This specific annex to our main Privacy Policy provides an additional informative context on the processing we perform for the provision of electronic certification services.

ANF Certification Authority (ANF AC), provides this service as a Qualified Trust Service Provider in accordance with:

• Regulation (EU) 910/2014 regarding electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation).
• Law 59/2003 on Electronic Signature
• Law 34/2002, of July 11, in regards to Services of the Information Society and Electronic Commerce (LSSI). In accordance with article 10 of the LSSI.
• General Data Protection Regulation (EU) 2016/679 regarding the protection of natural persons with regard to the processing of personal data and the free movement of these data;
• Organic Law 3/2018, on the Protection of Personal Data and guarantee of digital rights.

Prior to the collection of your data you will be informed of your rights, how to exercise them and the remaining information required by the current legislation, and other norms and standards whose compliance is required in the field of electronic certification.

ANF AC has the obligation to carry out checks with third informative sources in order to guarantee the reliability and accuracy of the information the customers have provided. Through the development of these consultations, documentary and informative evidence are collected to prove the correct fulfillment of our obligations.

The data collected are:

Those directly provided for the fulfillment of the service provision contract. These data are:

those required by legislation on qualified certificates,

those expressly requested by the interested party to be incorporated, and

those necessary in administrative processes for the collection of service fees and customer service.

Third-party source:

Public records. E.g. Commercial Registry

Register of Legal Entities. E.g. Professional Colleges

Private equity entities. E.g. Professional role certificates or authorizations.

Other sources required to guarantee the accuracy of the information. E.g. Whois

In addition, for security reasons, ANF AC sends communications to interested parties via SMS, email and / or WhatsApp. These communications may include confidential information, so we recommend that you make sure to provide email accounts or phone numbers over which you have absolute control of reception. And, in case of change, notify us immediately.

We do not collect credit card data, this service is performed through a virtual POS terminal, we do not have access to this information. Special categories of data are neither collected, nor service is provided to persons under 18 years of age.

Through the process of requesting our services, specifically during the collection of data, ANF AC can obtain the information through a Registration Authority (RA) or an Identity Verification Office (IVO), which intervene as a mediator , this intermediation is authorized by the eIDAS Regulation and the Electronic Signature Law.

Storage period

EThe minimum storage period is fifteen years in accordance with the Certification Practice Statement and other Certification Policies that have been approved by the supervisory authority (eIDAS Regulation).

Recipients

Except in the cases established in the main Privacy Policy, ANF AC does not transfer the data to third parties. However, in accordance with current legislation and to ensure the security of the relying third parties, ANF AC maintains public repositories where customers can check the validity of the certificates, the authenticity of the certificates issued, and download a copy of the certificates issued (public part).

Register of Data Processing Activities
For more details on the data processing ANF AC carries out, we offer the customers our RDPA in
https://www.anf.es/en/registro-de-actividades-tratamiento-de-datos/