Privacity

1.- Data Controller

The Controller of your personal data is:

2.- Processing purposes and retention periods

We process your personal data for the following purposes:

Once the retention periods have elapsed, the data will be duly blocked and may only be used to exercise or defend against claims, and will be definitively deleted once any potential liabilities are time-barred.

3.- Data we collect

We only request the data strictly necessary for each purpose:

• Identification data: first name, surname, ID number (only if a personal invoice is requested), postal address.
• Contact data: email address, phone number.
• Billing data: company name, Tax ID / intra-EU VAT number (VIES), tax address (for companies or self-employed professionals).
• Transaction data: products purchased, amount, date, payment method (bank card data is never stored in our systems; it is managed by PCI-DSS certified payment gateways).
• Browsing data: IP address, browser, operating system, pages visited (via cookies, see Cookie Policy).
• Form data: fields marked as mandatory (*) in each form.
• Reseller Programme data: professional accreditation of IT reseller activity (only for registration as a reseller).

4.- Consequences of not providing the data

• If you do not provide the billing data, we will not be able to issue the corresponding tax invoice or complete the sale.
• If you do not provide a valid email address, we will not be able to deliver the licence (delivery is 100% digital).
• If you do not complete the mandatory fields of the contact form, we will not be able to address your enquiry.
• Rejecting non-technical cookies may limit certain website functionalities but does not prevent you from making purchases.

5.- Recipients of your data

Revolution Soft does not sell, rent, or assign your data to third parties for commercial purposes. However, the provision of the service requires the involvement of certain data processors with whom we have signed the corresponding contracts in accordance with Article 28 GDPR:

* International transfers outside the EEA are governed by section 6 below.

6.- International data transfers

Some of our providers (Google, WhatsApp/Meta, dLocal) have their parent companies outside the European Economic Area (mainly in the United States and the United Kingdom). These international transfers are carried out under the appropriate safeguards set out in Chapter V of the GDPR, specifically:

• The EU-US Data Privacy Framework Adequacy Decision, adopted by the European Commission on 10 July 2023, replacing the previous Privacy Shield (invalidated by the CJEU Schrems II ruling). Both Google LLC and Meta Platforms Inc. are certified under this framework.
• The UK Adequacy Decision, adopted by the European Commission on 28 June 2021, which recognises an adequate level of protection following Brexit.
• The Standard Contractual Clauses (SCCs) approved by the European Commission in Decision (EU) 2021/914, where the provider is not certified under the above decisions.

7.- Your rights

The GDPR grants you a set of rights over your personal data. You may exercise them free of charge at any time:

Right to lodge a complaint with the supervisory authority

If you consider that the processing of your data does not comply with applicable law, or that we have not properly addressed your request, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD):

• Electronic office: www.aepd.es
• Postal address: C/ Jorge Juan, 6, 28001 Madrid, Spain
• Phone: +34 901 100 099 / +34 912 663 517

8.- Security measures

Revolution Soft has adopted the appropriate technical and organisational measures in accordance with Article 32 of the GDPR to ensure the security, confidentiality, and integrity of personal data, including:

• SSL/TLS encryption for all website communications.
• Restricted access to personal data, limited to authorised personnel with individual credentials and strong password policies.
• Encrypted backups with defined retention policies.
• Confidentiality agreements signed with all employees and data processors.
• Documented procedures for incident management and notification of security breaches to the AEPD within the legal 72-hour period (Art. 33 GDPR).
• Periodic update and review of security measures.

9.- Forms and website registration

The use of certain services or requests sent to Revolution Soft may require the prior completion of specific forms:

1. Truthfulness of information: all information provided by the User must be truthful, accurate, and up to date. The User is solely responsible for any false or inaccurate statements and for any damages these may cause.
2. Third-party data: if you provide personal data of other individuals, you must have obtained their prior consent and informed them of this Privacy Policy. Revolution Soft is not responsible for the transfer of third-party data carried out without its knowledge.
3. Update of data: please notify us of any relevant changes in the data provided so that the information remains up to date.
4. False data: the deliberate provision of false data may lead to the cancellation of the account and, where applicable, appropriate legal action.
5. Consent for changes: any substantial modification of this Privacy Policy will be communicated in advance in order to obtain your consent again where legally required.

10.- Automated decisions and profiling

Revolution Soft does not make decisions producing legal effects on the User based solely on the automated processing of data. The analytics and segmentation tools we use are intended strictly for statistical purposes and to improve user experience, without legal or significant impact on the individual, in accordance with Article 22 of the GDPR.

11.- WhatsApp and messaging communications

Revolution Soft uses WhatsApp as a customer service channel and operates an official WhatsApp channel to share offers and news (join here).

When you contact us or join our WhatsApp channel:

• The data you provide (phone number, messages, enquiries) will be processed in accordance with this Privacy Policy in order to respond to your query or keep you informed about our offers.
• The privacy policy of WhatsApp Ireland Ltd. (a Meta group company) governs the underlying messaging service. We recommend reviewing it at whatsapp.com/legal/privacy-policy-eea.
• You may unsubscribe from the channel or block our number at any time from within the WhatsApp application.

12.- Amendments to this policy

Revolution Soft reserves the right to amend this Privacy Policy to adapt it to legislative, case-law, or AEPD interpretive developments, as well as to new industry practices. When substantial changes occur, the user will be notified by prominent notice on the website and, where necessary, by email, to request consent again where required by law.

Users are advised to review this Policy periodically, especially before providing new personal data.

13.- Applicable legislation

This Privacy Policy is governed by:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
• Spanish Organic Law 3/2018 of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD).
• Spanish Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce (LSSI-CE).
• Spanish Data Protection Agency (AEPD) Cookie Guide, January 2024 update.