In compliance with Regulation (EU) 2016/679 (RGPD/GDPR) and Organic Law 3/2018, of 5 December (LOPDGDD), D-LINIEX provides prior notice of the essential aspects of the processing.
1. Data controller
- Identity: PORRAS BARRIOS PROYECTOS Y SOLUCIONES, S.L. · N.I.F. B-10491256.
- Address: Calle Oporto, nº 1, Portal 1, 3º A — 10005 Cáceres (España).
- Contact: info@d-liniex.com · Tel. +34 911 23 40 74.
2. Purposes of the processing
- Handling enquiries: to respond to enquiries, send quotes and maintain professional correspondence.
- SaaS / AI Verifier: to create and manage the account, provide the service, issue verifications, give technical support and improve the product (without using customer data to train models).
- AEC technical services: to formalise and perform the contract, and for invoicing, collection and administrative management.
- Commercial communications: sending newsletters and updates, only with express consent or, for customers, under the terms of art. 21.2 LSSI-CE.
- Legal compliance: tax, accounting and professional obligations.
- Cookies and web analytics: as described in the Cookies Policy.
3. Legal bases (art. 6 RGPD)
- Consent (art. 6.1.a) for enquiries, commercial communications to non-customers and non-technical cookies.
- Performance of a contract (art. 6.1.b) for the provision of the SaaS and technical services, and pre-contractual measures.
- Legal obligation (art. 6.1.c) for invoicing, accounting and professional duties.
- Legitimate interest (art. 6.1.f) for commercial communications to customers about similar services (art. 21.2 LSSI-CE) and anonymised statistics.
The User may withdraw consent at any time (art. 7.3 RGPD), without affecting the lawfulness of prior processing.
4. Categories of data
Identifying, contact, professional, economic/billing, service-usage (logs, credentials, uploaded files) and browsing data (IP, cookies). No special categories under art. 9 RGPD are processed except where voluntarily and necessarily provided. When the customer uploads technical project documentation, they warrant that they have a legal basis to provide the personal data of third parties contained therein, and D-LINIEX acts as a data processor under art. 28 RGPD (see the Data Processing Agreement).
5. Retention periods
- Enquiries not converted into a contract: up to 12 months.
- Contractual and billing data: 6 years (art. 30 of the Commercial Code; Law 58/2003).
- Technical projects: the warranty periods of art. 17 LOE (10/3/1 years) and the limitation period for actions.
- Files uploaded to the AI Verifier: a maximum of 30 calendar days from the issuance of the report, save where legally required to retain them or upon express instruction from the customer.
- Commercial communications: until consent is withdrawn.
- Cookies: periods detailed in the Cookies Policy.
6. Recipients — Sub-processors (by category)
D-LINIEX discloses the category of recipient, function, country of processing and applicable international-transfer mechanism of each of the sub-processors involved in providing the service (art. 13.1.e RGPD). The specific identity of each provider is available on request at the contact address indicated below. This disclosure fulfils arts. 13.1.e), 13.1.f), 14.1.f), 28.2 and 44 to 49 RGPD, as well as EDPB Recommendations 01/2020.
| Sub-processor | Function | Country of processing | Transfer? | Mechanism / safeguards |
|---|---|---|---|---|
| European web-hosting provider (EU; servers in Spain) | Hosting of the d-liniex.com website | Spain (EU) | No | Processing entirely within the EEA. |
| Cloud database and storage platform (US parent company; instance operated in the EU) | Database and file storage for the SaaS / AI Verifier | Primary storage: European Union. Account and support data: may be processed in the USA. | Partial (account/support) | Standard Contractual Clauses (Decision (EU) 2021/914) + EU-U.S. Data Privacy Framework (Decision 2023/1795). DPA signed. |
| Specialised artificial-intelligence service providers (USA) — category of recipient (art. 13.1.e RGPD); specific identity available on request | Natural-language processing and semantic search for the AI Verifier, via API | USA (traffic may be routed to other regions depending on the provider) | Yes | Standard Contractual Clauses (EU) 2021/914 + EU-U.S. Data Privacy Framework (while the provider’s certification remains active). DPA signed with each provider. Contractual commitment not to train on customer data (zero data retention). |
| CRM and document-management platform (European data centre) | Internal management of clients, case files and studio documentation | European Union (contracted European data centre) | No | Processing within the EEA. |
| EU-authorised payment institution (Ireland) — identified in the payment process itself | Processing of payments and management of subscriptions | Ireland (EU); possible processing by its parent company in the USA | Partial | Standard Contractual Clauses (EU) 2021/914 + EU-U.S. Data Privacy Framework. DPA. |
| Spanish professional email provider (Spain) | Professional email @d-liniex.com | Spain (EU) | No | Processing entirely within the EEA. |
| External accounting, tax and/or legal advisers | Compliance with legal obligations and legal defence | Spain (EU) | No | Processing entirely within the EEA. |
In addition to the above, the data may be disclosed to Public Administrations and competent bodies where there is a legal obligation (AEAT, Social Security, courts and tribunals, State Security Forces and Corps), to financial institutions for the management of collections and payments, and to professional associations where official endorsement (visado) or other professional action so requires. D-LINIEX does not make disclosures other than those above except by legal obligation or express consent.
7. International transfers (arts. 44 to 49 RGPD)
D-LINIEX expressly discloses that part of the processing takes place outside the European Economic Area, specifically in the USA, in relation to the artificial-intelligence services (natural-language processing and semantic search) provided by specialised providers, as well as, where applicable, part of the account/support processing by the cloud database platform (US parent company). The specific identity of these providers may be requested at the email indicated at the end of this section. These transfers are based, cumulatively, on two mechanisms:
- (a) Standard Contractual Clauses approved by Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (art. 46.2.c RGPD), entered into with each provider through a bilateral DPA.
- (b) The adequacy decision of the EU-U.S. Data Privacy Framework (Commission Implementing Decision (EU) 2023/1795 of 10 July 2023), to the extent that the specific provider is actively certified under the EU-U.S. Data Privacy Framework (verifiable at dataprivacyframework.gov).
In addition, D-LINIEX adopts the following supplementary measures in accordance with EDPB Recommendations 01/2020:
- Encryption of data in transit (TLS 1.2 or higher) and at rest.
- Contractual commitment by the AI providers not to use customer data for the training, fine-tuning or evaluation of models.
- Minimisation: the customer may anonymise or pseudonymise personal data before uploading it to the Verifier.
- Short retention periods (30 calendar days by default for uploaded files).
- Internal access policy based on the principle of least privilege.
The User may request a copy of the applicable safeguards by sending a request to info@d-liniex.com. You may consult the details in our data residency statement.
8. Rights of the data subject (arts. 15-22 RGPD; 12-18 LOPDGDD)
- Access, rectification, erasure, restriction, portability, objection, and the right not to be subject to automated decisions producing legal effects.
- Withdraw consent at any time.
- Digital rights under Title X LOPDGDD where applicable.
- Exercise of rights: info@d-liniex.com or by postal mail to the Controller’s address, enclosing a copy of your ID document or equivalent.
- Complaint to the Spanish Data Protection Agency (C/ Jorge Juan, 6, 28001 Madrid — www.aepd.es), especially where you have not obtained satisfaction.
9. Security measures
D-LINIEX has adopted the technical and organisational measures required under article 32 RGPD and, where applicable, the National Security Framework (Esquema Nacional de Seguridad). The measures are reviewed periodically and documented in the Record of Processing Activities (art. 30 RGPD).
10. Accuracy, minors and amendments
The User warrants the accuracy of the data. Access is reserved for persons over 14 years of age (art. 7 LOPDGDD). D-LINIEX reserves the right to amend this Policy to adapt it to legislative, case-law or doctrinal developments (AEPD, EDPB, CJEU), publishing the updated version on the Site.