Data Privacy Statement
We, BEAT BUREAUCRACY ET, SL, with CIF: B01944743, address at Plaza Urquinaona 6, 15A, 08010, Barcelona, Spain. We are the website operator https://entretramites.com/en , as well as the service provider of the Entre Trámites application for iOS and Android, including the other services offered through the Entre Trámites websites and application. We are responsible for the collection, processing and use of personal data in accordance with data protection legislation, specifically the General Data Protection Regulation (“GDPR”).
You, the client, are the data controller and Entre Trámites, the service provider, is the data processor on your behalf. We only use your data in compliance with relevant data protection legislation.
With this Data Privacy Statement we want to inform you what personal data is collected and stored when you visit our website or use our services offered on the website. In addition, you will receive information about how we use your data and what rights you have regarding the use of them. This Data Privacy Statement also applies to the access and use of the Entre Trámites application, as well as the other available services.
- Data security
To protect them, all the data you provide us is encrypted in accordance with the TLS (Transport Layer Security) security protocol. TLS is a secure and proven protocol that is used, for example, for online banking. You can identify the TLS connection, for example, by looking at the “s” after the “http” in the URL displayed in your browser (https://..) or from the lock icon displayed in the tab from the browser.
We also take adequate technical and organizational security measures to protect your data against random or deliberate manipulation, partial or total loss, destruction and/or unauthorized access. To prevent data loss, we set up a mirrored database, which means your data is always stored in two separate locations. In addition, we update and store data hourly in an off-site backup and, in line with high-risk analyses, we continually perform security tests on our infrastructure. Your password is stored through a secure encrypted process. We will never ask you for your password, neither by email nor by phone. If you forget your password,we can reset it for you. We continuously improve our security measures based on technological development.
The personal data we collect is stored in a secure environment within the EU and is treated confidentially. Access to this information is limited to selected employees and vendors of the ET group.
We comply, at all times, with the legislative requirements of data protection. We do our best to protect your data, but we cannot guarantee the security of your data when you transfer it over the Internet. When this happens, there is a certain risk that others can access your data illegally. In other words, by transferring data over the internet, you assume responsibility for its security as the data controller.
- Collection and storage of personal data and nature and purpose of its use
- a) If you visit our website
You can visit the website https://entretramites.com/en without revealing your identity. Your browser only sends information – which is collected automatically – to our website’s servers. This Information is temporarily stored in a log file (logfile). This is the information that is automatically collected and stored until its deletion, also automatic:
- IP address of the requesting computer.
- Date and time of access.
- Name and URL of the data entered.
- Website, where the access comes from (referrer URL).
- Browser used and, if necessary, the operating system of your computer, as well as the name of your access provider.
This data is collected and processed to enable the use of our website (connection establishment), to ensure the security and stability of our system, as well as for the technical administration of the network infrastructure. Such data does not provide us with any information that can personally identify you.
- b) If you register in our online services
On our website we offer online accounting, labor and tax advisory services. To use these services, you must first register. When you register, you must enter an email address and a password; in this way, you can create an account with us and log in.
To fully use our services, you may need to enter additional personal data.
We also use your name and contact details for the following purposes:
- To know who our contracting party is.
- For the justification, structure, processing and change of the contractual relationship with you regarding the use of our services.
- To verify the plausibility of the information entered.
- To contact you, if necessary.
- c) If you sign up for our newsletter or informative bulletin
If you have agreed to receive our newsletter or newsletter, we may use your email address to periodically send you newsletters, as well as information about our services. To receive newsletters, we must first obtain your consent. This consent must be accepted during registration. You can revoke your consent at any time, either within your account or by sending us an email.
You can also unsubscribe from our newsletter at any time, for example by clicking the unsubscribe link at the bottom of the newsletter. On the other hand, you can also send us an email at [email protected]
If you unsubscribe from the newsletter or newsletter, we will keep your email address on file solely to ensure that you will no longer receive these emails.
- d) Developer, client, supplier, advisor and team
With our services, you can enter data from third parties, allow third parties access to your account, connect your account with third parties and offer third parties your own applications or third party applications. Of course, we also respect the privacy of the data of third parties, which we may access through the use of the service we offer you. Sometimes this may require a separate contract with you. If you think this is the case, contact us.
According to our Terms and Conditions, you do not have the right to share your access data with third parties and you are obliged to treat such data with due care. In addition, you are responsible for the data of third parties that you enter in Entre Trámites.
Please note that we do not have any ability to comply with security and data protection regulations outside of our website, the Entre Trámites application or the services provided by us. In the cases described, you or the third party to whom you have granted access to your data are responsible.
- Consent for data transfer
We pass on your personal data to third parties if you ask us to, only if you have given your explicit consent or if there are legal obligations to do so.
No transfer of personal data to third parties for other purposes takes place. Your data is not disclosed to any third party without your permission; unless a court requires its surrender, and when it does so only to the extent necessary.
Entre Trámites reserves the right to share data within its group as required, to provide services to you.
Entre Trámites may also request, from time to time, to share data with a sister company, for example, to enable billing of your account from an entity other than Entre Trámites.
Data security is ensured at all times.
By registering with Entre Trámites, you consent to the processing of your data. You also give your explicit consent to share your data with third parties when necessary to offer you our service.
We confirm that we only share your data with third parties whose data maintenance standards satisfy us and comply with all data protection legislation.
Specifically, when we share data with territories outside the EU or EEA or other not included in the list approved by the European Commission, we fully ensure their data security and confidentiality standards as well as that they keep all data shared in a confidential manner. homologated to EU standards. We are required to make available, upon request, proof of – or reference to – appropriate safeguards, and may do so upon receipt of a request addressed to [email protected] by email.
You have the right to withdraw, at any time, your consent to the processing and/or sharing of your data, either by closing your account, which takes immediate effect, or by contacting us to request closure, so that we do so as soon as possible. As soon as possible. After your relationship with Entre Trámites ends, we keep only the minimum data that we must keep to comply with all legal requirements, and only for the minimum period required.
If you have any questions about the processing of your personal data, or if you wish to request access to your data, you can contact the Data Protection Officer (DPO) by writing to [email protected] or by writing to the DPO at the address listed above.
If you are not satisfied, you have the right to file a complaint with the relevant data protection authority.
Entre Trámites will fully cooperate with any such investigation and will endeavor to satisfy all inquiries as completely as possible. The relevant authority for each country can be found on the European Commission website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Cookies store information related to your device. However, this does not mean that we receive any detailed knowledge of your identity.
For usability purposes, we employ temporary cookies, which are stored on your device for a specified period of time. If you visit our website again to use our services, it will be recognized that you have visited our website before and what activities you have performed, so that you do not have to repeat them.
Most browsers automatically accept cookies. You can configure your browser so that cookies are not stored in it or so that a warning always appears before a new cookie is created.
However, please note that completely disabling cookies may also result in limited functionality of our website.
- Web analysis
Below, you can find more information about our web analytics services and their deactivation options:
- a) Google Analytics
We use Google Analytics. This is a web analytics service of Google Inc. The information about the use of our website (including your IP address), which is collected via a cookie, is transferred to a Google server in the United States and stored there . IP addresses are anonymous, so they cannot be assigned (IP masquerading). The information is used to analyze the use of our website, to create reports on website activities and to provide us with other services that are connected with the use of our website and the internet. The data that you have entered when using our service will not be incorporated in any way with other data that is collected through Google.
The transfer of information by Google to third parties will only take place if this is required by law or if third parties process the data on your behalf.
We also use Google Optimize. This is a web analytics service from Google Inc, which is integrated into Google Analytics. Google Optimize allows us to perform A/B and multivariate tests. In this way we can find out which version of our website is preferred by users. Here you can find more information about this service.
You can prevent the data collection, which takes place via the cookie, as well as the data processing by Google by downloading and installing a browser plug-in here.
As an alternative to the browser plug-in, especially for browsers on mobile devices, you can prevent the collection of data by Google Analytics by clicking on this link. A blocking cookie will be placed, which will prevent the collection of data when a website is visited. The blocking cookie is valid only in this browser and for our website, and they will be archived on your device. If you delete the cookie in your browser, you will need to reset the blocking cookie.
You can find more information about data protection with Google Analytics in Analytics Help.
Also, we use the APIVision from Google Cloud. The OCR system (OCR) is used for optical character recognition, that is, it enables the automatic recognition and analysis of letters, as well as the categorization of documents. You can find more information about this service here. API-based character recognitionVision Google Cloud is essential for the use of our services. If you do not want the API to be usedVision from Google Cloud, you have the ability to create expenses without uploading documents. In such case, you will not be able to use the services of Entre Tramiities
In the following link, you can find more information about Google data protection: https://policies.google.com/privacy?hl=es
- Audience segmentation (targeting)
The collection and evaluation is carried out anonymously and does not allow us to identify you. In other words, we do not link this information to your personal data.
If you do not wish to receive personalized advertising, you can prevent this through the relevant cookie settings in your browser.
You can change the settings to display personalized advertising through the Google Ads Settings.
- Facebook Tracking
We do not use social plugins from Facebook or other social networks. In connection with our advertising on Facebook, we employ a pixel-based tracking mechanism. This is a web analytics service provided by Facebook Ireland Ltd. The information is used to track conversions from the Facebook platform.
This service is provided by Facebook Ireland Ltd., which is subject to the data privacy law of the European Union. We do not share any data you enter while using our service with Facebook.
Please refer to Facebook’s data protection information for more information on the purpose and scope of data collection, and the processing and use of data by Facebook, as well as your rights and setting options for data protection. Privacy.
- Information, correction, blocking, deletion
You have the right to information about personal data that we store and the right to correct or amend incorrect data, as well as to block and delete it.
As the data controller, you are responsible for the content you post. You have the right to rectify, block or delete, at any time, any of your data. We may remove content you have posted at your request, but we maintain our right not to remove content that is already posted or that we are required to maintain to comply with certain legal requirements.
For information about your personal data, for the correction of erroneous data or for the blocking or deletion of data, as well as for other questions about the use of your personal data, send an email to [email protected]. In addition, you can view and change the data that is stored in your account by logging into our website with your login details. You can delete your account data at any time. This can be done by using the corresponding option in your account. We advise that if you delete your data, you will not be able to use our service in full or at all.
- Changes to the Data Privacy Statement
This Data Privacy Statement is now in force and was last updated in May 2018. Due to further development of the website, the application
Entre Trámites or any other Entre Trámites service, or due to changes in legal or regulatory requirements, this Data Privacy Statement may need to be modified in the future. Our Data Privacy Statement can be accessed and printed at any time on our website.
DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) is the basis of the relationship between you, the customer, as data controller, and Entre Trámites, the service provider, as data processor under data protection legislation, more specifically , the General Data Protection Regulation (“RGPD”).
This is an important agreement that forms the contractual basis forlet’s process the data on your behalf. It explains how your data may be processed and its purpose. We process your personal data only as required and at your direction, as described in this agreement.
Due to our customer volume, it would be impossible to enter into individually signed agreements with all of our users. It is also our hope that, by facilitating the execution of this agreement (APD), it is ensured that the acceptance of the new Terms, in compliance with the GDPR, takes less time as an owner who owes his main occupation to a business.
Data Processing Agreement in between:
Name of the client (“the client” or “data controller”, hereinafter) [This information will be filled in automatically once you have completed the registration] and BEAT BUREAUCRACY ET, SL, with CIF: B01944743, address at Plaza Urquinaona 6, 15A, 08010, Barcelona, Spain, each a “part”; together “the parties”, HAVE AGREED to the terms of this Data Processing Agreement (hereinafter “DPA” or “Agreement”) on personal data protection regarding the processing of personal data when the client acts as data controller and Entre Tramites as data processor to comply with the service obligations described in the service agreement (detailed below). As part of the fulfillment of these service obligations, Entre Tramites will process certain personal data on behalf of the data controller, in accordance with the terms of this agreement. Each party agrees and will ensure that the terms of this agreement are also fully applicable to its affiliates, which may be involved in the processing operations of personal data for the project defined in the service agreement. Specifically, Entre Trámites will ensure that all sub-processors operate within the same terms as this Agreement when processing customer personal data.
- Introduction and definitions:
Personal data is defined as any information relating to a data subject by which he can be identified in particular, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or plus factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural or legal person (when applicable).
All other definitions mentioned in this document, including the terms data controller and data processor, are determined by the corresponding data protection laws, including Organic Law 3/2018 on the protection of personal data and guarantee of rights digital and the European Regulation RGPD 679/2016 (hereinafter, “RGPD”).
Sensitive personal data is not considered to be processed under the application service offered by the data processor and is therefore excluded from the terms of this Agreement.
of customer data. This Agreement takes precedence, unless it has been superseded by another signed DPA that gives precedence to this Agreement.
The purpose of Inter-Process processing of personal data for the client is to ensure full use of the service by the client and to enable compliance with this Agreement.
Entre Trámites will guarantee that sufficient security of personal data is maintained at all times.
Both parties confirm their authority to sign the Agreement by doing so.
- Responsibilities of the data processor:
The data processor must process all personal data on behalf of the data controller and follow their instructions. By entering into this Agreement, Entre Trámites (and any sub-processors with whom the data processor has a legal agreement to offer the services) is instructed to process them personal data of the client as follows:
- i) in accordance with all national and European laws;
- ii) fulfill your obligations under the terms of the service application;
iii) according to the instructions of the data controller;
- iv) as described in this Agreement.
As a party providing the application, the data processor is required to always provide the client with the appropriate solutions to accompany the continuous development of its business through the use of the service. The data processor tracks how the customer uses the application to make the best suggestions, provide relevant services at all times and commit to sending the most accurate communications in order to achieve user-friendliness and customer satisfaction. To the extent that the application’s processing of personal data forms part of this, it is processed only in accordance with this DPA and applicable law and is shared only as necessary to provide a better customer experience.
Taking into account the available technology and the cost of implementation, as well as the scope, context and purpose of the processing, the data processor is required to take all reasonable measures, including technical and organizational measures, to ensure a sufficient level of security in relation to the risk and the category of personal data to be protected. The data processor shall assist the data controller with appropriate technical and organizational measures as necessary and taking into account the nature of the processing and the category of information available to the data processor to ensure compliance with the data controller’s obligations. under applicable data protection laws.
The data processor will notify the data controller without undue delay if the data processor becomes aware of a security breach.
In addition, the data processor must, to the extent possible and legally, inform the data controller if a data request (data access request) is made by the bodies that must provide it. The data processor will respond to such requests once authorized to do so by the data controller. The Data Processor will also not disclose information under this Agreement unless the Data Processor is required by law to do so, such as by court order.
If the data controller requires information or assistance regarding data security, documentation, or information about how the data processor processes personal data in general, they can request this information from the processor.
The data processor, its employees and any affiliate or partner will ensure confidentiality in relation to the personal data processed under the Agreement. This provision continues to apply after the termination of the agreement, regardless of the cause of its termination.
- Responsibilities of the data controller:
The Data Controller confirms, by signing this Agreement, that by using the Application, you will be free to access your data in accordance with all legal data protection requirements, including the GDPR. The controller gives his explicit consent to the processing of his personal data at all times when using the service.
The data controller can revoke this consent at any time, but doing so terminates the current Agreement and the data processor will no longer be able to offer the service.
The client has a legal basis to process the personal data with the data processor (including sub-processors) with the use of the services of Entre Trámites.
The data controller is responsible at all times for the accuracy, completeness, content and reliability of the personal data processed by the data processor. Both have complied with all mandatory requirements in relation to notifying or obtaining permission from the relevant public authorities regarding the processing of personal data. In addition, both have fulfilled their disclosure obligations to the relevant authorities regarding the processing of personal data in accordance with all applicable data protection legislation.
The data controller must have an accurate list of the categories of personal data it processes, particularly if such processing differs from the categories listed by the data processor in Annex A.
- Agreement for the transfer of data and the use of subcontractors:
In order to provide the service to the data controller, the data processor uses subcontractors. These subcontractors may be external providers both within and outside the EU/EEA. The data processor ensures that all subcontractors comply with the obligations and requirements of this Agreement; specifically, that its level of data protection meets the standard required by relevant data protection laws. If a jurisdiction falls outside the EU/EEA and is not on the European Commission’s approved list of satisfactory data protection levels under the GDPR, then a specific agreement is established between Entre Tramites and said subcontractor to ensure that it will maintain all personal data according to the requirements of laws data protection regulations in force in the EU.
This Agreement constitutes the specific and explicit prior consent of the data controller for his use by the data processor of subcontractors of data processors, which at times can be outside the EU/EEA or territories approved by the European Commission.
The data controller may revoke this consent at any time, but it ends the term of the Agreement and the data processor will no longer be able to offer the service.
If a deputy director stores personal data outside of the territories approved byThe EU / EEA or the European Commission, the data processor has the responsibility to ensure a basis satisfactory to transfer personal data to a third country on behalf of the controller of data, including the use of standard European Commission contracts or specific measures that they have previously approved by the European Commission.
The data controller must be informed before the data processor replaces its subcontractors. The data controller may object to a new sub-processor processing your data personal information on behalf of the data processor, but only if the sub-processor does not process the data in accordance with current data protection legislation. The data processor can demonstrate compliance by providing the data controller with access to the assessment of protection of data carried out by the data processor.
If the data controller still objects to the use of the subcontractor, you can terminate your subscription service, without the usual notice period required, and then ensure that the subcontractor not desired does not process your personal data.
- Duration of the Agreement:
The Agreement remains valid as long as the data processor processes personal data with the use of the Service Application Data Processor and unless superseded by another signed DPA giving its primacy to this Agreement.
- Termination of Agreement:
Upon termination of any subscription, when the Agreement terminates, the processor of data will delete all personal data, except those that are required that you keep according to the requirements applicable laws and in this case they will be stored in accordance with the technical guarantees and organization.
The data controller has full ability to recover all of your personal data from the application of service. If the data controller requests assistance for data recovery,the costs associated will be determined by mutual agreement between the parties and will be based on the complexity of the requested process and the time to complete it in the chosen format.
- Changes to the Agreement:
Changes to the Agreement must be attached as a separate schedule to the Agreement. if any ofProvisions of the Agreement is considered invalid, this does not affect the remaining provisions. Theparts will replace invalid provisions with a statutory provision that reflects the purpose ofThe disposition invalid.
The data controller has the right to initiate a review of the obligations of the processor of data under the agreement once a year. If the data processor is required to do so in accordance with the legislation applicable, audits may be repeated once a year. A plan must be provided with an audit description describing the scope, duration and start date at least four weeks before the proposed start date. The parties decide together whether a third party should perform the audit. However, the data controller may allow the data processor to have the review of security carried out by a neutral third party at the choice of the data processor, if it’s an environment processing where data from multiple data controllers is processed.
If the proposed scope of the audit follows an ISAE, ISO or similar certification report made, within the previous twelve months, by a qualified third party auditor and the processor of data confirms that there have been no major changes to the measures under review, this will satisfy any request received within said period. Audits may not unreasonably interfere with the activities usual for the data processor. The data controller is responsible for all the costs associated with your audit review request.
- Responsibilities and jurisdictions:
Liability for actions arising from breach of the provisions of this Agreement is governed by the liability and indemnification provisions in the subscription terms in section 13. This also applies to any violation by the data processor’s sub-processors.
This Agreement is governed by the courts of the Kingdom of Spain, which will have exclusive jurisdiction to determine any dispute about it.
Annex A. Categories of Personal Information and Categories of Usual Processing
- Categories of personal information (the list is not exhaustive):
Any account number and/or bank details.
- Common categories of processing (the list is not exhaustive):
The employees of the data controller.
Data controller contacts (phone / email / addresses / etc.).
The clients of the data controller.
The banking information of the data controller.
Your clients’ employees.
Contacts of your customers (phone / email / addresses / etc.).
Your customers’ customers.
Bank information of your customers’ customers.
Last update: 08/08/2023