The controller responsible for processing personal data collected through the SVTC Portal is:
During the contracting and use of the SVTC Portal, YOID processes the following data of the client company:
| Category | Data | Purpose | Legal basis | Retention |
|---|---|---|---|---|
| Contracting | Name / company name, ID/tax number of the authorized representative, address, email | Service onboarding, verification of B2B status, sending of credentials and service-related communications | Performance of the contract (Art. 6.1.b GDPR) | Duration of the contract + statutory limitation periods |
| Billing | Contracted plan, amounts paid, Stripe transaction identifiers | Invoicing and compliance with tax obligations | Legal obligation (Art. 6.1.c GDPR) | 5 years from the invoice issue date (Spanish General Tax Law) |
| Service usage | Query log (date, time, result), session identifiers | Traceability, technical support, usage-based billing, and regulatory compliance arising from YOID's authorization as a payment institution | Legal obligation + performance of the contract (Art. 6.1.b and 6.1.c GDPR) | Minimum period required by applicable regulation, maximum 5 years |
| Commercial communications | Contact email | Service updates or other similar YOID products | Legitimate interest (Art. 6.1.f GDPR). Object at any time at privacidad@yoid.es | Until the right to object is exercised or the service is cancelled |
With respect to the personal data of the bank account holders verified by the client through the SVTC Portal, YOID acts as data processor on behalf of the client, who holds the status of data controller for all purposes under the GDPR.
YOID processes such data exclusively to provide the verification service in accordance with the client's instructions arising from use of the Portal, and does not use it for its own purposes nor retain it beyond what is technically necessary for traceability, billing and regulatory compliance.
The terms of the data-processing arrangement are set out in the SVTC Portal Terms and Conditions (Section 6), accepted by the client during the contracting process.
The following necessary sub-processor is involved in providing the VALITIC service:
Additionally, Stripe Payments Europe, Ltd. acts as sub-processor for payment processing, under its own privacy terms available at stripe.com/en-es/privacy.
No international transfers of personal data outside the European Economic Area are carried out.
The client company's representatives and contact persons may exercise the following rights over their personal data processed by YOID as controller:
To exercise any of these rights, write to privacidad@yoid.es indicating the right you wish to exercise and attaching a copy of your ID document. YOID will respond within a maximum period of one month from receipt of the request.
If you believe the processing of your data does not comply with the GDPR, you may file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.
YOID applies appropriate technical and organizational measures to guarantee the security, confidentiality and integrity of the data processed, as required by Article 32 of the GDPR and in compliance with its ISO 27001 certification. All communications with the Portal are carried out using TLS encryption.
YOID may update this privacy policy to adapt it to regulatory or service changes. The current version will always be available on the SVTC Portal. Material changes will be communicated by email to the address provided at contracting, with at least fifteen (15) days' notice.