Through this website, no personal data is collected from users without their knowledge, nor are they transferred to third parties.
In order to offer you the best service and in order to facilitate the use, the number of pages visited are analyzed, the number of visits, as well as the activity of visitors and their frequency of use. To these effects, the company FACTURAONE (F1) uses the statistical information prepared by the Internet Service Provider.
The portal owned by FACTURAONE does not contain links to third party websites. By accessing such websites you can decide whether to accept their privacy and cookie policies. In general, if you browse the internet you can accept or reject third-party cookies from the settings of your browser.
Basic information on data protection
Below we inform you about FACTURAONE's data protection policy.
Responsible for the treatment
The personal data that could be collected directly from the interested party will be treated confidentially and will be incorporated into the corresponding treatment activity owned by FACTURAONE
The updated list of the treatment activities that FACTURAONE carries out is available in the following
The purpose of data processing corresponds to each of the treatment activities carried out by FACTURAONE and which are accessible in the activity log of treatment.
The processing of your data is carried out for the fulfillment of legal obligations by FACTURAONE, as well as when the purpose of the treatment requires your consent, to be provided through clear affirmative action.
The personal data provided will be kept for the time necessary to fulfill the purpose for which it is collected and to determine the possible responsibilities that may arise from the purpose., in addition to the periods established in the regulations on files and documentation.
In general, personal data will not be communicated to third parties, except legal obligation, among which may be communications to the Ombudsman, Judges and Courts, interested in the procedures related to the presented claims.
Rights of the interested parties
Any person has the right to obtain confirmation about the treatments that their data is carried out by FACTURAONE.
You can exercise your access rights, rectification, deletion and portability of your data, limitation and opposition to their treatment, as well as not being subject to decisions based solely on the automated processing of your data, when they come, before the company FACTURAONE or at the email address [email protected]
From the 25 May 2018 The European Data Protection Regulation will be directly applicable (RGPD).
The principles are found in Chapter II of the Regulations. It establishes that the data must be treated based on the following principles:
Principle of “legality, transparency and loyalty ”, is that the data must be processed lawfully, loyal and transparent to the interested party.
Principle of "limitation of purpose", On one side, the data will be processed for one or more specific purposes, explicit and legitimate and, for other, cannot be processed afterwards for a purpose other than that for which they were collected, except for public interest, statistical, historical or scientific research.
Principle of "data minimization", that is, the data collected and processed must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Principle of "accuracy", data must be accurate and up to date, being necessary to take reasonable measures to rectify or delete inaccurate data.
Principle of "limitation of the conservation period" the conservation of the data must be limited in time to the achievement of the purposes that the treatment pursues, then they must be deleted or at least devoid of any element that allows identifying the interested parties, unless, more time in the public interest, statistical, historical or scientific research.
Principle of "integrity and confidentiality", the data must be treated adopting the security measures that are necessary to guarantee them, including the confidentiality of these.
Principle of "proactive responsibility" ( accountability), the person in charge will apply the appropriate technical and organizational measures to guarantee and demonstrate that the processing of personal data is carried out in accordance with the Regulations.
Registration of Treatment Activities
The RGPD regulates in its article 30 this record that replaces the registration of files (current with the previous LOPD 15/1999) and establishes that each controller and the data processor, keep a record of the treatment activities carried out under their responsibility.
Said register must contain the following information:
- Name and contact details of the person in charge
- Purposes of treatment
- Description of the categories of interested parties and the categories of personal data.
- The categories of recipients to whom the personal data was or will be communicated, including recipients from third countries or international organizations.
Right / duty binomial in data protection
There is a binomial between the data subject's right to data protection and the duty to data protection that the obligated subjects have.
The RGPD establishes that treatments will be lawful if they meet at least one of the following conditions:
- That there is a consent on the part of the interested party to process their personal data for the specific purpose.
- That the treatment is necessary for the execution of a contract or its pre-contractual clauses in which the interested party is a party.
- That the treatment is necessary for the fulfillment of a legal obligation of the person responsible.
- That the treatment is necessary to protect the vital interest of a person.
- Necessary treatment in fulfillment of a mission in the public interest or in the exercise of public powers of the person responsible.
- Treatment necessary for the satisfaction of the legitimate interests of a person in charge, provided that the fundamental rights and freedoms of the interested party do not prevail.
There are different ways to legitimize data processing
- The consent: granting and revocation
Consent is one of the fundamental aspects of the new RGPD. The consent of the interested party is one of the ways to legitimize the processing of personal data.
The Regulation defines it in its article 4.11: “Consent is any manifestation of will free, specific, informed and unambiguous for which the interested party accepts, either through a statement or a clear affirmative action, the processing of personal data concerning you ”
For consent to be considered lawful, It is an essential requirement to inform the interested party of:
- Who is the controller and how can you contact him?.
- What is the purpose of the treatment for which you want to obtain consent.
- What treatment will be given to these data.
- If they are going to give in (especially if it is a cross-border treatment).
- The rights of any person from whom the data is saved.
Withdrawal of consent:
The interested party has the right to withdraw their consent at any time
- Informed Consent
One of the main innovations of the RGPD is that consent(for any data processing) it has to be unequivocal, granular, revocable, informed and prior as stated in the articles 6 and 7 of the Organic Law 3/2018, of 5 from December, of Data Protection and Guarantee of Digital Rights.
When your personal data is collected, the controller must comply with the right to information.
To fulfill this right, the AEPD recommends that this information be provided to you by layers or levels so that:
You are provided with basic information at a first level, in summary, at the same time and in the same medium in which your personal data is collected.
And on the other hand, to have the rest of the information sent to you, in a more suitable medium for your presentation, compression and, if you want, archive.
The information to be provided by layers or levels would be as follows:
1.ª Layer: Basic information (summed up)
- The identity of the controller
- A simple description of the purposes of the treatment, including profiling if it exists
- The legal basis of the treatment
- Forecast or not of assignments. Forecast or not of transfers to third countries
- Reference to the exercise of rights
2.ªCapa: Additional Information (detailed)
- Contact details of the person in charge. Identity and data of the representative (if it existed). Contact details of the data protection officer (if it existed).
- Extended description of the purposes of the treatment. Deadlines or criteria for data retention. Automated decisions, profiles and applied logic.
- Detail of the legal basis of the treatment, in cases of legal obligation, public interest or legitimate interest. Obligation or not to provide data and consequences of not doing so.
- Recipients or categories of recipients. Adequacy decisions, guarantee, binding corporate rules or specific applicable situations.
- How to exercise access rights, rectification, deletion and portability of data, and the limitation or opposition to its treatment. Right to withdraw the consent given. Right to claim before the Control Authority.
Data not obtained directly from you
In the event that your personal data has not been obtained directly from you, it will be provided, in addition to the information indicated above:
In basic information (1Th layer, summed up):
- the fountain (origin) of the data
And in the additional information (2Th layer, detailed):
- detailed information on the data source, even if they come from publicly accessible sources
- the category of data being processed
This information will be provided to you within a reasonable time., within a month, unless:
- If personal data is to be used for communication with the data subject, at the latest at the time of the first communication to said affected party
- If you plan to communicate them to another interested party, at the latest when the personal data is communicated for the first time
RIGHT OF ACCESS
The right of access is your right to contact the data controller to find out whether or not they are treating your personal data and, in the event that such treatment is being performed, get the following information:
- A copy of your personal data that is the object of the treatment
- The purposes of the treatment
- The categories of personal data that are processed
- The recipients or categories of recipients to whom the personal data was communicated or will be communicated, in particular, recipients in third countries or international organizations
- The expected period of conservation of personal data, or if it is not possible, the criteria used to determine this deadline
- The existence of the interested party's right to request the person responsible: rectification or deletion of your personal data, limiting the processing of your personal data or objecting to such processing
- The right to file a claim with a Control Authority
- When personal data has not been obtained directly from you, any information available about its origin
- The existence of automated decisions, including profiling, and at least in such cases, meaningful information about applied logic, the importance and expected consequences of this treatment for the interested party
- When personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate guarantees in which the transfers are made
RIGHT OF RECTIFICATION
The exercise of this right means that you can obtain the rectification of your personal data that are inaccurate without undue delay from the person responsible for the treatment..
Taking into account the purposes of the treatment, you have the right to have incomplete personal data completed, including through an additional declaration.
In your request you must indicate what data you are referring to and the correction that must be made. further, when needed, You must accompany your request with the documentation that justifies the inaccuracy or incomplete nature of your data.
RIGHT OF OPPOSITION
This right, as the name suggests, Supposes that you can object to the person responsible for processing personal data in the following cases:
When they are processed based on a mission in the public interest or in the legitimate interest, including profiling:
- The person responsible will stop processing the data unless he proves compelling reasons that prevail over the interests, rights and freedoms of the data subject, or for formulation, the exercise or defense of claims
When the treatment is aimed at direct marketing, also included the elaboration of profiles previously mentioned:
- Exercised this right for this purpose, personal data will no longer be processed for such purposes
RIGHT OF SUPPRESSION ("forgotten")
You can exercise this right before the person in charge requesting the deletion of your personal data when any of the following circumstances occurs:
- If your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
- If the treatment of your personal data has been based on the consent you gave to the person responsible, and you remove the same, provided that said treatment is not based on another cause that legitimizes it
- If you have opposed the processing of your personal data by exercising the right of opposition in the following circumstances
- The treatment of the controller was based on the legitimate interest or the fulfillment of a mission of public interest, and other reasons have not prevailed to legitimize the treatment of your data
- For your personal data to be directly marketed, including the elaboration of profiles related to the mentioned marketing
- If your personal data has been illicitly processed
- If your personal data must be deleted in order to comply with a legal obligation established in Union or Member State law that applies to the controller
- If personal data has been obtained in relation to the offer of information society services mentioned in the article 8, pulled apart 1 (conditions applicable to the data processing of minors in relation to the services of the information society).
further, the GDPR regulating this right connects it in a certain way with the so-called "right to be forgotten", so that this right of deletion is extended in such a way that the data controller who has published personal data is obliged to indicate to the data controllers who are processing such personal data to delete any link to them, or copies or replicas of such data.
However, this right is not unlimited, in such a way that it may be feasible not to delete it when the treatment is necessary for the exercise of freedom of expression and information, for the fulfillment of a legal obligation, for the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the person responsible, for reasons of public interest, in the field of public health, for archival purposes of public interest, scientific or historical research purposes or statistical purposes, or for formulation, the exercise or defense of claims.
RIGHT TO LIMITATION OF TREATMENT
This new right is that you obtain the limitation of the processing of your data by the person responsible, although his exercise has two aspects:
You can request the suspension of the processing of your data:
- When you challenge the accuracy of your personal data, during a period that allows the person in charge to verify it
- When you have opposed the processing of your personal data that the person responsible performs based on the legitimate interest or mission of public interest, while he verifies if these reasons prevail over yours
Ask the person responsible for the conservation of your data:
- When the treatment is illegal and you have opposed the deletion of your data and instead request the limitation of its use
- When the controller no longer needs the personal data for the purposes of the treatment, but the interested party needs them for the formulation, the exercise or defense of claims
RIGHT TO PORTABILITY
The purpose of this new right is to further strengthen the control of your personal data, so that when the treatment is carried out by automated means, receive your personal data in a structured format, in common use, of mechanical and interoperable reading, and you can pass them on to another controller, provided that the treatment is legitimized on the basis of consent or in the framework of the execution of a contract.
However, This right, by its very nature, cannot be applied when the treatment is necessary for the fulfillment of a mission of public interest or in the exercise of public powers conferred on the person responsible.
Responsible for the treatment of your personal data
- Responsible identity: Juan Carlos Merino Martinez
- Tradename: FacturaOne
- NIF/CIF: 38815415V
- Address: Josep Capdevila 24, Palafolls, Barcelona province
- Email: [email protected]
- Exercise: ERP management program for freelancers and SMEs
For the purposes of the provisions of the aforementioned General Data Protection Regulation, the personal data you send me through the web forms will receive the data processing of "web users and subscribers".
For the treatment of my users' data, I implement all the technical and organizational security measures established in current legislation..
The services provided by FacturaOne, are located in Data Centers housed in Alcobendas Madrid, not resorting to other managers to carry out certain treatment activities unless specified in the service offer or in the Particular Conditions of the contracted service.
The RGPD establishes that, depending on the state of the art, application costs, and nature, the reaching, the context and purposes of the treatment, as well as risks of variable probability and severity for the rights and freedoms of natural persons, appropriate technical and organizational measures must be applied to guarantee a level of security appropriate to the risk.
To assess the adequacy of the security level, the risks of data processing must be taken into account, particularly as a consequence of the destruction, accidental or unlawful loss or alteration of transmitted personal data, preserved or otherwise treated, or unauthorized communication or access to such data. In this sense, the Practical Guide to Risk Analysis developed by the Spanish Agency for Data Protection.
- Pseudonymisation and encryption of personal data, the whole system is encryption with SSL certificate
- The ability to guarantee confidentiality, integrity, permanent availability and resilience of treatment systems and services
- The ability to restore availability and access to personal data quickly in the event of a physical or technical incident
- A verification process, regular evaluation and assessment of the effectiveness of technical and organizational measures to guarantee the safety of treatment
Given the FacturaOne provides only the technical infrastructure, and in cases where administration and management are included or contracted at the operating system and / or application level, the security measures provided by FacturaOne are limited to these functions, other aspects being excluded, outside the environment and the service provided by FacturaOne , and that the controller has the obligation to consider.
Depending on those services that are contracted by the client, FacturaOne is responsible for implementing the following security measures in the services provided exclusively in the terms detailed below for each group, It is the client's responsibility to check that said measures are in accordance with the level of security applicable to the risk associated with the treatment of specific personal data that will be carried out using the FacturaOne.
The Data Processing Centers where the infrastructure that provides the service is housed are equipped with access control and monitoring and control systems to ensure that only authorized personnel access them.. The physical access control will have a record that will allow determining the user who accessed the dependencies at a certain moment. Likewise, those Data Processing Centers have environmental management systems (temperature and humidity), and uninterruptible power supplies, counting on fire detection and extinction systems.
The administration and operation personnel of FacturaOne has received the necessary training to perform management tasks in the systems involved, has the rules and procedures for carrying them out and is aware of the commitment of FacturaOne regarding the confidentiality and integrity of customer data. These functions do not include those related to the administration and management that, according to the conditions of the contracted services, must perform the client.
The employees of FacturaOne they shall have authorized access only to the resources necessary for the performance of their administration and operation functions. The client will be responsible for establishing the necessary access control mechanisms with the tools intended for this purpose in the contracted service as stipulated in the contracted service conditions., as well as those related to proprietary applications installed by the client.
FacturaOne performs the management and inventory of the media delivered by the customer or resulting from the making of backup copies. Likewise, FacturaOne has measures in place for the destruction and disposal of media. The exit of these supports out of the premises of FacturaOne is carried out as long as there is prior authorization from the client. The client will be responsible for the information that, obtained through the network with authorized access, be stored on its own media.
FacturaOne will make backup copies of customer information according to the contracted Backup service model, fee and planning.
FacturaOne performs general control operations to verify the correct operation of the platform that provides the backup service.
Unless otherwise specified in the Particular Conditions of the contracted service or expressly contracted, FacturaOne does not provide geographic redundancy in backups, the backup systems being located in the same center as the information systems.
How have I obtained your data?
The personal data that I process in FacturaOne comes from:
- Contact Form.
- Subscription form.
- Sales form.
- Account registration.
What are your rights when you provide me with your data?
Anyone has the right to obtain confirmation on whether or not I am processing personal data that concerns me at FacturaOne..
Interested persons have the right to:
- Request access to personal data related to the interested party.
- Request its rectification or deletion.
- Request limitation of your treatment.
- Oppose treatment.
- Request data portability.
Those interested may to access to your personal data, as well as to request the rectification of inaccurate data or, in your case, to request your suppression when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, interested parties may request the limitation of the treatment of your data, in which case, I will only keep them for the exercise or defense of claims.
In certain circumstances and for reasons related to your particular situation, those interested may stand against to the treatment of your data. Juan Carlos Merino Martinez will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims. They may also request the portability of your data.
Interested parties will also have the right to effective judicial protection and to file a claim with the supervisory authority, in this case, the Spanish Data Protection Agency, if they consider that the processing of personal data concerning them violates the Regulation.
For what purpose do I process your personal data?
In FacturaOne there are different systems for capturing personal information and I treat the information provided by interested persons with the following purpose for each capture system (forms):
- Contact Form: I request the following personal information: Name, email, to respond to the requirements of FacturaOne.com users. For example, I can use these data to respond to your request and answer questions, complaints, comments or concerns you may have regarding the information included on the web, the services provided through the web, the treatment of your personal data, questions regarding the legal texts included on the web, as well as any other queries you may have that are not subject to the contracting conditions. I inform you that the data you provide will be located on the servers of 1&1 Internet España S.L.U. Datacenter Madrid (FacturaOne hosting provider) within the EU.
- Sales form: The user has different purchase forms subject to the contracting conditions specified in my particular contracting conditions for each product or service where contact and payment details will be required.. I request the following personal information: Name, surname, CIF/NIF, email, direction, billing information. I inform you that the data you provide will be located on the servers of 1&1 Internet España S.L.U. Datacenter Madrid (FacturaOne hosting provider) within the EU.
- Content subscription form: In this case, I request the following personal information: Name, email, to manage the subscription list, send newsletters, promotions and special offers, provided by the user when subscribing. Within the web there are several forms to activate the subscription. Electronic bulletins or newsletters are managed by Mailchimp. By using the services of this platform to carry out email marketing campaigns, subscription management and newsletter delivery, you should know that Mailchimp has its servers hosted outside the EU, in the US and is covered by the EU-US Privacy Shield agreement, whose information is available here, approved by the European Protection Committee.
- Account registration form: In this case, I request the following personal information: Name, email, to manage the registration of your account. I inform you that the data you provide will be located on the servers of 1&1 Internet España S.L.U. Datacenter Madrid (FacturaOne hosting provider) within the EU.
There are other purposes for which I treat your personal data:
- To guarantee compliance with the conditions of use and applicable law. This may include the development of tools and algorithms that help this website to guarantee the confidentiality of the personal data it collects..
- To support and improve the services offered by this website.
- To manage social networks. FacturaOne may have a presence on social networks. The treatment of the data that is carried out of the people who become followers in the social networks of the official pages of FacturaOne, will be governed by this section. As well as for those conditions of use, privacy policies and access regulations that belong to the social network that is appropriate in each case and previously accepted by the user of FacturaOne.com. It will process your data for the purposes of correctly managing your presence on the social network, reporting activities, products or services of FacturaOne.com. As well as for any other purpose that the regulations of social networks allow. In no case will I use the profiles of followers on social networks to send advertising individually.
FacturaOne, does not sell, rent or transfer personal data that can identify the user, nor will it in the future, to third parties without prior consent. However, in some cases collaborations with other professionals can be made, in those cases, consent will be required from users informing about the identity of the collaborator and the purpose of the collaboration. It will always be carried out with the strictest security standards.
Legitimation for the treatment of your data
The legal basis for the treatment of your data is: The consent.
The prospective or commercial offer of products and services is also based on the consent requested, without in any case the withdrawal of this consent conditions the execution of the subscription contract. Also the contracting of products and services according to the terms and conditions that appear in the commercial policy.
How long will I keep your data?
The personal data provided will be kept:
- As long as the commercial relationship is maintained.
- No deletion is requested by the interested party.
To which recipients will your data be communicated?
To provide services strictly necessary for the development of the activity, FacturaOne.com, share data with the following providers under their corresponding privacy conditions.
All the utilities offered by third parties are strictly necessary for the development of my services and have been selected in compliance with the rights that I preserve on this website..
Hosting: 1&1 Internet España S.L.U. Datacenter Madrid, with address at Avenida de La Vega, 1 – Veganova building (Building 3 floor 5 door C), Alcobendas Madrid. More information in 1&1 Internet España S.L.U. Datacenter Madrid, treats the data in order to perform its services as a hosting provider to Juan Carlos Merino Martinez
Web platform: WordPress.org, more information in https://wordpress.org/ treats the data in order to perform its support services to Juan Carlos Merino Martinez.
Email marketing: The Rocket Science Group LLC (Mailchimp), domiciled in the USA. More information in www.mailchimp.com The Rocket Science Group LLC (Mailchimp) treats the data in order to carry out its email marketing management services to FacturaOne.
Google Analytics: a web analytics service provided by Google, Inc., a Delaware company whose main office is in 1600 Amphitheatre Parkway, Mountain View (California), CA 94043, United States (“Google”). Google Analytics uses "cookies", which are text files located on your computer, to help FacturaOne.com analyze how users use the website. The information generated by the cookie about your use of FacturaOne.com (including your IP address) will be directly transmitted and filed by Google on servers in the United States.
Google Adsense: This website is associated with Google to show ads to users who access this website. By collaborating with google, Cookies are used to show you ads related to your recent searches and to show you more relevant ads. Third-party services such as cookies are included in this type of cookies.: AdSense, AdWords and Google Analytics, as well as a series of DoubleClick brand services. By visiting this page, cookies from these services are sent to your browser. See more information about types of cookies used by Google , and discover how Google uses these cookies.
You can use the ad settings to manage the Google ads displayed to you and to indicate that ads based on your interests are not displayed. Even if you decide not to receive this type of ads, may continue to appear based on factors such as your general location derived from the address. Directory inclusion services will be free referenced on the website itself, FacturaOne.com will ensure that the sheets and advertisements that appear on the Web express truthful information and are kept up-to-date, although it does not guarantee the accuracy at all times of the data recorded therein.
When browsing FacturaOne.com, unidentifiable data can be collected, which may include, IP addresses, geographic location (approximately), a record of how the services and sites are used, and other data that cannot be used to identify the user. Among the non-identifying data are also those related to your browsing habits through third-party services. This website uses the following third-party analysis services:
- Google Analytics.
- Search Console.
I use this information to analyze trends, administer the site, track user movements around the site and to collect demographic information about our user base as a whole.
Your rights when providing your personal data
Anyone has the right to obtain confirmation on whether FacturaOne.com is treating personal data that concerns them, or not.
Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, in your case, request its deletion when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
In certain circumstances, Interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.
In certain circumstances and for reasons related to your particular situation, interested parties may oppose the processing of their data.
Juan Carlos Merino Martinez will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
You can materially exercise your rights by email to [email protected]
Secret and data security
FacturaOne.com is committed to the use and treatment of personal data included from users, respecting their confidentiality and to use them in accordance with their purpose, as well as to fulfill its obligation to keep them and adapt all measures to avoid alteration, lost, unauthorized treatment or access (Like the Https protocols I use), in accordance with the provisions of current data protection regulations.
FacturaOne.com cannot guarantee the absolute impregnability of the Internet network and therefore, the violation of data through fraudulent access to them by third parties.
Accuracy and truthfulness of the data
As a user, you are solely responsible for the veracity and correction of the data you send to FacturaOne.com, exonerating Juan Carlos Merino Martinez (FacturaOne), of any responsibility in this regard. Users guarantee and respond, in any case, of accuracy, validity and authenticity of the personal data provided and undertake to keep it duly updated. The user agrees to provide complete and correct information in the contact or subscription form.
Acceptance and consent
FacturaOne, reserves the right to modify this policy to adapt it to new legislation or jurisprudence, as well as industry practices. In such cases, the Provider will announce on this page the changes introduced with reasonable anticipation of their implementation.
According to the LSSICE, FacturaOne.com does not carry out SPAM practices, reason why it does not send commercial emails electronically that have not been previously requested or authorized by the user. In consecuense, in each of the forms on the web, the user has the possibility to expressly consent to receive the newsletter, regardless of the commercial information requested on time.
In accordance with the provisions of the Law 34/2002 of Information Society Services and electronic commerce, FacturaOne.com agrees not to send commercial communications without properly identifying them.
Document revised on 01/09/2019.