INFORMATION ON DATA PROTECTION

Information in compliance with personal data protection regulations.

The Management / Governing Body of Sipay Plus S.L. (hereinafter, the Data Controller), assumes the maximum responsibility and commitment to the establishment, implementation and maintenance of this Data Protection Policy, ensuring the continuous improvement of the Data Controller with the aim of achieving excellence in relation to compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and Spanish personal data protection regulations (Organic Law, specific sectoral legislation and its implementing rules).

The Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework governing said Policy, and is able to demonstrate this to the competent supervisory authorities.

In this regard, the controller shall be governed by the following principles that should serve as a guide and frame of reference for all its staff in the processing of personal data:

  1. Data protection by design: the controller shall implement, both at the time of the determination of the means of processing and at the time of the processing itself, appropriate technical and organisational measures, such as pseudonymisation, designed to effectively implement data protection principles, such as data minimisation, and to integrate the necessary safeguards into the processing.
  2. Data protection by default: the controller shall implement appropriate technical and organisational measures with a view to ensuring that, by default, only personal data that are necessary for each of the specific purposes of the processing are processed.
  3. Data protection in the information lifecycle: measures ensuring the protection of personal data shall apply throughout the entire information lifecycle.
  4. Lawfulness, fairness and transparency: personal data shall be processed lawfully, fairly and transparently in relation to the data subject.
  5. Purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a way incompatible with those purposes.
  6. Data minimisation: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  7. Accuracy: personal data shall be accurate and, where necessary, kept up to date; all reasonable steps shall be taken to ensure that personal data which are inaccurate in relation to the purposes for which they are processed are erased or rectified without delay.
  8. Retention limitation: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  9. Integrity and confidentiality: personal data shall be processed in such a way as to ensure appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by implementing appropriate technical or organisational measures.
  10. Information and training: one of the keys to ensuring the protection of personal data is the training and information provided to staff involved in the processing of personal data. During the life cycle of the information, all staff with access to the data shall be adequately trained and informed about their obligations in relation to compliance with data protection regulations.

The Data Protection Policy of Sipay Plus S.L. is communicated to all staff of the data controller and made available to all interested parties.

Consequently, this Data Protection Policy involves all the staff of the data controller, who must be aware of it and accept it, considering it as their own, with each member being responsible for applying it and verifying the data protection regulations applicable to their activity, as well as identifying and providing the opportunities for improvement that they consider appropriate with the aim of achieving excellence in relation to their compliance.

This Policy will be reviewed by the Management / Governing Body of Sipay Plus S.L., as many times as deemed necessary, in order to adapt, at all times, to the provisions in force regarding the protection of personal data.

In Europe and Spain there are rules to respect your fundamental right to the protection of your personal data and that generate obligations of obligatory compliance for our entity.

Therefore, it is very important for us that you fully understand what we will do with the personal data you provide through the contact form available on our website.

We want to be transparent and respect your right to control your data, with simple language and clear options that will allow you to decide what we will do with your personal information.

Please do not hesitate to ask us if you have any questions after reading this information.

Thank you very much for your cooperation.

Who are we?

The controller of your personal data is Sipay Plus, S.L. (the Company):

  • Our name: Sipay Plus S.L.
  • Our CIF / NIF: B60462314
  • Our main activity: Means of payment
  • Our address: Calle San Rafael 1, Portal 2, 2ºC, 28108, Alcobendas, Madrid.
  • Our contact telephone number: 914841028
  • Our contact email address: administracion@sipay.es
  • Our website: www.sipay.es
  • Our Data Protection Delegate, to whom you may address any questions regarding the processing of your personal data in the following ways:
    • Postal address: Calle San Rafael 1, Portal 2-2ºC, 28108 Alcobendas – Madrid.
    • E-mail: dpo@sipay.es
    • For your confidence and security, we inform you that we are an entity registered in the following Mercantile Register / Public Register: Registered in the Mercantile Register of Madrid, Volume 26686, Section 8, Folio 196, Sheet no. M480942, Entry 7.

The person responsible for this website exercises a regulated profession, for which we provide the following information: José Luis Nevado Martínez.

We are at your disposal, do not hesitate to contact us.

What regulations do we comply with?

The Company will carry out personal data processing in accordance with applicable European Union or national legislation, including Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights; Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”); and any other applicable data protection regulation (collectively, the “Data Protection Regulation”). In particular, the Company will implement appropriate technical and organisational measures to ensure an appropriate level of security for personal data.

What will we use your data for?

The personal data collected through our website, from you and other natural persons, is necessary to respond to your enquiry. In particular, they will be processed in order to:

  • Collect information and respond to your requests related to the services offered by Sipay.
  • Collect information and respond to other queries related to the activity of Sipay.
  • Recruitment.
  • If you have given your consent by filling in the form, to send you commercial and courtesy communications related to the services offered by our company by telephone, ordinary post, fax, e-mail or equivalent electronic means of communication, including the reception of our monthly newsletter.

What is the legitimate basis for these processing operations?

If you contact Sipay for services you provide for an entity (legal person) or as an individual entrepreneur, the processing of your personal data will be based on the legitimate interest of Sipay (article 19 LOPD).

If you contact Sipay because you have used our means of payment when purchasing goods or contracting services from a Sipay merchant client, the processing will be based on the contract with that merchant, which originated the payment.

In cases other than the above, processing will be based on the possible performance of pre-contractual or contractual measures linked to our services and our website.

In the case of personnel selection, the processing will be based on the development of pre-contractual measures, including the signing of the contract, for the possible hiring of the candidate, in addition to the fulfilment of legal obligations for the registration of the employee.

For the reception of commercial and courtesy communications related to the services offered by our company, the legitimate basis is the consent you have given us by ticking the corresponding box. If you have not ticked the box or if you withdraw your consent, we will not send you or will stop sending you these communications.

Who is going to know the information we ask you for?

The service providers that the Company contracts or may contract and who have the status of data processor, in order to fulfil the purposes described in the previous point, may have access to your personal data.

Likewise, those public or private entities to which we are obliged to provide your personal data in order to comply with any law will have access to your information. To give you an example, the Tax Law obliges us to provide the Tax Agency with certain information on economic operations exceeding a certain amount.

How will we protect your data?

We will protect your data with effective security measures according to the risks involved in the use of your information.

To this end, our entity has approved a Data Protection Policy and undergoes annual controls and audits to verify the security of the processing.

Will we send your data to other countries?

Sipay hosts the personal data processed within Spain. Therefore, in order to be able to respond to the query made through the website, we will not send your personal data outside Spain.

How long will we keep your data?

If you have given your consent to receive commercial communications, we will keep your contact details until you withdraw your consent by unsubscribing from this processing.

If you have contacted us as a user of our means of payment, for the duration of the contract between you and the merchant, as well as the statute of limitations of legally applicable obligations.

If you have contacted us as a natural person who performs services in an entity with which Sipay has a contractual relationship or may have an interest in, for as long as you perform such function or position and for the statute of limitations of legally applicable obligations.

If you have contacted us as a natural person applying for one of the job offers, your personal data linked to the processing for recruitment purposes will be retained for a period of one year.

In all other cases, Sipay will retain the personal data associated with your enquiry until it is answered and then delete it within 1 month.

What are your data protection rights?

You may exercise your rights of access, rectification, cancellation, opposition, limitation of processing and data portability, as well as withdraw the consent given free of charge, in the cases and to the extent established by the applicable regulations at any given time.

Before processing a request to exercise any of the aforementioned rights, Sipay must verify the identity of the data subject and the legitimacy of the request or claim. Sipay will respond to such request or complaint in accordance with the provisions of the Data Protection Regulations.

To exercise these rights, you may write to the Company by post to the following address:

Sipay Plus, S.L.

C/ San Rafael 1, portal 2-2ºC,

28108 – Alcobendas, Madrid.

Or alternatively to dpo@sipay.es

If you have any questions regarding the exercise of your rights, you can contact the Data Protection Delegate through the contact channels listed in the answer to the first question.

Can you withdraw your consent if you change your mind at a later date?

You can withdraw the consent given by means of the request submitted through the website or by ticking the box corresponding to the sending of commercial communications if you change your mind in this respect, by sending a new form through the website in which your withdrawal of consent appears.

If you feel that your rights have been disregarded, where can you make a complaint?

In the event that you understand that your rights have been disregarded by our entity, you can make a complaint to the Spanish Data Protection Agency, by any of the following means:

Electronic site: www.agpd.es
Postal address: Agencia Española de Protección de Datos C/ Jorge Juan, 6 28001-Madrid
By telephone: Tel. 901 100 099 Tel. 91 266 35 17

Making a complaint to the Spanish Data Protection Agency does not entail any cost and you do not need the assistance of a lawyer or solicitor.

Will we create profiles about you?

Sipay does not carry out any profiling action on the data you provide us with in order to respond to the query made through the website.

What happens if I am acting on behalf of another natural person?

If you have provided information of other natural persons, you as the applicant are responsible for informing those persons of the content of this personal data protection information within one month at the latest. You exonerate the Company from any liability that may arise from your failure to comply with this paragraph.