Scroll Top

Privacy Policy

This Privacy Policy has been developed in accordance with the provisions of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data, hereinafter referred to as the GDPR, as well as Organic Law 3/2018 of 5 December on Data Protection and Digital Rights (hereinafter, LOPDGDD), and other applicable regulations.

The purpose of this Privacy Policy is to inform individuals who provide their personal data, and/or those they represent, about specific aspects concerning the processing of their data, including the purposes of the processing, contact details for exercising their rights, retention periods, and security measures, among other matters.

Who is responsible for the processing?

For data protection purposes, OPEN FINANCE, S.L. (hereinafter, OPEN FINANCE) is to be considered the Data Controller for the personal data processing carried out by this entity.

Below are the contact details of the Data Controller:

  • Controller identity: OPEN FINANCE
  • Tax ID (CIF): B97204671
  • Physical address: C/Monjas de Santa Catalina, 8, 2nd floor – 46002 (Valencia – Spain)
  • Email: info@openfinance.es
  • Phone: +34960454600

What personal data do we process?

All information collected by OPENFINANCE will be processed lawfully, fairly, and transparently.
Furthermore, the data requested for each processing activity will consist solely of the information strictly necessary to achieve the stated and informed purpose in each case.

Thus, the data collected will be adequate, relevant, and not excessive concerning the purposes for which they are processed. The data will be collected for specified, explicit, and legitimate purposes and will not be processed further in a manner incompatible with these purposes. The data will also be updated when necessary.

In general terms, within the various activities carried out by the organisation, the following types of data are collected:

  • Identification data
  • Administrative data
  • Commercial information
  • Transactions of goods and services
  • Financial and economic data

Where do personal data come from?

As a general rule, personal data are collected directly from the data subject. However, in some exceptional cases, data may be collected through third parties, entities, or services other than the data subject.

In such cases, this will be communicated to the data subject through the information clauses included in the various data collection methods, within a reasonable period or during the first communication made to the data subject.

What are the purposes and specific cases for processing personal data?

In general terms, personal data are processed for the following purposes:

  • Client area: Information provided via the platform to manage our services, where users can access contracts, invoices, reports, etc.
  • Contract fulfilment: To formalise purchase agreements, manage payment transactions, address any order-related issues, handle invoicing, and deliver purchase tickets and invoices.
  • Newsletter: To send updates, news, and information about our services or industry via the provided channels.
  • Contact: To respond to service-related inquiries or other questions from users.
  • Clients: To manage the sale of goods and services, including invoicing, accounting, collections, unpaid amounts, offers, quotes, contracts, customer service, and business relationships.
  • Potential clients: To track and pursue business opportunities.
  • Suppliers: To manage purchases, accounting, payments, delivery notes, orders, and business relationships.
  • Surveys: To conduct customer service and/or product quality surveys aimed at improving services.
  • Whistleblowing system: To handle complaints or inquiries about potential breaches of the organisation’s code of ethics or internal policies and to manage related investigations.

No personal data collected will be used to create profiles or make automated decisions.

All explicit purposes of each processing activity are outlined in the information clauses included in each data collection method (web forms, paper forms, notices, invoices, contracts, etc.).

What is the legal basis for data processing?

OPENFINANCE processes personal data based on:

  • Legal obligations: Compliance with laws such as consumer protection, tax regulations, civil code, and commercial code.
  • Contract performance: Managing pre-contractual or contractual relationships.
  • Consent: Obtained explicitly via informed consent clauses in data collection methods.
  • Legitimate interest: Sending commercial communications about similar products or services to those contracted, as per Article 21.2 of the Law on Information Society Services.

How long do we retain personal data?

Personal data are retained for as long as necessary to fulfil the purposes for which they were collected, maintain the service provision, or comply with legal obligations. After these periods, data will be cancelled and subsequently blocked for potential legal claims before being destroyed.

Who do we share personal data with?

OPENFINANCE may share personal data with:

  • Group companies for service provision.
    Service providers processing data on OPENFINANCE’s behalf.
  • Public authorities, tax and social security bodies, courts, and tribunals when legally required.

Are there international data transfers?

OPENFINANCE informs users about data transfers outside the European Economic Area, based on GDPR-approved safeguards, such as standard contractual clauses.

What rights can you exercise?

Under European regulations, you have the following rights:

  • Access: Request confirmation about whether your personal data is being processed.
  • Rectification: Request corrections to inaccurate or incomplete data.
  • Objection: Object to data processing.
  • Automated decisions: Not to be subject to decisions based solely on automated processing.
  • Restriction: Request to suspend data processing under specific conditions.
  • Erasure: Request deletion of your data (“right to be forgotten”).
  • Portability: Request data in a structured, machine-readable format for transfer to another controller.
  • Complaint: Lodge a complaint with a supervisory authority if you believe data processing breaches regulations.

How to exercise your rights?

You may exercise your rights by:

  • Emailing protecciondedatos@openfinance.es.
  • Sending a postal request to C/ Monjas de Santa Catalina, 8, 2nd floor 46002 Valencia – Spain

OPENFINANCE may request additional information to confirm your identity.

Security measures

OPENFINANCE applies the necessary security measures under GDPR Article 32, ensuring confidentiality, integrity, and availability of personal data.

Changes to this Privacy Policy

This Privacy Policy may be updated periodically to reflect changes in laws, procedures, or services. Please review it regularly for the latest information.