This specific annex to our main Privacy Policy provides an additional informative context on the processing we perform for the provision of eBurofax ®, an advanced service for electronic delivery service.

ANF Certification Authority (ANF AC), provides this service subject to the provisions of:

• Regulation (EU) 910/2014 regarding electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation).
• Law 59/2003 on Electronic Signature
• Law 34/2002, of July 11, in regards to Services of the Information Society and Electronic Commerce (LSSI). In accordance with article 10 of the LSSI.
• General Data Protection Regulation (EU) 2016/679 regarding the protection of natural persons with regard to the processing of personal data and the free movement of these data;
• Organic Law 3/2018, on the Protection of Personal Data and guarantee of digital rights.

The eBurofax ® application includes the following personal data processing:

• Signature Manager
• Communications Manager
• Document and message manager.
• Legal evidence manager.
• 2FA manager.
• Secure encryption manager.
• Electronic audits

ANF AC intervenes, according to the provision of service contracted as:

• processor (GDPR), or
• intermediation service provider (LSSI), or
• trusted third party (LSSI), or
• qualified trust service provider (eIDAS)

ANF AC does not review the contents of the documents that are ordered to process, or the communications about which it receives delivery order. For those processes whose content is confidential, the service has a secure encryption option.

Signature Manager
ANF AC, provides this service as a processor, having formalized with each contracting company the corresponding contractual document as a processor.

This service offers the following forms of expression of consent:

• Qualified electronic signature
• Advanced electronic signature
• Biometric signature
• Express Consent
• Explicit Consent

In the case of biometric signature, ANF AC guarantees that only the signature of the signer is captured, which is stamped at the same time on the document whose content is accepted. The signature is not stored as a separate file, nor a dynamic signature capture is performed (biometric behavioral pattern of the signer: inclination, pressure, etc.).

• Express consent requires an affirmative and clear act by the interested party.
• Explicit consent will require confirmation, so customers will receive a session key via SMS.

In order to build legal evidence, the Eburofax® service captures all traces generated during the signer's intervention (IP, time, terminal, and other data of interest that accredit his/her intervention and prevent the repudiation of the signature ). This information is reviewed in the legal evidence given to the payer

Communication Manager
Your personal data, delivery mailboxes, communications to be made, or documents to be delivered, are provided by the sending party. ANF AC only puts at your disposal the telecommunications networks, and computer services that facilitate its realization. It does not make any modification, nor does it review contents.

Document and message manager

The communications to be made, the documents delivered or the responses made by the recipients, are made available to the parties. ANF AC only keeps the documents if it has been hired for it. ANF AC only puts at your disposal the telecommunications networks, and computer services that facilitate its realization. It does not make any modification, nor does it review contents. Our mission is to authenticate to guarantee integrity. Time Stamp is also available to establish the time of each event, and capture all traces of evidence that make it impossible to repudiate the participation of the parties and generate strong legal evidence.

Legal Evidence Manager
The legal evidences are the documents prepared by ANF AC, which incorporate the traceability of a transaction, establish with full legal certainty the participation of each party, the moment in which they participated, and include the traces that prevent any possibility of repudiation.

2FA Manager

When a security reinforcement is required, the Double Authentication Factor service generates a session key that is forwarded to one of the personal mailboxes of the interested party. ANF AC does not store this key, it uses hash technology, using SHA2 digestion algorithm.

The systems collect the data from the mailbox to which it was sent, and determines if the password subsequently entered is correct or not, establishing the IP and the time from which it was inserted.

Secure Encryption Manager
ANF AC only uses strong encryption. Our systems use AES algorithm with key lengths of 128 bits or higher.

Electronic audits
ANF AC as an essential part of its information security management system, incorporates LOG registration processes and traceability from which may be obtained:

• IP of the remote operator.
• Time and day of the connection.
• Browser used.
• SO used.
• UUID of the terminal.

Storage period
ElThe storage period is the duration of the service provision contract, besides the period ANF AC requires to prove the correct fulfillment of its services.

Recipients
Except in the cases established in the main Privacy Policy, ANF AC does not transfer the data to third parties.

Register of Data Processing Activities
For more details on the data processing ANF AC carries out, we offer the customers our RDPA in https://www.anf.es/en/registro-de-actividades-tratamiento-de-datos/