GDPR Compliance

Our Commitment

All data stored in EU-based servers
Data encrypted at rest and in transit
Regular security audits and assessments
Appointed Data Protection Officer
Data processing agreements with all sub-processors

Your Rights Under GDPR

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of any inaccurate personal data.

Right to Erasure

You can request deletion of your personal data under certain conditions.

Right to Restrict Processing

You can request limitation of how we process your data.

Right to Data Portability

You can receive your data in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or direct marketing.

Legal Basis for Processing

We process your personal data based on:

Contract performance: To provide our invoicing and business services
Legal obligation: To comply with tax and regulatory requirements (VeriFactu)
Legitimate interests: To improve our services and communicate with you
Consent: For marketing communications (where applicable)

Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Invoice data is retained for the period required by Spanish tax law (typically 4 years).

International Transfers

Your data is processed and stored within the European Economic Area (EEA). If any transfer outside the EEA is necessary, we ensure appropriate safeguards are in place.

Exercising Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer:

Email: dpo@zynvio.com
We will respond to your request within 30 days

Supervisory Authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority.