Autofirma App Privacy Policy

Please read this privacy and data protection policy carefully as a user of the Autofirma App. Here you will find all the information about the data collected about you, how it is used, and what control you have over it, as established by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights.

 

This privacy policy applies to the Autofirma App for mobile devices, on both Android and iOS operating systems.

1. Who is responsible for processing your data as an Autofirma App user?

The data controller for your data as an Autofirma App user is:

  • Data Controller: State Agency for Digital Administration.
  • Address: Calle del Mármol, 2, 28005 Madrid, Madrid.
  • Data Protection Officer: dpd@digital.gob.es.
  • DPO Address: Calle Poeta Joan Maragall, 41, 12th floor, 28046 Madrid.

The unit responsible for the Autofirma App service is the State Agency for Digital Administration, hereinafter the Agency, a governing body under the State Secretariat for Public Administration of the Ministry for Digital Transformation and Public Administration.

2. What data do we process about you?

The information we process about you will depend on your use of the Autofirma App. The personal data that may be processed by the Autofirma App will be obtained through the digital certificate installed on your mobile device or through the data from your National Identity Document (DNI) entered and subsequently scanned via NFC on your mobile device. This data will fall into one or more of the following categories:

Identifying or contact information: name, surname, DNI, postal address, or email address, among others.

We will never obtain your data without your consent.

3. What is the legal basis for processing your data?

The processing of personal data carried out through the Autofirma App is based on:

  • The consent you have given for the processing of your personal data for one or more specific purposes (Article 6.4a of the GDPR).
  • For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller pursuant to Article 6.1(e) of the GDPR.

Furthermore, we inform you that the regulations applicable to the services offered by Autofirma App are as follows:

  • Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights.
  • Law 39/2015, of October 1, on the Common Administrative Procedure of Public Administrations.
  • Law 40/2015, of October 1, on the Legal Regime of the Public Sector.
  • Regulation (EU) 2016/679, of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
  • Royal Decree 203/2021, of March 30, approving the Regulation on the operation and functioning of the public sector by electronic means.
  • Royal Decree 311/2022, of May 3, regulating the National Security Framework.

4. What do we use your data for and why?

The Autofirma App allows users to securely and legally sign documents by identifying themselves with their digital certificate or electronic ID card (via NFC).

The information and data collected in the Autofirma App will be processed solely to provide you with a service appropriate to the application's functionalities.

To this end, we use your data to offer you the following services:

  • Electronic signature of documents.

5. How long do we store your data?

The personal data you provide will be kept for as long as necessary to fulfill the purpose for which it is collected and to determine any potential liabilities that may arise from the processing carried out, in addition to the periods established in the regulations governing archives and documentation.

Specifically, the data used to manage your account will be stored until you decide to delete it and deactivate the Autofirma App.

6. Who has access to your data?

Only you have access to your data.

Notwithstanding the above, in certain cases (for example, to resolve an issue or query you raise with us), we may need to access the data strictly necessary to resolve the issue or answer your query.

7. What are your rights and how can you control your data?

The regulations grant you a series of rights regarding the data and information we process about you. Specifically, the rights of access, rectification, erasure, and data portability, as well as the right to restrict or object to processing. You can exercise these rights with the data controller.

For data where the Agency is the data controller, you can exercise the rights established in Article 15 et seq. of the GDPR at any time and free of charge by sending an email to protecciondatos.sgad@correo.gob.es or by mail to Calle del Mármol, 2, 28005 Madrid, Spain.

You can consult the full scope and details of these rights on the website of the Spanish Data Protection Agency (AEPD).

You also have the right to file a complaint with the Data Protection Officer of the Ministry for Digital Transformation and Public Administration, either by email at dpd@digital.gob.es or by mail to Calle Poeta Joan Maragall, 41, 12th floor, 28046 Madrid, Spain.

For information processed by the Agency originating from other Public Administrations, that is, when the Agency acts as a Data Processor, these rights will be exercised with the Data Controller in each case. All information relating to the processing of your personal data is available at the following link from the Ministry of Economic Affairs and Digital Transformation:

https://digital.gob.es/content/dam/portal-mtdfp/ministerio/proteccion-datos/RAT_SGAD.pdf

In addition to the above, you have the right at any time to file a complaint with the Spanish Data Protection Agency.

8. How do we protect your data?

The Agency guarantees the security, secrecy, and confidentiality of your data, communications, and personal information and has adopted the most stringent and robust security measures and technical means to prevent its loss, misuse, or unauthorized access.

The security measures implemented correspond to those stipulated in Annex II (Security Measures) of Royal Decree 311/2022, of May 3, which regulates the National Security Framework.

Furthermore, we are committed to acting swiftly and responsibly should the security of your data be compromised, and to informing you if relevant. Security incident management protocols are in place, including notifications to supervisory authorities and users in the cases provided for by law.

Finally, we inform you that both the storage and all other processing activities related to your data will always be located within the European Union.

9. Security breaches

If you are aware of a security breach for which the Agency is responsible for processing your personal data, please send an email to the following address: protecciondatos.sgad@correo.gob.es.