Privacy Policy

All the information regarding our Privacy Policy. 

Last update: May 2024

Below, we inform you about the processing of personal data that we carry out at Factorial. With this privacy policy, we aim to comply with Data Protection Act 2018 (hereinafter the “UK GDPR”) and/or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “General Data Protection Regulation” or “GDPR”), as well as any data protection legislation that applies to us due to the jurisdictions in which we operate.

At Factorial, we currently process data in different ways and for different types of relationships: leads, customers, web users and HR platform users. It is possible that some of these parts apply to you because they are generic and that in others you only have to consult some of their sections. If this is the case, you only need to go to the sub-part that is relevant to you.

1. What is the contact information for the Data Controller and the Data Protection Officer?

EVERYDAY SOFTWARE, S.L., a Spanish company with registered office at Carrer d’Àlaba, 61, 5-2, 08005 Barcelona, Spain and Tax Identification no. B66854530 (hereinafter, “Factorial HR” or “Factorial”), is committed to protecting your personal data. This privacy policy (hereinafter, the “Privacy Policy”) will tell you how we look after your personal data when you interact with our website (hereinafter, the “Website”), our Platform (hereinafter, the “Platform”) or in the context of the provision of our services.

Contact information for the Data Controller: Telephone (+34 932 205 976), e-mail ([email protected])

DPO contact information: e-mail ([email protected]), mailing address (Av. de Josep Tarradellas, 8-10, 5º 08029 Barcelona)

2. Factorial HR Platform Services

Factorial’s core service consists of the provision of a cloud-based HR management platform used by organisations in their capacity as employers (hereinafter, the “Customer” or the “Customers”) to optimise their HR processes by centralising and digitising administrative tasks related to their employees or contractors (hereinafter, the “End Users”).

In this context, Factorial processes your personal data in its capacity as data processor. Due to the nature of our business, Factorial does not have a direct relationship with the users or data subjects. We exclusively process End User personal data on behalf of our Customers and in accordance with their instructions. Therefore, if you are an employee/contractor who uses our Platform as a user, we inform you that we only act as data processors of your data. Our Customers decide for which purposes our Platform is used, as well as the methods used to collect and process data according to the extent of the functions of our Platform, and any additional processing on them. 

Examples:

  • If you are a Platform End User and you want to access specific information, you must contact your employer. Factorial will not give you access to this information, unless expressly requested by the Customer or a body with sufficient authority.
  • On the other hand, for those employees of the Customer or third parties (such as freelancers, candidates in selection processes, former employees, etc.) who wish to communicate a situation through the internal information channel that we offer to our Customers and do not opt for anonymity, Factorial will act as the processor of the personal data provided through this channel, and it is the Customer who will decide the purposes for which this channel is used.

The subjects whose personal data we process in this context are the Platform’s End Users. Alternatively, by using the Platform, we may come to process the data of individuals whose data is provided by the End Users of the Platform themselves.

The following categories of personal data may be introduced to the Platform:

  • Direct identification information (e.g., name, e-mail address, telephone number).
  • Indirect identification information (e.g., job title, gender, date of birth, user ID).
  • Employment information (CV, employment contract, job offer, performance reviews, etc.)
  • Financial information (bank account, bank, payroll, etc.).
  • Device identification data and traffic data (e.g., IP addresses, MAC addresses, web logs).
  • Any personal data provided by End Users of the Platform.
  • Any personal data contained in a document provided by End Users and/or the Customer.

If you choose to access our Platform through the website using the Google sign-in tool, Okta or Microsoft Azure, these companies will share with us your full name, email address, language preferences and profile picture for authentication purposes. The data is transmitted for the specified purpose of logging in and in compliance, at all times, with the settings that the user has determined for their Google account.

The types of processing operations may vary from the collection or registration of your data within the Platform, such as their organisation or structuring, storage, retention and, ultimately, once the relationship is terminated, their erasure and final destruction at the Customer’s request.

If you would like access to our current list of sub-processors, you may consult our Data Processing Agreement for the current list of sub-processors or you may send a message directly to [email protected].

Regarding the geolocation feature specifically, we inform data subjects that Factorial works with Google Maps. In this regard, we inform our End Users that they can access the Data Protection Terms and Conditions of this independent data controller at: https://cloud.google.com/maps-platform/terms/maps-controller-terms.

In the event that our Customers wish to use any of the integrations that we offer with our Platform to enhance different features, they must accept those providers’ respective terms and conditions and privacy policy, and the data will be processed for the purposes described in those policies.

As previously stated, Factorial will not process your personal data for its own purposes. We may process usage and analytics information, as well as financial, statistical and aggregate data from the Platform. From all this information, certain data may be derived from personal data. To the extent that we use any of this data to improve and further develop our products and/or services, we will do so only if it is anonymised. Please note that this processing is not the same as using analytical cookies, which, as a user of our website or Platform, you are free to authorise or refuse when you first log in.

Accordingly, once the processing services provided by Factorial are terminated, we will, by default, keep the data locked in an S3 system for twelve (12) months. We recommend that our Customers use this period to remove all information from the Platform, since after this period we will permanently destroy your data, unless the Customer expressly requests permanent erasure within this period.

Finally, we may use tracking devices that may allow us to collect data use or metadata from the Platform. This data use allows us to analyse how the Platform works when our users interact with our different features and to detect possible errors or incidents in order to try to correct them from a technical point of view. However, the use of these devices for analytical purposes will be subject to End Users’ consent when they first log in, and their consent may be changed at any time thereafter, in accordance with the information provided in the Platform’s Cookie Policy (available at any time once you access the Platform through the “My Settings” section from your user account).

3. What personal data do we process?

Not all of the data detailed in this part apply to all processing. In order to see the exact type of data that applies to each processing and its origin, please review this part and the following part regarding the purposes of and the legitimate bases for processing.

In general, in order to provide our various services, we will collect the following personal data:

Data regarding our leads and/or web users

If you are in our Factorial database, we may have received the following data about you:

  • Identification data and professional contact details: Data such as name and surname, business e-mail and telephone number, title, relevant social network user name, job title and organisation to which you belong, as well as size and sector of the organisation and country.
  • Browsing data, traffic data and/or metadata: IP address, data on your behaviour on our website (where you have consented to this).
  • Data on your organisation’s preferences and needs: This consists of information provided directly by you about which Factorial applications may be of interest to you, as well as information deduced by Factorial about the behaviour of the lead or user with respect to Factorial content and websites and the preferences and needs that your organisation may have.

You provide us with this data directly through forms such as direct contact forms, demo request forms, event attendance forms, trade fairs and/or webinars or forms for requesting materials and/or digital content offered by Factorial, among others.

Notwithstanding the above, we may also collect your data through third party providers with whom Factorial has a contractual relationship or through social networks and similar platforms, such as LinkedIn.

For all these cases, Factorial seeks to ensure that these providers collect the consents properly or that they have the relevant assessments, and that they have adequate protection measures in place.

Customer data

Once an agreement exists between Factorial and its Customers, as a representative of your organisation or point of contact, we may have received the following data to ensure the success of the contractual relationship:

  • Identification and contact details: Name and surname, business e-mail and telephone number, job title and organisation to which you belong, as well as size and sector of the organisation and country.
  • Behavioural data: Factorial will use your behavioural data as a Customer in interactions with us or in the context of providing our services.

Customers provide us with such data directly or through the relevant contractual agreement or as a result of contacts between Factorial and your organisation.

Data on minors

Factorial offers a B2B service to organisations, targeted and intended to be used by adults. Factorial’s services are not aimed at processing the personal data of minors who are not legally capable of entering into contracts or working. Our services are focused on human resource management in the context of an organisation. In this regard, we do not authorise persons under legal age or who do not have legal capacity to enter into agreements to create an account on our Platform or to request our services. In the event that we become aware that a minor without legal capacity to enter into contracts wishes to use our Platform, we reserve the right to cancel it, to immediately delete such data from our systems and to take any legal action we consider appropriate, among other appropriate measures.

4. What are the purposes and legitimate bases for which we process the data?

In order to give you this information in a clear and understandable way, in this part we divide the purposes for which we may process your data according to the group of data subjects to which you belong, as well as by the legitimate grounds for processing within each group of data subjects:

Leads and/or users:

We process your data as a lead or user of the website for the following purposes:

a. The following purposes of processing are pursued on the basis of your consent (Art. 6(1)(a) of the GDPR):

Please note that, with regard to these purposes, you have the right to withdraw your consent at any time.

  • Contacting you for commercial purposes through different channels (both online and in person), as well as to send you personalised marketing communications. If we have not obtained your contact details directly from you, you have the right to be informed, among other things, of the source from which we have obtained your contact details. For example, from an online contact form, from the database of a third-party provider, as well as through webinars, trade fairs, conferences or similar events that you have attended and where your contact details are legitimately collected.

Data processed: Name and surname, business telephone number and e-mail address, title, job title, name and/or sector of the organisation.

  • Managing your participation in any of our promotional activities, events, courses and/or webinars; and, if necessary, to inform you of any updates on these activities.

Data processed: Name and surname, business telephone number and e-mail address, job title, name and/or sector of the organisation.

  • We will disclose your identification and professional contact details to third party partners with whom we carry out joint promotional activities, provided that you have given us your specific consent.

Data processed: Name and surname, business telephone number and e-mail address, job title and, in some cases, name, sector and/or size of the organisation.

Sometimes we manage these events, courses and/or webinars in collaboration with other organisations or act as promoters. In these situations we may disclose the personal data you have provided to us. In these cases, we will ask for your prior consent to communicate them to these third parties for their own commercial purposes, such as sending information and content related to their products and/or services. These third-party partners will have their own privacy policies and you will be able to obtain more information about the processing of your data under their control. For more information, regarding possible disclosure of your data to third parties, you can contact us at [email protected].

  • Providing you with some of the resources available through our websites.

Data processed: Name and surname, business e-mail address, name and size of the organisation.

  • Analysing your behaviour on our websites to understand your preferences for our products, content and/or services through cookies and other tracking devices. For more information, please consult our Cookie Policy.

Data processed:

(a) Browsing data, traffic data and/or metadata: IP address, data on your behaviour on our website obtained from the use of cookies.

(b) Data on your organisation’s preferences and needs: This consists of information provided directly by you about which Factorial features may be of interest to you, as well as information deduced by Factorial about the preferences and needs that your organisation may have.

  • Recording meetings held in order to improve the sales process experience.

Data processed: Name and surname, user name, image and voice, language used to communicate.

Whenever you attend a video call with our Sales teams and the call is recorded, we will take into account your prior consent.

b. The following purposes of processing are pursued on the basis of the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) of the GDPR):

  • Finalising agreements: If we move forward in the commercial relationship with the lead or potential customer, we will send you a financial proposal adapted to your organisation’s needs.

Data processed: title, job title, name and/or sector of the organisation, features of our platform that you have selected.

  • Managing your request to start using a free trial account for one of our products or to handle and manage further requests in relation to that trial account, such as extending the term or changing the account settings.

Data processed: name and surname, job title, business e-mail and telephone number, name, sector and size of the organisation and features of our platform that you have selected.

c. The following purposes of processing are carried out on the basis of our legitimate interest (Art. 6(1)(f) of the GDPR):

  • Reaching you with personalised advertising about our products and services, as well as content or other relevant information, through different channels based on a basic business profile of you and your organisation.

Data processed: title, job title, name and surname, size, name and/or sector of the organisation, interactions with products or content on our websites (provided that you have consented to the use of our cookies), features of interest on our platform that you have selected.

Provided that we have your consent to receiving exclusive or personalised advertising, the communications may be sent on the basis of the profile generated from the data described, in accordance with the criteria detailed in this privacy policy.

In addition to e-mail, Factorial will communicate with you for advertising purposes through different online channels. These other forms of communication include text messaging, instant messaging applications or platforms and, in particular, through social media or third-party platforms.

Factorial strives to use all these channels in the best possible way and in compliance with data protection principles. Accordingly, your data will always be shared with appropriate confidentiality and data security safeguards.

In order to use the channels offered by social media or platforms generally, we must provide a series of necessary and sufficient data, such as: name, country, and business e-mail address and telephone number. Before sharing your data with these platforms or social media, your data will be encrypted using tools provided by these platforms or social media. Thus, only the social media platform or other platform will be able to check if there is a match with any of its users. This means that, once we submit this data, the social media platform or other platform will automatically assign an encryption code to prevent us from identifying the users, and only after doing so will it check if there are any matching users among its user base.

We are interested in collaborating with those platforms on which we can have a useful impact on our professional leads. Each platform will have its own way of referring to such methods of generating an audience, but they are often referred to as custom audiences, matched audiences or tailored audiences. By default, in the context of these platforms or social media platforms, we will only use custom audiences with a single segment set by Factorial, which will be based on the preferred features indicated by the lead or for the purpose of not receiving any more advertising related to Factorial (i.e. to exclude you from receiving our ads and not to overload you with marketing information).

Factorial does not have access to data from these social media platforms or other platforms. Your social media user data is not shared with us at any time. We will only have access to statistical information related to the database we have provided. In this regard, the social media platform or other platform does not allow us to communicate directly with you. If you have a user account on this social media platform or other platform, you will be shown advertising within the social media platform or other platform.

Factorial can also use lookalike audiences. This consists of social media platforms or other platforms showing advertising to third-party users with profiles similar to those of Factorial users. This means that these platforms will determine that you have similar tastes or preferences to our users and will show you promotional content from Factorial because they think it might be of interest to you.

Despite this, please note that your privacy settings on these social media platforms or other platforms will prevail. Although you have consented to receiving advertising from Factorial, if you have restricted the privacy permissions of your profile through the relevant social media platform or other platform, we will not be able to proceed with such advertising. If you wish to restrict the privacy settings of your user profile, we advise you to directly consult the terms and conditions and privacy policies in force on these social media platforms or other platforms.

If you wish to receive non-personalised advertising and, therefore, you do not want us to process your data to send you advertising via social media, you can object to this by sending your request directly to [email protected] and we will address your request.

Factorial’s legitimate interest in relation to our use of these advertising services on social media or other platforms is our intention to improve our advertising communications strategy with our professional leads and to ensure that they receive information that is truly relevant to the type of organisation they are part of. The benefit that this brings us is to increase the reach of awareness of our products and services, as well as entering into contracts for our services, if this ends up being effective. The benefit for you as a data subject is to be informed about human resource management platforms and related products and services that may be of interest to the organisation you are part of. If you wish to access this weighting, you may request it by contacting: [email protected].

Finally, please note that you may sometimes see Factorial advertising on social media without us having previously shared any of your personal data with them. In such cases, it is the social media platform or other platform that is showing you advertising according to its own policies, and Factorial is not involved. Whether such advertising is displayed will depend entirely on how you have set up your user profile on that social media platform or other platform.

  • Basic scoring based on a set of pre-established segments.

Data processed: Position, number of employees in the organisation (by ranks), sector and country/region of the organisation, relevant features of our platform, origin of the lead, interaction with our content and websites (e.g. use of freebies, content downloads, marketing campaigns you have participated in, interaction with our communications, latest demo participation date, or latest date of signing up with Factorial, if applicable).

Factorial uses a series of algorithmic models that allow us to: 

(1) better personalise our dealings and marketing communications with the lead; and 

(2) determine the lead’s segment or score. This will allow us to pursue a marketing strategy with respect to it and to incorporate it into pre-defined, customised workflows. To this end, we will offer you those products or services that we believe may be of most interest to you. If you would like to access the weighting of rights , you may request it by contacting:  [email protected].

More specifically, these sequences can mean that, provided the lead has consented, they may receive personalised communications according to the interests expressed or according to the particular attributes of the organisation to which they belong (size, sector, country, etc.). 

These personalised sequences are determined by a series of calculations based on a predictive model or pattern. To improve these predictive models or patterns, we provide the data referred to above for training and improvement. In doing so, we optimise the rules for those sequences or predefined profiles to which you have been assigned. This allows us to continue to offer personalised service to the lead and allows us to know which features of our products or services we should highlight in order to generate greater interest.

You have the right to object at any time. Under no circumstances will objecting to this processing prejudice or affect your commercial relationship with Factorial. If you only object to this purpose and we continue to have your consent to send you advertising or marketing communications, we will continue to offer you our products or services, but in a more generic form.

  • Contacting you and scheduling a date with you to demonstrate the Platform. If you request a demonstration of the Platform, we can process your data to send you a call automatically depending on the nearest availability of any of our agents. In case of progressing in the negotiation and reaching an agreement in the commercial relationship, we will send you an economic proposal adapted to the needs of your organisation and sign the respective contract.

Data processed: Name and surname, business telephone number and/or e-mail address, title, job title, name and/or sector of the organisation, data arising from meetings, powers of attorney and contact details of the legal representative (in the contract if signed).

Factorial’s legitimate interest regarding these contacts is based on being able to contact you to offer or promote our products and services according to your organisation’s potential interest in initiating or maintaining a commercial or similar type of relationship with Factorial (we consider that we are entitled to do so on the basis of Art. 19 of the Spanish Organic Law on Protection of Personal Data and Guarantee of Digital Rights). The benefit that this brings us is to increase the reach of awareness of our products and services, as well as sales, in the event that they are made. The benefit for you as a data subject is to be informed about our human resource management platform and related products and services that may be of interest to the organisation you are part of. If you wish to access this weighting, you may request it by contacting: [email protected].

Customers:

We process your data as a professional contact of Factorial’s customers for the following purposes:

a. The following purposes of processing are pursued on the basis of your consent (Art. 6(1)(a) of the GDPR):

Please note that, with regard to these purposes, you have the right to withdraw your consent at any time.

  • Managing your participation in any of our promotional activities, events, courses and/or webinars; and, if necessary, to inform you of any updates on these activities.

Data processed: Name and surname, business telephone number and e-mail address, job title, name and/or sector of the organisation.

  • Analysing your behaviour on our Platform to understand your preferences for our products, content and/or services through cookies and other similar tracking devices. For more information, please consult our Cookie Policy.

Data processed:

(a) Browsing data, traffic data and/or metadata: IP address, data on your behaviour obtained from the use of cookies and other devices.

(b) Data on your organisation’s preferences and needs: This consists of information provided directly by you about which Factorial features interest you, as well as information deduced by Factorial about the preferences and needs that your organisation may have.

b. The following purposes of processing are pursued on the basis of the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract (Art. 6(1)(b) of the GDPR):

  • Managing and maintaining the development of the contractual relationship with the Customer

Data processed: Name and surname, business e-mail and telephone number, contract data, financial data about the organisation, data and metadata regarding platform use, voice and image (if video conferences are held) and other data arising from the communications held with the data subject.

Accordingly, Factorial will carry out several processing activities focused on providing a service during the whole life cycle during which services are provided and to establish good communications with the users who are administrators of the Customer’s account and/or other users who request assistance. These may range from assistance in loading information and initial support to the administrator users who will be using the Platform, such as sending offers on new features and then activating them, managing payments or charges, informational communications related to the contractual relationship, assisting and supporting users in answering questions, providing information or resolving incidents, holding meetings, up to providing final support in managing the offboarding of the Customer with Factorial.

c. The following purposes of processing are carried out on the basis of our legal obligation (Art. 6(1)(c) of the GDPR):

  • Receiving and managing communications through Factorial’s internal complaints channel.

Data processed: As a sender of communications, the data we process are name and surname, voice (depending on the type of complaint), email, telephone number and/or mailing address, as well as a description of the facts, documents and evidence provided. This does not affect your right as a whistle-blower to submit a complaint anonymously.

To better understand the context for this type of processing of your data, we recommend that you always check the privacy policy applicable to our internal channel for more details on the purposes for which we process your data, as well as all other information on data protection.

  • Complying with legal obligations, including those related to preventing money laundering and terrorist financing and preventing fraud

Data processed: Name and surname, business e-mail and telephone number, contract data.

This processing activities is primarily focused on compliance with the due diligence measures to which we are subject in accordance with applicable law in force.

d. The following purposes of processing are carried out on the basis of our legitimate interest (Art. 6(1)(f) of the GDPR):

  • Recording of customer calls: Recording and retention of customer service calls to verify the quality of service and, if necessary, improve the experience of the process or if you participate in product research sessions.

Data processed: Image and voice, basic data derived from communications and feedback provided by the customer himself in these calls.

Whenever it is necessary and you attend a video call that is going to be recorded, you will be duly informed of it.

From Factorial we make these recordings with the intention of detecting areas for improvement, both in the service provided to our customers and on the quality of any of our products and services. As a Customer, the benefit is that based on the opinions or suggestions that you emit during these meetings we can correct possible errors detected in our products and services as well as in the service provided. From Factorial we continuously strive to ensure that your level of satisfaction remains high

  • Conducting surveys among our Customers to determine their level of satisfaction with our Platform and other services.

Data processed: Name and surname (except for anonymous surveys), data arising from communications with the data subject, such as opinions or suggestions.

These surveys are not mandatory, but they are very valuable to us. 

Factorial carries them out with the intention of identifying areas for improvement, both as regards the service provided to our Customers as well as the quality of any of our products and services. As a Customer, the benefit to you of answering them is that we improve our products and services based on your opinions and suggestions and we strive to keep your level of satisfaction high.

  • Basic scoring of your organisation based on a set of pre-established segments and through the application of predictive models that will allow us to calculate and forecast the value of the life cycle of customer organisations in order to focus on a more personalised approach. This allows us to identify those customers who are at risk of being dissatisfied with Factorial in a timely manner.

Data processed: Job title, number of employees in the organisation (by ranks), sector and country/region of the organisation, features of our platform that you have told us are of interest to your organisation, origin of the contact, interaction with the content of our websites (e.g. use of freebies, content downloads, marketing campaigns you have participated in, interaction with our communications, latest demo participation date, or latest date of signing up with Factorial, if applicable).

These predictive models consist of the following:

Determining the segment of the scoring system your organisation is part of and adding you to certain customised sequences for that segment of handling our Customers’ contacts and improving the approach to the business contact. This processing will consist in analysing the suitability of the appropriate marketing strategy for the Customers. The purpose of this processing is the classification of the Customer organisation according to a scoring system previously established by Factorial, with different groups according to the data of the organisation itself (sector, size, country, etc.) and data on the behaviour of contacts from this organisation. The above is based on predictive models or patterns that will tell us when a Customer may be dissatisfied and then adjust our marketing strategy or dealings with that Customer.

(b) Analysing the Customer life cycle.

(c) Identifying opportunities for our Customers to switch to better plans.

To improve these predictive models or patterns, we incorporate the data referred to above for the training purposes and to improve them. In other words, we will only process data from Factorial’s internal sources and information arising from the contractual relationship between Factorial and the Customer.  Thus, with this training, we optimise the rules of these pre-established sequences or segments to which your organisation has been assigned.

Despite this, these predictive models do not make any decisions on our behalf. We simply use them as another resource for analysing data. Decisions will always be made by Factorial, and will always be aimed at achieving mutual benefit, for ourselves and for our Customers.

You have the right to object at any time. Under no circumstances will objecting prejudice or affect your relationship with Factorial. If you object to this purpose only, we will continue to provide our Customer services, but in a more generic form. If you wish to access the weighting carried out, you may request it by contacting: [email protected].

  • Analysing statistical and usage data regarding our Platform, which is based on the Platform usage data of the Platform’s End Users, to improve and further develop our features and services.

Data processed: data arising from contracting; platform usage data recorded (e.g. number of user profiles filled in, number of performance reviews launched, etc.); data from communications with the data subject; browsing data; data obtained from running statistical models.

Data processing in this context is carried out anonymously. In other words, we will only use such data once they have been properly anonymised.

This processing will also allow us to analyse your queries or other contacts that are related to incidents, bugs or issues that are recurring on our Platform in order to better understand such errors raised by our Customers and to try to resolve them.

Other purposes:

For the purpose of Factorial’s selection processes, in case you want to join our team, either because there is a position that fits your profile or because you would like to send us your CV, we recommend that you always check the relevant privacy policy to know the purposes for which we will process your data, as well as the remaining data protection information.

5. Do we share your personal data? Do we carry out international data transfers?  

As a general rule, the data processed by Factorial are not shared with third-party recipients. However, we may partner with other entities and share your data with them:

  • In the context of webinars, events or marketing and/or promotional activities, we will provide your contact details our associates, partners or promoters so that they may contact you at a later date for marketing purposes, provided that you have given us your consent to do so.
  • Similarly, if you have given your prior consent as a Customer contact or as a lead, we will provide your data to our partners or associates so that they may contact you and send you marketing information.
  • We may share certain data with third-party social media platforms or other platforms to optimise the connection and organisation of your data in our CRM, as well as to conduct personalised or similar audience targeting in their own environments in connection with our personalised marketing communications.
  • Payment service providers or partners providing banking services duly approved/regulated under the respective licence. For the processing of payment transactions and depending on the payment method chosen by the Customer, these services may retain and process your data to complete the payment transactions as an essential part of the execution of the contractual relationship with that partner. For the management of bank accounts by third party partners, the use of payment services and including payment by bank transfer or credit card, we may need to share your data as a Customer. This communication shall be considered in the context of the exclusive contractual relationship between you as a Customer and the third party partner. And therefore, the specific Terms and Conditions of the third party partner shall apply.
  • In order to comply with certain legal obligations, we may be required to disclose your data to law enforcement authorities, agencies, public authorities, judges or courts and/or authorities having jurisdiction.
  • We may also disclose your data to potential purchasers and other interested parties in the event of a merger, corporate restructuring transaction such as, for example, an acquisition, joint venture, sale, spin-off or divestment. In such a case, we will do so by taking the relevant data protection safeguards.

Furthermore, in some cases, we provide access to your data to our suppliers, who provide a service to Factorial, but never for their own purposes. In selecting them, we always try to choose suppliers that provide us with appropriate safeguards for the processing of your data. The various categories of suppliers we use include:

  • Hosting services.
  • Call centre, chat and videoconferencing services.
  • Marketing and advertising services (e.g. mailings with personalised content, survey management, event management).
  • Payment services.
  • Logistics services.
  • Analytics services.
  • Platforms to manage contracts or agreements, including their signature.
  • Provision of a CRM platform and related complementary services such as meeting scheduling, as well as synchronisation between some of our databases and our CRM.
  • Cybersecurity services
  • Services for commercial profiling and/or classification of our leads and customer organisations.
  • Financial management, accounting, auditing, consulting, tax and legal advisory services.

When we process your data, it is hosted in the EU and processed within the EU. In this regard, your data will be stored in the Eu-Central1 region of Amazon Web Services (AWS). More specifically, in Frankfurt. As a general rule, we contract service providers who are also located within the European Economic Area or in countries that have been found to have an adequate level of data protection.

In some cases, the data we collect will be transferred to processors in third countries, such as the United States. We will primarily base such transfers on an EU adequacy decision. If there is no adequacy decision regarding the transfer of your data to the third country, we rely on other safeguards under Chapter V of the GDPR. We will transfer your data primarily on the basis of the standard contractual clauses in force. However, we may use other measures provided for by the GDPR, provided that they allow us to ensure adequate protection of your data, which you can consult on request.

6. Do we do any profiling and do we make automated decisions?

Factorial profiles our Customers and our leads, as well as some of our web users. All these profiles have a purely commercial purpose and are especially focused on our Customers who are legal entities, and within the framework of our commercial relationship with them or with potential leads or organisations with whom we are negotiating or to whom we are offering our products and/or services.

As we have explained in the respective previous parts on purposes and bases of legitimacy, these activities are based on Factorial’s legitimate interest, in the benefit that our Customers and potential customers receive the information that may be most useful to them and that they receive effective personalised treatment, depending on the segment of which we consider a Customer or potential customer to be a part. Accordingly, Factorial has carried out the corresponding legitimate interest weightings, in which we have analysed the benefits or interests that we have as a data controller, as well as the interests and rights of the data subjects whose data we process in such activities. If you would like to access or have us explain in more detail the key components of such weighting, you can contact us directly at: [email protected].

Under no circumstances will any of this profiling prevent you from exercising your data protection rights. Furthermore, this set of profiling operations is never based on automated decisions, as there is human intervention on our part and we are the ones who determine the requirements for customer segmentation or scoring and who ultimately decide how to act for/with our Customers or potential customers. In this respect, they also have no legal effect on contacts, nor do they affect them in any comparable way. We only use them to segment the recipients of our communications, who are ultimately our Customers or potential customers that are legal entities.

If profiling is carried out and decisions are taken solely and exclusively on the basis of automated processing and these may have legal effects or significantly affect you, you will be duly informed of this, of the logic applied to such decisions, as well as of your rights to obtain human intervention, to express your viewpoint and to challenge such decisions.

7. What are the deadlines or retention criteria we have for the processing of your personal data?

Factorial stores personal data for different periods of time, depending on the type of information, the length of our contract with our Customers, the legal requirements relating to certain types of data and other factors. Generally, whenever your data is no longer necessary for the purposes for which it was collected, we will no longer process it.

If we are required to retain your data to comply with a contractual or legal obligation, or to resolve disputes, we will store it only for the purpose of complying with those obligations and to enable us to defend ourselves. In this regard, we will restrict access to specific persons or roles.

Where you have given us your consent, we will retain your data until you withdraw your consent.

If there is a contractual relationship between Factorial and the organisation you are part of, we will process your data for as long as the contractual relationship remains in effect.

Regarding information provided through the whistle-blowing channel, it will be stored only for the time necessary and proportionate to comply with the requirements imposed by the applicable whistle-blower protection laws, if any. After that time, the reports will be deleted with appropriate security measures, without any obligation to block the data.

Once the time periods referred to above have expired, your data will be stored in duly blocked form in order to be made available to public authorities, judges and courts and other authorities having jurisdiction, for the sole purpose of responding to claims until the expiry of the limitation periods for the corresponding actions. Your data will then be destroyed.

8. What data protection rights do you have and how can you exercise them?  

In accordance with the applicable data protection regulation, as a data subject, you have certain rights when we process your personal data. We will therefore provide you with an appropriate and timely response when you ask to exercise your rights. The following are examples of some of the rights you may exercise:

  • Right to be informed: You have the right to receive clear, transparent and easily understandable information about how we use your personal data and your rights.
  • Right of access: You have the right to obtain access to your personal data.
  • Right to rectification: You have the right to have your personal data rectified if it is inaccurate or incomplete.
  • Right to erasure: this right allows you to request the erasure or deletion of your personal data where there is no compelling reason for us to continue to use it.
  • Right to restrict processing: You have the right to “block” or prevent the further use of your personal data. When processing is restricted, we can continue to store your personal data, but we can no longer use it.
  • Right to data portability: You have the right to obtain and re-use your personal data for your own purposes in different services.
  • Right to object to processing: You have the right to object to certain types of processing. For example, where you wish to object to processing on the basis of legitimate interest.
  • Right to withdraw consent: If you have given us your consent for a specific processing operation, you have the right to withdraw your consent at any time thereafter.
  • Right not to be subject to an automated decision: You have the right not to be subject to a decision based solely on automated processing (including profiling) which produces legal (or similarly important) effects for you.

Factorial usually acts on the requests and provides the information free of charge. To exercise your rights, you may send a written request to exercise your rights by sending a written communication to the following e-mail address: [email protected]. If you would like to make a query or suggestion in relation to the processing of data by Factorial, you may contact us at the same address.

Please note that, in some cases, we may need to verify your identity and may require supporting documentation. Similarly, in very specific cases we may charge you a reasonable fee to cover our administrative costs of providing the information for:

  • unfounded or excessive/repeated requests; or
  • additional copies of the same information.

You have the right to submit a complaint about our processing of your personal data to the competent data protection supervisory authority. Before submitting a complaint to the supervisory authority, you have the right to contact our DPO.

9. What are our security measures?

Factorial has implemented state-of-the-art security standards to prevent unauthorised access, maintain the accuracy of the data and ensure that information is used properly. We also apply appropriate organisational measures to protect your data.

We also apply these same security standards or norms when working with business and technology partners. We only select and engage processors and third party providers who have appropriate security measures in place and provide sufficient safeguards, including technical and organisational measures, to ensure adequate protection of the data we entrust to them.

In addition, we also ensure internally that any Factorial staff member who has access to your data has signed a non-disclosure agreement or clause, and we have established internal measures and procedures such as ongoing training and a series of policies that are regularly updated to ensure data security, as well as the confidentiality, availability and strength of our systems and services. Among other measures, we highlight that Factorial has established a management procedure and an incident response plan in the event that any vulnerability is detected in our systems and/or that may affect your personal data.

For more information related to our security measures, you may visit our Security page.

10. Changes to this web privacy policy

We reserve the right to change this privacy policy from time to time as we deem necessary to keep it up to date with the development of our products and services, industry standards or new rules. If such changes are substantial or important, we will take all possible steps to inform you of them.