Privacy Policy

1Purpose and scope

This Privacy Policy aims to inform you about the processing of your personal data by VOIPER TELECOM SL, in compliance with Regulation (EU) 2016/679 (GDPR) and the Spanish Organic Law 3/2018 of 5 December on Personal Data Protection and Digital Rights Guarantee (LOPD-GDD).

This policy applies to all personal data collected through our website, contact forms, service requests and any other interaction you have with us.

We recommend reading this policy carefully before providing us with your personal data. If you have any questions, please do not hesitate to contact us.

You can contact our Data Protection Officer at: dpd@voiper.es.

2Identity of the data controller

3Personal data we process

We process the personal data you provide directly when you complete our forms, contract our services or contact us, including: name and surname, email address, telephone number, company name, job title, billing data and data relating to contracted services. We may also collect browsing data through the use of cookies, as described in our Cookie Policy. In some cases, we may receive personal data from third parties: for example, when a business customer registers extensions or accounts on behalf of its employees or collaborators. In these cases, the business customer acts as data controller and is responsible for informing those individuals under art. 14 GDPR. VOIPER TELECOM SL will process such data solely for the purpose of providing the contracted service.

4Legal basis for processing

The processing of your personal data is based on the following legal bases under art. 6 GDPR, linked to each purpose:

• •Contract performance (art. 6.1.b): management and provision of contracted VoIP telephony services, extension configuration, billing and payment, and customer support.
• •Legal obligation (art. 6.1.c): compliance with tax, accounting and commercial obligations; retention of communications traffic data for 12 months under Spanish Law 25/2007; and other regulatory obligations applicable to telecommunications operators.
• •Legitimate interest (art. 6.1.f): maintaining system security, detecting and preventing fraud, and managing network incidents.
• •Consent (art. 6.1.a): sending commercial communications about our own products and services. You may withdraw this consent at any time without affecting the lawfulness of prior processing.

5Purposes of processing

VOIPER TELECOM SL acts as data controller with respect to the personal data of its customers (companies and professionals) and users who interact directly with the website. As a SaaS telecommunications operator, it may also act as data processor (art. 28 GDPR) with respect to the personal data of end users managed by its business customers through the platform (e.g., employee extensions, call recordings). In such cases, the business customer is the data controller and the relationship is formalised through a Data Processing Agreement.

With your prior and express consent, we may process your data to send you commercial communications about our products and services. You may withdraw this consent at any time by emailing dpd@voiper.es or clicking the unsubscribe link in any of our communications.

6Data recipients

Your personal data may be communicated to the following categories of recipients when necessary:

• •Financial entities for payment management.
• •Public administrations and regulatory bodies when required by applicable regulations.
• •Technology and infrastructure service providers acting as data processors.
• •Companies within the VOIPER TELECOM SL group for the coordinated provision of services.
• •Auditors and legal, financial or technical advisors within the scope of their professional services.

7International data transfers

In the course of its activities, VOIPER TELECOM SL may use services from providers located outside the European Economic Area (EEA), including Cloudflare, Inc. (USA), a security and CDN provider covered by the EU-US Data Privacy Framework (DPF), recognised by the European Commission as an adequate protection mechanism (art. 45 GDPR).

For any other international transfers that may occur, VOIPER TELECOM SL ensures the existence of appropriate safeguards pursuant to art. 46 GDPR (standard contractual clauses or equivalent mechanism). For more information, you can contact our DPO at dpd@voiper.es.

8Data retention

We retain your personal data for as long as necessary to fulfil the purpose for which it was collected and, in any case, for the applicable statutory limitation periods. Once the contractual relationship has ended, the data will be blocked and retained for the periods required by tax, commercial and telecommunications regulations, after which it will be securely deleted.

• •Billing and accounting data: 6 years (Commercial Code, art. 30).
• •Tax obligations: 4 years (General Tax Law, art. 66).
• •Electronic communications traffic metadata: 12 months (Spanish Law 25/2007 on data retention).
• •Anti-money laundering: 10 years (Law 10/2010).
• •Active customer data: during the contract term and until applicable limitation periods expire.

9Rights of data subjects

The General Data Protection Regulation grants you a number of rights in relation to the processing of your personal data. You may exercise these rights free of charge, although we may charge a reasonable fee if requests are manifestly unfounded or excessive.

To exercise your rights, you may contact the Data Protection Officer through the channels indicated in the contact section of this policy.

10How to exercise your rights

You may exercise your rights by sending a written request, together with a copy of your identity document, by email to dpd@voiper.es or by post to the Controller's address indicated in this policy.

We will respond to your request within one month of receipt. This period may be extended by a further two months where necessary, taking into account the complexity and number of requests, in which case we will notify you of the extension and the reasons for it.

11List of recognised rights

In particular, you have the right to:

• •Access: to know what personal data of yours we process.
• •Rectification: to request the correction of inaccurate or incomplete data.
• •Erasure ('right to be forgotten'): to request the deletion of your data when it is no longer necessary for the purposes for which it was collected.
• •Objection: to object to the processing of your data on grounds related to your particular situation.
• •Restriction of processing: to request that we restrict the processing of your data in certain circumstances.
• •Data portability: to receive your data in a structured, commonly used and machine-readable format.
• •Not to be subject to automated decisions: not to be subject to decisions based solely on automated processing of your data.
• •Withdraw consent: at any time when processing is based on your consent (art. 7.3 GDPR), without affecting the lawfulness of processing prior to withdrawal.
• •Lodge a complaint with the supervisory authority: file a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es) if you consider that processing does not comply with the GDPR.

12Contact the Data Protection Officer

For any query, request or complaint relating to the processing of your personal data, you may contact our Data Protection Officer:

We guarantee a response within a maximum of one month from receipt of your request, except in cases of particular complexity where the period may be extended, with prior notice.

13Right to lodge a complaint with the supervisory authority

Without prejudice to the above rights, you have the right to lodge a complaint with the competent data protection supervisory authority in Spain: Agencia Española de Protección de Datos (AEPD).

14Cookie Policy

For more information about the cookies used on this website, please consult our Cookie Policy.

15Updates to this policy

VOIPER TELECOM SL reserves the right to update or modify this Privacy Policy at any time. When material changes are made, we will notify you by email or through a prominent notice on our website before they take effect.

16Applicable law and jurisdiction

This Privacy Policy is governed by Spanish and European data protection legislation, in particular the GDPR and LOPDGDD. For business relationships (B2B), any disputes are submitted to the Courts of Málaga. For users acting as consumers (B2C), the consumer's domicile jurisdiction shall apply in accordance with Spanish civil procedure law and consumer protection regulations.