Registration of processing activities as data controller

Purpose

  • Management and monitoring of professional career, skills, action plans, personnel promotion.
  • Management of training and training of employees.
  • Intern personnel management.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Treatment necessary for the execution of a contract. Art. 6.1.b). Compliance with a legal obligation:
    • Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Workers' Statute Law.

Categories of personal data

  • Identification data: DNI, Social Security or Mutual Insurance number, name and surname,  address, telephone number and email address.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Previous and current employees of VALIDATED ID SL, regardless of their legal.

Data Manager

  • There is no treatment manager.

Data Communications

  • Training service providers and other related entities.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • 5 years after the end of the employment relationship with the entity.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, ofMay 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

2. Selection, promotion and management of employees

Purpose

  • Open access selection processes andinternal promotion.
  • Management of employees from the moment they are contractually part of the VALIDATED ID team until they cease their work activity at the entity.
  • Management of labor files, payrolls and social action of personnel.
  • Treatment of labor demands and administrative claims.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Treatment necessary for the execution of a contract. Art. 6.1.b). Compliance with a legal obligation:
    • Royal Legislative Decree 2/2015, of October 23, which approves the consolidated text of the Workers' Statute Law.

Categories of personal data

  • Identification data: DNI, Social Security number, name and surname, address, telephone number, marital status.
  • Name and surname, age of descendants.
  • Employment data (job, position, salary).
  • Academic data.
  • Financial data: bank details.
  • Aspects related to performance at work.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Previous and current employees of VALIDATED ID SL, regardless of their legal relationship with it.

Data Manager

  • There is no treatment manager.

Data Communications

  • Competent bodies of the SocialSecurity Administration.
  • Bodies of the State TaxAdministration Agency.
  • Banks and credit institutions.
  • Insurance companies.
  • External candidate selection companies.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • 2 years for  selection processes, except in dispute.
  • 5 years after  the end of the employment relationship with the entity.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

3. Security measures implemented

Purpose

  • Develop the policy and obligations regarding occupational risk prevention.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Treatment necessary for the execution of a contract to which the interested party is a party.
    • Law 31/1995, of November 8, on the prevention ofOccupational Risks and other related regulations.

Categories of personal data

  • Identification data: DNI, Social Security number, name and surname, worker's signature, telephone number, professional category.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Previous and current employees of VALIDATED ID SL, regardless of their legal relationship with it.

Data Manager

  • Provider that manages health insurance.
  • Provider that manages the accident insurance company.

Data Communications

  • Work inspections.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • 40 years in general from the end of the employment relationship or the interested party reaches 75 years of age, the longer period prevailing.

Security Measures

  • The security  measures implemented correspond to those provided for in the National  Security Scheme (Royal Decree 311/2022, of May 3, which regulates the  National Security Scheme). The security measures are determined based on the  level of security required by the processing and the type of data and are  described in the documents that make up the Information Security Policy.

4. Web forms

Purpose

  • Respond to questions from users who contactVALIDATED ID through the forms available on the website.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the express consent granted by Userswho complete the contact form available on the VALIDATED ID SL website,
    • RGPD: 6.1.a) the interested party gave his consentto the processing of his personal data for one or more specific purposes.

Categories of personal data

  • Identification data: name, surname, email, telephone, organization and  country, as well as the information included in the message.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural persons who request information about the electronic services provided by VALIDATED ID.

Data Manager

  • There is no treatment manager.

Data Communications

  • The communication of personal data to third parties is not planned.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • They will be kept as long as they are necessary to respond to queries and requests, until the end of the contractual relationship and subsequently, during the legally required periods according to each case.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

5. Data communication

Purpose

  • To answer questions from users who contact us through the real-time interactive chat displayed on the website provided by INTERCOM.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the consent of the User who contacts through the interactive chat available on the VALIDATED ID SL website
    • RGPD: 6.1.a) the interested party gave his consent to the processing of his personal data for one or more specific purposes.
    • RGPD: 6.1.b) Treatment necessary for the execution of a contract in which the interested person is a party or for the application at his request of pre-contractual measures.

Data Categories personal

  • Identification data: name, surname, email, telephone, organization and country, as well as the information included in the message.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural persons who request information about the electronic services provided by VALIDATED ID.

Data Manager

  • INTERCOM

Data Communications

  • The communication of personal data to third parties is not planned.

International data transfers

  • No transfers are made outside the EU.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

6. Help. VIDsigner help center (support)

Purpose

  • We use personal data to respond to technical queries related to the services provided by VID, in which a User contacts the Support team through the form.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the consent of the User who contacts through the interactive chat available on the VALIDATED ID SL website
    • RGPD: 6.1.a) the interested party gave his consent to the processing of his personal data for one or more specific purposes.
    • RGPD: 6.1.b) Treatment necessary for the execution of a contract in which the interested person is a party or for the application at his request of pre-contractual measures.

Categories of personal information

  • Identification data: name, surname, telephone number, email, company, subject and description.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Individuals  who request technical support services.

Data Manager

  • SALESFORCE

Data Communications

  • The communication of personal data to third parties is not planned.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • They will be kept as long as they are necessary to respond to queries and requests, until the end of the contractual relationship and subsequently, during the legally required periods according to each case.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

7. Developer site

Purpose

  • We use the personal data collected to provide access to technical documentation related to the services provided by VID through the Developer Site.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the consent of the User who contacts through the interactive chat available on the VALIDATED ID SL website
    • RGPD: 6.1.a) the interested party gave his consent to the processing of his personal data for one or more specific purposes.
    • RGPD: 6.1.b) Treatment necessary for the execution of a contract in which the interested person is a party or for the application at his request of pre-contractual measures.

Categories of personal information

  • Identification data: name, surname, email, telephone, organization and country, as well as the information included in the message.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural persons requesting technical assistance.

Data Manager

  • SALESFORCE

Data Communications

  • The communication of personal data to third parties is not planned.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • They will be kept as long as they are necessary to respond to queries and requests, until the end of the contractual relationship and subsequently, during the legally required periods according to each case.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the InformationSecurity Policy.

8. Customer management

Purpose

  • We use personal data in a generic way to maintain the contractual relationship and the contracted services, as well as the management,  administration, billing, provision and improvement of the service. Including, sending commercial communications, newsletters and news, technical or legal communications. For correct customer management, the collection of personal data from certain contacts with different roles (commercial, marketing, technical or legal) is required.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the fulfillment and execution of a pre-contractual or contractual relationship with clients in the context of contracting our products and services.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.
    • RGPD: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment.

Categories of personal information

  • Identification data: name, surname, email, telephone, official identification number, and information of the contracting organization.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • VALIDATED ID customers.

Data Manager

  • SALESFORCE

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International

  • No transfers are made outside the EU.

Deletion period

  • They will be kept as long as they are necessary to respond to queries and requests, until the end of the contractual relationship and subsequently, during the legally required periods according to each case.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme ( Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

9. Supplier management

Purpose

  • We use personal data for the correct management of suppliers and contracted services, which requires the collection of personal data from certain contacts with different roles (commercial, marketing, technical or legal).

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the fulfillment and execution of a pre-contractual or contractual relationship with clients in the context of contracting our products and services.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.
    • RGPD: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment.

Categories of personal information

  • Identification data: name, surname, email, telephone, official identification number, and information of the contracting organization.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural  persons who provide electronic services to VALIDATED ID.

Data Manager

  • SALESFORCE

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International

  • No transfers are made outside the EU.

Deletion period

  • They will be kept as long as they are necessary to respond to queries and requests, until the end of the contractual relationship and subsequently, during the legally required periods according to each case.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

10. Commercial management

Purpose

  • Manage the commercial and sales work of VALIDATED ID.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the fulfillment and execution of a pre-contractual or contractual relationship with clients in the context of contracting our products and services.
    • RGPD: 6.1.a) the interested party gave his consent to the processing of his personal data for one or more specific purposes.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.

Categories of personal information

  • Identification data: name, surname, email, telephone, official identification number, position and organization information.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural persons who are clients or potential clients.

Data Manager

  • SALESFORCE

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International

  • No transfers are made outside the EU.

Deletion period

  • They will be  kept for the time necessary to fulfill the purpose for which they were collected  and to determine the possible responsibilities that may arise from said  purpose and from the processing of the data.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are  described in the documents that make up the Information Security Policy.

11. VIDsigner

Purpose

  • We use personal data for the correct management of clients, suppliers and services, VALIDATED ID requires the collection of personal data from certain contacts with different roles (commercial, marketing, technical or legal) for the signing of documentation necessary for the execution of the relationship. contractual relationship related to the services provided by VALIDATED ID.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the fulfillment and execution of a pre-contractual or contractual relationship with clients in the context of contracting our products and services.
    • RGPD: 6.1.a) the interested party gave his consent to the processing of his personal data for one or more specific purposes.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.

Categories of personal information

  • Identification data: name, surname, email, telephone, official identification number, position and organization information.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural  persons who have any contractual or pre-contractual relationship with  VALIDATED ID.

Data Manager

  • MICROSOFT

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International

  • No transfers are made outside the EU.

Deletion period

  • They will be kept as long as they are necessary to achieve the purpose for which they were collected, with a maximum of 60 days for the signature or rejection of the document, and an additional 30 days for the download of the signed document. Once these deadlines have expired, the data and documents will be deleted from the system.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

12. Pimefacture

Purpose

  • We use personal data for the issuance of electronic invoices and to provide Users with a functional platform, offer our content and services, and to close or enter into contracts with Users.

Responsible Entity

  • VALIDATED ID SL and PIMEC.

Legitimation

  • Based on the fulfillment and execution of a pre-contractual or contractual relationship with clients in the context of contracting our products and services.
    • RGPD: 6.1.a) the interested party gave their consent to the processing of their personal data for one or more specific purposes.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.

Categories of personal information

  • Identification data: name, surname, email, telephone, official identification number, position and organization information.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Individuals use electronic invoice services.

Data Manager

  • MICROSOFT

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International

  • No transfers are made outside the EU.

Deletion period

  • They will be kept as long as they are necessary to achieve the purpose for which they were collected, these periods, the data and documents will be deleted from the system.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

13. VIDchain

Purpose

  • We use personal data for the correct provision of decentralized digital  identity services.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the fulfillment and execution of a pre-contractual or contractual relationship with clients in the context of contracting our products and services.
    • RGPD: 6.1.a) the interested party gave his consent to the processing of his personal data for one or more specific purposes.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.

Categories of personal information

  • Identification data: name, surname, email, telephone, official identification number, and other similar information provided regarding your company or its employees.
  • Verifiable Credentials: These digital credentials can be stored on the end user's device or in the cloud. When credentials are stored on the end user's device, VALIDATED ID cannot access that information. When cloud storage is used, we may host these VerifiableCredentials through third-party cloud service providers and retain encryption keys related to these digital Credentials.
  • Technical data: DecentralizedIdentifiers (DID), public keys and your unique device identifier

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural persons requesting electronic services.

Data Manager

  • MICROSOFT

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • They will be kept as long as they are necessary to achieve the purpose for which they were collected.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

14. Marketing management

Purpose

  • We use personal data collected through subscription to the Newsletter or  downloading Whitepapers, legal reports, or free trials of our services, to  send news of interest about our company, articles, invitations to events,  promotions and related communications. with the services provided by  VALIDATED ID, either through automatic remote means (e-mail, fax, text  message) or traditional means of contact (telephone, postal delivery) or  through our sales team.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the fulfillment and execution of a pre-contractual or contractual relationship with clients in the context of contracting our products and services.
    • RGPD: 6.1.a) the interested party gave his consent to the processing of his personal data for one or more specific purposes.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.

Categories of personal information

  • Identification data: name, surname, email, telephone, position and organization information.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural persons who are clients or potential clients.

Data Manager

  • SALESFORCE

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

15. Access control

Purpose

  • Management and control of people who access VALIDATED ID facilities.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Legitimation: Based on the express consent of the interested party.
    • RGPD: 6.1.a) the interested party gave his consent to the processing of his personal data for one or more specific purposes.

Categories of personal information

  • Identification data: name, surname, ID, email, telephone, position and organization information.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural persons who are clients or potential clients who access the VALIDATED ID facilities.
  • Work staff.
  • Labor personnel from external companies that provide services at VALIDATED ID facilities.

Data Manager

  • There is no treatment manager.

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the InformationSecurity Policy.

16. Security gap management

Purpose

  • Investigation and resolution of security incidents that occur in VALIDATED ID systems and applications.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Based on the execution of a contract.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.

Categories of personal information

  • Identification data: name and surname, email, IP address. Trace activity in systems.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Current and former workers and collaborators of VALIDATED ID, regardless of their legal relationship with it.
  • Natural persons who access VALIDATED ID systems.

Data Manager

  • Provider in charge of incident management.

Data Communications

  • The communication of personal data to third parties is not planned, except in cases established by a legal obligation, orto the competent authorities in the event of an incident that compromises the security of the data.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

17. Daily record of the working day

Purpose

  • Guarantee the daily recording of the working day, which must include the specific start and end time of the working day of each worker, without prejudice to the time flexibility of those contracts that provide for it.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Compliance with a legal obligation applicable to the data controller. Art. 6.1.c) RGPD.
  • Article 10 of Royal Decree-Law 8/2019, of March8, on urgent social protection measures and the fight against job insecurity during the working day and by which article 34 of the Consolidated Text of theLabor Law is modified. Workers' Statute, approved by Royal Legislative Decree2/2015, of October 23.

Categories of personal information

  • Identification data: name, surname, email.

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • VALIDATED ID Workforce.

Data Manager

  • FACTORIAL

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • They will be kept for the time necessary to fulfill the purpose for which they were collected and to determine the possible responsibilities that may arise from said purpose and from the processing of the data.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

18. Electronic certification service

Purpose

  • Validated ID processes the personal data provided to carry out the requested electronic services, specifically the issuance of electronic certificates, all in accordance with the provisions of the Certification Practices Statement (DPC) of Validated ID, which is located available at the following link: https://www.validatedid.com/es/tsp
  • The purposes of data processing related to the SERVICE are the following:
    • Identification of subscribers and/or signers of electronic certificates.
    • Issuance and management of electronic certificates.
    • Management of the certificate life cycle (suspension, renewal, reactivation and revocation).
    • Communications related to the service.
    • Custody and maintenance of the file related to the electronic certificate.
    • Administrative, accounting and billing management derived from the contracting.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • The legitimization of the processing of personal data for the Provision of Trust Services for the issuance of electronic certificates is based on the fulfillment and execution of a contractual relationship, where the user is part of it.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.
    • RGPD: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment.
  • Law 6/2020, of November 11, regulating certain aspects of electronic trust services.

Categories of personal information

  • Identification data: Name and surname, DNI/NIE/Passport, email address.
  • In addition, depending on the typeof certificate requested, it may contain other identifying data (such as membership number, employee number, position, functions, etc.) and those related to the entity with which the person maintains a relationship of representation or type. corporate.
  • Personal characteristics data:public key for authenticity, private key for cloud signing, certificate serial number, certificate request code.
  • Data on social circumstances:attributes related to the capacity and power of representation. Commercial information data: electronic address (URL).

Who provides you with your data?

  •  The companies  and organizations where the certificate applicants provide their services.

Who is the data subject of the personal data?

  • Natural persons requesting electronic certification services.

Data Manager

  • UANATACA

Data Communications

  • Public administrations, organizations and related or dependent entities, within the scope of article 81of law 66/1997, of December 30 and the rest of the cases contemplated inEuropean and national regulations with the rank of Law. Data communications will occur by including the serial number of the certificate in the list of revoked certificates. Furthermore, the use of the certificate makes it possible for third parties to access data that you have provided to us (name, surname and ID).
  • Communications to the State Security Forces and Bodies and judicial bodies.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • 15 years.

Security Measures

  • The security  measures implemented correspond to those provided for in the National  Security Scheme (Royal Decree 311/2022, of May 3, which regulates the  National Security Scheme). The security measures are determined based on the  level of security required by the processing and the type of data and are  described in the documents that make up the Information Security Policy.

19. Video identification

Purpose

  • Validate the identity of a person, as well as their official identity documents, through a video recording that captures and validates both their facial features and the official identity document provided, all in real time and in an automated manner.
  • Before the start of the VideoIdentification session, the User will be provided with the specific PrivacyPolicy, in order to inform them of the methods and purposes of the treatment carried out. https://www.validatedid.com/es/tsp

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • The legitimation of the processing of personal data for the Provision of Trust Services for the issuance of electronic certificates through the Video Identification service is based on the fulfillment and execution of a contractual relationship, where the user is part of it.
    • RGPD: 6.1.a) Consent granted by the interested party and Art. 9.2.a) RGPD (for the processing of biometric data).
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.
    • RGPD: 6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment.
  • Law 6/2020, of November 11, regulating certain aspects of electronic trust services.
  • Order ETD/465/2021, of May 6, which regulates remote video identification methods for the issuance of qualified electronic certificates.

Categories of personal information

  • Identification data: name and surname, email, telephone, organization, position and DNI/passport/NIE; and to carry out the video identification process of Users, the following will be dealt with:
    • Personal characteristics data: public key for authenticity, private key for cloud signature, photographs, biometric data (facial biometric pattern).

Who provides you with your data?

  • Natural persons requesting the certificate.

Who is the data subject of the personal data?

  • Natural persons who request services that require the remote identity validation and accreditation service.

Data Manager

  • Electronic ID

Communications of data

  • Public administrations, organizations and related or dependent entities.
  • State Security Forces and Corps and judicial bodies.

International data transfers

  • No transfers  are made outside the EU.

Deletion period

  • The requirements of the eIDAS Regulation and Law6/2020 of November 11, regulating certain aspects of trusted electronic services, will be applied, which requires the period of time during which they must retain the information related to the services provided will be 15 years from the expiration of the certificate or the end of the service provided.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, ofMay 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

20. Registration authority (AR) or in-person verification point (PVP) service

Purpose

  • Allow those entities that contract AR or PVP services with VALIDATED ID  to participate in the identity validation process for the issuance of  electronic certificates, as well as their official identity documents,  through Operators designated by said entities, and they will be treated with  the exclusive purpose of managing their registrations and cancellations (and,  where appropriate, access to the ARs PKI platform), controlling the correct  performance of their functions and coordinating their operations.

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • The legitimization of the processing of personal data for the Provision of Trust Services for the issuance of electronic certificates through the service provided by an RA or by a PVP, and its operators, is based on the compliance and execution of a contractual relationship, where the user is part of it
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.
    • RGPD:6.1.c) Treatment necessary for compliance with a legal obligation applicable to the person responsible for the treatment.

Categories of personal information

  • Identification data: name and surname, email, telephone, organization, position and DNI/passport/NIE

Who provides you with your data?

  • Natural persons requesting the certificate.

Who is the data subject of the personal data?

  • Natural persons requesting the certificate.

Data Manager

  • UANATACA

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • The requirements of the eIDAS Regulation and Law6/2020 of November 11, regulating certain aspects of trusted electronic services, will be applied, which requires the period of time during which they must retain the information related to the services provided will be 15 years from the expiration of the certificate or the end of the service provided.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.

21. Management of events and webinars

Purpose

  • Management of in-person and online events (webinars) carried out by VALIDATED ID

Responsible Entity

  • VALIDATED ID SL

Legitimation

  • Execution of a contract in which the interested parties are part of it.
    • RGPD: 6.1.b) Processing necessary for the execution of a contract in which the interested party is a party or for the application of pre-contractual measures at the request of the interested party.

Categories of personal information

  • Identification data: name and surname, email, telephone, organization, position and DNI/passport/NIE

Who provides you with your data?

  • The interested parties themselves.

Who is the data subject of the personal data?

  • Natural persons requesting the certificate.

Data Manager

  • GOtoWEBINAR or event organizing company

Data Communications

  • The communication of personal data to third parties is not foreseen, except in cases established by a legal obligation.

International data transfers

  • No transfers are made outside the EU.

Deletion period

  • The requirements of the eIDAS Regulation and Law6/2020 of November 11, regulating certain aspects of trusted electronic services, will be applied, which requires the period of time during which they must retain the information related to the services provided will be 15 years from the expiration of the certificate or the end of the service provided.

Security Measures

  • The security measures implemented correspond to those provided for in the National Security Scheme (Royal Decree 311/2022, of May 3, which regulates the National Security Scheme). The security measures are determined based on the level of security required by the processing and the type of data and are described in the documents that make up the Information Security Policy.