.
Data Disclosure
The Company will not disclose your data without your express authorization, except in the following cases:
Only for the management of user databases, natural or legal persons other than the Data Controller may have access to the information collected. Specifically, data storage through Cloud Computing services will be managed by ATLAS.ti Scientific Software Development GmbH, in compliance with data protection regulations regarding the provider's access to the data as part of the storage service, particularly in accordance with Article 28 of the GDPR. This provider is located in Germany, and therefore, this does not constitute an International Data Transfer.
In any case, outside of the aforementioned scenarios, your personal data may only be processed by a third party if the Data Processor commits to implementing the necessary technical and organizational measures to comply with the required data protection and security obligations, thereby ensuring the confidentiality, integrity, and availability of your data. In addition, a data processing agreement must be signed in accordance with Article 28 of the GDPR.
Aside from these situations, data may also be shared with competent public bodies, the Tax Agency, Law Enforcement Agencies, and Courts and Tribunals, when there is a legal obligation to do so.
Restricted Access Policy for Clients
In the event that the user contracts the company's products or services, they will be granted access to the platform through a restricted client area, where they will have access to the documents they digitize, which can be downloaded at any time. The client will be provided with the account name, usernames, and passwords. For security reasons, the user must change the password immediately, or at the latest, the first time they access the service. The user is solely responsible for safeguarding their login credentials and shall be entirely liable for any damages or losses that may result from misuse, loss, or any other circumstance that may pose a risk of unauthorized access or use by third parties. Users must immediately notify the Company so that it can proceed to block and replace the access credentials.
User Rights
Any data subject has the right to obtain confirmation as to whether or not we are processing personal data concerning them. Interested parties have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request their erasure when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, data subjects may request the restriction of the processing of their data, in which case we will only retain it for the exercise or defense of legal claims. For reasons related to their particular situation, data subjects may object to the processing of their data. The Controller will cease processing the data unless there are compelling legitimate grounds or for the exercise or defense of possible claims.
We also remind you that, if you are a client, you may revoke your consent or object to the sending of commercial communications by any means and at any time by sending an email to the address provided above. If you believe that your request has not been properly addressed or your data is not being processed appropriately, you may file a complaint with the Spanish Data Protection Agency, the competent supervisory authority in Spain.
Below we provide more detailed information about these rights, including direct access to exercise them through links to the Spanish Data Protection Agency:
A) RIGHT OF ACCESS
Article 15 of the General Data Protection Regulation (GDPR) grants the data subject the right to know whether their personal data is being processed, and if so, the purposes of the processing, the categories of data, recipients, the origin of the data, the retention period, and the criteria used to determine that period.
The data controller shall provide a copy of the personal data undergoing processing in electronic format upon request. You may also request the controller to rectify, erase, or restrict the processing of your data.
To exercise this right, please complete the form available at the following link:
Right of access
B) RIGHT TO RECTIFICATION AND ERASURE
Articles 16 and 17 of the GDPR state that the data subject has the right to request the rectification of inaccurate personal data, or to have incomplete data completed or erased when it is no longer necessary for the purposes for which it was collected and processed.
To exercise these rights, please complete the following forms:
Right to rectification
Right to erasure
C) RIGHT TO RESTRICTION OF PROCESSING
The data subject has the right to obtain from the controller the restriction of processing when the accuracy of the personal data is contested. This means the data may only be processed (apart from storage) with the data subject's consent, for the exercise or defense of claims, to protect the rights of another person, or for reasons of important public interest of the EU or a Member State.
The controller must inform the data subject before lifting such a restriction.
Right to restriction
D) RIGHT TO DATA PORTABILITY
Article 20 of the GDPR grants the data subject the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller when technically feasible. This applies when the processing is based on consent or a contract.
Right to data portability
Minors
The content of this website is not intended for individuals under the age of 18. Likewise, with regard to the specific data provided by the user, only users who are 14 years of age or older may freely give their consent to the processing of such data.
In any case, the Company will take all reasonable measures to verify users' age, but it cannot be held responsible for any failure to comply with this requirement.
Confidentiality
Any personal data that may be collected will be treated with the utmost confidentiality. The Company undertakes to maintain secrecy regarding such data and guarantees its obligation to safeguard it by adopting all necessary measures to prevent its alteration, loss, or unauthorized processing or access, in accordance with applicable legislation.
To this end, the Data Controller guarantees that it will have the appropriate confidentiality agreements signed with any individuals involved in any stage of the processing of the collected personal data.
International Data Transfers
An International Data Transfer is understood as any communication of your personal data to countries located outside the European Union, and more specifically, outside the European Economic Area (EEA). Exceptions include those countries outside the EEA that are not considered international transfers because the recipients are located in countries that the European Commission deems to provide an adequate level of data protection in line with EU standards.
As stated in section 6, the provider that currently hosts the user databases is located in Germany, so there is no data processing taking place outside the EEA.
In the event that the Company transfers personal information outside the EEA—whether due to data being stored on servers located outside EEA borders, or for any other reason—it will ensure that the required contractual clauses governing such international transfers are in place. The Company will also ensure that any provider hosting or processing personal data complies with the minimum security standards and principles set forth in the GDPR.
Consent for the Sending of Electronic Communications
As outlined in Section Three of this Policy, and in accordance with the provisions of Law 34/2002, of July 11, on Information Society Services and Electronic Commerce, by checking the corresponding box "I accept the sending of electronic communications," you are granting express consent for us to send information about the Company to your email address, telephone, fax, or other electronic means.
In any case, you may communicate your wish to unsubscribe from such communications, and the Data Controller will proceed to process your request immediately.