Alighieria

Data Protection Policy

Last updated: July 1, 2025

At Alighieria we are committed to protecting and respecting your privacy. This Data Protection Policy explains how we collect, use and protect your personal data when you use our software as a service (SaaS) specialized in editorial processes.

This policy complies with the European Union General Data Protection Regulation (GDPR) and Spanish Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).

1. Data Controller

Data controller:

  • Company name: Alighieria Systems S.L.
  • Address: C/ Manso, 54, 3-3
  • Postal code and city: 08015, Barcelona, Spain
  • Phone: +34 637 819 458
  • Contact email: [email protected]

2. Purposes of Processing

We process your personal data for the following purposes:

2.1 Service Provision

  • Create and manage your user account
  • Provide access to our editorial processes platform
  • Process and store the content you upload to the platform
  • Offer collaboration and editorial management functionalities
  • Provide technical support and customer service

2.2 Administrative and Commercial Management

  • Manage billing and collections
  • Manage subscriptions and renewals
  • Send service-related communications
  • Perform usage analysis to improve our services

2.3 Commercial Communications (only with your consent)

  • Send newsletters and promotional communications
  • Inform about new features and updates
  • Conduct satisfaction surveys

2.4 Legal Compliance

  • Comply with tax and accounting obligations
  • Respond to requests from competent authorities
  • Keep records in accordance with applicable legislation

3. Legal Basis for Processing

The legal basis for the processing of your data is:

  • Contract execution: For service provision, account management and billing
  • Consent: For sending commercial communications and use of non-essential cookies
  • Legitimate interest: For service usage analysis and technical improvements
  • Legal obligation: For compliance with tax and legal obligations

4. Data Recipients

4.1 Shared Data

Your personal data may be shared with:

  • Data processors: Service providers that help us operate the platform (hosting, email services, payment processing, technical support)
  • Competent authorities: When required by law or to protect our legal rights
  • Third parties with your consent: Only when you have given your explicit consent

4.2 International Transfers

In case of transferring data outside the European Economic Area, we guarantee that it is done with the appropriate safeguards established by the GDPR, through adequacy decisions or standard contractual clauses.

4.3 No Data Sale

We never sell, rent or trade your personal data to third parties.

5. Your Rights

As a data subject, you have the right to:

5.1 Right of Access

Request information about what personal data we have about you and how we use it.

5.2 Right of Rectification

Request the correction of inaccurate or incomplete personal data.

5.3 Right of Erasure ("Right to be Forgotten")

Request the deletion of your personal data when they are no longer necessary for the purposes for which they were collected.

5.4 Right to Object

Object to the processing of your personal data in certain circumstances.

5.5 Right to Restriction of Processing

Request the restriction of processing of your personal data in certain circumstances.

5.6 Right to Data Portability

Request the transfer of your personal data to another data controller.

5.7 Right to Withdraw Consent

When processing is based on consent, you may withdraw it at any time.

6. Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

6.1 Technical Measures

  • Encryption of data in transit and at rest
  • Firewalls and intrusion detection systems
  • Regular encrypted backups
  • Multi-factor authentication for administrative access
  • Continuous security monitoring

6.2 Organizational Measures

  • Internal information security policies
  • Regular staff training in data protection
  • Access controls based on the principle of necessity
  • Security incident response procedures
  • Periodic security audits

7. Data Retention

7.1 Retention Criteria

We keep your personal data only for the time necessary to fulfill the purposes for which they were collected:

  • Account and service data: While you maintain an active account and up to 5 years after cancellation for possible claims
  • Billing data: 6 years from the invoice date (tax legal obligation)
  • Commercial communications data: Until you withdraw your consent
  • Access logs: 2 years for security purposes
  • Support data: 3 years after case resolution

7.2 Secure Deletion

At the end of the retention period, we delete data securely and irreversibly.

8. Exercising Your Rights

8.1 How to Exercise Your Rights

To exercise any of your rights, you can:

8.2 Required Information

To process your request, we will need:

  • Clear identification of the right you wish to exercise
  • Copy of your identity document
  • Specific information about the data subject to the request

8.3 Response Time

We will respond to your request within a maximum period of one month from receipt. This period may be extended by two additional months if the request is complex.

8.4 Right to File a Complaint

If you consider that the processing of your personal data does not comply with the regulations, you can file a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

9. Cookies and Similar Technologies

9.1 Use of Cookies

Our website uses cookies and similar technologies to:

  • Ensure basic website functionality
  • Remember your user preferences
  • Analyze website usage
  • Personalize content and ads (only with your consent)

9.2 Cookie Management

You can manage your cookie preferences through:

  • Your browser settings
  • Our cookie preferences center
  • Contacting us directly

For more detailed information, please see our Cookie Policy.

10. Minors

Our service is aimed at people over 16 years of age. We do not knowingly collect personal data from minors under 16 without the corresponding parental consent.

11. Policy Updates

11.1 Modifications

We may update this Data Protection Policy periodically to reflect changes in our practices or in applicable legislation.

11.2 Change Notification

We will notify you of any material change in this policy through:

  • Notice on our website
  • Email to your contact address
  • Notification on the platform

11.3 Effective Date

The current version of this policy is effective as of the date indicated at the top of the document.

12. Contact

For any questions about this Data Protection Policy or the processing of your personal data, you can contact us:

  • Email: [email protected]
  • Phone: +34 637 819 458
  • Address: c/ Manso 54, 3-3, 08015, Barcelona, Spain