Search

Privacy Policy

Last update: 10/01/2024

For all legal purposes the Spanish language version of the privacy policy, shall be the legally binding one. This English language version is a translation and may contain errors.

The following privacy policy will apply immediately to users who register on https://entretramites.com/ starting May 25, 2018. For all existing users, they will come into force from May 25, 2018, the date of entry into force of the European Regulation RGPD 679/2016 and its subsequent Organic Law 3/2018 on the protection of personal data and guarantee of digital rights, and you must give your consent to continue using our service. Now, you can now accept these new Terms at any time by logging into your account.

Data Privacy Statement

We, BEAT BUREAUCRACY ET, SL, with CIF:B01944743, address at RONDA SANT PERE, 52. 08010, BARCELONA, SPAIN. We are the operator of the website https://entretramites.com/, as well as the service provider of the Entre Trámites application for iOS and Android, including the other services offered through the websites and the Entre Trámites application. We are responsible for the collection, processing and use of personal data in accordance with data protection legislation, in particular the General Data Protection Regulation (“GDPR”).

You, the customer, are the data controller and Entre Trámites, the service provider, is the data processor on your behalf. We only use your data in compliance with relevant data protection legislation.

With this Data Privacy Statement we want to inform you what personal data is collected and stored when you visit our website or use our services offered on the website. In addition, you will receive information about how we use your data and what rights you have regarding the use of they. This Data Privacy Statement also applies to access and use of the Entre Trámites application, as well as the other services available.

 

1. Data security

To protect them, all the data you provide us is encrypted in accordance with the TLS (Transport Layer Security) security protocol. TLS is a secure and proven protocol used, for example, for online banking. You can identify the TLS connection, for example, by looking at the “s” after the “http” in the URL displayed in your browser (https://..) or from the lock icon displayed in the tab of the browser.

We also take appropriate technical and organizational security measures to protect your data against random or deliberate manipulation, partial or total loss, destruction and/or unauthorized access. To prevent data loss, we set up a mirrored database, which means your data is always stored in two separate locations. Additionally, we update and store data hourly in an off-site backup and, in line with high-risk analytics, we continually perform security testing on our infrastructure. Your password is stored through a secure encrypted process. We will never ask you for your password, neither by email nor by phone. If you forget your password,we can reset it for you. We continually improve our security measures based on technological development.

The personal data we collect is stored in a secure environment within the EU and treated confidentially. Access to this information is limited to selected ET Group employees and suppliers.

We comply, at all times, with the legislative data protection requirements. We do our best to protect your data, but we cannot guarantee the security of your data when transferred over the Internet. When this happens, there is a certain risk that others may access your data illicitly. In other words, when transferring data over the Internet, you assume responsibility for its security as the data controller.

 

2. Collection and storage of personal data and nature and purpose of its use

a) If you visit our website

You can visit the website https://entretramites.com/ without revealing your identity. Your browser only sends information – which is collected automatically – to our website servers. This Information is temporarily stored in a log file. This is the information that is collected and stored automatically until its deletion, also automatic:

  • IP address of the requesting computer.
  • Date and time of access.
  • Name and URL of the data entered.
  • Website, where the access comes from (reference URL).
  • Browser to use and, if necessary, the operating system of your computer, as well as the name of your access provider.

This data is collected and processed to enable the use of our website (connection establishment), to ensure the security and stability of our system, as well as for the technical administration of the network infrastructure. This data does not provide us with any information that can personally identify you.

In addition, we use cookies, as well as web analysis and marketing tools. You can find more information on this topic in sections 3 to 5.

b) If you register for our online services

On our website we offer online accounting, labor and tax advisory services. To use these services, you must first register. When you register, you must enter an email address and password; This way, you can create an account with us and log in.

To fully use our services, you may need to enter more personal data.

We also use your name and contact information for the following purposes:

  • To know who our contracting party is.
  • For the justification, structure, processing and change of the contractual relationship with you regarding the use of our services.
  • To verify the plausibility of the information entered.
  • To contact you, if necessary.

c) If you register for our newsletter or newsletter

If you have agreed to receive our newsletter, we may use your email address to periodically send you newsletters, as well as information about our services. To receive newsletters, we must first obtain your consent. This consent must be accepted during registration. You can revoke your consent at any time, either within your account or by emailing us.

You can also unsubscribe from our newsletter at any time, for example by clicking on the unsubscribe link at the bottom of the newsletter. On the other hand, you can also send us an email at

[email protected].

If you unsubscribe from the newsletter, we will keep your email address on record solely to ensure that you will no longer receive these emails.

d) Developer, client, supplier, advisor and team

With our services, you can enter third-party data, allow third parties to access your account, connect your account with third parties, and offer third parties your own applications or third-party applications. Of course, we also respect the privacy of third-party data, which we may access through the use of the service we offer you. Sometimes this may require a separate contract with you. If you believe this is the case, please contact us.

Under our Terms and Conditions, you do not have the right to share your access data with third parties and you are obliged to treat such data with due care. Additionally, you are responsible for the third-party data that you enter in Entre Trámites.

Please note that we do not have any capacity regarding compliance with security and data protection regulations outside of our website, the Entre Trámites application or the services provided by us. In the cases described, you or the third party to whom you have granted access to your data are responsible.

 

3. Consent to data transfer

We transmit your personal data to third parties at your request, only if you have given your explicit consent or if there are legislative obligations to do so.

No transfer of personal data is made to third parties for other purposes. Your data is not disclosed to any third party without your permission; unless a court requires delivery, and then only to the extent necessary.

Entre Trámites reserves the right to share data within its group as required, to provide you services.

Entre Trámites may also request, from time to time, to share data with a sister company, for example, to allow billing of your account from an entity other than Entre Trámites.

Data security is ensured at all times.

By registering with Entre Trámites, you give your consent to the processing of your data. You also give your explicit consent to share your data with third parties when necessary to offer you our service.

We confirm that we only share your data with third parties whose data maintenance standards satisfy us and who comply with all data protection legislation.

Specifically, when we share data with territories outside the EU or EEA or other territories not included in the list approved by the European Commission, we fully ensure their data security and confidentiality standards and that they keep all shared data confidential. homologated to EU standards. We are required to make available, upon request, proof of – or reference to – appropriate safeguards, and may do so upon receipt of a request addressed to  [email protected] by email.

You have the right to withdraw, at any time, your consent to the processing and/or sharing of your data, either by closing your account, which takes immediate effect, or by contacting us to request closure, so that we can do so as soon as possible. As soon as possible. Once your relationship with Entre Trámites ends, we maintain only the minimum data that we must maintain to comply with all legal requirements, and only for the minimum required period.

If you have any questions about the processing of your personal data, or if you wish to request access to your data, you can contact the Data Protection Officer (DPO) by writing to[email protected] or by writing to the DPO at the address indicated above.

If you are not satisfied, you have the right to lodge a complaint with the relevant data protection authority.

Entre Trámites will cooperate fully with any such investigation and will endeavor to satisfy all inquiries as completely as possible. The relevant authority for each country can be found on the European Commission website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

 

4. Cookies

Our website uses cookies. Cookies are small files that are automatically created in your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit a page. Cookies do not harm your device and do not contain viruses, trojans or other malicious software.

Cookies store information related to your device. However, this does not mean that we receive any detailed knowledge of your identity.

The use of cookies is intended to create a more satisfactory use of our services. Therefore, we use so-called session cookies to recognize whether you have previously visited unique pages of our website or whether you have already created a customer account. Your browser will automatically delete them when they expire.

For usability purposes, we use temporary cookies, which are stored on your device for a specific period of time. If you visit our website again to use our services, it will be recognized that you have visited our website before and what activities you have carried out, so that you do not have to repeat them.

We also use cookies to statistically track the use of our website and to optimize our offer (see section 4), as well as to show you personalized information (see section 5). When you visit our website again, these cookies allow us to automatically recognize that you have previously visited our website. After a certain period of time, cookies will be automatically deleted.

Most browsers automatically accept cookies. You can configure your browser so that no cookies are saved in it or so that a warning always appears before a new cookie is created.

However, please note that completely disabling cookies may also result in limited functionality of our website.

 

5. Web analytics

To continually design and optimize our website, we use various web analysis services. Therefore, we create anonymous user profiles and use cookies (see section 4).

Below you can find more information about our web analysis services and their deactivation options:

a) Google Analytics

We use Google Analytics. This is a web analysis service of Google Inc. Information about the use of our website (including your IP address), which is collected via a cookie, is transferred to a Google server in the United States and stored there. . IP addresses are anonymous and cannot be assigned (IP masking). The information is used to analyze the use of our website, to create reports on website activities and to provide us with other services that are connected with the use of our website and the Internet. The data you have entered when using our service will not be incorporated, in any way, into other data that is collected through Google.

The transfer of information by Google to third parties will only take place if required by law or if third parties process the data on its behalf.

We also use Google Optimize. This is a web analytics service from Google Inc, which is integrated into Google Analytics. Google Optimize allows us to perform A/B and multivariate tests. This way we can find out which version of our website is preferred by users. Here you can find more information about this service.

You can prevent data collection, which is carried out through the cookie, as well as data processing by Google by downloading and installing a browser plug-in here.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent Google Analytics data collection by clicking this link. A blocking cookie will be placed, which will prevent the collection of data when you visit a website. The blocking cookie is valid only in this browser and for our website, and will be stored on your device. If you delete the cookie in your browser, you will need to reset the blocking cookie.

You can find more information about data protection with Google Analytics in Analytics Help.

Additionally, we use the APIVision from Google Cloud. The OCR system (OCR) is used for optical character recognition, that is, it allows the automatic recognition and analysis of letters, as well as the categorization of documents. You can find more information about this service here. API-based character recognitionVision of Google Cloud is essential for the use of our services. If you do not want the API to be usedVision from Google Cloud, you have the possibility of creating expenses without uploading documents. In this case, you will not be able to use the services of

In between Complete procedures.

At the following link, you can find more information about Google data protection:https://policies.google.com/privacy?hl=es

 

6. Audience segmentation (targeting)

We use audience targeting technologies from Google Inc. (e.g. Doubleclick,AdSense, AdWords) on our website. These technologies allow usoffer you advertising based on your interests. For this purpose, we collect and evaluate information about your user behavior on our website through the use of cookies.

The collection and evaluation is carried out anonymously and does not allow us to identify you. In other words, we do not link this information with your personal data.

If you do not wish to receive personalized advertising, you can prevent this by setting relevant cookies on your browser.

You can change your settings to show personalized advertising through Google Ads Settings.

You can find more information, as well as Google’s advertising and data privacy rules, in their privacy policy.

 

7. Facebook Tracking

We do not use social plugins from Facebook or other social networks. In connection with our advertising on Facebook, we employ a pixel-based tracking mechanism. This is a web analytics service provided by Facebook Ireland Ltd. The information is used to track conversions coming from the Facebook platform.

This service is provided by Facebook Ireland Ltd., to which European Union data privacy law applies. We do not share any data you enter while using our service with Facebook.

Please refer to Facebook’s data protection information for more information about the purpose and scope of data collection, and the processing and use of data by Facebook, as well as your rights and setting options for data protection. Privacy.

 

8. Information, correction, blocking, deletion

You have the right to information about personal data that we store and the right to correct or amend incorrect data, as well as to block and delete it.

As a data controller, you are responsible for the content you publish. You have the right to rectify, block or delete, at any time, any of your data. We may remove content that you have posted at your request, but we maintain our right not to remove content that is already posted or that we are required to maintain to comply with certain legal requirements.

For information about your personal data, for the correction of erroneous data or for the blocking or deletion of data, as well as for other questions about the use of your personal data, please send an email to [email protected]

Additionally, you can view and change the data that is stored in your account by logging into our website with your login details. You can delete your account data at any time. This can be done by using the corresponding option in your account. We warn that if you delete your data, you will not be able to use our service in full or at all.

 

9. Changes to the Data Privacy Statement

This Data Privacy Statement is now effective and was last updated in May 2018. Due to further development of the Entre Trámites website, the Entre Trámites application or any other Entre Trámites service, or due to changes in legal or regulatory requirements , this Data Privacy Statement may need to be modified in the future. Our Data Privacy Statement can be accessed and printed at any time on our website.

 

DATA PROCESSING AGREEMENT

This Data Processing Agreement (“DPA”) is the basis of the relationship between you, the client, as data controller and Entre Trámites, the service provider, as data processor under data protection legislation, more specifically , the General Data Protection Regulation (“GDPR”).

This is an important agreement that forms the contractual basis forlet’s process the data on your behalf. Explain how your data may be processed and its purpose. We process your personal data only as required and in accordance with your instructions, as described in this agreement.

Due to our volume of customers, it would be impossible to enter into individually signed agreements with all of our users. It is also our hope that, by facilitating the conclusion of this agreement (DPA), you will ensure that the acceptance of the new Terms, in compliance with the GDPR, takes less time for you as an owner who owes his main occupation to a business.

This DPA ensures that we, as your data processor, comply with the requirements set out in the GDPR. Additionally, you can be assured that we maintain the necessary agreements with third parties. Your company details are automatically populated in your account when you accept the Terms and Conditions and Privacy Policy, including this DPA. Your data will always represent the most up-to-date information you have provided to us. The APD is detailed below for your information.

Data Processing Agreement between:

Name of the client (“the client” or “data controller”, hereinafter) [This information will be completed automatically once you have completed the registration] and BEAT BUREAUCRACY ET, SL, with CIF:B01944743, address in RONDA SANT PERE, 52. 08010, BARCELONA, SPAIN, each one a “part”; together “the parties”, HAVE AGREED to the terms of this Data Processing Agreement (hereinafter “DPA” or “Agreement”) on protection of personal data with respect to the processing of personal data when the client acts as data controller and

Between Procedures as a data processor to fulfill the service obligations described in the services agreement (detailed below). As part of fulfilling these service obligations,

Between Procedureswill process certain personal data on behalf of the data controller, in accordance with the terms of this agreement. Each party agrees and will ensure that the terms of this agreement are also fully applicable to its affiliates, which may be involved in the processing operations of personal data for the project defined in the service agreement. Specifically, Entre Trámites will ensure that all subprocessors operate within the same terms as this Agreement when processing customer personal data.

 

  1. Introduction and definitions:

Personal data is defined as any information relating to a data subject by which the data subject can be identified in particular, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or plus factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural or legal person (where applicable).

All other definitions mentioned in this document, including the terms data controller and data processor, are determined by the corresponding data protection laws, including Organic Law 3/2018 on the protection of personal data and guarantee of rights digital and the European Regulation GDPR 679/2016 (hereinafter, “RGPD”).

Sensitive personal data is not considered processed under the application service offered by the data processor and is therefore excluded from the terms of this Agreement.

By signing up to use the Entre Trámites program and accepting the Terms and Conditions, including the Privacy Policy and this DPA, the parties agree under all national data protection laws and under the RGPD that this Agreement governs the relationship between the controller of data and the data processor, determining the processing of personal data by Entre Trámites

of customer data. This Agreement takes precedence, unless it has been superseded by another signed DPA that communicates its primacy over this Agreement.

The purpose of Entre Trámites processing of personal data for the client is to ensure the full use of the service by the client and to allow this Agreement to be fulfilled.

Entre Trámites will ensure that sufficient security of personal data is maintained at all times.

Both parties confirm their authority to sign the Agreement by doing so.

 

     2. Responsibilities of the data processor:

The data processor must process all personal data on behalf of the data controller and follow its instructions. By entering into this Agreement, Entre Trámites (and any subprocessor with which the data processor has a legal agreement to offer the services) is instructed toprocess them personal data of the client as follows:

       i) in accordance with all national and European laws;

       ii) fulfill your obligations under the terms of the service application;

       iii) according to the instructions of the data controller;

       iv) as described in this Agreement.

As the party providing the application, the data processor is required to always provide the customer with appropriate solutions to support the continuous development of its business through the use of the service. The data processor tracks how the customer uses the application to make the best suggestions, provide relevant services at all times and commit to sending the most accurate communications in order to achieve ease of use and customer satisfaction. To the extent that the processing of personal data of the application is part of this, it is processed only in accordance with this DPA and applicable law and is shared only where necessary to provide a better customer experience.

Taking into account the available technology and the cost of implementation, as well as the scope, context and purpose of the processing, the data processor is required to take all reasonable measures, including technical and organizational measures, to ensure a sufficient level of security in relation to the risk and category of personal data to be protected. The data processor shall assist the data controller with appropriate technical and organizational measures as necessary and taking into account the nature of the processing and the category of information available to the data processor to ensure compliance with the data controller’s obligations. under applicable data protection laws.

The data processor will notify the data controller without undue delay if the data processor becomes aware of a security breach.

Furthermore, the data processor must, to the extent legally possible, inform the data controller if a data request (data access request) is raised by the bodies that must provide it. The data processor will respond to such requests once authorized to do so by the data controller. The data processor will also not disclose information about this Agreement unless the data processor is required by law to do so, such as by court order.

If the data controller requires information or assistance regarding data security, documentation or information on how the data processor processes personal data in general, it may request this information from the processor.

The data processor, its employees and any affiliates or partners will ensure confidentiality in relation to personal data processed under the Agreement. This provision continues to apply after termination of the agreement, regardless of the cause of its termination.

 

     3. Responsibilities of the data controller:

The data controller confirms, by signing this Agreement, that by using the application he/she may freely process his/her data in accordance with all legal data protection requirements, including the GDPR. The controller gives explicit consent to the processing of his personal data at any time when using the service.

The data controller may revoke this consent at any time, but doing so terminates the current Agreement and the data processor will no longer be able to offer the service.

The client has a legal basis to process personal data with the data processor (including subprocessors) with the use of Entre Trámites services.

The data controller is responsible at all times for the accuracy, integrity, content and reliability of personal data processed by the data processor. Both have complied with all mandatory requirements in relation to notifying or obtaining permission from relevant public authorities with respect to the processing of personal data. Furthermore, both have complied with their disclosure obligations to the relevant authorities regarding the processing of personal data in accordance with all applicable data protection legislation.

The data controller must have an accurate list of the categories of personal data it processes, particularly if such processing differs from the categories listed by the data processor in Annex A.

 

     4. Agreement for data transfer and use of subcontractors:

To provide the service to the data controller, the data processor uses subcontractors. These subcontractors may be third party suppliers both within and outside the EU/EEA. The data processor ensures that all subcontractors comply with the obligations and requirements of this Agreement; specifically, that its level of data protection meets the standard required by relevant data protection laws. If a jurisdiction falls outside the EU/EEA and is not on the European Commission’s approved list of satisfactory data protection levels under the GDPR, then a specific agreement is established between Entre Trámites and such subcontractor to ensure that it will maintain all personal data in accordance with the requirements of current EU data protection laws.

This Agreement constitutes the data controller’s specific and explicit prior consent to the data processor’s use of data processor subcontractors, which may sometimes be located outside the EU/EEA or territories approved by the European Commission.

In this sense, the client expressly authorizes through acceptance of thegift politics between procedures, to make international data transfers to Colombia, Spain, the United Kingdom, as well as any other country to which it is necessary to make such a transfer because the professional in charge of the service is located, as it is necessary for the correct development of the services of Ente Trámites, as well as as well as third-party collaborators from any country in order to carry out the correct development of our procedures in order to execute the existing agreements with the interested parties.

The data controller may revoke this consent at any time, but doing so terminates the term of the Agreement and the data processor will no longer be able to offer the service.

If a deputy director is established or personal data is stored outside the territories approved by the EU/EEA or the European Commission, the data processor has the responsibility to ensure a satisfactory basis for transferring personal data to a third country on behalf of the data controller. , including the use of standard European Commission contracts or specific measures that have been previously approved by the European Commission.

The data controller must be informed before the data processor replaces its subcontractors. The data controller may object to a new subprocessor processing your personal data on behalf of the data processor, but only if the subprocessor does not process the data in accordance with applicable data protection legislation. The data processor may demonstrate compliance by providing the data controller with access to the data protection assessment carried out by the data processor.

If the data controller still objects to the use of the subcontractor, it may terminate your subscription to the service, without the usual required notice period, and then ensure that the unwanted subcontractor does not process your personal data.

 

  1. Duration of the Agreement:

The Agreement remains valid as long as the data processor processes personal data with the use of the service application data processor and unless it is replaced by another signed DPA that communicates its primacy over this Agreement.

 

  1. Termination of Agreement:

Upon termination of any subscription, when the Agreement terminates, the data processor will delete all personal data, except that which isrequire that it retains in accordance with the applicable legal requirements and in such case it will be stored in accordance with the technical and organizational guarantees.

The data controller has full capacity to recover all your personal data from the service application. If the data controller requests assistance with data recovery, the associated costs will be determined by mutual agreement between the parties and will be based on the complexity of the requested process and the time to fulfill it in the chosen format.

 

  1. Changes to the Agreement:

Changes to the Agreement must be attached in a separate annex to the Agreement. If any provision of the Agreement is deemed invalid, this does not affect the remaining provisions. The parties will replace the invalid provisions with a legal provision that reflects the purpose of the invalid provision.

 

  1. Audits:

The data controller has the right to initiate a review of the data processor’s obligations under the agreement once a year. If the data processor is required to do so under applicable law, audits may be repeated once a year. A detailed audit plan outlining the scope, duration and start date must be provided at least four weeks before the proposed start date. The parties decide together whether a third party should perform the audit. However, the data controller may allow the data processor to have the security review performed by a neutral third party of the data processor’s choosing, if it is a security environment. processing where data from multiple data controllers is processed.

If the proposed scope of the audit follows an ISAE, ISO or similar certification report carried out, within the previous twelve months, by a qualified third-party auditor and the data processor confirms that there have been no material changes to the measures under review, this will satisfy any request received within said period. Audits may not unreasonably interfere with the usual activities of the data processor. The data controller is responsible for all costs associated with your audit review request.

 

  1. Responsibilities and jurisdictions:

Liability for actions arising from your failure to comply with the provisions of this Agreement is governed by the liability and indemnity provisions in the terms of subscription in section 13. This also applies to any violation by the data processor’s subprocessors.

This Agreement is governed by the courts of the Kingdom of Spain, which will have exclusive jurisdiction to determine any dispute over it.

Annex A. Categories of personal information and categories of usual processing

A. Categories of personal information (the list is not exhaustive):

Name.

Address.

Telephone numbers.

Email addresses.

Addresses).

Any account number and/or bank details.

 

B. Typical processing categories (the list is not exhaustive):

The employees of the data controller.

Contacts of the data controller (phone / email / addresses / etc.).

The data controller’s clients.

The banking information of the data controller.

Your clients’ employees.

Contacts of your clients (phone / email / addresses / etc.).

Your clients’ clients.

Banking information of your clients’ clients