SURENESS is an operating platform that certifies documents and mediates between companies, with the corresponding authorization to provide the following services:
- Document Certification
- Custody of certified documents
- Data Transmission
- Storaging and Forwarding Certificates
- Companies Evaluation
To provide our services in the best way, and above all the information processing that our work involves, SURENESS is committed to comply with the application of legislation regarding data protection, as the following:
–Law 25/2007, October 18th,, on the conservation of electronic communication related data and public communications networks..
–Organic Law 15/1999, December 13th, on Personal Data Protection.
–Royal Decree 1720/2007, December 21st, which approves the Regulation for the Development of the Organic Law on Protection of Personal Data.
–Law 34/2002, July 12th, on Services of Information Society and Electronic Commerce.
In order to identify the concept of “personal data”, and attending to what this legislation exposes, the law 15/1999 on Personal Data Protection defines it as “any information concerning an identified or identifiable individual”, so this definition must be taken into consideration throughout this document regarding the impact of the services provided by SURENESS, and its effect on the processing of personal data.
Data Processing for SURENESSusers and clients.
Clients' personal data
The Personal Data Protection Law establishes protection guarantees to any personal data of clients/users of services provided by *SURENESS. The personal data collected are necessary only for the provision of our services and administrative and billing management, such as: first and last name, ID number, mailing address, email contact or bank details. SURENESS guarantees its customers/users the right data processing according to the following principles: -.
- Information: SURENESS will inform all users about the handling of their personal information at the time of conclusion of the service agreement, stating the purposes of such handling, notifying also potential transfers, and procedure indication on how to exercise their rights of access, rectification and cancellation.
- Quality: SURENESS will handle your personal information only accordingly to the inherent purposes of our services, to invoice them, as well as to send information about SURENESS's commercial news. Also, the information we will require is ensured to be adequate, relevant and not excessive in relation to the purposes for which they were collected.
- Communication: Your personal information will not be disclosed to third parties without your consent, with the exception of those cases provided by law, either being required by authorities, or because it was needed to fulfill your service management obligations.
- Security: Security measures required by law, specially what is stated in Regulation for Security Measures ( Royal Decree 17/2007) which approves the Regulation on Development of the Organic Law on Personal Data Protection, will be attended by SURENESS on the exercise of its services, with relevant care for the entry to the system by access controls, the delimitation of such access in connection to performance of staff duties and the establishment of support and recovering copies.
- Rights Exercising: The rights recognized by the Organic Law on Data Protection (access, rectification and cancellation) may be exercised on the following addresses, together with a copy of your ID card:
- Postal Address :
- E-mail Address :
Also, one of the obligations related to complying with ORDP is the registration of this information on the Data Protection Registry, which access is public, and on which we inform SURENESS is discharged with the name “USERS”
User's communications data,
Secret of communications
The General Law on Telecommunications establishes the secret of communications by electronic communications operators, having to adopt technical measures to make this secret effective. Furthermore, interceptions can only be made under the cases provided by law and with previous permission of relevant authorities.
This law also sets a procedure in case there is risk of personal data violation, of which users will be inform and of the adequate measures that will be taken. In case of an effective violation of personal data, SURENESS will notify the Data Protection Agency and, if negatively affect intimacy or information of a particular user, this user will also be notified.
Trustworthy third party
An additional service provided by SURENESS for its certified products is the “trustworthy third party”, regulated on Law 34/2002, July 12th, on Services to Information Society and Electronic Commerce, provided for on Article 25. This service consists on the intervention of a third person, in the agreement or contract signed by the parties, with the purpose of collecting willing statements issued by them and recording of dates and times that these communications have taken place.
SURENESS acts as this trustworthy third party on the certifying services provided, proving these aspects of communication by issuing a certificate in which the following is credited:
a) In case of text message communications (SMS): Sender's telephone number, receiver's telephone number, date and time of message submission and content of message.
b) In case of certified e-mail communications: Sender's e-mail address, receiver's e-mail address, date and time of message sending, date and time of message delivering, content of message and attached files.
This certificate is issued by SURENESS with all the previously described information and into a digitally signed PDF file.