Privacy policy – Doxia Investing

Data controller

In compliance with EU Regulation 2016/679, General Data Protection, hereinafter, the “GDPR”, and Organic Law 3/2018, on the Protection of Personal Data and guarantee of digital rights, users are informed that the personal data provided through the website https://doxiainvesting.com/, hereinafter, the “Website”, will be processed by:
Responsible: Trecton Interland S.L.
CIF/NIF: B94150729
Address: Calle Joaquín Costa, 78, 36004 Pontevedra, Spain
Contact email: support@doxiainvesting.com / contact.doxiainvesting@gmail.com
Commercial name: Doxia Investing
For any question regarding the processing of personal data, the user can contact the responsible party through the indicated emails.

Nature of the service

Doxia Investing offers a SaaS technology platform aimed at providing software tools, automation, technical analysis, strategy configuration and technical integration with user accounts on third-party platforms.
Unless expressly stated otherwise, Doxia Investing does not provide investment services, financial advice, advice on crypto-assets, portfolio management, custody of crypto-assets, execution of orders, receipt and transmission of orders, exchange of crypto-assets or crypto-asset transfer services on behalf of clients.
Doxia Investing is not authorised or registered as an investment services company or as a crypto-asset service provider with the CNMV, as it does not provide regulated services subject to such authorisation.
The user retains sole responsibility for his/her investment decisions, the configuration of the platform, connections with third parties and the use he/she makes of the available tools.
Doxia Investing does not sell users’ personal data.

Personal data processed

Doxia Investing may process the following categories of personal data:
a) Identification and account data
• Name and surname.
• Username.
• Email address.
• Internal user identifiers.
• Encrypted password or equivalent authentication mechanisms.
• Date of discharge.
• Account status.
• Contracted plan.
b) Contracting and invoicing data
• Name and surnames or company name.
• DNI, NIF, NIE, CIF or equivalent tax identifier.
• Tax or billing address.
• Data necessary to issue invoices.
• Contracted plan.
• Price, applicable taxes, renewals, cancellations, and subscription status.
The prices of the services offered by Doxia Investing include VAT where applicable.
c) Payment details
Doxia Investing uses Stripe as a third-party payment platform to manage the collection of subscriptions, renewals, payments, refunds, payment incidents, and, where applicable, fraud prevention measures.
When you make a payment, certain personal and transaction data may be processed directly by Stripe, including, but not limited to:
• name and surname;
• email address;
• billing address;
• tax identifier, where applicable;
• amount, currency, date and status of payment;
• transaction identifiers;
• payment method used;
• partial or tokenized card data, such as the last digits, expiry date, country of issue or technical identifiers;
• IP address, device, browser and other technical data necessary to process the payment, verify the transaction and prevent fraud.
Full card or other payment details are managed directly by Stripe through its secure infrastructure.
Doxia Investing does not store the user’s complete card data, without prejudice to the fact that it may keep payment identifiers, transaction references, subscription status, invoices and data necessary for contractual, accounting, tax and support management.
Stripe will process data in accordance with its own terms, privacy policy, and applicable data processing agreements. Stripe may act, as the case may be, as a processor and/or as an independent controller for certain of its own purposes, such as compliance, security, fraud prevention, and legal compliance.
d) Technical and usage data
• IP address.
• Device type.
• Browser used.
• Operating system.
• Technical identifiers.
• Date and time of access.
• Pages visited.
• Interactions with the Website or Platform.
• Technical logs, logs and security events.
e) Technical integration and API data
When the user connects the platform with third-party services, Doxia Investing may process technical data necessary to enable such integration, such as:
• API connection status.
• Technical integration identifiers.
• User-selected configurations.
• Operational data necessary for the technical execution of the service.
• Tokens, keys or technical credentials when strictly necessary to provide the service, applying appropriate security measures.
Doxia Investing does not and should not receive unnecessary credentials to access user funds.
The user is responsible for properly configuring the permissions granted on the third-party platforms.
(f) Communications data
• Inquiries submitted using forms.
• Emails sent to support.
• Commercial Requests.
• Claims, incidents or contractual communications.
• Information voluntarily provided by the user.
g) Data derived from legal compliance
Doxia Investing may process personal data to meet legal, tax, accounting, commercial, security, fraud prevention, auditing, complaint management or response to requests from competent authorities.
Where necessary, Doxia Investing may retain and disclose certain data in order to comply with legal obligations or to establish, exercise or defend legal claims.

Data not to be provided

The user must not provide personal data of third parties unless they have a sufficient legal basis to do so.
You must also not submit specially protected or sensitive information that is not necessary for the use of the service, such as health data, ideology, religion, sexual orientation, trade union membership, biometric data, genetic data or similar information.
Doxia Investing does not request such data for the ordinary provision of its services.

Purposes and legal bases of the processing

Doxia Investing will process personal data for the following purposes:
a) Registration and user account management
Create, maintain, verify and manage the user’s account, allow access to the platform and manage their access credentials.
Legal basis: execution of the contractual relationship or application of pre-contractual measures.
(b) Provision of the SaaS service
Allow the use of the platform, activate functionalities, manage technical integrations, maintain the operability of the service, process configurations selected by the user and offer technical support.
Legal basis: execution of the contract.
c) Management of subscriptions, payments and invoicing
Manage the contracting of plans, subscriptions, payments, renewals, cancellations, refunds, issuance of invoices, application of taxes, verification of payment status and resolution of incidents related to collection.
For this purpose, Doxia Investing uses Stripe as a third-party payment service provider.
The data necessary to process the payment may be communicated to Stripe and processed by this provider to authorize the transaction, verify the payment method, prevent fraud, manage disputes, comply with legal obligations, and provide its payment services.
Legal basis: performance of the contract, compliance with tax and accounting legal obligations, and legitimate interest in preventing fraud and ensuring the security of operations.
d) Customer Service and Support
Respond to queries, manage incidents, solve technical problems, respond to requests and maintain necessary communications with the user.
Legal basis: execution of the contract and legitimate interest of the controller in properly serving its users.
e) Security, fraud prevention and technical maintenance
Supervise the operation of the platform, detect unauthorized access, prevent abuse, protect systems, make backups, maintain logs and guarantee the availability, integrity and security of the service.
Legal basis: legitimate interest of the controller and, where applicable, compliance with legal obligations.
(f) Commercial communications
To send commercial communications, news, promotions, updates or information about Doxia Investing services when the user has given their consent or when there is a previous contractual relationship that legally allows it.
Legal basis: user consent or legitimate interest in the case of communications about services similar to those already contracted.
The user may object to or unsubscribe from these communications at any time.
g) Legal, tax and accounting compliance
Comply with legal, fiscal, accounting, commercial obligations and to meet the requirements of administrative, judicial, fiscal or tax authorities.
This purpose includes the issuance and maintenance of invoices, accounting keeping, attention to inspections, fraud prevention, claims management and legal defense of the interests of Doxia Investing.
Legal basis: compliance with legal obligations and legitimate interest in the prevention of fraud and defence against claims.
h) Analysis and improvement of the service
Analyse the use of the Website and the platform to improve the user experience, correct errors, optimise functionalities and develop internal metrics.
Legal basis: legitimate interest of the controller or consent when cookies or unnecessary technologies are used.

Data retention

Personal data will be kept for the time necessary to fulfil the purpose for which they were collected and, subsequently, for the legal periods required.
In particular:
• Account data will be retained for as long as the user maintains an active account.
• Contractual and invoicing data will be kept for the periods required by tax, accounting and commercial regulations.
• Payment data will be kept for the time necessary to manage the contractual relationship, credit payments, attend to incidents, manage refunds, comply with legal obligations and defend possible claims.
• The communication data will be kept for the time necessary to deal with the query or incident and, where appropriate, for the period necessary to formulate, exercise or defend claims.
• Technical logs and security data will be kept for the time necessary to ensure security, prevent fraud or investigate incidents.
• Data processed on the basis of consent will be kept until the user withdraws such consent.
When the data is no longer needed, it may be blocked for the applicable legal deadlines and subsequently securely deleted.

Data recipients

Personal data may be communicated to the following recipients when necessary:
• Hosting, infrastructure, maintenance, and security providers.
• Providers of email, support, CRM, or communication tools.
• Web analytics providers, always in accordance with the Cookies Policy.
• Payment and billing providers.
• Stripe, as a third-party payment service provider.
• Legal, tax, accounting or auditor advisors.
• Third-party platforms connected by the user when necessary to provide the service.
• Public administrations, courts, tribunals, tax or tax authorities, when there is a legal obligation or valid requirement.
In particular, personal data may be disclosed to Stripe and its group entities as necessary for the provision of payment services, billing, subscription management, fraud prevention, authentication, security, compliance, dispute management, refunds, and payment-related support.
Stripe may process identification, contact, billing, payment method, transaction, device, IP, and other technical data necessary to process payments and ensure the security of operations.
Suppliers processing personal data on behalf of Doxia Investing will act as processors and will be subject to contractual obligations of confidentiality, security and limited use of data.

International Data Transfers

Doxia Investing may use technology providers located outside the European Economic Area or that process data from third countries.
In particular, when using Stripe as a payment gateway, personal data necessary to process payments may be transferred to Stripe group entities, including Stripe LLC in the United States, as well as to affiliates and subprocessors located in other jurisdictions, to the extent necessary to provide payment, security, fraud prevention, and compliance services.
Where international data transfers occur, Doxia Investing and/or its suppliers will apply appropriate safeguards under the GDPR, including, where applicable, adequacy decisions, standard contractual clauses approved by the European Commission, data transfer addenda or other legally valid mechanisms.

Cookies and similar technologies

The Website may use cookies and similar technologies to enable its operation, remember preferences, analyse the use of the Website and, where appropriate, carry out measurements or commercial actions.
Technical or necessary cookies may be used without consent as they are essential for the provision of the service.
Analytical, advertising or non-necessary cookies will only be used when the user has given their consent, in accordance with the Cookies Policy.
The user may configure, reject or modify their cookie preferences through the panel enabled on the Website, when available.

Data Security

Doxia Investing will implement appropriate technical and organizational measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration, or destruction.
Among other measures, access controls, encryption, secure credential management, event logging, backups, permit review, and infrastructure protection measures may be applied.
In connection with payments, Doxia Investing uses Stripe’s infrastructure to process transactions securely. Full card details are managed by Stripe, and Doxia Investing only retains the information necessary to prove payment, manage subscription, issue invoices, resolve incidents, and comply with its legal obligations.
However, no computer system is completely secure. The user must also adopt appropriate security measures, including the use of strong passwords, two-factor authentication when available, and correct configuration of permissions on third-party platforms.

Users’ rights

The user may exercise the following rights at any time:
• Right of access.
• Right to rectification.
• Right to erasure.
• Right to object.
• Right to restriction of processing.
• Right to portability.
• The right not to be subject to automated individual decisions, including profiling, where appropriate.
• The right to withdraw consent at any time, without affecting the lawfulness of the processing carried out before its withdrawal.
To exercise these rights, the user may send a request to:
support@doxiainvesting.as
contact.doxiainvesting@gmail.com
The request must indicate the right to be exercised and allow the applicant to be reasonably identified.
Where necessary, Doxia Investing may request additional information to verify the user’s identity.

Complaint to the supervisory authority

If the user considers that the processing of their personal data violates the applicable regulations, they may file a complaint with the Spanish Data Protection Agency, AEPD, especially when they have not obtained satisfaction in the exercise of their rights.
AEPD website: www.aepd.es

Minors

Doxia Investing’s services are not directed to minors.
The user declares that he/she is of legal age and has sufficient legal capacity to use the Website and contract the services offered.
If Doxia Investing detects that it has processed a minor’s data without the corresponding legal authorisation, it will take the appropriate measures to delete it.

Automated Decisions and Profiling

Doxia Investing may use automated technical processes for the ordinary operation of the platform, security, error detection, fraud prevention, subscription management or the execution of user-selected configurations.
However, unless expressly informed otherwise, Doxia Investing does not take automated decisions with legal effects on the user or that similarly significantly affect the user within the meaning of Article 22 of the GDPR.

Doxia Investing may be present on social networks.
The processing of the data of users who interact with Doxia Investing’s official profiles will be governed by this Privacy Policy and by the conditions, policies and privacy settings of each social network.
The user is responsible for reviewing the privacy policies of the social platforms they use.

Mandatory or optional nature of the data

The data requested as mandatory in the forms, registration, contracting or payment processes are necessary to manage the user’s account, provide the service, process payments, issue invoices and comply with legal obligations.
Refusal to provide such data may prevent the creation of the account, the contracting of the service, the processing of the payment or the provision of certain functionalities.
The data marked as optional may be provided voluntarily by the user.

Accuracy and updating of data

The user guarantees that the personal data provided is true, accurate, complete and up-to-date.
The user will be responsible for communicating any modification of their personal data so that Doxia Investing can keep the information correctly updated.

Modifications to the Privacy Policy

Doxia Investing may modify this Privacy Policy to adapt it to legal, technical, regulatory, operational or commercial changes.
The current version will be the one published at any time on the Website.
The user is encouraged to periodically review this Privacy Policy.

Contact

For any questions about this Privacy Policy or the processing of personal data, the user can contact Doxia Investing at:
support@doxiainvesting.com
contact.doxiainvesting@gmail.com