Contracting Conditions for the Provision of Services

The Spanish version of legal agreements and policies is considered as the only current and valid version of this document. Any translated version is provided for your convenience only, to facilitate reading and understanding of the Spanish version. Any translated versions are not legally binding and cannot replace the Spanish versions. In the event of disagreement or conflict, the Spanish language legal agreements and policies shall prevail.

 

1. Service Provider Identification

Holder: CITROFLEX
NRT: F-414402-R
Tax address: Avinguda Príncep Benlloch, núm. 66, Planta 3, Porta 3, (AD500) Andorra la Vella, Principat d’Andorra.
Phone: +376 387 347
E-mail: [email protected]
Data Protection Delegate: [email protected]

2. Purpose of the Contract

2.1. Definition of the Purpose of the Contract

This document sets out the contractual conditions governing the delivery by “THE OWNER” to users of the website of the programs offered through it, which consists of the website located at the URL https://mailerfind.com.

These Terms and Conditions regulate the acquisition by users of a software service for contact data search.

Therefore, these Terms and Conditions do not regulate legal matters related to the content of the information or compliance with current legislation.

However, for transparency and to provide better information to users so they can give informed prior consent, these Terms and Conditions include references to specific legal issues, merely to help users understand the necessary information for contracting the product.

Likewise, “THE OWNER”, in order to keep the contractual framework as up-to-date as possible, may make changes to these Terms and Conditions, which will be notified to the user in advance for acceptance or rejection if deemed substantial. In any case, it will be understood that the user expressly accepts such changes or updates if they contract the services offered by “THE OWNER” on the Website again after the new Terms have been adopted.

If accepted by the user, the new Terms and Conditions will fully replace the previous ones, taking effect on new subscriptions contracted by the user from the date of acceptance.

Checking the corresponding box during the contracting process, as well as following all the steps established for it electronically, constitutes the user’s express acceptance of these Terms and Conditions, having the same validity as a handwritten signature. Thus, the user acknowledges being a person with sufficient capacity to assume the obligations derived from their actions through the Website, having previously read and understood its content.

If the new Terms and Conditions are not accepted, the contractual relationship between the parties will be considered terminated from that moment, without prejudice to the fulfillment of any pending obligations, especially those of an economic nature arising from the previously supplied software.

The entire contracting process will be carried out through the electronic platform developed by “THE OWNER” in either Spanish or English, depending on the user’s selection.

2.2. Glossary of Terms

  • “THE OWNER”: CITROFLEX
  • Website: The web page located at the URL https://mailerfind.com through which the services can be contracted.
  • User: Any natural or legal person who requests any of the services offered by “THE OWNER” through the Website.
  • Private Area: A restricted area on the Website accessible only to registered users, aimed at optimizing service management.
  • Virtual Account: A payment system for services specifically enabled for registered users.
  • Identification Mechanism: Enables access to the users’ private area, either through a digital certificate or through the use of login credentials (username and password) provided by the registered user, meeting the robustness and security requirements established by “THE OWNER”.
  • Legal Notice: A clause that defines the scope, conditions, and effects under which the service agreement with “THE OWNER” is formed.
  • Terms and Conditions: A set of clauses contained in this document that define the scope of the service provision and the rights and obligations of the contracting parties.
  • Services: The software information services, which may also be used through the secure channel defined in these Terms and Conditions.
  • Digital Certificate: A signature certificate accepted under the applicable regulations.
  • Credit: A unit of measurement used within the system to quantify the use of services. Each credit entitles the user to perform a specific action or access a particular service on the platform, such as searching for contact data, using specific software tools, or querying the database. Credits are purchased through available packages or plans and are consumed based on the user’s effective use of the services.

3. Definition of Software Services

3.1. Software Information Services

Users may obtain, upon payment of the established fees, access to the different Software Services.

4. Procedure for Contracting the Services

The procedure for contracting the Services is carried out entirely electronically through the Website. Services may be requested twenty-four (24) hours a day, every day of the week. Service interruptions may occur due to system maintenance or other necessary reasons.

Applicants must complete an electronic form available on the Website that includes the required fields for identification and, if applicable, proof of representation, in addition to the necessary data required by tax and billing regulations.

User identification may be completed by filling in the data requested in the appropriate form.

4.1. Users Who May Access the Services

Both natural and legal persons properly identified may become users and thus request the Services. However, the request must always be submitted by a natural person of legal age with full legal capacity to contract on their own behalf or on behalf of the legal entity they represent. The applicant shall be responsible for the accuracy of the data provided in the application form.

4.4. Use of Information and Personal Data Protection

The applicant agrees, in accordance with personal data legislation, not to use the information for any purpose other than those legally permitted and not to incorporate its content into any database for commercial or automated processing.

The information provided to the user is for their exclusive use and is non-transferable. The retransmission or transfer, even free of charge, of such information by the user to any other person is strictly prohibited.

It is absolutely forbidden to incorporate the data contained in this document into computerized databases or files that could be individually queried by third parties, even if the source of the information is cited. The user who violates this provision expressly exempts “THE OWNER” from any liability that may arise, given that they have given their prior and informed consent to these general Terms and Conditions.

As indicated, failure to comply with these obligations may also result in liabilities under European and national data protection laws in force at any given time.

All information related to personal data protection is available in section 9 of this contract and the corresponding annex.

5. Economic Conditions and Taxation

5.1. Costs of the Software Services

5.1.1. Market Information Software

The cost of the Market Information Services is freely determined by “THE OWNER” and may be subject to changes at any time, without giving rise to any claim for compensation and/or withdrawal.

5.2. Payment Methods for Software Services

“THE OWNER” will proceed to charge for the services immediately after validation by the occasional user, whose payment may be made through any of the following payment methods:

  • Credit/Debit Cards: Accepted cards are those operating through Visa, MasterCard, or American Express networks.

5.3. Applicable Taxes

All accrued amounts must be increased by the applicable taxes according to the following details:

5.3.1. Individual Recipients

All transactions under this contract are subject to the Impost General Indirecte (IGI) pursuant to Law 11/2012 of June 21 and other current tax regulations in the Principality of Andorra, as “THE OWNER” has its fiscal domicile in this territory.

However, under Article 7 of the aforementioned Law and Law 30/2007 of December 20 on the Income Tax of Non-Fiscal Residents, if the invoice recipient is a non-resident individual or legal entity and the service is deemed provided outside Andorran territory according to applicable regulations, the transaction may be exempt from IGI.

In such cases, invoices issued to clients with residence or permanent establishment outside Andorra will not include indirect taxes, and the recipient will be solely responsible for fulfilling their fiscal obligations in their jurisdiction.

5.3.2. Business or Professional Recipients

What is established in clause 5.3.1 shall apply: transactions are subject to IGI under Law 11/2012 of June 21, regardless of the recipient’s location, as long as the taxable event is localized in Andorra.

Nevertheless, if the recipient is a business or professional with domicile or permanent establishment outside Andorra and the services are deemed provided outside Andorran territory, the invoice may be issued without IGI. In such cases, the recipient is solely responsible for declaring and settling any applicable taxes.

5.5. Payments by Bank Card

The occasional user may pay for the Services via bank card through the Stripe payment gateway, in accordance with the conditions established by Stripe.

At no time during the purchase process will “THE OWNER” have access to payment data, which is encrypted directly through the payment gateway with security systems that prevent interception, alteration, or forgery. “THE OWNER” does not store such data and cannot be held liable for any fraudulent use by third parties.

All payments over the Internet will be processed via a secure SSL-encrypted external platform that complies with the European PSD2 payment regulations.

5.6. Payment and Invoicing

The contract will only be considered effective when “THE OWNER” receives payment confirmation. If payment is denied or the full amount is not received, the contract will be suspended, and the user will be notified.

Once the user has contracted the Services and completed payment through one of the accepted methods, they may download the contract details via an enabled link, provided the Services have not been denied.

Invoices will be issued electronically, in compliance with the Andorran Regulation on Billing Obligations, effective from July 2024.

Should the user wish to receive the invoice in another format, they must request it explicitly by contacting “THE OWNER,” who will assess the request according to applicable law.

Failure to pay any invoice will result in the denial of the requested Service.

5.7. Billing Information

The user is responsible for providing all necessary and accurate data for proper invoicing. They will also be liable for any damages to “THE OWNER” or third parties due to outdated, false, or inaccurate billing information, or the use of personal credentials by unauthorized third parties.

If contracting on behalf of a legal entity, the user must be duly authorized and will be held liable for any default caused by inaccurate representation. The legal entity, upon accepting the first payment, cannot later claim lack of authorization.

6. Conditions for Using the Contact Data Search Software (SBDC)

Users will only have access to the information once the application process is completed and payment has been confirmed.

The content provided through the information software is for the exclusive and personal use of the user and may not be used commercially. Users may not modify, adapt, disclose, resell, or distribute this information, whether for profit or free of charge, beyond what is permitted under legitimate interest.

In compliance with applicable laws, the user agrees not to include the information in databases accessible to individuals or entities other than the user.

To ensure compliance with data protection laws and prevent global data scraping, massive information requests from the same user may be limited.

By using the software, the user accepts and agrees to use the personal data obtained in accordance with EU Regulation 2016/679 (GDPR) and the corresponding national laws in force.

6.1. Use on Devices and Simultaneous Analyses

6.1.1. Mailerfind is designed to be used on one device per user at a time. Multiple simultaneous device use is not allowed.
6.1.2. Our system allows only one analysis at a time per user. Simultaneous analyses are strictly prohibited.
6.1.3. This policy helps prevent misuse and ensures the integrity of our product.
6.1.5. We reserve the right to take legal action in case of policy violation, including judicial proceedings to protect our rights.

7. Right of Withdrawal

In accordance with Royal Legislative Decree 1/2007 of November 16, approving the consolidated text of the General Law for the Defense of Consumers and Users, the user has the right to withdraw from the contract within 14 calendar days from the date of the service request.

In addition to the conditions already stipulated, and to ensure fair compensation for the services provided, an additional clause is introduced regarding the use of acquired credits. It is established that, if the user consumes more than 25% of the total credits included in the contracted Service, or a total of 25,000 credits, they will irrevocably lose their right of withdrawal, regardless of the aforementioned 14-day period.

This measure is justified by the acknowledgment that consuming a significant portion of the credits constitutes effective and substantial use of the Service. Therefore, withdrawal under such circumstances would result in a disproportion between the benefit received and the compensation owed to “THE OWNER.”

This clause aims to maintain contractual balance and ensure that the resources and efforts invested in delivering the Service are adequately recognized and compensated. Thus, the user accepts that, by consuming more than 25% of the acquired credits, they are acknowledging that the Service has begun with their express consent and, consequently, the right of withdrawal is nullified.

This provision is considered essential to prevent abuse of the withdrawal policy, safeguarding the integrity and sustainability of “THE OWNER”’s business model and ensuring a fair commercial relationship for both parties.

Therefore, the user expressly agrees that if the withdrawal occurs once the software information Service has been fully executed, the right of withdrawal shall be forfeited.

Additionally, in line with the above provisions and for further clarification, the right of withdrawal does not apply to Services acquired using promotional coupons.

In such cases, the user acknowledges and accepts that due to the specific nature of the transaction made through a promotional coupon, the acquisition process is considered final and non-refundable once the Service has been activated or used.

This exclusion of the right of withdrawal is based on the understanding that promotional coupons offer specific, limited-time conditions that imply a different agreement than a standard purchase.

Therefore, users are advised to carefully consider the use of promotional coupons and be fully aware that, by choosing this method of acquisition, they waive the right of withdrawal granted under the general Terms and Conditions.

This clause aims to preserve fairness and transparency in transactions made under special promotional conditions while ensuring the protection of the legitimate interests of both the user and “THE OWNER.”

If the user exercises their right of withdrawal within the applicable timeframe and manner, “THE OWNER” will refund the payments made within 14 calendar days from the date we are informed of the user’s decision. The refund will be processed using the same payment method used by the user. If a refund through the same method is not possible due to reasons beyond “THE OWNER”’s control, an alternative refund option will be arranged, with the amount held as a deposit available to the user until a suitable method is found.

For all purposes, individuals or legal entities, including non-profit entities, requesting the Services for a purpose related to their business, trade, craft, or profession are not considered consumers or users.

If a user initiates a bank dispute regarding charges made for Software Services, regardless of the legitimacy or outcome of the dispute, an administrative fee will apply. This fee will be 50 euros plus applicable VAT, to cover the costs of managing the dispute.

Additionally, the user will be billed for the cost of using the Software up to the date the dispute is lifted. This billing will be done through the previously associated payment method in the user’s account. If no payment method is linked, the user will be required to make a bank transfer for the owed amount.

The invoice issued for these concepts must be paid by the user within the stipulated deadline. If payment is not made, the appropriate procedures will be initiated to recover the owed amount, including potential involvement of debt collection agencies.

By accepting these Terms and Conditions, the user explicitly acknowledges and agrees to this clause, being fully aware of the financial implications of initiating a bank dispute related to the Software Services provided by “THE OWNER.”

8. Basic information on data protection in the use of the software.

For the purposes of compliance with the General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights, the user undertakes not to commit any of the infringements listed below with the software purchased and, in the event of such infringements, expressly exempts “The Owner” from any liability whatsoever.
Infringements considered very serious
* In accordance with the provisions of Article 83.5 of Regulation (EU) 2016/679, infringements that involve a substantial breach of the articles mentioned therein and, in particular, the following are considered very serious and shall be subject to the statute of limitations after three years:
* a) Processing personal data in breach of the principles and guarantees set out in Article 5 of Regulation (EU) 2016/679.
* (b) Processing of personal data without meeting any of the conditions of lawfulness of processing laid down in Article 6 of Regulation (EU) 2016/679.
* (c) failure to comply with the requirements of Article 7 of Regulation (EU) 2016/679 for the validity of the consent
* (d) The use of the data for a purpose which is not compatible with the purpose for which they were collected, without the consent of the data subject or without a legal basis for doing so.
* e) The processing of personal data of the categories referred to in Article 9 of Regulation (EU) 2016/679, without the existence of any of the circumstances provided for in that provision and in Article 9 of this Organic Law.
* f) The processing of personal data relating to criminal convictions and offences or related security measures outside the cases permitted by Article 10 of Regulation (EU) 2016/679 and Article 10 of this Organic Law.
* g) The processing of personal data related to administrative offences and penalties outside the cases permitted by Article 27 of this Organic Law.
* h) The omission of the duty to inform the data subject about the processing of his or her personal data pursuant to the provisions of Articles 13 and 14 of Regulation (EU) 2016/679 and 12 of this Organic Law.
* i) Infringement of the duty of confidentiality established in Article 5 of this Organic Law.
* j) Demanding payment of a fee for providing the data subject with the information referred to in Articles 13 and 14 of Regulation (EU) 2016/679 or for responding to requests to exercise the rights of data subjects provided for in Articles 15 to 22 of Regulation (EU) 2016/679, outside the cases established in Article 12.5 thereof.
* (k) preventing, hindering or repeatedly failing to exercise the rights set out in Articles 15 to 22 of Regulation (EU) 2016/679.
* (l) the international transfer of personal data to a recipient in a third country or to an international organisation, where the safeguards, requirements or exceptions set out in Articles 44 to 49 of Regulation (EU) 2016/679 are not met.
* (m) failure to comply with decisions taken by the competent data protection authority in exercise of the powers conferred on it by Article 58(2) of Regulation (EU) 2016/679.
* n) Failure to comply with the obligation to block data established in Article 32 of this Organic Law when the same is enforceable.
* ñ) Failure to facilitate access by the staff of the competent data protection authority to personal data, information, premises, equipment and means of processing that are required by the data protection authority for the exercise of its investigative powers.
* (o) Resisting or obstructing the exercise of the inspection function by the competent data protection authority.
* p) deliberately reversing an anonymisation procedure in order to allow the re-identification of data subjects.
* Infringements referred to in Article 83(6) of Regulation (EU) 2016/679 shall be considered as such and shall also be subject to a three-year statute of limitations.
Infringements considered to be serious
In accordance with the provisions of Article 83.4 of Regulation (EU) 2016/679, infringements that constitute a substantial breach of the articles mentioned therein, and in particular the following, shall be considered serious and shall be subject to the statute of limitations after two years:
1. a) The processing of personal data of a minor without obtaining his or her consent, where he or she has the capacity to do so, or that of the holder of his or her parental authority or guardianship, in accordance with Article 8 of Regulation (EU) 2016/679.
2. b) Failure to demonstrate that reasonable efforts have been made to verify the validity of the consent given by a minor or by the holder of parental authority or guardianship over the minor, as required by Article 8(2) of Regulation (EU) 2016/679.
3. c) The hindering or obstruction or repeated failure to exercise the rights of access, rectification, erasure, restriction of processing or data portability in processing operations in which the identification of the data subject is not required, when the data subject, for the exercise of those rights, has provided additional information that allows his or her identification.
4. d) Failure to adopt those technical and organisational measures that are appropriate to effectively apply the principles of data protection by design, as well as failure to integrate the necessary safeguards in the processing, in the terms required by Article 25 of Regulation (EU) 2016/679.
(e) Failure to take appropriate technical and organisational measures to ensure that, by default, only personal data necessary for each of the specific purposes of the processing, as required by Article 25(2) of Regulation (EU) 2016/679, are processed.
6. f) Failure to take appropriate technical and organisational measures to ensure a level of security appropriate to the risk of the processing, as required by Article 32(1) of Regulation (EU) 2016/679.
7. g) Breach, as a result of a lack of due diligence, of the technical and organisational measures that have been implemented as required by Article 32.1 of Regulation (EU) 2016/679.
8. h) Failure to comply with the obligation to appoint a representative of the controller or processor not established in the territory of the European Union, as provided in Article 27 of Regulation (EU) 2016/679.
9. (i) Failure by the representative in the Union of the controller or processor to comply with requests made by the data protection authority or by data subjects.
10. (j) The hiring by the controller of a processor who does not provide sufficient guarantees to implement appropriate technical and organisational measures in accordance with Chapter IV of Regulation (EU) 2016/679.
11. k) Entrusting the processing of data to a third party without the prior conclusion of a contract or other written legal act with the content required by Article 28(3) of Regulation (EU) 2016/679.
12. l) Contracting by a processor of other processors without the prior authorisation of the controller, or without having informed the controller of changes in the subcontracting where legally required.
13. m) Infringement by a processor of the provisions of Regulation (EU) 2016/679 and of this Organic Law, when determining the purposes and means of processing, in accordance with the provisions of Article 28.10 of the aforementioned Regulation.
14. n) Not having the register of processing activities established in article 30 of Regulation (EU) 2016/679.
ñ) Failure to make the register of processing activities available to the data protection authority upon request, in accordance with Article 30(4) of Regulation (EU) 2016/679.
1. o) Failure to cooperate with the supervisory authorities in the performance of their duties in the cases not provided for in Article 72 of this Organic Law.
2. p) Processing personal data without carrying out a prior assessment of the elements referred to in Article 28 of this Organic Law.
3. q) Breach of the duty of the data processor to notify the data controller of any security breaches of which he/she becomes aware.
4. r) Failure to comply with the duty to notify the data protection authority of a personal data security breach in accordance with the provisions of Article 33 of Regulation (EU) 2016/679.
5. s) Failure to notify the data subject of a data security breach in accordance with Article 34 of Regulation (EU) 2016/679 if the controller has been required by the data protection authority to carry out such notification.
6. t) Processing of personal data without having carried out the personal data protection impact assessment of the processing operations in cases where such assessment is required.
7. u) Processing personal data without having first consulted the data protection authority in cases where such consultation is required under Article 36 of Regulation (EU) 2016/679 or where the law provides for an obligation to carry out such consultation.
8. v) Failure to comply with the obligation to appoint a data protection officer when his or her appointment is required in accordance with Article 37 of Regulation (EU) 2016/679 and Article 34 of this Organic Law.
9. w) Failing to enable the effective participation of the data protection officer in all matters relating to the protection of personal data, failing to support him or her or interfering in the performance of his or her duties.
10. x) The use of a data protection seal or certification that has not been granted by a duly accredited certification body or in the event that the validity thereof has expired.

1. y) Obtaining accreditation as a certification body by submitting inaccurate information on compliance with the requirements of Article 43 of Regulation (EU) 2016/679.
2. z) The performance of functions that Regulation (EU) 2016/679 reserves to certification bodies, without having been duly accredited in accordance with the provisions of article 39 of this organic law.
3. aa) Failure by a certification body to comply with the principles and duties to which it is subject as provided for in Articles 42 and 43 of Regulation (EU) 2016/679.
4. ab) The performance of functions that Article 41 of Regulation (EU) 2016/679 reserves to code of conduct supervisory bodies without having been previously accredited by the competent data protection authority.
5. ac) Failure of accredited code of conduct supervisory bodies to take appropriate action in the event of a breach of the code, as required by Article 41(4) of Regulation (EU) 2016/679.

Infringements considered minor
Other infringements of a purely formal nature of the Articles referred to in Article 83(4) and (5) of Regulation (EU) 2016/679, and in particular the following, shall be considered minor and shall be subject to the statute of limitations after one year:
1. a) Failure to comply with the principle of transparency of information or the right of information of the person concerned by not providing all the information required by Articles 13 and 14 of Regulation (EU) 2016/679.
2. b) Requiring payment of a fee for providing the data subject with the information required by Articles 13 and 14 of Regulation (EU) 2016/679 or for complying with requests to exercise the rights of data subjects provided for in Articles 15 to 22 of Regulation (EU) 2016/679, where permitted by Article 12(5) thereof, if the amount of the fee exceeds the amount of the costs incurred in providing the information or taking the action requested.
3. c) Failure to respond to requests to exercise the rights established in Articles 15 to 22 of Regulation (EU) 2016/679, unless the provisions of Article 72.1.k) of this Organic Law apply.
4. d) Failure to comply with the rights of access, rectification, erasure, limitation of processing or data portability in processing operations in which the identification of the data subject is not required, when the data subject, in order to exercise those rights, has provided additional information that enables his or her identification, unless the provisions of Article 73 c) of this Organic Law apply.
5. e) Failure to comply with the obligation to notify the rectification or erasure of personal data or the restriction of processing required by Article 19 of Regulation (EU) 2016/679.
6. f) Breach of the obligation to inform the data subject, where he or she has so requested, of the recipients to whom the personal data rectified, erased or in respect of whom the processing has been restricted have been disclosed.
7. g) Failure to comply with the obligation to erase data referring to a deceased person when this is required pursuant to Article 3 of this Organic Law.
8. h) Failure by the joint controllers to formalise the agreement determining the respective obligations, functions and responsibilities with respect to the processing of personal data and their relations with data subjects, as referred to in Article 26 of Regulation (EU) 2016/679, or inaccuracy in the determination thereof.
9. i) Failure to make available to data subjects the essential aspects of the agreement concluded between the joint controllers, as required by Article 26(2) of Regulation (EU) 2016/679.
10. j) Failure to comply with the obligation of the processor to inform the controller about the possible infringement by an instruction received from the controller of the provisions of Regulation (EU) 2016/679 or of this Organic Law, as required by Article 28.3 of the aforementioned Regulation.
11. k) Failure by the processor to comply with the stipulations imposed in the contract or legal act regulating the processing or the instructions of the controller, unless he/she is legally obliged to do so in accordance with Regulation (EU) 2016/679 and this Organic Law or in cases where it was necessary to prevent the infringement of data protection legislation and the controller or processor had been warned of this.
12. l) Having a Register of processing activities that does not incorporate all the information required by Article 30 of Regulation (EU) 2016/679.
13. m) Incomplete, late or defective notification to the data protection authority of information related to a personal data security breach in accordance with the provisions of Article 33 of Regulation (EU) 2016/679.
14. n) Failure to document any security breach, as required by Article 33(5) of Regulation (EU) 2016/679.
ñ) Failure to comply with the duty to notify the data subject of a data security breach involving a high risk to the rights and freedoms of data subjects, as required by Article 34 of Regulation (EU) 2016/679, unless the provisions of Article 73 s) of this Organic Law are applicable.
1. o) Providing inaccurate information to the Data Protection Authority, in those cases in which the data controller must submit a prior consultation to it, in accordance with Article 36 of Regulation (EU) 2016/679.
2. p) Failure to publish the contact details of the data protection officer, or to communicate them to the data protection authority, when his or her appointment is required in accordance with Article 37 of Regulation (EU) 2016/679 and Article 34 of this Organic Law.
3. q) Failure by certification bodies to inform the data protection authority of the issuance, renewal or withdrawal of a certification, as required by Article 43(1) and (5) of Regulation (EU) 2016/679.
4. r) Failure by accredited supervisory bodies of a code of conduct to inform data protection authorities of the measures to be taken in case of a breach of the code, as required by Article 41(4) of Regulation (EU) 2016/679.

9. Responsibilities

Las partes se comprometen a cumplir con sus obligaciones legales y contractuales generadas en virtud de las presentes Condiciones de contratación. Si una parte no cumple alguna de sus obligaciones u obstaculiza el cumplimiento por la otra parte de las suyas, se generará el derecho de esa otra parte a reclamar una indemnización por los daños y perjuicios causados, tanto por daño emergente como por lucro cesante.

Las partes responderán de las infracciones en que hubiesen incurrido personalmente, quedando indemne la parte contraria frente a cualquier error, culpa o negligencia no imputable a ella, y a todo perjuicio que se derivase de dichas infracciones o errores imputables a la otra parte contratante.

“EL TITULAR” en particular, no será responsable en caso de indisponibilidad temporal del Sitio web por razones técnicas o de mantenimiento previamente anunciado o de la imposibilidad de contratar los Servicios de software cuando ello sea por circunstancias ajenas a “EL TITULAR”, fuerza mayor o error en el proceso de contratación o datos facilitados por el usuario. Se realizarán los mayores esfuerzos para tratar de solventar esta situación con la petición del usuario.

“EL TITULAR” empleará todos los esfuerzos técnicamente a su alcance para mantener disponibles los Servicios ofrecidos a través del Sitio web, lo que constituye una obligación que, no obstante, no será de aplicación a cualquier falta de disponibilidad o de rendimiento provocada por:

  • Inactividad temporal del Sitio web debido a actualización y/o mantenimiento técnico o causas ajenas al control de “EL TITULAR”;
  • Fuerza mayor;
  • Problemas de acceso a Internet;
  • Problemas tecnológicos más allá de la gestión diligente y razonable del “EL TITULAR”;
  • Acciones y omisiones de terceros.

En todos los casos referidos, ajenos al control y la diligencia debida por “EL TITULAR”, no habrá lugar a indemnización al usuario por lucro cesante, daños o perjuicios.

El usuario exonera totalmente a “EL TITULAR” de cualquier responsabilidad que pudiera derivarse del contenido de la información suministrada o de las consecuencias para el usuario de la existencia de deficiencias en la misma.

10. Registered Users

10.1. Registered users
A duly validated user, once the requirements set out in this section have been met, acquires the status of registered user and is granted access to the private area, which will be duly protected and with restricted access within the Website, as well as the acquisition and use of the Software Information Services.

10.2. Requirements for acquiring the status of a Registered User
The status of a Registered User may be acquired by natural and legal persons. The application for the acquisition of the status of registered User implies the correct completion of the registration form contained on the Website and the reading and express acceptance, without reservation, of the present Terms and Conditions contained on the Website, which is considered part of the same. There may only be one registered User per NIF, NIE, Passport or National Identification Card (Identity Card).

Acceptance will be expressed when confirming the registration request. This request shall always be made by an identified natural person, of legal age and with full capacity to contract. When the registration request is made on behalf of a legal entity, it will be verified that the person making the registration has the capacity to contract on its behalf as a proxy or administrator; this verification will be carried out automatically based on the files of the “THE OWNER”. If this is not possible, supporting documentation will be required to prove the representation held. The individual applicant will be responsible for the veracity of the information provided during the registration process and will be personally liable for any consequences arising from the lack of authenticity of the same.
The registered User declares that all the information included in the form must be truthful, current and accurate. Likewise, the registered User undertakes to update all the information on his/her tax information in the event of any alteration through the Private Area, and “THE OWNER” shall not be liable for any damages that may arise from this.
The lack of the aforementioned communication exempts “THE OWNER” from any liability, with the user being solely liable to third parties for any legal or judicial actions that may be initiated as a result of non-compliance.

10.5. Acceptance of the Conditions of Contract and fulfilment of obligations

All Users must accept and comply with these Terms and Conditions and, in particular, expressly undertake to comply with the following obligations:
* Truthfulness: The User must provide truthful information and keep the information provided updated at all times. The user shall be solely responsible for any false or inaccurate statements made and for any damage caused to “THE HOLDER” or third parties as a result of the information provided.
* Confidentiality: The User shall observe the duty of secrecy with respect to the personal data of which he/she becomes aware through the software, maintaining absolute confidentiality and reserve with respect to the same. Failure to comply with this obligation will give rise to the consequent responsibilities.
* Updating: The User declares that all the information included in the form is current and truthful. Likewise, the registered User undertakes to update (through the Administrator) all the information in the event of any alteration in the same. Names, surnames and identification documents must be kept up to date at all times.
* Exemption from liability: The lack of the aforementioned communication exempts “THE OWNER” from any liability, with the user being solely liable to third parties for any legal or judicial actions that may be initiated due to non-compliance.

10.6. Access to the Services and management of identifiers
Access to the Private Area requires the use of an identification mechanism by the User, which may consist of the use of a digital certificate or the keys (username and password) provided for this purpose, complying with the robustness and security requirements established by “THE OWNER”.
The User shall be responsible for maintaining the confidentiality of his/her Identifier. Consequently, the User expressly accepts that “THE OWNER” presumes that the uses of the Services made using his or her Identifier are made by him or her.
The password may be freely modified by the User through the procedures established for this purpose. The replaced password will be cancelled as a means of identification at the same time as the new one is generated. If he/she becomes aware that the security of his/her password has been compromised, either accidentally or fraudulently, by unauthorised persons, the User must proceed to modify it immediately.
“THE OWNER” may block access to and use of the Website when it deems it necessary for security reasons. The Services will be automatically blocked for the User in the event of repeated successive errors in entering the User’s passwords for access or use.
“THE OWNER shall adopt the necessary organisational and technical measures on its computer equipment to ensure proper use of the Service by the User and to prevent unauthorised access aimed at unauthorised disclosure of the content of the Private Area.
The possibility of a User’s requesting the SBDC from the Private Area shall be conditional upon the correct configuration of a virtual account for payment of the Services, linked to the User.
1. Safeguard clause
In the event that one of the clauses or terms of these Terms and Conditions is declared null and void by a court ruling or final arbitration decision, the rest of the stipulations shall not be affected. In such an event, the clause or clauses affected shall be replaced by another or other clauses that preserve the effects pursued by the Website Terms and Conditions.

1. Jurisdiction and applicable legislation
The legal relations between “THE OWNER” and the users of this Website shall be governed by the regulations in force in the Principality of Andorra, including, where applicable, the provisions of the Andorran Civil Code, the Law of Justice and other complementary applicable regulations.
For the resolution of any controversy, claim or litigation that may arise on the occasion of access, use or contracting of services through the Website, the parties agree, expressly waiving any other jurisdiction that may correspond to them, to submit to the exclusive jurisdiction of the Courts and Tribunals of the Principality of Andorra, in particular those located in Andorra la Vella.
In the event that this contract contemplates alternative dispute resolution mechanisms, such as mediation or arbitration, these will be interpreted and executed in accordance with Andorran legislation, and will be submitted to the competent authorities or entities of the Principality. Likewise, the rules of Andorran International Private Law shall be applied to determine the applicable law in situations with transnational elements, as well as for the recognition and execution of decisions handed down by foreign courts.

APPENDIX – COMPLETE INFORMATION ON PERSONAL DATA PROTECTION
Data protection policy applicable to “THE HOLDER” as Data Controller in the use of its services:

For the purposes established in REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) , the User is informed that the personal data provided will be subject to processing, with “THE HOLDER” acting both as data controller (and whose identification details are set out in the header of this document) and as data processor.
What is the purpose of the processing, the storage periods and the recipients of the personal information? This information varies depending on the service used, although within the framework of this contract the information applicable to the service contracted is, as a minimum, the following:
* In the case of use of the website of “THE OWNER” for the contracting of the service, the purpose is the management and control of the Users registering on the Website, the provision and contracting of the Services carried out by the Users through the same, the processing of the payments derived from the provision of said services, as well as the analysis of the use of the Website.
* The legitimisation or legal basis for this processing is the subscription/execution by the user of this contract.
* The criteria for the conservation of personal data for these purposes shall be as follows. The personal data linked to the contractual relationship will be kept for the duration of the contractual relationship with the User and, at the most, for the period of limitation of the corresponding legal actions, which is set at 7 years, unless the interested party authorises its processing for a longer period.
The data will not be communicated to other recipients except in the cases legally established in national or European law. The data capture form will specify which data may be included optionally and which are the minimum compulsory data, which are strictly necessary to comply with the aforementioned purposes, especially with the identification of the user and assessment of their legitimate interest for access to information, as well as for the billing of services. Refusal to provide the data marked as obligatory will prevent the contracting of services.
In cases where the User provides his/her card number in order to be able to provide the services requested, it is hereby communicated that this data is transmitted directly to the Ingenico eCommerce Solutions payment gateway provider, which is responsible for the secure storage of this data on its servers. To exercise your rights, you may contact this provider under the terms established in its privacy policies. The user is informed that “THE HOLDER” does not have access at any time to the card data provided, and that the transmission of this data is necessary for the provision of the card payment service.
The following cases apply exclusively in case of making use of the referenced services as stated in this contract:
* In the event of making use of the User Attention Services of “THE HOLDER” in the terms indicated in this document, the user is informed that the basis that legitimises the processing is the user’s own consent for the purpose of attending to the queries that he/she makes proactively, which he/she may revoke at any time through the channels enabled on the website, and the legitimate interest of “THE HOLDER” in cases of contact with the user for the resolution of questions, communications or incidents relating to the service. The data provided for these purposes will be kept for the time necessary to deal with your query and even afterwards, in the event of any liability arising from the processing carried out. The user is informed that, in the event of using the telephone service, calls may be recorded for reasons of quality of service, based on the legitimate interest of “THE OWNER”. In this case, the data will be kept for a maximum of 6 months. The use of these services does not condition the execution of this contract, being support services to provide such service.
The rest of the information that in any case affects the data processing carried out within the framework of the execution of the present contract is the following:
* “THE HOLDER” has adopted the necessary technical and organisational measures to guarantee the confidentiality, security and integrity of the personal data provided, as well as to avoid its alteration, loss, unauthorised processing or access, in accordance with the level of protection in accordance with data protection legislation.
* In order to keep their personal data up to date, the User must inform of any changes that occur with respect to them, otherwise “THE HOLDER” cannot be held responsible for their veracity, and shall not be liable for any damages that may arise from this in the provision of services. In all cases, “THE OWNER” reserves the right to keep Users’ data in cases where this is necessary to comply with the obligations and responsibilities imposed by law or mandatory regulations, or when required to do so by order of a competent authority in accordance with the law.
* The User may send a letter to the address of “THE OWNER” or by e-mail to [email protected], with the Reference “Data Protection”, attaching a photocopy of his/her identity document, at any time and free of charge, in order to exercise the following rights:
* Right to request access to personal data relating to the data subject.
* Right to request its rectification or deletion.
* Right to request the limitation of their processing.
* Right to object to the processing.
* The right to data portability.
* In cases where the legitimacy of the processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
* Please note that there may be limitations on the exercise of the rights described above depending on the specific processing to which it relates.
* You may also make use of the forms made available by the Spanish Data Protection Agency (AEPD). At the same time, the user can make a complaint to the said Agency (www.aepd.es) when he/she considers that his/her rights under the applicable data protection regulations have been infringed.
* You may contact the Data Protection Officer of “THE OWNER” by e-mail: [email protected].