Contracting Conditions for the Provision of Services

1. Service Provider Identification

Owner: Pedro García-Mauriño Roca
Tax ID: 54324678N
Fiscal Address: C. de Barcelona, 2, Esc D, Bjs 2a, 08172, Sant Cugat del Valles, Barcelona.
Phone: +34 936 293 522
Email: [email protected]
Data Protection Officer: [email protected]

2. Contract Object

2.1. Object of the Contract Determination
This document sets the contracting conditions that will govern the delivery by “THE OWNER” to the website users of the programs offered through it, consisting of the website located at the URL https://mailerfind.com.

These Contracting Conditions regulate the acquisition by users of a contact data search software.

Therefore, these Contracting Conditions do not regulate legal issues that may arise concerning the content of the information and compliance with current regulations.

However, for transparency reasons and to provide better information to the users so that they can issue a previously and duly informed contractual consent, these Contracting Conditions include references to specific issues regulated in the aforementioned regulations, merely to allow the user to have a better knowledge of the information necessary for the product contracting.

Also, “THE OWNER” may modify these Contracting Conditions, of which users will be previously informed for their acceptance or rejection if substantial. In any case, it will be considered that the user expressly accepts such modifications or updates if they re-contract the services offered by “THE OWNER” on the Website once the new Contracting Conditions are adapted.

If accepted by the user, the new contracting conditions will fully replace the conditions in force until then, taking effect in the new subscriptions contracted by the user from the date of acceptance of the said new conditions.

Checking the corresponding box in the contracting process, as well as telematically following all the steps established for it, implies the user’s express acceptance of these Contracting Conditions, having the same validity as their physical signature. Thus, the user acknowledges being a person with sufficient capacity to acquire the obligations arising from their actions through the Website, having previously read and understood its content.

If the new Contracting Conditions are not accepted, it will be understood that the contractual relationship between both parties is terminated from that moment, without prejudice to the fulfillment of pending obligations, especially those of an economic nature derived from previously made software supplies.

The entire contracting process will be carried out through the electronic platform developed by “THE OWNER” in Spanish or English, depending on the user’s choice.

2.2. Glossary of Terms
“THE OWNER”: Pedro García-Mauriño Roca

Website: The website located at the URL https://mailerfind.com through which services can be contracted.

User: Any natural or legal person who requests any of the services offered by “THE OWNER” through the Website.

Private Area: A restricted access area of the Website for registered users to optimize the management of the services.

Virtual Account: A payment system for services specially enabled for registered users.

Identification Mechanism: Allows users’ access to the private area, either through a digital certificate or the use of keys (username and password) provided by the registered user for this purpose, meeting the robustness and security requirements established by “THE OWNER”.

Legal Notice: Clause that defines the scope, conditions, and effects under which the contracting of “THE OWNER”‘s intermediary services occurs.

Contracting Conditions: Set of clauses that make up this document, defining the content of the service provision, as well as the rights and obligations of the contracting parties.

Services: The software information services that can also be used through the secure channel determined in these contracting conditions.

Digital Certificate: Certificate of signature admitted by applicable regulations.

Credit: Unit of measure used within the system to quantify the use of its services. Each credit represents the right to perform a specific action or access a particular service within the platform, such as contact data search, the use of specific software tools, or queries to the database. Credits are acquired through the purchase of packages or plans offered and are consumed according to the actual use of the services by the user.

3. Definition of Software Services

3.1. Software Information Services
Users may obtain, upon payment of the established fees, access to the different Software Services:

4. Services Contracting Procedure

The contracting procedure of the Services is carried out completely electronically through the Website. The Services may be requested 24 hours a day, every day of the week. The right to interrupt the Services for system maintenance needs or any other cause requiring it is reserved.

The applicant must complete an electronic form available on the Website that contains the necessary fields for their identification and, where appropriate, to accredit representation, in addition to the data required according to fiscal and billing regulations.

Users’ identification may be carried out by filling in the required data in the form provided for this purpose.

4.1. Users Who Can Access the Services
Natural and legal persons duly identified may be

users and, therefore, request the Services. However, the Services’ request must always be made by a natural person, of legal age and with full capacity to contract on their own behalf or on behalf of the legal person in whose name the request is made, being the applicant responsible for the veracity of the data provided for this purpose in the form to start the procedure.

4.4. Use of Information and Personal Data Protection
The petitioner commits, according to personal data legislation, not to use the information for a purpose different from what is legally permitted and not to incorporate its content into any database for commercial use or automated information processing.

The information made available to the user is for their exclusive use and is non-transferable. Absolutely prohibited is the retransmission or transfer, even for free, of the information by the user to any other person.

It is entirely prohibited to incorporate the data contained in this document into databases or computer files that may be subject to individualized consultation by natural or legal persons, even if the source of the information is expressed. The user of the software who breaches the provisions of this section expressly exempts “The Owner” from any liability that may arise from such acts, given that they have given their prior and informed consent to these general contracting conditions.

As indicated, breaching these obligations may also lead to responsibilities in personal data protection matters determined according to European and national legislation in force at each moment.

All information relating to personal data protection is available in point 9 of this contract and the corresponding annex.

5. Economic Conditions and Taxation

5.1. Software Services Costs

5.1.1. Market Information Software
The cost of Market Information Services is freely established by “The Owner,” which may vary at any time without this giving rise to compensation and/or withdrawal.

5.2. Payment Methods for Software Services

“THE OWNER” will proceed to charge for the services immediately upon their validation by the occasional user, whose payment may be made using one of the following payment methods:

Credit/debit cards: the accepted credit/debit cards are all those supported by the Visa, MasterCard, or American Express circuits;
5.3. Applicable Taxes
All accrued amounts must be increased by the amount of taxes incurred by the services provided as detailed below.

5.3.1 Private Recipient
All operations will be subject to VAT since “The Owner” has its fiscal domicile in the Peninsula, regardless of the recipient’s location.

5.3.2 Business or Professional Recipient Acting as Such
The provisions in section 5.3.1 shall apply, so they will be taxed by VAT regardless of the recipient’s location.

5.3.3 Intra-community Business or Professional Recipient Acting as Such
Intra-community business/professional recipients with an individual VAT identification number (VIES) will be exempt from VAT, once the appropriate verification against the European Commission’s webservice has been carried out, and it has been correctly validated.

However, if the VIES validation in the European Commission’s webservice is not correct, and the recipient can prove that they have the status of a business or professional in their country, they may request a refund of the charged tax, by sending an email to “The Owner” stating and proving their status as such.

5.3.4 Extra-community Business or Professional Recipient Acting as Such
Extra-community business/professional recipients will be exempt from VAT as long as they can prove that they have the status of a business or professional in their country. To this end, they may request a refund of the charged tax by sending an email to “The Owner” stating and proving their status as such.

5.3.5 Common Issues

The User must report their VAT status, indicating:
If established in Spain, their personal data: country of residence, name and surname or social denomination, identification document, address, and email address;
If not established in Spain, the applicant must indicate whether they are an intra-community operator with an individual VAT identification number (VIES). If affirmative, they must enter their personal and contact information and their VIES number;
If they do not have VIES, they must indicate their personal and contact information. If, despite lacking VIES, they can prove that they have the status of a business or professional in their country, they may request a refund of the charged tax by writing stating and proving their status as such. This regime will also apply to the extra-community business or professional.
B) For IRPF purposes:
The invoice payer, in the cases provided for in article 99 of Law 35/2006 of November 27th on IRPF, is obliged to practice the IRPF withholding and pay its amount to the Treasury.

Those obliged to withhold include legal persons, entities (including entities under a regime of income attribution), and natural persons who carry out economic activities and satisfy the invoice in the exercise of their activity.

The payer not resident (natural person, legal entity, and other entities) who operates in Spanish territory through a permanent establishment and

that, without a permanent establishment, for whom the satisfaction of the invoice constitutes a deductible expense in the income tax of non-residents, also have such obligations.

Those meeting the conditions mentioned above are obliged to practice the withholding, without exempting from this obligation having denied such character when filling in the service request form.

Those obliged to withhold must also comply with the formal obligations established in article 108 of the IRPF Regulation (RD 439/2007 of March 4), including issuing the certification accrediting the withholding to the invoice issuer at the appropriate time.

The decision not to practice the withholding, paying its amount to the Treasury, and complying with all the formal obligations derived from it, is attributable to the payer obliged to do so.

5.5. Payments Made by Bank Card
The occasional user may pay for the Services by bank card, through a payment gateway offered by Stripe, according to the terms and conditions they establish.

At no time during the purchase procedure will “THE OWNER” know the payment data information, which is directly digitized in the payment gateway (with security systems that prevent interception, modification, or falsification of the information). No computer file of “THE OWNER” contains or retains such data. In no case can “THE OWNER” therefore be considered responsible for any fraudulent and improper use of these payment data by third parties.

In any case, the payment of economic amounts through the Internet will be carried out through the platform provided by an external financial entity, which will be hosted on a secure SSL protocol website and will use authentication systems according to the European payment regulation PSD2.

5.6. Payment and Invoicing
Also, the contracting will only be effective when “THE OWNER” receives payment confirmation. If the transaction is denied by the said entity for any reason, or the full corresponding amount to the Services’ price is not provided, the contracting will be suspended, informing the user that the transaction has not been finalized.

When the user has contracted the Services and registered the corresponding payment through any of the payment modalities made available to users by “THE OWNER,” they will have the possibility to download, from an enabled link, the information relating to the contracting carried out, provided the Services have not been denied.

Invoices will be issued in electronic format, with the requirements contained in RD 1619/2012, of November 30th, by “THE OWNER.” If the user wishes to receive the invoice by another means, they must contact “The Owner”.

The invoice recipient is incumbent, where applicable, the obligation to withhold provided in article 99.2 of Law 35/2006.

Non-payment of any invoice will result in the denial of the requested Service.

5.7. Billing Data
The user will be responsible for providing “THE OWNER” with all the necessary data for the correct invoicing of the services, which must be truthful, current, and adjusted to reality, especially regarding payment methods. Likewise, the user will be responsible for the damages that may be caused to “THE OWNER” or third parties by the data provided, as a consequence of the use of non-updated, false data or data that do not correspond to reality and the use by third parties of the user’s personal keys, especially regarding the data provided for invoicing.

The user may communicate the updating of their data through the channels identified in the User Attention section.

In case of contracting on behalf of a legal person, the user will be responsible for the reality of their capacity to contract on behalf of such legal person, responding subsidiarily for any non-payment derived from the lack of truthfulness in the same. For its part, the legal person represented, once the first payment derived from the contracting has been accepted, may not oppose subsequent billings due to the lack of authorization or the defect or revocation of powers of the natural person contracting.

6. Use Conditions of the SBDC

The user will only have access to the information after completing the request process and once the payment has been formalized.

The content of the information provided through the software information is for the particular and exclusive use of the user requesting it, exclusively for their purposes and under the legitimate interest claimed, and commercial use of the same may not be made, so the user may not modify, adapt, communicate, make available, disclose or commercialize said information, totally or partially, neither for a fee nor free of charge (outside the cases justified by the legitimate interest claimed), for any purpose other than the described. Specifically, in compliance with current regulations, the user commits not to incorporate said information into databases or computer files that may be subject to individualized consultation by natural or legal persons different from the user.

The application of the rules on personal data protection and the need to monitor the integrity of computer files, preventing the global copy or “tele dumping” of them, may make it necessary, in certain cases, to limit mass requests for information from the same user.

The user of the information software, by merely acquiring and applying it, accepts and commits to using the personal data obtained according

to the rules and with the limitations established by personal data protection legislation, i.e., Regulation (EU) 2016/ 679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data; as well as the applicable national regulations in force at each moment on this matter.

6.1. Use on Devices and Simultaneous Analysis

6.1.1 Mailerfind software is designed to be used on a single device at a time per user. It is not allowed to use the software on multiple devices simultaneously.

6.1.2. Our system is set up to allow only one analysis at a time per user. Simultaneous analyses are strictly prohibited.

6.1.3. This restriction is implemented to prevent misuse of the software and to protect the integrity of our product.

6.1.5. We reserve the right to take legal action in the event of a violation of this policy, including legal proceedings to protect our rights.”

7. Right of Withdrawal

In accordance with the provisions of RDL 1/2007, of November 16th, which approves the revised text of the General Law for the Defense of Consumers and Users, the user will have the right to exercise withdrawal within 14 calendar days from the request of the Services.

In addition to the conditions already stipulated, and with the aim of guaranteeing a fair compensation for the services provided, an additional clause regarding the use of the acquired credits is introduced. It is established that, in the event that the user has consumed more than 25% of the total credits included in the contracted Service or a total of 25,000 credits, said user will irrevocably lose their right to exercise withdrawal, regardless of the 14 calendar days previously mentioned.

This measure is justified in recognizing that the use of a significant proportion of the credits implies an effective and substantial use of the Service. Therefore, a withdrawal under these circumstances would result in a disproportion between the service enjoyed by the user and the compensation received by ‘THE OWNER’.

It is emphasized that this clause seeks to preserve the contractual balance and ensure that the resources and efforts invested in providing the Service are duly recognized and remunerated. Thus, the user must be fully aware that, by consuming more than 25% of the acquired credits, they are accepting that the provision of the Service has begun with their express consent and that, consequently, the right to withdraw from the contract is annulled.

This provision is considered essential to avoid situations in which the withdrawal policy may be abused, thus protecting the integrity and sustainability of ‘THE OWNER”s business model, and ensuring a fair and equitable commercial relationship for both parties.

Therefore, the user accepts and consents that, in the event that the withdrawal occurs once the provision of the Software Information Service has been fully executed, they will have lost their right of withdrawal.

Additionally, in line with the previously mentioned provisions and for exhaustive clarification, it is established that the right of withdrawal will not be applicable to those Services that have been acquired through the use of promotional coupons.

In these cases, the user acknowledges and accepts that, due to the particular nature of the transaction made through a promotional coupon, the acquisition process is considered final and definitive, not being subject to reimbursement once the Service has been activated or used.

This exclusion of the right of withdrawal is based on the understanding that promotional coupons, by offering specific and time-limited advantageous conditions, imply a different agreement than a standard purchase.

Therefore, users are urged to carefully consider the use of promotional coupons and to be fully aware that, by opting for this mode of acquisition, they are renouncing the right of withdrawal granted in the general contracting conditions.

This clause aims to preserve fairness and transparency in transactions made under special promotional conditions, simultaneously ensuring the protection of the legitimate interests of the user and ‘THE OWNER’.

In the event that the user exercises their right of withdrawal within the time and manner, “THE OWNER” will reimburse the user for the payments made within 14 calendar days from the date on which they are informed of the decision to withdraw from the requested Service. Such reimbursement will be made using the same means used by the User for the payment of the Services. If it is not possible to return the money by the same means due to reasons beyond “THE OWNER”, the most suitable option for the refund will be sought, remaining in the meantime not prescribed as a deposit at the applicant’s disposal.

For all purposes, individuals or legal entities, including entities without legal personality acting non-profit, who request the Services for a purpose related to their commercial, business, trade, or profession activity, will not be considered consumers or users.

In the event that a User initiates a banking dispute regarding charges made for the provision of Software Services, regardless of the legitimacy or the final outcome of such dispute, an administrative fee will be applied. This fee will be 50 euros (fifty euros), plus the corresponding Value Added Tax (VAT), to cover the costs inherent in managing the mentioned dispute.

Additionally, the User will be billed for the costs corresponding to the use of the Software until the date the dispute is raised. Such billing will be carried out through the payment method previously associated by the User in their account. In the case that there is no associated payment method, the User will be required to make a bank transfer for the amount owed.

The invoice issued for these concepts must be paid by the User within the stipulated deadlines. In the event of non-payment of the invoice, the relevant procedures for claiming the amount owed will be initiated, including the possible intervention of companies specialized in the management of non-payments.

The User, by accepting these Contracting Conditions, expressly acknowledges and accepts this clause, being aware of the economic implications of initiating a banking dispute related to the Software Services provided by “THE OWNER”.

8. Basic Information on Data Protection in the Use of Software

For the purposes of compliance with the General Data Protection Regulation 2016/679 of the European Parliament and the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data, the user undertakes not to commit any of the infractions detailed below with the acquired software and, in the event of committing them, expressly exempts “The Owner” from any type of responsibility.

Considered Very Serious Infringements

Based on article 83.5 of Regulation (EU) 2016/679, infringements that imply a substantial violation of the articles mentioned therein, and in particular, the following are considered very serious and will prescribe after three years:
a) The processing of personal data violating the principles and guarantees established in article 5 of Regulation (EU) 2016/679.
b) The processing of personal data without any of the conditions of the lawfulness of processing established in article 6 of Regulation (EU) 2016/679 being met.
c) Non-compliance with the requirements demanded by article 7 of Regulation (EU) 2016/679 for the validity of consent.
d) The use of data for a purpose not compatible with the purpose for which they were collected, without having the consent of the affected party or a legal basis for it.
e) The processing of personal data of the categories referred to in article 9 of Regulation (EU) 2016/679, without any of the circumstances provided for in that precept and in article 9 of this organic law being met.
f) The processing of personal data relating to criminal convictions and offenses or related security measures outside the cases allowed by article 10 of Regulation (EU) 2016/679 and in article 10 of this organic law.
g) The processing of personal data related to administrative offenses and sanctions outside the cases allowed by article 27 of this organic law.
h) The omission of the duty to inform the affected party about the processing of their personal data as provided in articles 13 and 14 of Regulation (EU) 2016/679 and 12 of this organic law.
i) The violation of the duty of confidentiality established in article 5 of this organic law.
j) The demand for the payment of a fee to provide the affected party with the information referred to in articles 13 and 14 of Regulation (EU) 2016/679 or for attending the requests for the exercise of rights of the affected parties provided for in articles 15 to 22 of Regulation (EU) 2016/679, outside the cases established in its article 12.5.
k) The impediment or the hindrance or the repeated non-attention of the exercise of the rights established in articles 15 to 22 of Regulation (EU) 2016/679.
l) The international transfer of personal data to a recipient located in a third country or to an international organization, when the guarantees, requirements, or exceptions established in articles 44 to 49 of Regulation (EU) 2016/679 are not met.
m) Non-compliance with the resolutions issued by the competent data protection authority in the exercise of the powers granted to it by article 58.2 of Regulation (EU) 2016/679.
n) Non-compliance with the data blocking obligation established in article 32 of this organic law when it is required.
ñ) Not facilitating the access of the staff of the competent data protection authority to the personal data, information, premises, equipment, and means of processing that are required by the data protection authority for the exercise of its investigative powers.
o) The resistance or obstruction of the exercise of the inspection function by the competent data protection authority.
p) The deliberate reversal of an anonymization procedure to allow the reidentification of the affected parties.
The same consideration and will also prescribe after three years are given to the infringements referred to in article 83.6 of Regulation (EU) 2016/679.
Considered Serious Infringements

Based on article 83.4 of Regulation (EU) 2016/679, infringements that imply a substantial violation of the articles mentioned therein, and in particular, the following are considered serious and will prescribe after two years:

a) The processing of personal data of a minor without obtaining their consent, when they have the capacity to do so, or that of the holder of their parental authority or guardianship, in accordance with article 8 of Regulation (EU) 2016/679.
b) Not proving the carrying out of reasonable efforts to verify the validity of the consent given by a minor or by the holder of their parental authority or guardians

hip over them, as required by article 8.2 of Regulation (EU) 2016/679.
c) The impediment or the hindrance or the repeated non-attention of the rights of access, rectification, deletion, limitation of processing, or to data portability in treatments in which the identification of the affected party is not required when this, for the exercise of those rights, has provided additional information that allows their identification.
d) The lack of adoption of those technical and organizational measures that are appropriate to apply data protection principles effectively from the design, as well as the non-integration of the necessary guarantees in the processing, in the terms required by article 25 of Regulation (EU) 2016/679.
e) The lack of adoption of the technical and organizational measures appropriate to ensure that, by default, only the personal data necessary for each of the specific purposes of the processing will be processed, in accordance with article 25.2 of Regulation (EU) 2016/679.
f) The lack of adoption of those technical and organizational measures that are appropriate to guarantee a level of security appropriate to the risk of the processing, in the terms required by article 32.1 of Regulation (EU) 2016/679.
g) The breach, as a consequence of the lack of due diligence, of the technical and organizational measures that had been implemented in accordance with article 32.1 of Regulation (EU) 2016/679.
h) The failure to appoint a representative of the controller or processor not established in the territory of the European Union, as provided in article 27 of Regulation (EU) 2016/679.
i) The lack of attention by the representative in the Union of the controller or processor to the requests made by the data protection authority or by the affected parties.
j) The hiring by the data controller of a data processor that does not offer sufficient guarantees to apply the technical and organizational measures appropriate in accordance with the provisions of Chapter IV of Regulation (EU) 2016/679.
k) Entrusting the processing of data to a third party without the prior formalization of a written contract or legal act with the content required by article 28.3 of Regulation (EU) 2016/679.
l) The hiring by a data processor of other processors without having the prior authorization of the controller, or without having informed them about the changes produced in the subcontracting when they were legally required.
m) The infringement by a data processor of the provisions of Regulation (EU) 2016/679 and of this organic law when determining the purposes and means of the processing, as provided in article 28.10 of the mentioned regulation.
n) Not having the registry of processing activities established in article 30 of Regulation (EU) 2016/679.
ñ) Not making available to the data protection authority that requested it, the registry of processing activities, as required by paragraph 4 of article 30 of Regulation (EU) 2016/679.

o) Not cooperating with the control authorities in the performance of their functions in cases not provided for in article 72 of this organic law.
p) The processing of personal data without carrying out a prior assessment of the elements mentioned in article 28 of this organic law.
q) The failure to notify the data controller of security breaches of which it was aware by the data processor.
r) The failure to notify the data protection authority of a personal data security breach in accordance with article 33 of Regulation (EU) 2016/679.
s) The failure to communicate to the affected party a security breach of the data in accordance with article 34 of Regulation (EU) 2016/679 if the data controller had been required by the data protection authority to carry out such notification.
t) The processing of personal data without having carried out the evaluation of the impact of the processing operations on the protection of personal data in cases where it is required.
u) The processing of personal data without having previously consulted the data protection authority in cases where such consultation is mandatory according to article 36 of Regulation (EU) 2016/679 or when the law establishes the obligation to carry out that consultation.
v) The failure to appoint a data protection officer when their appointment is required according to article 37 of Regulation (EU) 2016/679 and article 34 of this organic law.
w) Not enabling the effective participation of the data protection officer in all matters relating to the protection of personal data, not supporting them, or interfering in the performance of their functions.
x) The use of a seal or certification in data protection matters that has not been granted by a duly accredited certification body or in case the validity of the same had expired.

y) Obtaining accreditation as a certification body by presenting inaccurate information about compliance with the requirements demanded by article 43 of Regulation (EU) 2016/679.
z) The performance of functions that Regulation (EU) 2016/679 reserves to certification bodies,

without having been duly accredited as established in article 39 of this organic law.
aa) The failure by a certification body to comply with the principles and duties to which it is subject according to the provisions of articles 42 and 43 of Regulation (EU) 2016/679.
ab) The performance of functions that article 41 of Regulation (EU) 2016/679 reserves to supervisory bodies of codes of conduct without having been previously accredited by the competent data protection authority.
ac) The lack of adoption by the accredited bodies of supervision of a code of conduct of the measures that are appropriate in case of a breach of the code, as required by article 41.4 of Regulation (EU) 2016/679.

Considered Minor Infringements:

The remaining formal infringements of the articles mentioned in paragraphs 4 and 5 of article 83 of Regulation (EU) 2016/679 are considered minor and will prescribe after one year, in particular, the following:

a) The failure to comply with the principle of transparency of the information or the right of information of the affected party by not providing all the information required by articles 13 and 14 of Regulation (EU) 2016/679.
b) The demand for the payment of a fee to provide the affected party with the information required by articles 13 and 14 of Regulation (EU) 2016/679 or for attending the requests for the exercise of rights of the affected parties provided for in articles 15 to 22 of Regulation (EU) 2016/679, when permitted by its article 12.5, if its amount exceeded the cost of the costs faced to provide the information or carry out the requested action.
c) Not attending the requests for the exercise of the rights established in articles 15 to 22 of Regulation (EU) 2016/679, unless what is provided in article 72.1.k) of this organic law is applicable.
d) Not attending the rights of access, rectification, deletion, limitation of processing, or to data portability in treatments in which the identification of the affected party is not required, when this, for the exercise of those rights, has provided additional information that allows their identification, unless what is provided in article 73 c) of this organic law is applicable.
e) The failure to comply with the obligation of notification related to the rectification or deletion of personal data or the limitation of processing required by article 19 of Regulation (EU) 2016/679.
f) The failure to comply with the obligation to inform the affected party, when requested, of the recipients to whom the personal data have been communicated rectified, deleted, or with respect to which the processing has been limited.
g) The failure to comply with the obligation to delete the data referred to a deceased person when required under article 3 of this organic law.
h) The lack of formalization by the co-responsible of the processing of the agreement that determines the respective obligations, functions, and responsibilities with respect to the processing of personal data and their relations with the affected parties to which article 26 of Regulation (EU) 2016/679 refers or the inaccuracy in determining the same.
i) Not making available to the affected parties the essential aspects of the agreement formalized between the co-responsible for the processing, as required by article 26.2 of Regulation (EU) 2016/679.
j) The lack of compliance with the obligation of the data processor to inform the data controller about the possible infringement by an instruction received from this of the provisions of Regulation (EU) 2016/679 or of this organic law, as required by article 28.3 of the mentioned regulation.
k) The failure by the processor to comply with the stipulations imposed in the contract or legal act that regulates the processing or the instructions of the data controller, unless legally obliged to do so according to Regulation (EU) 2016/679 and this organic law or in cases where it was necessary to avoid the infringement of data protection legislation and it had been warned to the controller or the data processor.
l) Having a Registry of processing activities that does not incorporate all the information required by article 30 of Regulation (EU) 2016/679.
m) The incomplete, late, or defective notification to the data protection authority of the information related to a personal data security breach in accordance with article 33 of Regulation (EU) 2016/679.
n) The failure to comply with the obligation to document any security breach, required by article 33.5 of Regulation (EU) 2016/679.
ñ) The failure to comply with the duty to communicate to the affected party a security breach of the data that entails a high risk for the rights and freedoms of the affected parties, in accordance with article 34 of Regulation (EU) 2016/679, unless what is provided in article 73 s) of this organic law is applicable.

o) Providing inaccurate information to the Data Protection Authority, in cases where the data controller is required to submit a prior consultation, in accordance with Article 36 of Regulation (EU) 2016/679.
p) Failing to publish the contact details of the data protection officer, or failing to communicate them to the data protection authority, when their appointment is required in accordance with Article 37 of Regulation (EU) 2016/679 and Article 34 of this organic law.
q) Certification bodies failing to fulfill the obligation to inform the data protection authority of the issuance, renewal, or withdrawal of a certification, as required by paragraphs 1 and 5 of Article 43 of Regulation (EU) 2016/679.
r) Accredited bodies failing to comply with the obligation to inform data protection authorities about appropriate measures in the event of a breach of the code of conduct, as required by Article 41.4 of Regulation (EU) 2016/679.

9. Responsibilities

The parties commit to comply with their legal and contractual obligations arising under these Terms and Conditions. If a party fails to meet any of its obligations or impedes the other party from meeting theirs, the other party will have the right to claim compensation for damages caused, including both actual loss and loss of profit.

The parties will be liable for breaches they personally commit, with the other party being indemnified against any mistake, fault, or negligence not attributable to them, and any harm arising from such breaches or mistakes attributable to the other contracting party.

“THE HOLDER” in particular, will not be responsible in case of temporary unavailability of the Website due to technical reasons or maintenance previously announced, or the impossibility of contracting the software Services when this is due to circumstances beyond “THE HOLDER”, force majeure, or errors in the contracting process or data provided by the user. Every effort will be made to resolve this situation at the user’s request.

“THE HOLDER” will employ all technically available efforts to keep the Services offered through the Website available, which constitutes an obligation that, however, will not apply to any lack of availability or performance caused by:

Temporary inactivity of the Website due to update and/or technical maintenance or causes beyond “THE HOLDER”‘s control;
Force majeure;
Internet access problems;
Technical problems beyond the diligent and reasonable management of “THE HOLDER”;
Actions and omissions of third parties.
In all referred cases, beyond the control and due diligence of “THE HOLDER”, there will be no compensation to the user for loss of profit, damages, or losses.

The user fully exempts “THE HOLDER” from any liability that may arise from the content of the information provided or the consequences for the user of the existence of deficiencies in it.

10. Registered Users

10.1. Registered Users
A properly validated user, once the requirements set out in this section are met, acquires the status of registered user and is allowed access to the private area, which will be duly protected and with restricted access within the Website, as well as the acquisition and use of the software information Services.

10.2. Requirements for acquiring the status of Registered User
Both natural and legal persons can acquire the status of Registered User. The request to acquire the status of Registered User implies the correct completion of the registration form contained in the Website and the reading and express acceptance, without any reservations, of these Terms and Conditions contained in the Website, which are considered part of them. Only one Registered User per NIF, NIE, Passport, or National Identification Card (Identity Card) can exist.

Acceptance is manifested by confirming the registration request. Such request will always be made by an identified natural person, of legal age, and with full capacity to contract. When the registration request is made on behalf of a legal person, it will be verified that the person submitting the registration has the capacity to contract on its behalf as a proxy or administrator, this verification will be performed automatically based on the files of “THE HOLDER”. If not possible, the documentation justifying the representation held will be required. The natural person applicant will be responsible for the truthfulness of the information provided during the registration process and will personally respond to any consequences arising from the lack of authenticity of the same.

The Registered User declares that all information included in the form must be truthful, current, and adjusted to reality. Likewise, the Registered User commits to updating all information about their fiscal information in case of any alteration through the Private Area, with “THE HOLDER” not being responsible for the damages that may arise from this.

The lack of said communication exempts “THE HOLDER” from any responsibility, being the user the only one responsible before third parties for any legal or judicial actions initiated due to their non-compliance.

10.5. Acceptance of the Terms and Conditions and compliance with obligations

All Users must accept and comply with these Terms and Conditions and, especially, expressly commit to the fulfillment of the following obligations:

Truthfulness: The User must provide truthful information and keep, at all times, the information they provide up to date. The user will be the sole responsible for false or inaccurate statements made and the damages caused to “THE HOLDER” or third parties by the information they provide.
Confidentiality: The User must observe the duty of secrecy regarding personal data of which they become aware through the software, maintaining absolute confidentiality and reservation about them. Failure to comply with this obligation will lead to the corresponding liabilities.
Update: The User declares that all information included in the form is current and truthful. Likewise, the Registered User commits to updating (through the Administrator) all information in case of any alteration in it. Names, surnames, and identification documents must be kept up to date at all times.
Exemption from liability: The lack of said communication exempts “THE HOLDER” from any responsibility, being the user the only one responsible before third parties for any legal or judicial actions initiated due to their non-compliance.

10.6. Access to Services and management of identifiers
Access to the Private Area requires the use of an identification mechanism by the User, which may consist of the use of a digital certificate or the keys (username and password) provided for this purpose, meeting the robustness and security requirements established by “THE HOLDER”.

The User will be responsible for maintaining the confidentiality of their Identifier. Consequently, the User expressly accepts that “THE HOLDER” assumes that the use of the Services carried out using their Identifier is performed by them.

The password may be freely modified by the User through the procedures established for this purpose. The replaced password will be annulled as a means of identification, at the same moment the new one is generated. If the User becomes aware that the security of their password has been compromised, whether accidentally or fraudulently, by unauthorized persons, the User must proceed to modify it immediately.

“THE HOLDER” may block access and use of the Website when deemed necessary for security reasons. The Services will automatically be blocked for the User in the event of repeated successive errors in the entry of the User’s keys for their access or use.

“THE HOLDER” will adopt the organizational and technical measures necessary on its computer equipment to achieve adequate use of the Service by the User and prevent unauthorized access intended to proceed to unauthorized disclosures of the content of the Private Area.

The possibility of requesting a SBDC for a User from the Private Area will be conditional on the correct configuration of a virtual account for the payment of the Services, linked to the User.

Safeguard clause
In the event that one of the clauses or terms of these Terms and Conditions is declared null by a judicial sentence or firm arbitral resolution, the rest of the stipulations will not be affected. In such a case, the clause or clauses affected will be replaced by another or others that preserve the effects pursued by the Terms and Conditions of the Website.

Jurisdiction and applicable legislation
The current regulations will determine the laws that should govern and the jurisdiction that should be aware of the relationships between “THE HOLDER” and the users of the Website (the domicile of the user when they have the consideration of consumer). However, whenever such regulations foresee the possibility for the parties to submit to a determined jurisdiction, for any litigious issue arising or related to the Website, the current Spanish legislation at the time of the events will be applicable. Likewise, “THE HOLDER” and the users, expressly waiving any other jurisdiction that could correspond to them, submit to the Courts and Tribunals of the city of Madrid (Spain).

ANNEX – COMPLETE INFORMATION ON PERSONAL DATA PROTECTION

Data protection policy applicable to “THE HOLDER” as the Data Controller in the use of its services:

For the purposes established in REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the User is informed that the personal data provided will be subject to processing, acting “THE HOLDER” both as the data controller (and whose identifying data are contained in the heading of this document) and as the data processor.

What is the purpose of processing, the retention periods, and the recipients of the personal data information? This information varies depending on the service used, although within the framework of this contract the information applicable to the contracted service is, at a minimum, the following:

In the case of using “THE HOLDER”‘s website for the contracting of the service, the purpose is the management and control of Users registered on the Website, the provision and contracting of the Services performed by the Users through it, the processing of payments derived from the provision of such services, as well as the analysis of the use of the Website.
The legitimization or legal basis for these treatments is the subscription/execution by the user of this contract.
The criteria for the retention of personal data for these purposes it is the subscription/execution by the user of this agreement.
The criteria for the conservation of personal data for these purposes will be as follows. Personal data linked to the contractual relationship will be retained during the validity of such contractual relationship with the User and, at most, during the period for the statute of limitations of the corresponding legal actions, established at 7 years, unless the interested party authorizes their processing for a longer period.
Data will not be communicated to further recipients except in cases legally established under national or European law. The data capture form will specify which data can be included optionally and which are the minimum mandatory data, which are strictly necessary to fulfill the purposes mentioned above, especially for the identification of the user and assessment of their legitimate interest in accessing information, as well as for the invoicing of the services. Refusal to provide data marked as mandatory will prevent the contracting of services.

In cases where the User provides their card number with the purpose of proceeding to provide the requested services, it is communicated that this data is transmitted directly to the payment gateway provider Ingenico eCommerce Solutions, who is responsible for the secure storage of such data on their servers. To exercise their rights, users can contact this provider in the terms set out in their privacy policies. The user is informed that “THE HOLDER” does not have access at any time to the card data provided, and that the transmission of this data is necessary for the provision of the card payment service.

The following cases apply exclusively in case of using the services referenced as stated in this contract:

In case of using the User Support Services of “THE HOLDER” in the terms indicated in this document, the user is informed that the basis legitimizing the processing is the user’s own consent with the purpose of attending to the queries made proactively, which can be revoked at any time through the channels enabled on the website, and the legitimate interest of “THE HOLDER” in cases of contact with the user for the resolution of questions, communications, or incidents related to the service. The data provided for these purposes will be retained for the time necessary to address your query and even thereafter, in case there were any liabilities arising from the processing. The user is informed that, in case of using the telephone support service, the calls may be recorded for quality of service reasons, based on the legitimate interest of “THE HOLDER”. In this case, the data will be retained for a maximum of 6 months. The use of these services does not condition the execution of this contract, being support services to provide such service.
The rest of the information that in any case affects the data processing carried out within the framework of the execution of this contract is as follows:

“THE HOLDER” has adopted the necessary technical and organizational measures to guarantee the confidentiality, security, and integrity of the personal data provided, as well as to prevent their alteration, loss, processing, or unauthorized access, in accordance with the level of protection in line with data protection legislation.
In order to keep your personal data up-to-date, the User must report any changes that occur with respect to them, because otherwise, “THE HOLDER” cannot guarantee their accuracy, not being responsible for the damages that may arise from this in the provision of services. In all cases, “THE HOLDER” reserves the right to retain the Users’ data in cases where it is necessary to comply with obligations and responsibilities imposed by laws or mandatory regulations, or when required by mandate from a competent authority according to Law.
The User may send a letter to the address of “THE HOLDER” or via email to [email protected], with the Reference “Data Protection”, attaching a photocopy of their identity document, at any time and free of charge, to exercise the following rights:
Right to request access to personal data concerning the data subject.
Right to request its rectification or deletion.
Right to request the limitation of its processing.
Right to oppose the processing.
Right to the portability of the data.
In cases where the legitimization of the processing is based on consent, you have the right to withdraw it at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.
We inform you that there may be limitations on the exercise of the aforementioned rights depending on the specific processing in question.
You may also make use of the forms made available by the Spanish Data Protection Agency (AEPD). At the same time, the user can file a complaint with the Agency (www.aepd.es) when they consider that the rights recognized by the applicable data protection regulations have been violated.
You can contact the Data Protection Officer of “THE HOLDER” via the email: [email protected].