Register Login
Register Login
Register Login

Legal Notice and Conditions

Índice de contenido

1. Service provider

This Service has been defined and is provided by BILKY EUROPE, S.L. (hereinafter, BILKY), with registered office at C / Apolonio Morales, 6 Local I - 28036 Madrid, CIF: B87345153, entity registered in the Mercantile Registry of Madrid, Volume 28784, Folio 108, Section 8ª, Sheet M-518263, Inscription 1ª.

Email: atencionalcliente[@]bilky.es

2. Definitions

Definitions of the concepts contained in this document:

Client: Individual entrepreneur or legal entity that contracts the Service, regardless of whether they are companies that use the Service to deliver documents to their employees, or other intermediaries such as gestorías or consultants acting on behalf of such companies.

Simple User: Natural person who makes use of the Service, without registering to have a personal area.

Registered User: Natural person who makes use of the Service, completing the registration to have his personal area.

Logs: These are the archived records of each and every one of the operations carried out by the computer system owned by BILKY.

3. Operational Description of the Service

The Service to be provided by BILKY consists of the following:

The client has a service to deliver documents to Users securely, from the moment the document is uploaded until it is delivered to the corresponding User.

For his part, the User may access and store his documents according to the chosen mode:

  • Simple: The Simple User will receive an email with an encrypted link to a website at the email address indicated by the Client. This link will only be valid for 24 hours from the time it is sent, and will only be known by the User. To access the document in PDF format, the User must access the link and enter his/her ID card number or equivalent official document. The Simple User will be able to download the document during 24 hours after the e-mail is sent.
  • Registered: In addition to the functionalities available for the Simple User, the Registered User will be able to create his own personal area where to host his documents automatically. This hosting will last indefinitely until the User deletes the documents or unsubscribes from the service. The service does not imply any payment by the User.

To do so, the user must register as a Registered User and accept these conditions.

4. BILKY's Commitments

With respect to the Client, BILKY undertakes to:

Offer access to a secure management area, from where the Client can upload and send documents.

Securely deliver the documents to the User in accordance with the provisions of these Conditions.

Maintain a record of the operations carried out by the Client and its Users.

With respect to Users, BILKY undertakes to:

Maintain the confidentiality of documents.

  • To provide the Service as indicated in these Conditions.

5. Customer Commitments

The Customer agrees to:

Customer agrees to promptly satisfy all payments due under the terms of this contract. In the event of non-compliance by the Client with the established payment deadlines, Bilky may, after seven working days from the expiry of the deadline, suspend the service and consider this contract terminated by operation of law, with the amount of the services actually rendered being due.

Associate the email accounts corresponding to each of your Users to their respective documents.

Comply with its social, labor and administrative obligations.

Properly process the cancellations of its own Users.

Take care and ensure the confidentiality and security of your passwords to access the Service. In case of loss or theft of the password, you must notify BILKY as soon as possible.

Not to make illegal or illicit use of the Service.

6. User Commitments

The User agrees to:

Accept as legally valid the communication and delivery of the documents through the mechanism indicated in these Conditions.

Accept access logs to the notification e-mail or to the Service itself as proof of notification.

Not to make illegal or illicit use of the Service.

In case of being a Registered User, take care and ensure the confidentiality and security of your passwords to access the Service. In case of loss or theft of the password, you must notify BILKY as soon as possible.

If you are a Registered User, please provide true, accurate and updated data at the time of registration.

7. Price and form of payment

The price for CUSTOMERS is the one established in the tariffs section of the web site.

The payment method will be through the online payment platform chosen by the User, among those offered by BILKY.

8. Duration

The Service has an indefinite duration in time. However, if BILKY has to close the Service, it will notify the Clients and Users with sufficient time so that they can download the information that they have stored in the Service. This fact will not generate any right to compensation on the part of Clients or Users.

BILKY may interrupt the Service temporarily or permanently in the event of relevant changes in the situation of the Client or the Users, or if a breach of these Terms and Conditions or of the Terms of Use of the website is observed.

BILKY reserves the right to modify the conditions of the Service, periods, technical procedures of identification and validation of the transmitted data. The lack of acceptance of these modifications by Customers or Users will result in the termination of the Service.

The termination of the commercial relationship between the CLIENT and BILKY, or of the labor relationship of the USER with the CLIENT, will not determine the termination of the Service provided by BILKY to Registered Users. These Users will be able to keep stored their documents related to the CLIENT during the time that the Service lasts according to what is established in the present Conditions.

9. Exclusion of Liability

BILKY shall not be liable:

Bilky disclaims any liability for the information transmitted or disseminated through the platform and its website, provided that this information has been manipulated or introduced by a user or outside third party.

For the use of incorrect data, documents or emails by Customers.

For improper access to the information hosted on the Service, due to the use of an insecure password by CUSTOMERS or USERS, or due to a loss or theft of such password.

For failures, errors or temporary inability to access the Service.

For infractions or illicit acts of any nature that correspond to CUSTOMERS or USERS.

For incidental damages caused indirectly or for claims for damages caused to third parties.

10. Security and Confidentiality

During the term of this contract, as well as upon its termination for any reason whatsoever, the parties are forbidden to disclose any commercial, technical and/or financial knowledge, known as a consequence of the development of this contract.

11. Protection of personal data

Obligations regarding Personal Data Protection, in accordance with the RGPD, within the framework of the service provision contract.

  • 1. Purpose of Processing.

The processor will perform for the customer a service of provision of an application, consisting of a portal that makes available to different users with different permissions the information that corresponds to them. BILKY will develop, maintain and provide technical support to the various customers and users, and will be responsible for backing up the application.

It will transfer the use of the platform to the users and will guarantee the correct functioning of the site, will carry out the programming of new functionalities, or modification of the current ones, and in short, all the tasks that can be derived from the contracted services.

The tasks involve data collection, recording, structuring, updating and modification, storage, extraction, retrieval, consultation, communication by transmission, interconnection, collation, and elimination of information.

When the tasks entrusted are finished, being a portal in which each user is the owner of his information, in the case of terminating the contract, each of the clients and users will have the information stored, with full access to it, but with limited functionality to upload new documentation.

BILKY reserves the right to, at any time, give a temporary period for that customer or user to download their documentation, or otherwise, they may delete the stored contents. This event will be communicated by email, to the email identified by the user in the portal, and also by notices on the portal.

  • 1. Identification of the affected information. For the execution of the services derived from the fulfillment of the object of this assignment, the data processor shall process the information that the persons in charge incorporate into the platform, consisting of any documentation that the client or user needs to manage.
  • 2. Duration of the Agreement. This agreement shall enter into force from the moment the user or customer registers on the portal. In the case of customers, they are obliged to make the appropriate payments in accordance with the particular conditions at that time, and in the case of non-payment of the amounts, BILKY reserves the right to suspend the service.
  • 3. Return of Data. Each user is full owner of the documentation of the service, the termination with any of the customers or users of the contract, does not determine that the rest of customers or users cease to have access to their documentation.
  • 4. Obligations for the data processor and its personnel. They shall comply with the following aspects:
    • 1. Purpose: It will use the personal data provided by customers and users, only for the purpose of this order. Under no circumstances may it use the data for its own purposes. The person in charge and its employees are prohibited from accessing the documentation of the portal.
    • 2. Instructions from the responsible: In this service, the responsible does not provide instructions to the provider on how to store the data, but the service provider reserves the right to inform the responsible if the information contained in the service violates any regulation.
    • 3. On the recording of processing activities: The service provider shall keep a written record of the categories of processing activities carried out.
    • 4. Non-communication. The data processor and its employees shall not communicate the data to third parties, unless they have the express authorization of the data controller, or in the legally admissible cases. If the data is automatically communicated to other data processors, or clients and employees of the same controller, according to the permissions that the controller enables them on the platform.
    • 5. International transfer. The service stores all your information in European data centers, which scrupulously comply with the RGPD regulations.
    • 6. Subcontracting. The provider undertakes not to subcontract any of the services that are part of the object of this contract that involve the processing of personal data, except for auxiliary services necessary for the normal operation of the services of the person in charge, including the datacenter. A list of suppliers may be consulted on the website. Telematic communication media certification companies will also be contracted. The subcontractor will have the status of data processing manager, being obliged to comply with this document in the same way as the person in charge, and complying with the same formal requirements.
    • 7. The person in charge and all his personnel must maintain the duty of secrecy with respect to the personal data to which he has had access by virtue of the provision of the present, even after the end of its object.
    • 8. Confidentiality commitments in writing. The person in charge guarantees that the persons authorized to process personal data within the company undertake expressly and in writing to respect confidentiality and to comply with the corresponding security measures, informing them of the same, and guarantees that the employees authorized to process personal data have received the necessary information on the protection of personal data.
    • 9. Exercise of Rights. The data controller is obliged to assist its employees in exercising their rights of access, rectification, deletion and opposition; limitation of processing, data portability; that they exercise. The exercise of the rights corresponds fully to the data controller, who will be able to access and exercise them in their profile, exempting BILKY from liability for the use of the same.

BILKY will guide the owner of the data to exercise their rights before the data controller, but as it is not responsible for the processing, it cannot decide on its deletion. BILKY cannot access the contents hosted on the service, therefore the user must contact the data controller.

  • 1. It is the responsibility of the data controller to provide the right of information at the time of data collection to its employees. BILKY will provide the necessary information in accordance with the processing it carries out directly with users or customers.
  • 2. Notification of data security violations. BILKY will notify the client or user, before the maximum period of 72 hours, through the email provided in the registration in the service, the security violations of the personal data under its care of which it has knowledge, along with all relevant information for the documentation and communication of such incidence. Notification shall not be required when such security breach is unlikely to constitute a risk to the rights and freedoms of natural persons. If it is not possible to provide the information simultaneously, it shall be provided gradually without undue delay.
  • 3. Communication to the interested parties. If the violation poses a serious risk to the rights and freedoms of natural persons, BILKY will draft and send to the customer or user a model of communication, in clear and simple language, to facilitate the data subjects.
  • 4. BILKY will publish on its website all documentation relating to data protection, with the aim of facilitating the greatest possible transparency. BILKY will pass the relevant audits and obtain certificates of compliance with the regulations, to demonstrate compliance with its obligations.
  • 5. Security Measures. We will adopt at least the Basic level measures, in accordance with the provisions of RD 1720/2007, as well as any security measures required by laws and regulations to preserve the secrecy, confidentiality and integrity in the processing of personal data, in order to ensure the security of personal data and avoid its alteration, processing or unauthorized access, as well as to adopt in the future. We will carry out an information security risk assessment, which will result in the implementation of mechanisms to: a) Guarantee the permanent confidentiality, integrity, availability and resilience of the processing systems and services. b) Restore the availability and access to personal data quickly, in case of physical or technical incident. c) Regularly verify, evaluate and assess the effectiveness of the technical and organizational measures implemented to guarantee the security of the processing. d) Pseudonymize and encrypt personal data, if applicable.
  • 6. Security measures that BILKY will apply to its work centers and to the systems under its control.
  • 7. It shall apply basic level security measures, in accordance with R.D. 1720/2007:
    • a) Draw up its own Security Document, relating to its security infrastructure with the minimum content required by Royal Decree 1720/2007 for the basic level, which includes Delegation of authorizations, a regime of work outside the premises (of the person in charge), including the prohibition to incorporate data of the person in charge in portable devices or to treat them outside the premises of the person in charge and of the person in charge; definition of functions and obligations of the personnel; authorizations for the exit of supports with data, outside its premises, and a frequency for the renewal of the passwords.
    • b) Keep a record of security incidents that may have compromised the confidentiality, integrity or availability of said infrastructure, including: the type of incident, the time of occurrence and the time of detection, the person who detected it, the persons to whom the incident was reported, the effects derived and the corrective measures applied. .
    • c) Logical access control. The application of logical security measures, such as access through networks, protection and deletion of temporary files and working copies, access control to servers and equipment, databases and applications, and identification, authentication and password management, must be guaranteed.
    • d) Media management. The person in charge shall implement media management procedures in its infrastructure that include the identification and inventory of the media, the irreversible erasure or destruction of the media in its disposal, the authorization for the exit of media and the security measures in its transport, aimed at preventing them from being manipulated.
    • e) Backup copy. The person in charge shall make backup copies of the data covered by this contract, with the objective of guaranteeing their integrity and availability even in the event of failures in the basic physical infrastructure, including in the Security Document the type of backup copy and the periodic verification of the copying processes.
    • f) Audit. The person in charge shall carry out security audits to verify the level of adequacy of the security measures implemented in the information and filing systems under his/her control. The frequency shall be every two years, unless it is brought forward because of relevant changes in the information systems. This audit may be made available to the person in charge.

If specially protected data is processed in accordance with the GDPR, the following security measures must also be complied with:

  1. a) Include in the security document the identity of the security officers in charge of implementing the security measures and the audits carried out on the security measures.
  2. b) The restoration procedures carried out by the person in charge shall be recorded, detailing the personnel and data involved as well as the person who authorized the execution of the restoration process.
  3. c) Physical access control. How the physical security of the security infrastructure is guaranteed, including access control to the place where the information systems are located, which shall be limited to the persons in charge of their supervision and maintenance.
  4. d) Logical access control systems shall include mechanisms to limit repeated attempts at unauthorized access. They shall also include an access log detailing user, time, authorized/denied access, type of operation and the record accessed.
  5. e) Media management: This will include a record of incoming and outgoing automated media with medium- or high-level data, and will include encryption in the distribution of such data.
  6. f) Backup copy. The person in charge shall make a backup copy of the data in its possession, guaranteeing its integrity and availability, even in the event of failures in the physical infrastructure. The copy of the data and the restoration procedures shall be carried out in a separate location from the equipment.
  7. g) The person in charge shall designate one or more security officers to coordinate and control the implementation of these security measures.
  8. h) Data shall be encrypted when transmitted over public or wireless networks.
  • 2. Data Protection Officer (DPO).

BILKY appoints a Data Protection Officer, you can verify their identity and contact details in the privacy policy of our website. BILKY may delegate the functions of communication to other users, or change the contact email; provided that they duly authorize it and communicate it to the parties with a week in advance.

  • 1. Obligations of the responsible party. In the event that a user mistakenly sends or shares through BILKY, documentation with another user, or with a third party, and detects that it is wrong, or should not have been shared with that user; the sending user must contact the receiving user or the third party, either through the email provided, or from any other means of identification of that user or third party, to ask them to delete the documentation sent or shared erroneously.
  • 2. The user declares that he/she has informed and consents to send the information sent to the recipients whose e-mail address he/she provides to BILKY. In case of not having requested consent, he/she will be fully responsible for any complaints or claims that the customer may address.
    1. a) To deliver to the person in charge the data necessary for the provision of the service.
    2. b) Carry out an assessment of the impact on the protection of personal data of the processing operations to be carried out by the processor.
    3. c) Carry out the appropriate prior consultations.
    4. d) To ensure, prior to and throughout the processing, compliance with the GDPR by the processor.
    5. e) Supervise treatment, including the performance of inspections and audits.
  • 3. Breach. Failure of the parties to comply with the obligations of this agreement shall make them liable before the Data Protection Authorities, or before any third party, for any infringements that may have been committed as a result of the execution of this agreement, or for non-compliance with the legislation in force.
  • 4. Liability. The parties shall be liable for all damages in all cases of negligent or culpable conduct in the performance of their respective obligations under this agreement. None of the parties shall assume any liability for the non-performance or delay in the performance of any of the obligations under this agreement if such non-performance or delay is the result or consequence of an event of force majeure or fortuitous event admitted as such by Jurisprudence, in particular: natural disasters, war, state of siege, disturbances of public order, transport strike, power failure or any other exceptional measure adopted by the administrative or governmental authorities.
  • 5. Confidentiality. The parties guarantee that they will maintain the strictest confidentiality and express compliance with the duty of professional secrecy during the term of the provision of services and after its termination.

The person in charge during and after the term of this agreement shall treat all information owned by the person in charge as strictly confidential, taking the necessary measures so that its contents are not disclosed to third parties, nor can they have access to them without the express authorization of the person in charge. For the purposes of this agreement, confidential information shall be deemed to be any information that may be disclosed by word, in writing or by any other means or medium, tangible or intangible, currently known or to be invented in the future, whether exchanged as a result of this contractual relationship or that one party indicates or designates as confidential to the other.

  • 1. Notifications

Any notice required for the purposes of this agreement shall be given in writing to the attention and at the address shown at the head of this agreement.

  • 1. Information on data protection to the intervening parties.
  • 2. The personal data provided by the parties to this contract, for cases in which they are a natural person or in the case of representatives of a legal entity will be incorporated into a file whose ownership corresponds to each of the parties respectively. The purpose of the collection and treatment of the information is the management and maintenance of the commercial or professional relations established, as well as to keep informed of new obligations, services and offers. Also both parties are informed of the possibility of exercising their rights of access, rectification, cancellation and opposition, with respect to their personal data, being able to exercise these rights in writing by letter addressed to the address of the party concerned. For further information, please click here: Privacy Policy
  • 3. General.
    1. a) This agreement contains the entire agreement between the parties on the same subject matter and supersedes and replaces any previous agreement, verbal or written, reached by the parties. In the event of contradiction with any other previously signed agreement, the provisions of this agreement shall prevail.
    2. b) Nothing in this agreement implies identity of parties, or that one is considered the agent of the other. Neither party shall be liable for any statement, act or omission of the other party contrary to the foregoing.
    3. c) Any modification of the contents of this agreement shall only be effective if made in writing and with the consent of both parties.
    4. d) The failure of either party to enforce any of its rights under this agreement shall not be deemed to constitute a waiver of such rights in the future.

12. Applicable Law and Jurisdiction

The Parties, by mutual agreement, submit in all matters not expressly regulated in this contract to the precepts contained in the Spanish laws and other legal provisions.

The Parties that do not have the consideration of Consumers and Users according to their specific regulations, expressly waiving the forum that may correspond to them, agree that any litigation, discrepancy, question or claim resulting from the execution or interpretation of this agreement or related to it, directly or indirectly, shall be resolved before the Courts and Tribunals of Madrid city.

The Parties that are considered Consumers and Users according to their specific regulations, may process any claim before the corresponding Court or Tribunal, unless the purchasing party is domiciled outside the European Union, and in that country there is no bilateral or multilateral agreement with Spain that prevents the possibility of establishing the express submission of the jurisdiction.

13. Validity of the Terms and Conditions

In the event that a provision of this contract is, becomes or is declared ineffective, null and/or unenforceable, this shall not affect the effectiveness of the remaining provisions, which shall remain fully valid and effective. The provision in question shall be deemed to be replaced by another provision which is valid, effective and enforceable and which comes as close as possible to the purpose and spirit of the provision being replaced.

14. Withdrawal.

If you are not satisfied with the products, you have the right to withdraw from the contract by returning your money. The term will expire 14 calendar days from the day you purchased the service. Once the contract is terminated, we will refund the amounts paid.

The consumer must communicate their desire to withdraw by any means admissible in law: by calling 910 059 332, an email to atencionalcliente[@]bilky.es, or a letter to the address listed in these conditions: C/ Apolonio Morales, 6 Local I - 28036 Madrid

However we provide a withdrawal form at the end of this point, the use of which is not mandatory. Upon receipt of the notice of withdrawal, BILKY EUROPE SL will proceed to return within a maximum period of 14 days the amounts of money paid by the user, including taxes, without any discount or penalty. The refund will be made by the same means by which you paid, unless you tell us otherwise.

The right of withdrawal is only valid for consumers, including legal persons and unincorporated entities acting on a non-profit basis outside a trade or business. Traders or entrepreneurs who purchase products in the course of a trade or business are not entitled to the right of withdrawal.

15. Online Dispute Resolution.

In accordance with the provisions of EU Regulation 524/2013 on Online Dispute Resolution (ODR - Online Dispute Resolution), we inform you that as a consumer, you have at your disposal a procedure for resolving various disputes arising from the online sale of goods and services in the EU.

The EU ODR (Online Dispute Resolution) platform is available to you:

http://ec.europa.eu/consumers/odr/

For more information, please click on the following link:

http://eur-lex.europa.eu/legal-content/ES/TXT/PDF/?uri=CELEX:32013R0524