Factorial 2025 is here. The same platform but redesigned to be better than ever. More intuitive, insightful, and human.
|
Check it out now →

Privacy Policy

All the information regarding our Privacy Policy. 

Last update: May 2024

Below, we inform you about the processing of personal data that we perform in Factorial. With this privacy policy we want to comply with any legislation on data protection that applies to us because of the territories in which we operate.

Today in Factorial we treat data in different ways and with different types of relationships: leads, customers, web users, users of our HR platform. It is possible that some of these sections apply to you because they are generic and that in others you only have to consult some of their sections. If this is the case, you will only have to go to the subsection that interests you.

1. What is the information of the Data Controller and the Data Protection Officer?

EVERYDAY SOFTWARE, S.L. a Spanish company with address at Carrer d'Àlaba, 61, 5-2, 08005 Barcelona, Spain and CIF B66854530 (hereinafter, "Factorial HR" or "Factorial") is committed to protect your personal data. This privacy policy (hereinafter, the "Privacy Policy") will inform you about how we take care of your personal data when you interact with our website (hereinafter, the "Website"), our Platform (hereinafter, the "Platform") or in the context of the provision of our services.

We would also like to inform you that Factorial has a company incorporated in the United States: 

FACTORIAL HR LLC, a U.S. company with address at 1633 W. Innovation Way, 4th Floor, Lehi UT 84043, with FEIN 38-4196015.

Contact details of the person in charge: e-mail (privacy@factorial.co)

DPO contact details: email (Legal@pridatect.com), postal address (Av. de Josep Tarradellas, 8-10, 5º 08029 Barcelona)

2. Factorial HR Platform Services

Factorial's core service consists of the provision of a cloud-based HR management platform used by organizations in their capacity as employers (hereinafter referred to as "Client" or "Clients") to optimize their HR processes by centralizing and digitizing administrative tasks related to their employees or collaborators (hereinafter referred to as the "End Users").

In this context, Factorial processes your personal data as a data processor. Due to the nature of our business, Factorial does not have a direct relationship with data users or data subjects, and we cannot guarantee the processing of personal data by our Controllers. Therefore, at Factorial we only process End User's personal data on behalf of our Clients and in accordance with their instructions. Therefore, if you are an employee/collaborator who uses our Platform as a user, we inform you that we act only as data processors of your data. Our Customers decide the purposes for which our Platform is used, as well as the means used for the collection and processing of data according to the extent of the functions of our Platform, and any additional processing on them. 

Examples:

  • If you are an End User of the Platform and you want to access certain information, you must go to your employer. Factorial cannot give you access to such information, unless expressly requested by the Client or a body with sufficient authority.
  • On the other hand, in the case of those employees of the Client or third parties (such as self-employed professionals, candidates in selection processes, former employees, etc.) who want to communicate a situation through the internal information channel that we offer to our Clients and do not opt for anonymity, Factorial will be responsible for the processing of personal data entered through this channel, being the Client who decides the purposes for which this channel is used.

The subjects whose personal data we process in this context refer to the End Users of the Platform. Alternatively, with the use of the Platform we may come to process the data of individuals whose data is provided by the Platform End Users themselves.

The categories of personal data that can be entered on the Platform can be of the following types, always at the request of our Customers:

  • Direct identifying information (e.g., name, e-mail address, phone number).
  • Indirect identifying information (e.g., job title, gender, date of birth, user ID).
  • Employment information (resume, employment contract, job offer, performance reviews, etc.)
  • Financial information (bank account, bank entity, payroll, etc.).
  • Device identification data and traffic data (e.g., IP addresses, MAC addresses, web logs).
  • Any personal data provided by End Users of the Platform.
  • Any personal data contained in a document provided by End Users and/or the Client.

If you decide to access our Platform through the website using the Google, Okta or Microsoft Azure login tool, these companies will share with us your full name, your email address, your language preferences and your profile picture for authentication purposes. The data is transmitted for the stated purpose of login and Factorial makes efforts to respect at all times the configuration that the user has determined for your account with Google, but it will always be the responsibility of the User. 

As for the types of processing operations, they may vary from the collection or registration of your data within the Platform, such as its organization or structuring, storage, conservation and, ultimately, once the relationship is terminated, its deletion and final destruction at the request of the Customer.

In case you have access to our current list of sub-processors, you can consult our Processing Assignment Agreement for the updated list of sub-processors or directly by sending a message to privacy@factorial.co.

For the specific geolocation functionality, we inform the data subject that Factorial works with the Google Maps service. In this regard, we inform our End Users that they can access the Data Protection Terms and Conditions of this independent data controller at: https://cloud.google.com/maps-platform/terms/maps-controller-terms.

In the event that our Clients wish to use any of the integrations that we offer with our Platform to complement different functionalities, they must accept the respective terms and conditions and privacy policy of such providers, and the data will be processed for the purposes determined in such policies, given that Factorial cannot guarantee the processing of data by these third parties. 

As we have already mentioned, from Factorial we do not process your personal data for our own purposes. It is possible that we process usage and analytical information, as well as financial, statistical and aggregate data of the Platform. From all this information, there may be certain data derived from personal data. Whenever we are going to use any of this data for the improvement and further development of our products and/or services we will do so only if it is anonymized. Please note that this treatment is not the same as the use of analytical cookies, which, as a user of our website or Platform, you can freely authorize or deny at the first time you access.

In this context, once the provision of processing services from Factorial ends, by default, we will keep the data locked in an S3 system for twelve (12) months. We recommend our Clients to take the opportunity to extract all information from the Platform, since after this period we will definitively destroy your data, unless the Client expressly requests the final deletion within this period.

Finally, we may use tracking devices that may allow us to collect usage data or metadata from the Platform. This usage data allows us to analyze the operation of the Platform when our users interact with our different functionalities and to detect possible errors or incidents in order to try to correct them from a technical point of view. However, the use of these devices for analytical purposes will be subject to the consent of the End Users in a first access and their acceptance may be configured at any time thereafter, in accordance with what we inform through the Cookies Policy of the Platform (available at any time once you access through the "My Settings" section from your user account).

3. What personal data do we process?

Not all the data detailed in this section apply to any treatment. In order to consult the exact type of data that applies to each treatment and its origin, please review this and the following section on purposes and bases of legitimacy.

In general, in order to provide our various services we collect the following personal data:

Data of our leads and/or web users

If you are part of our Factorial database, we may have received the following information about you:

  • Identification data and professional contact data: Such as name and surname, corporate email and telephone, treatment, user name of the corresponding social network, position and organization to which you belong, as well as size and sector of the organization and country.
  • Navigation data, traffic data and/or metadata: IP address, behavioral data through our website (provided you have consented).
  • Data about the preferences and needs of your organization: Consists of information provided directly by you about which Factorial applications may interest you, as well as information deduced by Factorial about the behavior of the lead or user with respect to Factorial's contents and websites and the preferences and needs that the organization of which you are a part may have.

You provide us with such data directly through forms such as direct contact forms, demo request forms, forms for attending events, business fairs and/or webinars or forms for requesting materials and/or digital content offered by Factorial, among others.

Notwithstanding the foregoing, we may also collect your data through third party providers with whom Factorial has a contractual relationship or through social networks and similar platforms, such as Linkedin.

For all these cases, from Factorial we try to ensure that these suppliers collect the consents correctly or that they have the pertinent evaluations and if they have adequate protection measures.

Customer data

Once there is a contract between Factorial and its Clients, as a representative of your organization or point of contact, we may have received the following data for the successful completion of the contractual relationship:

  • Identification and contact information: Name and surname, corporate email and telephone number, position and organization to which you belong, as well as size and sector of the organization and country.
  • Behavioral data: From Factorial we will use your behavioral data as a Client in the interactions with us or in the context of the provision of our services.

Clients provide us with such data directly or through the respective contractual agreement or as a result of contacts between Factorial and your organization.

Data of minors

Factorial offers a B2B service to organizations, aimed and intended to be used by adults. Factorial's services are not aimed at processing personal data of minors without legal capacity to hire or work. Our services are focused on human resources management in the context of an organization. In this sense, we do not authorize persons under legal age or without legal capacity to hire to create an account in our Platform or to request our services. In case we notice that a minor without legal capacity to hire wants to use our Platform we reserve the right to cancel it, to immediately delete such data from our systems and take any legal action we deem appropriate, among other appropriate measures.

4. What are the purposes and legitimate bases for which we process the data?

In order to give you this information in a clear and as understandable as possible, in this section we want to divide the purposes for which we can treat your data according to the group of interested parties of which you are part, as well as by basis of legitimacy within each group of interested parties:

Leads and/or users:

We process your data as a lead or user of the website for the following purposes:

a. The following processing purposes are carried out on the basis of your consent:

We want to emphasize that in relation to these purposes you will have the right to withdraw your consent at any time.

  • To contact you for commercial purposes through different channels (both online and offline), as well as to send you personalized commercial communications. In case we have not obtained your contact data directly from you, you have the right to be informed, among other things, of the origin from which we have obtained such data. For example, from an online contact form, from the database of a third party provider, as well as from webinars, trade fairs, conferences or similar events that you have attended and where your contact data is legitimately collected.

Data processed: Name and surname, corporate telephone and e-mail address, treatment, position, name and/or sector of the organization.

  • To manage your participation in any of our promotional activities, events, courses and/or webinars; and, if necessary, to communicate any updates on such activities.

Data processed: Name and surname, corporate telephone and e-mail address, position, name, sector and/or size of the organization.

  • We will communicate your identification and professional contact information to third party partners with whom we carry out joint promotional activities, provided that you have given us your specific consent.

Data processed: Name and surname, corporate telephone number and e-mail address, position and sometimes name, sector and/or size of the organization.

Occasionally, we manage these events, courses and/or webinars in collaboration with other organizations or acting as promoters. So in such situations we may disclose the personal data you have provided to us. In these cases, we will request your prior consent to communicate them to these third parties for their own commercial purposes, such as sending information and content related to their products and/or services. These third party collaborators will have their own privacy policies and you will be able to obtain more information about the treatment of your data that will be under their responsibility. For more information regarding possible communications of your data with third parties you can contact us at privacy@factorial.co.

  • To provide you with some of our resources available through our websites.

Data processed: Name and surname, corporate e-mail address, name and size of the organization.

  • Analyze your behavior on our websites to understand your preferences regarding our products, content and/or services through cookies and other tracking devices. For more information, please refer to our Cookie Policy.

Data processed:

(a) Navigation, traffic and/or metadata data: IP address, behavioral data through our website obtained from the use of cookies.

(b) Data on preferences and needs of your organization: Consists of information provided directly by you on what Factorial functionalities may be of interest to you, as well as information deduced by Factorial on the preferences and needs that the organization you are part of may have.

  • Record the meetings held in order to improve the experience in the sales process.

Data processed: Name and surname, user name, image and voice, language for communication.

b. The following purposes of processing are carried out on the basis of the performance of a contract to which the data subject is a party or for the implementation at the data subject's request of pre-contractual measures:

  • Finalization of agreements: In case of advancing in the commercial relationship with the lead or potential client, we will send you an economic proposal adapted to the needs of your organization.

Data processed: treatment, position, name and/or sector of the organization, functionalities of our platform that you have selected.

  • Manage your request to start using a free trial account on one of our products or to fulfill and manage further requests in relation to such trial account, such as extension of term or changes in account settings.

Data processed: name and surname, position, corporate email and telephone, name, sector and size of the organization and functionalities of our platform that you have selected.

c. The following processing purposes are carried out on the basis of our legitimate interest:

  • Impact you with personalized advertising communications about our products and services, as well as content or other relevant information, through different channels based on a basic business profile about you and your organization.

Data processed: treatment, position, name and surname, size, name and/or sector of the organization, interactions with products or contents of our websites (provided that you have consented to the use of our cookies), functionalities of interest of our platform that you have selected.

Communications may be sent on the basis of the profile generated from the data described and in accordance with the characteristics detailed in this privacy policy, provided that you have given us your consent to receive exclusive or personalized advertising communications.

In addition to email, from Factorial we will communicate with you for advertising purposes through different online channels. Among these other forms of communication are SMS, applications or instant messaging platforms and, in particular, the use of social networks or third party platforms.

From Factorial we try to use all these channels in the best possible way and in compliance with the principles of data protection. In this context, your data will always be shared with the respective guarantees of confidentiality and data security.

In relation to the use of the channels offered by social networks or platforms generally, in order to use them, we must deliver a series of necessary and sufficient data such as: your name, country, email address and corporate telephone. Before sharing your data with these platforms or social networks, an encryption of your data will be applied using tools provided by them. In this way, only the social network or platform can verify that there is a match with any of its users. In other words, once we submit this data, the social network or platform will automatically assign an encryption code to prevent us from identifying users and only then will it check if there are any matching users in its community.

The platforms we are interested in collaborating with are those where we can make a useful impact on our professional leads. Each platform will have its own way of calling it, but these methods of generating audiences are often referred to as custom audiences, matched audiences or custom audiences. By default, in the context of these platforms or social networks, we will only apply custom audiences with a single segment set by Factorial, which will be based on the preferred functionalities indicated by the lead itself or with the purpose of not receiving more advertising related to Factorial (i.e., to exclude you from receiving our ads and not overload you with commercial information).

Factorial does not have access to the data of these social networks or platforms. Your social network user data is not shared with us at any time. We will only have access to statistical information related to the database that we have delivered. In this sense, the social network or platform does not allow us to communicate directly with you. In case you have a user account on such social network or platform you will be shown advertising communications within the social network itself.

Additionally, from Factorial we can also apply what is usually called "lookalike audiences" or similar audiences. These activities consist in that platforms or social networks show advertising information to third party users with similar profiles to Factorial users. That is, these platforms will determine that you have similar tastes or preferences to our users and will show you promotional content from Factorial because they consider that you might be interested.

Notwithstanding the foregoing, we want to make it clear that the privacy settings you have in such platforms or social networks will prevail. Although you have consented to receive advertising communications from Factorial, if you have restricted the privacy permissions of your profile through the respective social network or platform we will not be able to carry out these activities. In case you wish to restrict the privacy settings of your user profile we advise you to consult directly the conditions and privacy policies in force of such platforms or social networks.

If you wish to receive non-personalized advertising communications and, therefore, that we do not process your data to carry out these advertising activities with social networks, you can object by sending your request directly to privacy@factorial.co and we will respond to your request.

Factorial's legitimate interest in relation to the use we make of these advertising services in social networks or other platforms is our intention to improve our advertising communication strategy with our professional leads and ensure that they receive information that is really of interest according to the type of organization they are part of. The benefit that this generates for us is to increase the scope of knowledge of our products and services, as well as the contracting of our services -in case it ends up becoming effective-. The benefit for you as a stakeholder is to have information about human resources management platforms, as well as related products and services that may be of interest to the organization you are part of.

Finally, please note that sometimes you may see Factorial advertising on a social network without us having shared any personal information about you previously. In these cases, it is the same platform or social network that shows you advertising according to its own criteria and Factorial will not be intervening. The display of this advertising will depend exclusively on how you have configured your user profile on that platform or social network.

  • Basic scoring based on a set of pre-established segments.

Data processed: Position, number of employees in the organization (by ranks), sector and country/region of the organization, functionalities of interest of our platform, origin of the lead, interaction with our content and websites (e.g. use of freebies, download of content, marketing campaigns in which you have participated, interaction with our communications, last date of participation in a demo, or last date of signing up with Factorial, if applicable).

Factorial uses a series of algorithmic models that allow us: 

(1) to better personalize our dealings and commercial communications with the lead; and (2) to improve the quality of our communications with the lead. 

(2) determine the lead's segment or score. This will allow us to follow a commercial strategy with respect to it and incorporate it in certain personalized and predefined treatment sequences. To this end, we will offer you those products or services that we consider may be of your greatest interest.

More specifically, these sequences can mean that, provided that the lead has consented, he/she receives personalized communications according to the interests shown or according to the characteristics of the organization to which he/she belongs (size, sector, country, etc.). 

The determination of these personalized sequences is obtained thanks to a series of calculations based on a predictive model or pattern. In order to improve these predictive models or patterns we provide the aforementioned data for training and improvement. In this way, we optimize the rules of these predefined sequences or profiles to which you have been assigned. In the end, we will be able to continue offering a personalized treatment to the lead and that allows us to know which features of our products or services we should highlight to generate greater interest.

You have the right to oppose this purpose at any time. Under no circumstances the opposition to this treatment worsens or conditions your business relationship with Factorial. If you only oppose to this purpose and we continue to have your consent to send you advertising or commercial communications, we will continue to offer you our products or services, but in a more generic way.

  • Contact you and set a date together for a demonstration of the Platform. If you request a demonstration of the Platform, we can process your data to send you a call automatically depending on the nearest availability of any of our agents. In case of progressing in the negotiation and reaching an agreement in the commercial relationship, we will send you an economic proposal adapted to the needs of your organization and sign the respective contract.

Data processed: Name and surname, corporate telephone and/or e-mail address, treatment, position, name and/or sector of the organization, data derived from meetings, powers of attorney and contact details as legal representative (in the contract in case of signature).

Factorial's legitimate interest in relation to these contacts is based on being able to contact you to offer or promote our products and services in accordance with the possible interest of your organization to initiate or maintain a business relationship or similar type with Factorial. The benefit that this generates for us is to increase the scope of knowledge of our products and services, as well as the sale -in case it ends up becoming effective-. The benefit for you as an interested party is to have information about our human resources management platform, as well as related products and services that may be of interest to the organization you are part of.

Clients:

We treat your data as a professional contact of Factorial's clients for the following purposes:

a. The following processing purposes are carried out on the basis of your consent 

We would like to point out that in relation to these purposes you may withdraw your consent at any time.

  • To manage your participation in any of our promotional activities, events, courses and/or webinars; and, if necessary, to communicate any updates on such activities.

Data processed: Name and surname, corporate telephone and e-mail address, position, name, sector and/or size of the organization.

  • Analyze your behavior on our Platform to understand your preferences regarding our products, content and/or services through cookies and other similar tracking devices. For more information, please refer to our Cookie Policy.

Data processed:

(a) Navigation, traffic and/or metadata data: IP address, behavioral data obtained from the use of cookies and other devices.

(b) Data on preferences and needs of your organization: Consists of the information provided directly by you about which Factorial functionalities interest you, as well as the information deduced by Factorial about the preferences and needs that the organization you are part of may have.

b. The following purposes of processing are carried out on the basis of the performance of a contract to which the data subject is a party or for the implementation at the data subject's request of pre-contractual measures:

  • Manage and maintain the development of the contractual relationship with the Client

Data processed: Name and surname, corporate email and telephone, contracting data, financial data of the organization, data and metadata of platform use, voice and image (in case of videoconferences) and other data derived from communications with the interested party.

In this context, from Factorial we will carry out several treatment activities focused on providing a service throughout the life cycle of service provision and to establish good communication with the administrator users of the Client's account and/or other users who request assistance. These can range from assistance in loading information and initial support to the administrator users who will use the Platform, such as sending offers on new features and their subsequent activation, payment or collection management, informative communications related to the contractual relationship, assisting and supporting users in clarifying doubts, providing information or resolving incidents, conducting meetings and even the final support for the management of the Client's offboarding with Factorial.

c. The following processing purposes are carried out on the basis of our legal obligation:

  • Reception and management of communications through Factorial's internal complaints channel.

Data processed: As a reporting person, the data we process are name and surname, voice (depending on the type of complaint), email, telephone and/or postal address, as well as the description of the facts, documents and evidence provided. The above, without prejudice to the fact that as a whistleblower you have the right to file a complaint anonymously.

To better understand the context of this processing of your data, we recommend that you always review the respective privacy policy of our internal channel and thus have more detail of the purposes for which we will process your data, as well as the rest of the information on data protection.

  • Compliance with legal obligations, including those related to the prevention of money laundering and terrorist financing and the prevention of fraud

Data processed: Name and surname, corporate email and telephone, recruitment data, financial data of the organization.

These processing activities are mainly focused on compliance with the due diligence measures to which we are subject in accordance with the applicable regulations in force.

d. The following processing purposes are carried out on the basis of our legitimate interest:

  • Recording of customer calls: Recording and retention of customer service calls to verify the quality of service and, if necessary, improve the experience of the process or if you participate in product research sessions.

Data processed: Image and voice, basic data derived from communications and feedback provided by the customer himself in these calls.

WWhenever it is necessary and you attend a video call that is going to be recorded, you will be duly informed of it.

From Factorial we make these recordings with the intention of detecting areas for improvement, both in the service provided to our customers and on the quality of any of our products and services. As a Client, the benefit is that based on the opinions or suggestions that you emit during these meetings we can correct possible errors detected in our products and services as well as in the service provided. From Factorial we continuously strive to ensure that your level of satisfaction remains high.

  • Conducting surveys to our customers in order to find out the state of satisfaction with our platform and other services.

Data processed: Name and surname (except for anonymous surveys), data derived from communications with the interested party such as opinions or suggestions.

These surveys are not mandatory, but they are very valuable to us. 

From Factorial we carry them out with the intention of detecting areas of improvement, both in the attention given to our customers and on the quality of any of our products and services. As a Client, the benefit of answering them is that based on your opinions or suggestions we improve our products and services and we strive to keep your level of satisfaction high.

  • Basic scoring on your organization based on a set of pre-established segments and through the application of predictive models that will allow us to calculate and forecast the value of the life cycle of customer organizations to guide the treatment strategy to a more personalized one. In this way, we will be able to identify in time those customers at risk of dissatisfaction with Factorial.

Data processed: Position, number of employees in the organization (by ranks), sector and country/region of the organization, functionalities of our platform that you have indicated to us that are of interest to your organization, origin of the contact, interaction with contents of our websites (for example, use of freebies, download of contents, marketing campaigns, in which you have participated, interaction with our communications, last date of participation in a demo, or last date of signature with Factorial, if applicable).

These predictive models will consist of the following:

(a) Determine the segment of the scoring system of which your organization is a part in order to incorporate you in certain customized sequences for such segment of treatment of our Customers' contacts and to have a better focus on the commercial contact. This treatment will consist in the analysis of the suitability of the appropriate commercial strategy for the Customers. The purpose of this treatment is the classification of the Client organization according to a scoring system predefined by Factorial, with different groups according to the data of the organization itself (sector, size, country, etc.) and the data of the behavior of the contacts of that organization. All of the above, based on predictive models or patterns that will indicate when a Customer may be dissatisfied and then adjust our commercial strategy or dealings with that Customer.

(b) Analyze the Client's life cycle.

(c) Identify opportunities to change to superior plans for our Clients.

In order to improve these models or predictive patterns, we incorporate the mentioned data for training and improvement purposes. That is, we will only process data from Factorial's internal sources and information derived from the contractual relationship between Factorial and the Client.  Thus, with such training we optimize the rules of such sequences or pre-established segments to which your organization has been assigned.

Notwithstanding the foregoing, these predictive models do not make any decisions on our behalf. We simply use them as another data analysis resource. The decision making will always be made by Factorial and always in search of the common benefit -our own and that of our Clients-.

You have the right to oppose to this purpose at any time. Under no circumstances the opposition worsens or conditions your relationship with Factorial. If you only oppose to this purpose, we will continue to provide our services to the Client, but in a more generic way.

  • Analysis of the statistical and usage data of our Platform -which is derived from the Platform usage data of the Platform's End Users-, for the improvement and further development of our functionalities and services.

Data processed: data derived from recruitment; observed platform usage data (e.g. number of user profiles filled in, number of performance reviews launched, etc.); data from communications with the data subject; navigation data; data obtained from the execution of statistical models.

We process data in this context in an anonymized form. This means that we will only use such data after it has been properly anonymized.

This treatment will also allow us to analyze your inquiries or other contacts that are related to incidents, bugs or issues that are recurring on our Platform to better understand such errors raised by our Customers and try to provide a solution to them.

Other purposes:

For the purpose of Factorial's selection processes, in case you want to join our team, either because there is a position that fits your profile or because you want to send us your CV, we recommend that you always review the respective privacy policy to know the purposes for which we will treat your data, as well as the rest of the information on data protection.

5. Do we share your personal data? Do we make international data transfers?  

As a general rule, the data processed by Factorial are not shared with third party providers. However, we can collaborate with other entities and share your data with them, and we will inform you about it in the following cases: 

  • In the context of webinars, events or commercial and/or promotional actions, we will communicate your contact details to our collaborators, partners or promoters so that they may contact you at a later date for commercial purposes, provided that you have given us your consent to do so.
  • In the same way, provided that as a contact of a Client or as a lead you have previously consented, we will communicate your data to our partners or collaborators so that they can contact you and send you commercial information.
  • We may share certain data with third party social networks or platforms to optimize the connection and organization of your data in our CRM, as well as for the determination of custom or similar audiences in their own environments in connection with our personalized marketing communications.
  • Payment service providers or partners providing banking services duly approved/regulated under the respective license. For the processing of payment transactions and depending on the payment method chosen by the Client, these services may retain and process your data to complete the payment transactions as an essential part of the execution of the contractual relationship with that partner. For the management of bank accounts by third party partners, the use of payment services and including payment by bank transfer or credit card, we may need to share your data as a Client. This communication shall be considered in the context of the exclusive contractual relationship between you as a Client and the third party partner. And therefore, the specific Terms and Conditions of the third party partner shall apply.
  • It is possible that in order to comply with certain legal obligations we may have to communicate your data to law enforcement agencies, agencies, public administrations, Judges or Courts and / or authorities that are competent.
  • We may also disclose your data to potential acquirers and other interested parties in the event of a merger, corporate restructuring transaction such as an acquisition, joint venture, divestiture, spin-off or divestiture. In such a case, we will do so taking the respective data protection safeguards into account. In addition, we have an Intragroup Agreement such as BCRs that allow us to share certain personal information between Factorial companies.

Also, in some cases we give access to your data to our suppliers, who provide a service to Factorial, but never for their own purposes. For the selection of them, we always try to choose the suppliers that provide us with sufficient adequate guarantees in the treatment of your data. Among the different categories of suppliers we use we can find:

  • Hosting services.
  • Call center, chat and videoconferencing services.
  • Marketing and advertising services (e.g., mailing with personalized content, survey management, event management).
  • Payment services.
  • Logistics services.
  • Analytical services.
  • Platforms for the management of contracts or agreements, including their signature.
  • Provision of a CRM platform and related ancillary services such as meeting scheduling, as well as synchronization between some of our databases and our CRM.
  • Cybersecurity services
  • Services for commercial profiling and/or classification of our leads and customer organizations.
  • Financial management, accounting, auditing, consulting, tax and legal advisory services.

When we process your data, it is hosted in the EU and processed within the territory of the EU. In this regard, your data will be stored in the Eu-Central1 region of Amazon Web Services (AWS). More specifically, in Frankfurt. As a general rule, we engage service providers also located within the European Economic Area or in countries that have been declared to have an adequate level of data protection.

In some instances, the data we collect will be transferred to processors in third countries, and we will make reasonable efforts to ensure that the expectations of the current applicable Privacy Framework are met. Primarily, we will base such transfers on an EU adequacy decision under Article 45 of the GDPR. In the absence of an adequacy decision to transfer your data to the third country, we rely on other safeguards under Chapter V of the GDPR. Primarily, we will transfer your data on the basis of the standard contractual clauses in force. However, we may use other types of measures provided for by the GDPR, provided that they allow us to ensure adequate protection of your data and that you can consult them upon request.

6. Do we do any profiling and do we make automated decisions?

In Factorial we make profiles on our Clients and on our leads, as well as on some of our web users. All these profiles have a purely commercial purpose and especially focused on our legal entity Clients and within the framework of our commercial relationship with them or with the possible leads or organizations with which we are negotiating or to which we are offering our products and/or services.

As we have explained in the respective previous sections on purposes and bases of legitimacy, we base these activities on the legitimate interest of Factorial, in the benefit that our Customers and potential customers receive the information that may be most useful to them and to receive an effective personalized treatment, depending on the segment of which we consider that a Customer or potential customer is part of. Accordingly, from Factorial we have carried out the corresponding weightings of the legitimate interest, in which we have analyzed the benefits or interests we have as data controller, as well as the interests and rights of the interested parties whose data we process in such activities. In case you wish to access or have us explain in more detail the fundamental elements of such weighting, you can contact us directly at: privacy@factorial.co.

Under no circumstances will any of this profiling prevent you from exercising your data protection rights. Likewise, this set of profiling operations is never based on automated decisions, since there is human intervention on our part and we are the ones who determine the conditions for customer segmentation or scoring and end up deciding how to act for/with our Customers or potential customers. In this sense, they also do not have any legal effect on the contacts, nor do they affect them in any similar way. We only use them to segment the recipients of our communications, who are ultimately our Customers or potential customers who are legal entities.

In case of profiling and decisions are made based solely and exclusively on automated processing and these may cause legal effects or significantly affect you, you will be duly informed of this, of the logic applied to such decisions, as well as of your rights to obtain human intervention, to express your point of view and to challenge such decisions.

7. What are the deadlines or retention criteria we have for the processing of your personal data?

From Factorial we keep personal data for different periods and depending on the type of information, the period of our contract with our Clients, the legal requirements relating to certain types of data and other factors. Generally, whenever your data are no longer necessary for the purposes for which they were collected, we will stop processing them.

If we need to retain your data to comply with a contractual or legal obligation, or to resolve disputes, we will retain it only to comply with such obligations, as well as to assert our rights of defense. In this regard, we will restrict access to specific individuals or functions.

If you have given us your consent, we will retain your data until you revoke your consent.

In case there is a contractual relationship between Factorial and the organization you are part of, we will treat your data while the contractual relationship remains in force.

In relation to the information communicated through the complaints channel, it will be stored only for the time that is necessary and provided for the purpose of complying with the requirements imposed by the applicable regulations for the protection of informants, if any. After that time, the reports will be deleted with the relevant security measures, without any obligation to block the data.

Once the above deadlines have expired, your data will be kept duly blocked for the purpose of making them available to the Public Administrations, Judges and Courts and other competent authorities for the sole purpose of dealing with claims until the end of the statute of limitations of the respective actions. After which, your data will be destroyed.

8. What data protection rights do you have and how can you exercise them?  

In accordance with the applicable data protection regulations, as a data subject you have certain rights when we process your personal data. Therefore, we will provide you with an adequate and timely response when you request the exercise of your rights. By way of example, below are some of the rights you can exercise:

  • Right to be informed: You have the right to receive clear, transparent and easily understandable information about how we use your personal data and your rights.
  • Right of access: You have the right to obtain access to your personal data.
  • Right of rectification: You have the right to have your personal data rectified if it is inaccurate or incomplete.
  • Right of deletion: this right allows you to request the deletion or removal of your personal data when there is no compelling reason for us to continue to use it.
  • Right to restrict processing: You have the right to "block" or delete further use of your personal data. When processing is restricted, we may continue to store your personal data, but we may no longer use it.
  • Right to data portability: You have the right to obtain and reuse your personal data for your own purposes in different services.
  • Right to object to processing: You have the right to object to certain types of processing. For example, if you want to object to processing based on legitimate interest.
  • Right to withdraw consent: If you have given us your consent for a specific processing, you have the right to withdraw your consent at any time thereafter.
  • Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal (or similarly significant) effects for you.

Factorial normally acts on requests and provides the information free of charge. To exercise your rights you can direct your requests to exercise your rights by sending a written communication to the following email address privacy@factorial.co. In case you want to make a query or suggestion regarding the processing of data by Factorial, you can address to the same address.

Please note that in some cases we may need to verify your identity and may require supporting documentation. Likewise, in very specific cases we may charge you a reasonable fee to cover our administrative costs of providing the information to you:

  • unfounded or excessive/repeated requests; or
  • more copies of the same information.

You have the right to lodge a complaint about our processing of your personal data with the competent data protection supervisory authority. Prior to filing a complaint with the supervisory authority, you have the right to contact our DPO.

9. What are our security measures?

At Factorial we implement state-of-the-art security standards to prevent unauthorized access, maintain data accuracy and ensure the correct use of information. We also apply appropriate organizational measures to protect your data.

We apply these same security standards or rules also when working with business and technology partners. We only select and contract with processors and third-party providers that have adequate security measures in place and provide sufficient safeguards, including technical and organizational measures, to ensure adequate protection of the data we entrust to them.

In addition, internally we also ensure that any member of Factorial who will have access to your data has signed a non-disclosure agreement or clause and we have established internal measures and processes such as continuous training and a series of policies that are updated recurrently to ensure data security, as well as confidentiality, availability and resilience of our systems and services. Among other measures, we highlight that in Factorial we have defined a management procedure and an incident response plan in case of detecting any vulnerability in our systems and/or that may affect your personal data.

For more information related to our security measures, please refer to our Security Page.

10. Changes to this web privacy policy

We reserve the right to modify this privacy policy whenever we believe it is necessary to keep it up to date and adapt it to the realities of the development of our products and services, industry standards or new regulations. If such changes are substantial or important, we will do our best to inform you of them.