Back to home

Data Protection (GDPR)

General Data Protection Regulation Compliance

Commitment to Data Protection

AgenteUno fully complies with the General Data Protection Regulation (GDPR) of the European Union and the Spanish Organic Law on Data Protection (LOPD-GDD).

Servers in the European Union

All our data is stored exclusively on servers located within the European Union (Germany and France), ensuring your data never leaves EU territory.

  • Infrastructure provider: Hetzner (Germany) and OVH (France)
  • Certifications: ISO 27001, SOC 2 Type II
  • Tier III+ certified data centers

Technical and Organizational Measures

Encryption

  • TLS 1.3 for data in transit
  • AES-256 for data at rest
  • End-to-end encryption for conversations

Access Control

  • Mandatory multi-factor authentication for employees
  • Principle of least privilege
  • Logging of all access to personal data

Backup and Recovery

  • Daily encrypted backups
  • 30-day retention
  • Disaster recovery plan tested quarterly

International Transfers

We do not transfer personal data outside the European Economic Area. If necessary, transfers would only be made with appropriate safeguards (standard contractual clauses or European Commission adequacy decisions).

Data Protection Officer

We have appointed a Data Protection Officer (DPO) whom you can contact at: [email protected]

Record of Processing Activities

We maintain an updated record of all personal data processing activities, in accordance with Article 30 of the GDPR.

Security Breach Notification

In the event of a security breach affecting personal data, we will notify the Spanish Data Protection Agency (AEPD) within 72 hours and affected individuals without undue delay.

Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for any processing that may pose a high risk to individuals' rights and freedoms.

Your Rights

As an EU citizen, you have the right to:

  1. Access — Know what data we hold about you
  2. Rectification — Correct inaccurate data
  3. Erasure — The "right to be forgotten"
  4. Portability — Take your data to another provider
  5. Objection — Object to the use of your data
  6. Restriction — Restrict how we use your data
  7. No automated decisions — Object to purely automated decisions

Exercise your rights at: [email protected]

Supervisory Authority

If you believe your rights have not been adequately addressed, you can file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es