• 🔥 Accept Bizum payments in your physical and online store.
More information
Contact
Login
  • 🔥 Accept Bizum payments in your physical and online store.
Contact
Login

INFORMATION IN COMPLIANCE WITH PERSONAL DATA PROTECTION REGULATIONS

The Management/Governing Body of Sipay Plus, S.L. (hereinafter, the data controller) assumes full responsibility and commitment to the establishment, implementation, and maintenance of this Data Protection Policy, guaranteeing the continuous improvement of the data controller with the aim of achieving excellence in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04-05-2016), and with Spanish legislation on the protection of personal data (Organic Law, specific sectoral legislation, and its implementing regulations).

The Data Protection Policy is based on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework governing this Policy and is able to demonstrate this compliance to the competent supervisory authorities.

In this regard, the data controller will be governed by the following principles, which should serve as a guide and framework for all its staff in the processing of personal data:

  • Data protection by design: the data controller will implement appropriate technical and organizational measures, such as pseudonymization, both when determining the means of processing and during the processing itself. These measures are designed to effectively implement data protection principles, such as data minimization, and to integrate the necessary safeguards into the processing.
  • Data protection by default: the data controller will implement appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific processing purpose is processed.
  • Data protection throughout the information lifecycle: Measures to ensure the protection of personal data will be applicable throughout the entire information lifecycle.
  • Lawfulness, fairness, and transparency: Personal data will be processed lawfully, fairly, and transparently in relation to the data subject.
  • Purpose limitation: Personal data will be collected for specified, explicit, and legitimate purposes and will not be further processed in a manner incompatible with those purposes.
  • Data minimization: Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy: Personal data will be accurate and, where necessary, kept up to date; every reasonable step will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
  • Storage limitation: Personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and confidentiality: Personal data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical and organizational measures.
  • Information and training: One of the keys to ensuring the protection of personal data is the training and information provided to staff involved in its processing. Throughout the information lifecycle, all staff with access to the data will be appropriately trained and informed about their obligations regarding compliance with data protection regulations.

 

The Data Protection Policy of Sipay Plus, SL (hereinafter also SIPAY) is communicated to all staff of the data controller and made available to all interested parties.

Therefore, this Data Protection Policy applies to all personnel of the data controller, who must be aware of and accept it, considering it their own. Each member is responsible for applying it and verifying the data protection regulations applicable to their activity, as well as identifying and contributing any opportunities for improvement they deem appropriate in order to achieve excellence in its implementation.

This Policy will be reviewed by the Management/Governing Body of SIPAY as often as deemed necessary to ensure it remains compliant with current personal data protection regulations.

In Europe and Spain, there are regulations to respect your fundamental right to the protection of your personal data, which create legally binding obligations for our organization.

Therefore, it is very important to us that you fully understand what we will do with the personal data you provide through the contact form available on our website.

We want to be transparent and respect your right to control your data, using simple language and clear options that will allow you to decide what we do with your personal information.

Please, if you have any questions after reading this information, do not hesitate to ask us.

Thank you very much for your cooperation.

Who are we?

The data controller for your personal data is Sipay Plus, SL (hereinafter, “SIPAY”):

Our company name: Sipay Plus, SL.

Our Tax Identification Number (CIF/NIF): B60462314

Our main activity: Payment methods

Our address: Calle San Rafael 1, Portal 2, 2ºC, 28108, Alcobendas, Madrid, Spain

Our contact telephone number: +34 914841028

Our contact email address: administracion@sipay.es

Our website: www.sipay.es

Our Data Protection Officer, whom you can contact with any questions regarding the processing of your personal data, can be reached at the following address:

Postal address: Calle San Rafael 1, Portal 2, 2ºC, 28108 Alcobendas, Madrid, Spain

Email: dpo@sipay.es

For your peace of mind, we inform you that we are a company registered in the following Commercial Registry/Public Registry: Registered in the Commercial Registry of Madrid, Volume 26686, Section 8, Folio 196, Page No. M480942, Entry 7.

The person responsible for this website practices a regulated profession, and we provide you with the following information: José Luis Nevado Martínez.

We are at your service; please do not hesitate to contact us.

What regulations do we comply with?

SIPAY will process personal data in accordance with applicable European Union or national legislation, including Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”); and any other applicable data protection regulations (collectively, the “Data Protection Regulations”). In particular, SIPAY will implement appropriate technical and organizational measures to ensure an appropriate level of security for personal data.

How do we collect your data through the website?

The data we process at SIPAY has been obtained from you, through the various forms you complete while browsing the website or completed in other formats within SIPAY’s activities; by sending an email inquiry; or by telephone.

If the personal data you provide belongs to a third party, you guarantee that you have informed that third party of this Personal Data Protection Policy and obtained their authorization to provide their data to SIPAY for the purposes outlined below.

Additionally, we inform you of the possible processing of your social media data through the corporate profiles where SIPAY maintains a presence, all in accordance with the terms and conditions established by each social network.

We collect your personal information on this website through:

  • The SIPAY website contact form.
  • The SIPAY website employment form.
  • The SIPAY newsletter subscription form.
  • The use of cookies.
  • The whistleblowing channel form.
  • When you exercise any of your data protection rights with us.

 

In the following section, we specify information regarding the data processing we may carry out as a result of data collection through any of our forms, the personal data collected, the purpose of the processing, and the legal basis for this processing.

What will we use your data for? What is the legitimate basis for this processing?

Specifically, SIPAY, as the Data Controller, collects personal data from its users through the various forms on the website, with the following purposes and legal basis for processing:

FORMPERSONAL DATA COLLECTEDPURPOSES OF PROCESSINGLEGAL BASIS
“CONTACT” WEB FORMIdentifying information (first and last name), contact details (email address and phone number), and information related to the organization where you work (company and website).
  • To respond to requests related to the services offered by SIPAY.
Consent.
“EMPLOYMENT” WEB FORM

Identifying data (first and last name) and contact information (email and phone number) and any additional information the user enters in the “Cover Letter” field.

Resume.

  • Recruitment.
Consent.
NewsletterIdentifying data (first and last name) and contact information (email and phone number).
  • If you have consented by filling out the form, we will send you commercial and courtesy communications related to the services offered by SIPAY via telephone, regular mail, fax, email, or equivalent electronic means, including our monthly newsletter.
The legal basis for receiving commercial and courtesy communications related to the services offered by our company is the consent you have given us by checking the corresponding box. If you have not checked it or if you withdraw your consent, we will not send you these communications.
“Join the Partner Program” FormIdentifying data (first and last name) and contact information (email and phone number). (Telephone number) and any additional information the user enters in the field “What information would you like to receive?”
  • To respond to requests related to the relationship with SIPAY Partners.
Consent.
dpo@sipay.esIdentifying data (name and surname), contact information (email address), and ID/Tax ID (by providing a photocopy to verify the applicant’s identity).
  • To process the exercise of users’ data protection rights.

Compliance with a legal obligation.

Legitimate interest: SIPAY may transmit your information to other affiliated organizations for administrative management purposes.

CookiesIP and location cookies
  • To manage website functionalities and analyze user preferences.
Explicit user consent (which can be provided by checking the corresponding box in the first layer of information about cookies on the website).
Whistleblowing Channel Identifying data and, depending on what the user indicates in the text of the complaint or attached files, other types of data may be included.
  • To process, investigate, and/or resolve complaints, including anonymous complaints. These will only be handled by those responsible for managing the Whistleblowing Channel at Sipay Plus, SL, in accordance with the Whistleblowing Channel Management Procedure, primarily the Compliance Committee. The utmost confidentiality and safekeeping are guaranteed, with security measures appropriate to the type of data and the risk involved.
This processing is also based on compliance with a legal obligation under Law 2/2023 of February 20, regulating the protection of individuals who report regulatory violations and combating corruption, and on Sipay Plus, SL’s legitimate interest in complying with corporate risk prevention requirements, especially those related to the potential criminal liability of the legal entity, pursuant to Organic Law 3/2018 of December 5, on Personal Data Protection and Guarantee of Digital Rights.

In cases other than those described above, processing will be based on the potential development of pre-contractual or contractual measures. related to our services.

SIPAY carries out the following processing of personal data not related to the website, duly registered in its Register of Processing Activities:

  • Management of personnel selection processes.
  • Management of the employment relationship, management of interns, training, payroll management, Social Security and Tax Administration, advances and expenses, travel and transportation, work-life balance and equality, registration of delivery and return of corporate devices, internal chat, registration of employee access/exit at the facilities, registration, terminations and workplace accidents, management of insurance and policies, flexible compensation plan, occupational risk prevention, medical check-ups, corporate events, video surveillance at the facilities.
  • Establishment and/or management (execution, development and control) of a contractual relationship with the legal entity or the self-employed individual, clients and partners (potential or current).
  • Management of claims (litigation).
  • Management of the Prevention of Money Laundering in operations and companies of the group subject to said regulations and for the prevention of Criminal risks.

 

We may be required to use and retain personal information for legal and compliance purposes, such as the prevention, detection, or investigation of crime, loss or fraud prevention, or to comply with internal and external audit requirements, our information security objectives, crime prevention, or regulatory compliance inherent to our business.

This may involve the processing of your data:

  • under applicable law;
  • to respond to requests from courts, law enforcement agencies, regulatory bodies, and other authorities; and
  • to protect other rights of the user or other individuals.

Your commitment to the accuracy of the data you provide.

You declare that the personal data you provide to SIPAY at any stage of using this website is truthful.

As a user, you should be aware that you are solely responsible for any damage or loss, direct or indirect, that may be caused to SIPAY, as the owner of this website, or to a third party if you complete any form with false data or data belonging to third parties without their prior consent, thereby causing deception, damage, or harm.

To ensure we can keep your data accurate and up-to-date, we ask that you inform us of any changes to the information you have provided.

If you contact SIPAY regarding services you provide to an entity (legal person) or as a self-employed individual, the processing of your personal data will be based on SIPAY’s legitimate interest (Article 19 of the Spanish Data Protection Act).

If you contact SIPAY because you have used our payment methods to purchase goods or contract services from a SIPAY client, the processing will be based on the contract with that client, which generated the payment.

In cases other than those mentioned above, the processing will be based on the potential implementation of pre-contractual or contractual measures related to our services and our website.

In the case of recruitment, the processing will be based on the implementation of pre-contractual measures, including the signing of the contract, for the potential hiring of the candidate, as well as compliance with legal obligations for employee registration.

For receiving commercial and courtesy communications related to the services offered by our company, the legal basis is the consent you have given us by checking the corresponding box. If you have not checked the box or if you withdraw your consent, we will not send you these communications.

Who will have access to the information we request?

Your personal data may be accessed by service providers contracted by SIPAY, or who may be contracted in the future, and who act as data processors, in order to fulfill the purposes described in the previous section.

Likewise, your information will be shared with public or private entities to whom we are legally obligated to provide your personal data. For example, tax law requires us to provide the Tax Agency with certain information about financial transactions exceeding a specific amount.

In the case of data entered in the Whistleblowing Channel Form, this data may be shared with third parties only in the case of external legal advisors and judicial bodies and State Security Forces or administrative authorities, when necessary and in compliance with a legal obligation (Law 2/2023, of February 20, regulating the protection of persons who report regulatory infringements and the fight against corruption) and SIPAY’s legitimate interest in complying with corporate risk prevention requirements, especially those related to the potential criminal liability of the legal entity (Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights).

In some cases, SIPAY uses third-party tools and services to manage some of the services offered on this website. These services are owned by third parties residing in the European Economic Area.

SIPAY strives to use secure tools whose servers are preferably located in Spain, or failing that, in another member state of the European Union, or that comply with European law according to the guidelines and recommendations of the Spanish Data Protection Agency, the European Commission, and the relevant EU agreements on international data transfers.

If an international data transfer is necessary, accepting this Privacy Policy on each form where you may provide your data will signify your express consent to said transfer.

How will we protect your data?

To protect users’ personal data, SIPAY ensures, and oversees its data processors, the implementation of appropriate technical and organizational measures, in accordance with current best practices, to protect personal data, taking into account the scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity to rights and freedoms.

of the interested parties, striving to ensure the confidentiality, integrity, availability, and resilience of the processing systems and services.

Our information security policies and procedures are reviewed and updated regularly to meet the needs of our business, technological changes, and regulatory requirements.

We will protect your data with effective security measures based on the risks involved in the use of your information.

To this end, our organization has adopted a Data Protection Policy and undergoes annual controls and audits to verify the security of the processing.

Will we send your data to other countries?

SIPAY stores the personal data being processed within Spain. Therefore, we do not carry out international transfers of the data processed through this website.

How long will we keep your data?

Generally, personal data will be kept until you revoke your consent to the processing or request its deletion, as well as for the time necessary to comply with the legal obligations that SIPAY must observe.

  • If you have consented to receive marketing communications, we will retain your contact information until you withdraw your consent by unsubscribing from this processing.
  • If you have contacted us as a user of our payment methods, we will retain your data for the duration of the contract between you and the merchant, as well as for the statutory limitation periods applicable to legal obligations.
  • If you have contacted us as an individual providing services to an entity with which SIPAY has a contractual relationship or may have an interest, we will retain your data for as long as you hold that position and for the statutory limitation periods applicable to legal obligations.
  • If you have contacted us as an individual applying for one of our job openings, your personal data related to the recruitment process will be retained for one year.
  • In all other cases, SIPAY will retain the personal data related to your inquiry until it is answered and will subsequently delete it within one month.
  • In the case of data entered in the Whistleblowing Channel Form, it will be stored in the Whistleblowing Channel system for the time necessary to decide whether to initiate an investigation into the reported events and, if applicable, while the investigation and resolution process is underway, and always for a maximum period of 3 months from the date the complaint was received.

 

In any case, we inform you that SIPAY has established internal data cleansing policies designed to control the retention periods for personal data in its possession. Therefore, this data may be deleted when it is no longer necessary and/or appropriate for the purpose for which it was collected.

What are your data protection rights?

You may exercise your rights of access, rectification, erasure, objection, restriction of processing, and data portability, as well as withdraw your consent free of charge, in the cases and to the extent established by the applicable regulations at any given time.

Before processing a request to exercise any of the aforementioned rights, SIPAY must verify the identity of the interested party and the legitimacy of their request or claim. SIPAY will respond to said request or claim in accordance with the provisions of the Data Protection Regulations.

To exercise these rights, you may contact SIPAY in writing by mail at the following address:

Sipay Plus, S.L.

C/ San Rafael 1, portal 2-2ºC,

28108 – Alcobendas, Madrid, Spain.

Alternatively, you may contact dpo@sipay.es

If you have any questions regarding the exercise of your rights, you can contact the Data Protection Officer through the contact channels listed in the answer to the first question.

Can I withdraw my consent if I change my mind later?

You can withdraw your consent by submitting a request through the website or by checking the box for receiving marketing communications if you change your mind, or by submitting a new form through the website indicating your withdrawal of consent.

If you believe your rights have been violated, where can you file a complaint?

If you believe your rights have been violated by our organization, you can file a complaint with the Spanish Data Protection Agency (AEPD) through one of the following means:

Online: www.agpd.es
Postal address: Agencia Española de Protección de Datos, C/ Jorge Juan, 6, 28001 Madrid, Spain
Telephone: +34 901 100 099 or +34 91 266 35 17

Filing a complaint with the Spanish Data Protection Agency is free of charge and does not require legal representation.

Will we create profiles based on your personal data?

SIPAY does not perform any profiling on the data you provide to us in order to respond to your inquiry submitted through the website.

What happens if I am acting on behalf of another individual?

If you have provided information about other individuals, you, as the applicant, are responsible for informing those individuals of the content of this information regarding personal data protection within a maximum period of one month. You release SIPAY from any liability that may arise from non-compliance with the provisions of this paragraph.

Minors

Anyone of any age is authorized to browse this website.

However, to provide their personal data, the user must be over 14 years of age. Otherwise, it must be provided by their parent or legal guardian.

SIPAY reserves the right to request a copy of your ID or equivalent document proving your identity if there are well-founded suspicions that you are a minor.

SIPAY recommends that parents, guardians, or legal representatives supervise or take appropriate precautions while minors are browsing the internet, as well as establish filters on the information and content to which minors may or may not have access.

What happens if personal data security is breached?

In the event of a personal data security breach, unless it is unlikely that such a breach poses a risk to the rights and freedoms of natural persons, SIPAY will notify the Spanish Data Protection Agency within 72 hours of becoming aware of the incident, describing the nature of the breach, the possible consequences that may arise, and the measures taken or proposed to remedy the security breach; and, if possible, specifying the categories and approximate number of data subjects and data affected.

SIPAY will also notify data subjects as soon as possible when a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, describing the potential consequences and the measures taken or proposed to remedy the breach.

What security measures do we apply to protect personal data?

To protect users’ personal data, SIPAY ensures, both directly and through its data processors, the implementation of appropriate technical and organizational measures, taking into account the scope, context, and purposes of the processing, as well as the varying risks to the rights and freedoms of data subjects. SIPAY strives to ensure the confidentiality, integrity, availability, and resilience of its processing systems and services.

In particular, SIPAY has implemented an encryption and authentication protocol that ensures that the personal data you request is transmitted to our servers via a secure SSL connection (Secure Socket Layer) using SHA-256 encryption with RSA encryption (1.2.840.113549.1.1.11), in order to protect it from third parties.

The Information Security Policy (PCIDSS) and procedures are reviewed and updated regularly to meet business needs, technological changes, and regulatory requirements.

  • Technical and organizational measures are implemented to securely store and transfer information, protecting it against attacks or accidental loss, as well as unauthorized access, use, destruction, or disclosure.
  • SIPAY has a privacy and security risk assessment strategy, as well as a disaster recovery and business continuity plan designed to safeguard the continuity of our services and protect our personnel.
  • Appropriate restrictions are applied to access to personal information.
  • SIPAY requires its data processors to demonstrate that they have implemented appropriate security controls for the processing of personal data in each case.
  • SIPAY requires its employees and contractors to receive ongoing training in information security, as well as in other relevant areas, since they have access to personal information and other sensitive data.

 

SIPAY states that it is capable of acting quickly and effectively to restore the availability of and access to personal data in the event of a physical or technical incident.

SIPAY states that it stores users’ personal data on secure servers, protected against the most common types of attacks and located in Spain.

Use of Cookies

SIPAY uses cookies (small information files that are downloaded to a user’s device or terminal equipment when accessing a website, in order to store data that can be updated and retrieved by the party responsible for their installation) and other tracking technologies to perform certain functions that are considered essential for the proper functioning and display of the website and, in some cases, to store and manage user preferences, enable content, and collect analytical and usage data.

To obtain these analyses, this website may automatically store certain information in server logs using cookies or other mechanisms (such as local or browser session storage) that collect non-personal usage and browsing data related to the User’s use of this website. These logs typically include information such as browser type, browser language, date and time of access request, URL, device model, operating system version, and data about the mobile network used to access and browse this website.

What happens if I am acting on behalf of another individual?

If you have provided information about other individuals, you, as the applicant, are responsible for informing those individuals of the content of this personal data protection information within a maximum of one month. You release SIPAY from any liability that may arise from failure to comply with the provisions of this paragraph.

What is the applicable law and jurisdiction?

SIPAY is based in Spain, therefore the content of this Data Protection Policy has been drafted in accordance with Spanish law and applicable European Union regulations.

The User agrees that any claims or complaints against SIPAY arising from or related to the use of this website, and more specifically the processing of their personal data, will be resolved by the court of competent jurisdiction located in Madrid, Spain.

If SIPAY needs to file a claim, it will do so before the competent court of the user’s domicile, or in Madrid, Spain, if the user is a legal entity or a professional who is not a consumer.

If the User accesses this site from a location outside of Spain, they are responsible for complying with all applicable local and international laws.

Reservation of the right to modify the Data Protection Policy

SIPAY may modify this Data Protection Policy at any time, taking into account the evolution of this website and the content offered therein, if deemed necessary, whether for legal or technical reasons, or due to changes in the nature or layout of the website, without obligation to notify or inform the User of such modifications. Publication on the website itself will be considered sufficient.

Any modification will take effect for users who access this website after the modification. Continued use of this site after the publication of any changes will be considered acceptance thereof. Therefore, the last update date will always be published at the end of this Data Protection Policy, and any changes introduced will be effective from that date.

If the User does not agree with the updates to our Data Protection Policy, they may opt out by not entering their personal data in the website’s contact forms or by exercising their rights as specified above. If their rights are not satisfied, they may file a complaint with the supervisory authority.

Last update approved by the Data Protection Officer: April 15, 2024