Legal document

Privacy Policy — SVTC Portal

YOiD Identidad Digital S.L. · Version 1.0 · May 2026
This is an English-language translation provided for informational purposes. The Spanish-language version of this document is the legally binding one and shall prevail in the event of any discrepancy.

1. Data controller

The controller responsible for processing personal data collected through the SVTC Portal is:

YOiD Identidad Digital, S.L.
Calle Sollube 22, 48993 Getxo (Vizcaya), Spain
Email: privacidad@yoid.es
Payment institution authorized by the Bank of Spain

2. Data we process and why

During the contracting and use of the SVTC Portal, YOID processes the following data of the client company:

Category Data Purpose Legal basis Retention
Contracting Name / company name, ID/tax number of the authorized representative, address, email Service onboarding, verification of B2B status, sending of credentials and service-related communications Performance of the contract (Art. 6.1.b GDPR) Duration of the contract + statutory limitation periods
Billing Contracted plan, amounts paid, Stripe transaction identifiers Invoicing and compliance with tax obligations Legal obligation (Art. 6.1.c GDPR) 5 years from the invoice issue date (Spanish General Tax Law)
Service usage Query log (date, time, result), session identifiers Traceability, technical support, usage-based billing, and regulatory compliance arising from YOID's authorization as a payment institution Legal obligation + performance of the contract (Art. 6.1.b and 6.1.c GDPR) Minimum period required by applicable regulation, maximum 5 years
Commercial communications Contact email Service updates or other similar YOID products Legitimate interest (Art. 6.1.f GDPR). Object at any time at privacidad@yoid.es Until the right to object is exercised or the service is cancelled

3. YOID as data processor

With respect to the personal data of the bank account holders verified by the client through the SVTC Portal, YOID acts as data processor on behalf of the client, who holds the status of data controller for all purposes under the GDPR.

YOID processes such data exclusively to provide the verification service in accordance with the client's instructions arising from use of the Portal, and does not use it for its own purposes nor retain it beyond what is technically necessary for traceability, billing and regulatory compliance.

The terms of the data-processing arrangement are set out in the SVTC Portal Terms and Conditions (Section 6), accepted by the client during the contracting process.

4. Sub-processors

The following necessary sub-processor is involved in providing the VALITIC service:

Iberpay — Sociedad Española de Sistemas de Pago, S.A.
Tax ID: A82814211
Role: channels the account-ownership query to the bank issuing the queried account.
Scope: Spanish national territory.

Additionally, Stripe Payments Europe, Ltd. acts as sub-processor for payment processing, under its own privacy terms available at stripe.com/en-es/privacy.

No international transfers of personal data outside the European Economic Area are carried out.

5. Data subject rights

The client company's representatives and contact persons may exercise the following rights over their personal data processed by YOID as controller:

AccessFind out what data YOID processes about you
RectificationCorrect inaccurate or incomplete data
ErasureRequest deletion of your data
ObjectionObject to processing based on legitimate interest
RestrictionRestrict processing under certain circumstances
PortabilityReceive your data in a structured format

To exercise any of these rights, write to privacidad@yoid.es indicating the right you wish to exercise and attaching a copy of your ID document. YOID will respond within a maximum period of one month from receipt of the request.

If you believe the processing of your data does not comply with the GDPR, you may file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es.

6. Security measures

YOID applies appropriate technical and organizational measures to guarantee the security, confidentiality and integrity of the data processed, as required by Article 32 of the GDPR and in compliance with its ISO 27001 certification. All communications with the Portal are carried out using TLS encryption.

7. Updates to this policy

YOID may update this privacy policy to adapt it to regulatory or service changes. The current version will always be available on the SVTC Portal. Material changes will be communicated by email to the address provided at contracting, with at least fifteen (15) days' notice.

YOiD Identidad Digital S.L. · Calle Sollube 22, 48993 Getxo (Vizcaya), Spain · privacidad@yoid.es
Version 1.0 — May 2026 · Payment institution authorized by the Bank of Spain