Security and privacy

​​​​At SPLIT PAYMENTS, S.L., we are committed to ensuring that your personal data is protected and not used for purposes other than those indicated in this Privacy Policy. For this reason, in this section, we inform users and interested parties about everything related to the processing of their personal data, thereby complying with the applicable data protection regulations in our country: General Data Protection Regulation (EU) 2016/679, of April 27, regarding the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter "GDPR").

This Privacy Policy applies to the processing of data carried out by SPLIT PAYMENTS, S.L. through the following website: www.flanks.io (hereinafter, the "Website") and/or other websites as specified. We recommend that you read it carefully before using this Website or providing us with your data through it.

If you have any questions, you can contact us via email at: suportelgpd@flanks.io

0. Table of contents

In this Policy, you will find all the information related to the processing of your personal data and the rights you can exercise to maintain control over them. In this regard, you will find information about:

1. Who is responsible for the processing of your data.
2. What requirements you must meet to provide us with your personal data.
3. What data processing we carry out through the Website and their main characteristics, explaining:
   • What data we collect and the methods of collection, the purposes for which we request the data, the legal basis for processing, how long we retain the data, to whom your data are disclosed, the existence of international data transfers.
4. What your rights are and how you can exercise them.
5. How we protect your personal information.
6. Changes to this policy.

1. Who is responsible for the processing of your personal data?

Your personal data will be processed by the company SPLIT PAYMENTS, S.L. ("FLANKS"), with Tax ID B67332775 and the following contact information:

• Address: Calle del Sol, No. 55, 08840, Viladecans, Barcelona, Spain
• Contact phone: (+34) 930 40 05 44
• Contact email: suportelgpd@flanks.io

1.1 Our Data Protection Officer

From FLANKS, we provide you with the contact information of our Data Protection Officer, to whom you can address any questions you may have regarding this Privacy Policy or the processing of your personal data.

• Email: suportelgpd@flanks.io

2. What requeriments must you meet to provide us with your personal data?

• Minimum age: To provide us with your personal data, you must be at least 18 years old and/or, if applicable, have sufficient legal capacity to use the present Website.
• Accuracy: When you provide us with your data to use our services, you guarantee that the data and information provided are real, truthful, up-to-date, and belong to you, not to third parties. You must also notify us of any changes to the provided data, and you are responsible for the accuracy and precision of the data provided at all times.
• Age and Accuracy Control: FLANKS reserves the right to verify your age and identification information at any time, if necessary, even by requesting an official identification document or equivalent procedure. In the event of fraud detection or suspicion that you are under the indicated age, your account may be suspended, temporarily deactivated, and/or canceled.

3. What data processing do we carry out through the website and what are its main characteristics?

Below, we explain how we process your personal information and provide detailed information on your privacy:

When you contact us through our channels (contact form or email):

• Methods of Data Collection:
  • Contact form
  • Sending emails to the address hello@flanks.io or other FLANKS email addresses.
• What Data We Collect?
  • Identifying and contact information: We collect your identifying data (name and surname), your phone number, email address, the name of the company where you work, and any other information you voluntarily include in the communications you send to us. We may request additional information if necessary to fulfill your request or requirement.
• Purposes of Data Processing:
  • Responding to your requests: The primary purpose of processing this data is to respond to your requests, answer your questions, provide the required information, and, if applicable, follow up on your requests.
  • Improving customer service: Information derived from inquiries, consultations, and advice provided to interested parties, as well as how requests are handled, allows us to understand how we provide our customer service, enabling us to improve its quality. Furthermore, all information collected, after the retention period indicated below, is anonymized and used to analyze the most frequently asked questions through chat and automate the most common ones, create FAQs, or store it for statistical purposes to develop business strategies.
• Legal Basis for Processing:
  • Consent: The data provided for the above purposes will be processed based on your consent, given voluntarily when you contact us through the means at your disposal to request information or make a request.
  • Legitimate Interest: All information collected by the customer service department will be used for statistical purposes to improve the quality of the customer service provided. You can request more information about the weighting of our legitimate interests by contacting us at suportelgpd@flanks.io. Mandatory information will be indicated with an asterisk or a similar form. Without this information, we would be unable to address your inquiries or requests.
• Data Retention:
  • All your personal information will be processed while your requests are being processed and, if necessary, to follow up on them. After this period, FLANKS will retain and block this information for the periods established by the law to address potential responsibilities and to demonstrate compliance with our obligations. From this point, FLANKS will only process the information in an anonymized manner, making it impossible to link the statistical information to specific users.
• To Whom Your Personal Information is Disclosed:
  • We do not make additional disclosures beyond those indicated in the general section on data disclosure. In this regard, some channels through which you can contact us are managed by service providers acting as data processors. You can find more information on how these service providers operate in the general section mentioned above.

‍

When You Have a Contractual Relationship with Us (Service Provision):

• How is the data collected?
  • Maintaining a commercial or contractual relationship with FANKS (by signing contracts, quotations, commercial contact, etc.).
• What Data We Collect?
  • Identifying and contact information. We collect your identification data (name and surname), professional e-mail and postal address, telephone number, as well as any other data related to the business or contractual relationship.
  • Employment details: During the contractual relationship, we may collect data relating to the contact person representing the client company (name and surname, professional e-mail address, position and/or department).
• What are the purposes of the processing of your personal data?
  • Commercial contact. When there is no contractual relationship, the data will only be processed to maintain relations of any kind with the legal entity in which the data subject provides services.
  • To execute and maintain the contractual relationship between the Parties. When there is a contractual relationship, the main purpose of the processing of this data will be to maintain and execute the contractual relationship between the parties, which may include: Administrative, fiscal, legal, accounting and commercial management of customer data. Drawing up and sending estimates.
  • Carrying out work or services. Attention to queries and complaints via web, telephone, electronic or in person.
  • Setting up meetings and client visits. Sending publications and commercial communications related to our products/services: We may send you, by electronic means, our newsletter and other commercial communications related to our products and services.
• Legal Basis for Processing:
  • Execution of the contract. The processing of data is necessary for the performance of the contract between the parties. All data requested and processed by FLANKS for the above purposes will be necessary for the stated purposes. If they are not provided, it will not be possible to perform the services and administrative tasks related to them.Legitimate interest: The contact data for your professional location will be processed on the basis of the legitimate interest of the company in accordance with art. 19 of the LOPDGDD.
  • For the sending of commercial communications, we base this on our legitimate interest due to the existence of a previous contractual relationship between the parties in accordance with the electronic commerce regulations (LSSI).
  • You may unsubscribe from these commercial communications at any time through the mechanism indicated in each e-mail or by expressing your wish to unsubscribe by sending an e-mail to suportelgpd@flanks.io.You can request more information about the weighting of our legitimate interests by contacting: suportelgpd@flanks.io.
• Data Retention:
  • All personal information will be processed by us for the duration of the contractual relationship between the parties. Once this period has expired, FLANKS will keep this information, blocked, for the periods provided for by law in order to meet any liabilities and to demonstrate compliance with our obligations.
• To Whom Your Personal Information is Disclosed:
  • We do not make any additional transfers to carry out this processing other than those indicated, in general terms, in point 4. To whom do we transfer your personal information? We may use service providers for the provision of certain ancillary services (e.g. management software), who act as Processors. You will find more information on how these service providers operate in point 4 above.

‍

When you apply for our job offers or send us your CV

• Methods of Data Collection:
  • Work with us form
  • Sending your CV to FLANKS via email or third party platforms (LinkedIn or others) where job vacancies are posted.
• What Data We Collect?
  • Identifying and contact information. We collect your identification data (name and surname), email address, your telephone number, as well as your professional data and the data you include in your CV and/or cover letter that you wish to send us.
• Purposes of Data Processing:
  • To participate in our selection processes. We will process your personal information in order to carry out the corresponding selection process for an eventual recruitment.
  • Recruitment processes may involve face-to-face or remote interviews and/or job-related practical, knowledge or language tests.
  • We will also use your contact details to keep you informed about the status of the selection process and your application in the selection process.
  • To participate in our selection processes. We will process your personal information to carry out the relevant selection process for possible recruitment, including conducting interviews (face-to-face or online), knowledge or language tests related to the job. We will also use your contact details to keep you informed about the status of the recruitment process and your application.
  • If you give us your consent, we may include your CV in future FLANKS recruitment processes that match your professional profile.
• Legal Basis for Processing:
  • Execution of a contract, implementation of pre-contractual measures (Article 6.1.b) of the GDPR). The processing of the data is necessary for the implementation at the request of the data subject of pre-contractual measures or the intention to conclude a contract.
  • All data requested and processed by FLANKS for the above purposes shall be necessary for the stated purposes. If they are not provided, it will not be possible to perform the tasks associated with them.
  • Consent: When you send us your CV for use without applying for a specific vacancy and in the event that you allow us to use your CV in future recruitment processes, we will do so on the basis of your consent, and we may keep your CV for this purpose.
• Data Retention:
  • We will process all personal information for as long as is necessary to manage the recruitment process for which you have applied or until you ask us to stop. Once this period has expired, FLANKS will keep this information, blocked, for the periods provided for by law in order to meet any liabilities and to demonstrate compliance with our obligations.
• To Whom Your Personal Information is Disclosed:
  • We do not make any additional transfers to carry out this processing other than those indicated, in general terms, in point 4. To whom do we transfer your personal information? In this regard, some of the channels through which you can contact us are managed by service providers, who act as data processors. You will find more information on how these service providers operate in point 4 above.

3.1 Website Navigation (Cookies)

On this website, we use cookies or other tracking and tracing tools to collect information about how users use the website. For more information about the processing we conduct through these tracking tools, please visit our Cookie Policy.

3.2 FLANKS Social Media Profiles

FLANKS has profiles on certain social media platforms, such as LinkedIn.

When you become a follower of any of our social media pages, the processing of your data will be governed by the terms of use, privacy policies, and access regulations belonging to the respective social media network, which you have previously accepted.

In this regard, FLANKS will process your data for the purposes of managing its presence on the social network, informing you about activities, products, or services, as well as for any other purpose permitted by the social media network's regulations.

Please note that we have no influence over the information collected by the social media network or how it processes it, so we recommend that you stay informed about the purpose and scope of data collection through these social media platforms.

3.3 To whom do we disclose your personal information?

In general, FLANKS will not disclose your data to third parties. However, in addition to the disclosures we specifically mention in the section where we explain the characteristics of the different operations (section 3), we inform you about the general communications that may affect all the previous processing and their legal basis.

• Providers of essential services to execute the service we offer (e.g., IT hosting companies or platforms for sending commercial communications). However, these entities have signed the corresponding confidentiality agreements and will only process your data according to our instructions, unable to use them for their own purposes or apart from the service they provide to us.
• Public Authorities. We may disclose to competent public authorities the data and any other information that is in our possession or accessible through our systems when there is a legal obligation to do so, or when it is required, for example, to prevent or prosecute abuses of services or fraudulent activities through our website. In these cases, the personal data you provide to us will be retained and made available to administrative or judicial authorities.
• In the event of a corporate operation: In the case of a merger, acquisition, sale of all or part of our assets, or any other type of corporate operation involving a third party, we may share, disclose, or transfer user data to the successor entity (even during the preliminary phase of the operation).
• To third parties after aggregation or anonymization: We may disclose or use aggregated or anonymized data (i.e., data that cannot be linked to an identified or identifiable individual) for any purpose.
• To third parties with the user's consent or another legitimate basis: In cases where we want to share data with third parties outside the scope of this Privacy Policy, we will request your consent or inform you about it and its legal basis.

Also, please note that this Privacy Policy only refers to the collection, processing, and use of information (related to personal data) by us through your interaction with our website. Access to third-party websites that you may access through links from our website has their own privacy policies over which we have no control. Therefore, before providing them with any personal information, we recommend that you familiarize yourself with their Privacy Policies.

3.4 Are you personal data transferred to third countries ouside the european economic area?

Some of our service providers are located in countries outside the European Economic Area ("EEA").

The location of these companies outside the EEA implies the existence of an international transfer of your personal data, which may involve a lower level of protection than that provided for in European regulations. However, FLANKS has implemented measures to ensure that such transfers do not result in a lower level of protection for your personal data.

In this regard, service providers located outside the EEA have a valid mechanism for conducting international transfers, or they have entered into the relevant standard contractual clauses approved by the European Commission ("SCCs"), an agreement between both entities by which the non-European company guarantees that it applies European data protection standards, or they are companies certified under the new EU-US Data Privacy Framework (DPF).

Therefore, the use of these providers does not result in a lower level of protection for your personal data compared to the use of providers located in the EEA.

You can review the content of the SCCs and the Decision on the Adequacy of the EU-US Data Privacy Framework at the following links:

• https://commission.europa.eu/publications/standard-contractual-clauses-controllers-and-processors-eueea_en
• https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

Here are the international transfers we make from FLANKS:

• Google, LLC (Workspace, Cloud)
  • Country: EE. UU.
  • Transfer Method: Data Privacy Framework
• Pipedrive, Inc.
  • Country: EE. UU.
  • Transfer Method: Data Privacy Framework
• Nombre
  • Country: Reino Unido
  • Transfer Method: Decisión de 28 de junio de 2021
• Aircall.io, Inc.
  • Country: EE. UU.
  • Transfer Method: Data Privacy Framework

• Atlassian Pty Ltd
  • Country: Nombre
  • Transfer Method: Nombre

4. What are your rights as a data subject?

You can exercise the rights that the law guarantees you regarding the processing of your personal data by contacting our Data Protection Officer via the email suportelgpd@flanks.io. We will address any requests for rights as soon as possible and, in any case, within the maximum period established by legislation from the moment we receive them. In some cases, we may need to request a copy of your identity document or another identifying document to verify your identity.

The rights that correspond to you as a data subject are as follows:

4.1 Right to Withdraw Consent

You can revoke your consent in relation to all processing based on it at any time. However, the withdrawal of consent will not affect the lawfulness of the processing based on prior consent.

4.2 Right of Access

You have the right to know what data is being processed, if applicable, and, if so, to obtain a copy of it, as well as to obtain information about:

• the origin and recipients of the data;
• the purposes for which they are processed;
• the existence of an automated decision-making process, including profiling;
• the data retention period; and
• the rights provided by regulations.

4.3 Right to Rectification

You have the right to obtain the rectification of your personal data or to complete it when it is incomplete.

4.4 Right to Erasure

You have the right to request the erasure of your personal data if it is no longer necessary for the purpose for which it was collected or if we are no longer authorized to process it.

4.5 Right to Data Portability

You have the right to request data portability in the case of data processing based on your consent or the performance of a contract, provided that the processing has been carried out by automated means. In exercising this right, you will receive your personal data in a structured, commonly used, and machine-readable format. However, when possible, you can also request that your data be transferred directly to another company.

4.6 Right to Restriction of Processing of Your Personal Data

You have the right to restrict the processing of your data in the following cases:

• When you have requested the rectification of your personal data during the period in which we verify their accuracy.
• When you believe that we are not authorized to process your data. In that case, you can request us to limit its use instead of requesting its deletion.
• When you believe that it is no longer necessary for us to continue processing your data and you want us to keep it for the purpose of exercising or defending claims.
• In cases where there is processing based on our legitimate interest, and you have exercised your right to object to it, you can ask us to limit the use of your data while verifying the prevalence of these interests over yours.

4.7 Right to Object

You have the right to object at any time to the processing of your personal data based on our legitimate interest, including profiling.

4.8 Unsubscribe from Commercial Communications

Remember that at any time, you can object to receiving this type of communications by sending us an email to suportelgpd@flanks.io. You can also unsubscribe from this service by following the instructions provided in the footer of each of the electronic communications we send you.

4.9 Right to Lodge a Complaint with the Supervisory Authority

Remember that at any time, and if you believe that we have violated your right to the protection of your data, you can contact the corresponding supervisory authority. In the case of Spain, this authority is the Spanish Data Protection Agency (www.aepd.es).

5. How do we ensure the confidentiality of your information?

The security of your personal data is a priority for us. Therefore, FLANKS has implemented all the necessary security measures to ensure effective use and processing of the personal data provided by the user, safeguarding their privacy, confidentiality, and integrity. We use the necessary technical means to prevent alteration, loss, unauthorized access, or processing of your data, according to the state of technology at all times.

Consequently, we comply with the recommended security standards to protect them. However, it is impossible to guarantee their complete security due to the nature of the internet and because there may be malicious actions by third parties beyond our control.

We commit to acting swiftly and diligently in case the security of the data is compromised or jeopardized and will inform you if it is relevant.

6. Modifications to this policy

FLANKS may modify the content of the privacy policy at any time, especially when there are legislative, jurisprudential, or interpretive changes by the Spanish Data Protection Agency that affect the data processing carried out by FLANKS through this website. Any new version of this Privacy Policy will come into effect on the date of entry into force as published.

Therefore, we recommend that you periodically review this Privacy Policy to stay informed about how your personal data is treated and protected, as well as your rights.

This Privacy Policy was last modified on September 29, 2023.