Skip to content
Zynvio

GDPR Compliance

Zynvio is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018 (LOPDGDD).

Our Commitment

  • Data stored primarily on EU servers (OVHcloud, France)
  • Data encrypted at rest and in transit (TLS/SSL, AES-256)
  • Designated data protection contact person
  • Data Processing Agreements (DPA) with all sub-processors
  • No third-party cookies or advertising tracking technologies
  • Logical data isolation between companies (multi-tenant architecture)

Your Rights Under GDPR

Right to Access

Art. 15

You can request a copy of all personal data we hold about you.

Right to Rectification

Art. 16

You can request correction of any inaccurate or incomplete personal data.

Right to Erasure

Art. 17

You can request deletion of your personal data under certain conditions.

Right to Restriction

Art. 18

You can request limitation of how we process your data.

Right to Data Portability

Art. 20

You can receive your data in a structured, machine-readable format.

Right to Object

Art. 21

You can object to processing based on legitimate interests.

Withdrawal of Consent

Art. 7.3

You can withdraw your consent at any time without affecting the lawfulness of prior processing.

Legal Basis for Processing

We process your personal data based on:

  • Contract performance: To provide our invoicing, accounting, inventory and HR services.
  • Legal obligation: To comply with tax (VERI*FACTU), accounting and labor requirements under Spanish law.
  • Legitimate interests: To ensure system security, prevent fraud and maintain audit records.
  • Consent: For authentication via external providers (Google OAuth).

Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Tax data and invoices are retained for 6 years (Commercial Code), employment data for 4 years, and audit records for 3 years. See our Privacy Policy for detailed retention periods.

International Transfers

Your data is processed and stored primarily within the European Economic Area (EEA). Where certain providers (Google, Stripe) are located outside the EEA, we ensure an adequate level of protection through the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs).

Exercising Your Rights

To exercise any of your GDPR rights, contact our data protection officer:

privacy@zynvio.com

We will respond to your request within a maximum of one (1) month.

Supervisory Authority

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) or your local supervisory authority.

https://www.aepd.es