Privacy policy

This PRIVACY POLICY forms an integral part of the Legal Notice on the FACEPHI and will inform you as to how and why we process information, and for how long, as well as the rights you enjoy in this regard when using our website and applications, or contacting us via any other channel.

The data that you provide us with must be correct and current, in this sense you guarantee their authenticity and accuracy. Where necessary, we would ask you to inform us of any change to your data, swiftly and diligently, for the sole purpose of allowing us to keep our database constantly updated and free of any error regarding the data.

In accordance with the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016 (hereinafter, the “GDPR”) and Spanish Personal Data Protection Act 3/2018, of 5 December 2018, FACEPHI will update this Privacy and Data Protection Policy to adapt it to regulatory amendments, court pronouncements or instructions issued by the various supervisory authorities, as well as the guides of the Spanish Data Protection Agency and those of the European Data Protection Board. FACEPHI customers or users are therefore advised to check this text regularly.

By accepting this Policy, the user confirms that they have read and understood how their personal data are processed. Users may channel any queries in this regard via the FACEPHI DPO.

The following definitions are established to assist in understanding this document:

DATA CONTROLLER: FACEPHI BIOMETRÍA SA (Facephi), of Tax Identification Code A-54659313 and LEI number: 959800H5NSTQNR25786, with registered office at Avenida Perfecto Palacio de la Fuente 6, 03003, Alicante – Spain, registered in the Companies Register of Alicante in Volume 3634, Page 63, Sheet A-131726.

AEPD: The Spanish Data Protection Agency (‘Agencia Española de Protección de Datos’) is the data protection authority in Spain. For further information in this regard, please consult their website

GDPR: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation).

FACEPHI DPO: The Data Protection Officer, responsible for overseeing compliance with data protection regulations on the FACEPHI Portals. The contact address is [email protected]

FACEPHI Portals: Channels, operating free of charge or for payment, providing access to the range of information, content, commercial communications and elements of interest to Users.

User: An individual registering or using their access credentials on any of the FACEPHI Portals. Likewise, any individual (whether as a member of the organisation or external to it) accessing (by invitation or as the organiser of a meeting) and using the Teams tool linked to FACEPHI for professional, commercial or equivalent purposes.

FACEPHI is subject to compliance with Spanish and European regulations governing data protection and information society portals. (Regulation (UE) 2016/679 of the European Parliament and of the Council, of 27 April 2016 (hereinafter, the “GDPR”), Spanish Personal Data Protection and Guarantee of Digital Rights Act 3/2018, of 5 December 2018, and Spanish Information Society Portals and Electronic Commerce Act 34/2002, of 11 July 2002.

In accordance with the purposes mentioned below, FACEPHI processes the following categories of data:

  • Identification data: full name, postal address, email address, postcode, telephone number.
  • Academic and professional data: training/qualifications, student record, professional experience, membership of professional institutions or associations, in the case of selection processes.
  • Commercial information data:
  • Data may also indirectly be collected from external sources through browsing on our website, with the setting of various cookies on your device, provided that they have been accepted in advance.


The personal data requested are necessary, and a refusal to provide them will therefore make it impossible to provide the intended services.

The user guarantees that the data provided are true, precise, complete and updated, and is responsible for any direct or indirect damage or loss that might arise from a breach of said obligation. Users providing the data of third parties declare that they have received their consent, and undertake to inform them of the contents of this clause, releasing Facephi from any corresponding liability. Facephi may nonetheless conduct verifications to confirm this circumstance, adopting the relevant due diligence measures in accordance with data protection regulations.

Use of the FACEPHI Portals is monitored by devices housed in the User’s browser, which can subsequently be read for various statistical, analytical and advertising purposes. For further information in this regard, users may consult: Link to the cookies policy.

Consent is the expression of free, specific, informed and unequivocal will by which a person accepts, through a clear affirmative action, the processing of their personal data.

Facephi will not carry out the processing of personal data unless the User consents or expressly requests it.

The data provided by Users on the FACEPHI Portals may be used for various purposes in accordance with the legitimate basis for processing and which are detailed below:

Personal data will be processed solely and exclusively for the purpose of keeping you informed about our products and portals, in addition to all information considered to be of a commercial nature. A “commercial profile” will be drawn up for this purpose on the basis of the information provided. No automated decisions will be taken on the basis of this profile.

The personal data provided in CVs will be processed solely for the purpose of inclusion in the database of potential applicants for employment at Facephi Biometría SA, on the basis of their legitimate interest.

The personal data provided will be processed solely to administer and respond to requests for information, queries, consultations, suggestions or complaints connected with the data controller’s activity as a listed company.

The personal data provided will be processed solely and exclusively to identify you and to administer the process of the request for registration as a new Partner/Customer. Undertake commercial actions, sending of communications tailored to your profile and activity for commercial purposes, providing information about products and portals allowing us to offer you products and portals by any means, including electronic channels. Provide support portals, where necessary.

Audiovisual recording of sessions organised by means of the Teams tool to offer the possibility of subsequent viewing, guarantee accessibility to content by attendees who, for technical, technological, personal or health reasons, among others, were unable to log on, and/or to create materials for study or work.

Those aged under 14 years must not register on the FACEPHI Portals. If FACEPHI detects any users who could be aged under 14 years, it reserves the right to cancel their accounts.

The processing of your data may be based on the following legal grounds:

Article 6(1)(a) of the GDPR. The data subject provided their consent for processing in completing the forms for the sending of commercial communications and information tailored to their user profile.

The relevant contractual and pre-contractual measures will be applied for the performance of sale and purchase contracts and the supply of licences and/or provision of professional portals agreed by and between Facephi and its customers, such as the private customer area of the Facephi DEMO. In accordance with GDPR Articles 6(1)(a) The data subject has given their consent to the processing, and 6(1)(b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

Article 6(1)(b) GDPR: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject…”.

  • Optimisation of business resources and improvement of the business, in addition to internal policies and reports with profiling by means of browsing on the website by a customer or user registered on the platform, in addition to all those users who have provided us with data for any other purpose.
  • Profiling for the sending of information about promotions of our products and services regarding which they have shown prior interest, in addition to the latest news and information tailored to their user profile.
  • The legitimate interest of Facephi lies in being able to guarantee that our website remains secure, furthermore assisting us in understanding user needs, expectations and satisfaction, thereby allowing us to improve our portals and products. All actions are performed in order to improve the level of user satisfaction and ensure a unique browsing experience and potential contractual agreement.

For the prevention of fraud, collaboration with Public Authorities and/or any possible third-party complaints. Article 6(1)(c) GDPR “Processing is necessary for compliance with a legal obligation to which the controller is subject”.

These purposes will be developed from the point at which the User registers on the FACEPHI Portals and until they process cancellation of their User status or exercise their right of erasure, or revoke the consent granted under the terms specified in this Policy.

The User’s personal data will be processed for as long as they maintain user status on the FACEPHI Portals, in other words until they cancel their account, revoke any consent that has been given, or exercise their rights of erasure or objection.

In the case of those who cancel their account to exercise their right of erasure, objection or revocation of the consent given, their data will be blocked and stored in restricted status for a period of 5 years in order to address any possible liabilities derived from processing vis-à-vis the competent authorities.

FACEPHI will not transfer the User’s personal data to any third party without the existence of a legal basis legitimating such transfers.

FACEPHI will, for all cases described below, apply the strictest data anonymisation and pseudonymisation measures.

Your data may be transferred only in the following cases, where there is a legal obligation to do so:

  • To Judges and Courts, in fulfilment of legal obligations or demands, or within the context of court proceedings;
  • To the Tax Office, to fulfil taxation obligations;
  • To Financial Auditors, to fulfil financial obligations,
  • and to any third parties to whom the data must be transferred, in accordance with the regulations in force as applicable to each case, such as the responsible public authority bodies for control, registration and inspection purposes.

Nonetheless, should it prove necessary at any time in the commercial relationship to communicate your data to any third party not covered by the above circumstances, such communication will not take place without your explicit consent, and in the legally established manner.

As a consequence of any Facephi services that you may contract, certain suppliers could have access to your data (such as data processors), which is in all cases performed with appropriate guarantees and in accordance with the regulations established by the GDPR, on the basis of data processing contracts signed with them.

The User’s personal data will be hosted on servers within the European Union.


We will not as a general rule transfer or communicate your personal data to third parties nor conduct data processing operations in territories located outside the European Economic Area. If such transfers do take place, FACEPHI has adopted the necessary means to protect your personal information upon transfer from the European Economic Area to third countries. We may trust in the adequacy decisions of the European Commission concerning certain countries, as applicable. We furthermore rely on standard contractual clauses (SCC) approved by the European Commission in our contracts with third parties that receive information from both within and outside the European Economic Area, or that transfer it on the basis of the permitted legal exceptions.

Users may modify their privacy preferences, revoke any consent they may have given, object to processing, request portability and cancel their account on the FACEPHI Portals from the user area, by identifying themselves on any of the FACEPHI Portals.

Users may likewise revoke any consent they may have given and exercise rights of access, rectification, erasure, objection, portability and restriction by contacting FACEPHI by email at the address [email protected]

It is important for Users to make the request from the email address that they used upon registering, to provide accreditation of their identity with a scanned copy of their ID document or equivalent document, and clearly to specify the right they wish to exercise.

The recommendation is for users to provide all information as to the FACEPHI Portals that they use or have used, in addition to the personal data that they provided upon registration in order to be able properly to address their request.

Users are also entitled to file a complaint or grievance with the AEPD. Further information in this regard is available at

The use of FACEPHI Portals entails acceptance of the Privacy Policy and of these conditions, and also any specific conditions that might apply, which will at all times be available together with the chosen Portals, and will form part of the Agreement with FACEPHI when using the FACEPHI Portals.

FACEPHI is the holder of all intellectual property rights in the content of the FACEPHI Portals, protected by intellectual property rights.

Users providing content via the FACEPHI Portals must ensure that they hold all rights required in order to allow such content to be displayed via the FACEPHI Portals.

Use of the FACEPHI Portals does not entail a transfer of intellectual property rights to the User, unless explicitly indicated otherwise.

Users undertake to respect the intellectual property rights of FACEPHI or of any other third party. The intellectual property of the content herein is owned by FACEPHI or third parties, and no rights of exploitation or any others that exist or could exist over such Content may be construed as having been assigned to the User or Customer.

FACEPHI declines all liability for any damages of any kind that might result from errors or omissions in the content, unavailability of the FACEPHI Portals, or the transfer of viruses or malicious or harmful software in the content, wherever this is the result of conduct free of bad faith, and all necessary measures to avoid this have furthermore been adopted.

FACEPHI reserves the right without prior notice to make any relevant amendments to the FACEPHI Portals, and may replace, remove or add both the content and the Portals provided, and the manner in which they are presented or located.

FACEPHI reserves the right to deny or withdraw access to any of the FACEPHI Portals without the need for prior notice, on its own initiative or at the request of a third party, in the case of any Users that are in breach of these General Conditions of Use.

Users undertake to make appropriate use in good faith of the content and Portals provided by FACEPHI via its Portals, including, without being confined to, not using them to commit any unlawful or illegal activities, or any in breach of good faith and public policy; distribute content or propaganda that is racist, xenophobic, illegal/pornographic, in defence of terrorism or in violation of human rights; cause damage to the physical and logical systems of FACEPHI, of its suppliers or third parties, insert or distribute via the network computer viruses or any other physical or logical systems liable to cause the aforementioned damage; attempt to access and, where applicable, use the email accounts of other users and modify or manipulate their messages.

The Users of some FACEPHI Portals may be authorised to generate content in some areas of these Portals. Such content must in all cases respect intellectual property regulations, and the right of personal reputation, privacy and image.

FACEPHI reserves the right to remove any comments and contributions that are in breach of the standards of respect set out in this policy, or that violate respect for personal dignity, or any that are discriminatory, xenophobic, racist, pornographic, in breach of the rights of young people or children, public policy or security, or any that in the judgment of Facephi would not be appropriate for publication.

Users must refrain from deleting, altering, evading or manipulating any protection device or security system installed on any of the FACEPHI Portals.

Users will likewise refrain from using the content of the FACEPHI Portals for inclusion on other portals or websites.

If inappropriate use of its Portals is detected on the part of any User, FACEPHI reserves the right to exclude that User from them.

If FACEPHI believes that there has been a breach of the stipulations and conditions that Users undertake to comply with by accepting this Policy, it may proceed to cancel that User’s account. This cancellation will take place at the discretion of FACEPHI, and without the need for prior notice.

The relationship between FACEPHI and the User shall be governed by the Spanish regulations in force, and any dispute will be brought before the Courts that enjoy legal jurisdiction. If the User is not a natural person, the Courts enjoying jurisdiction will be those of the City of Alicante.

FACEPHI will pursue any breach of these conditions and any improper usage this website by bringing any civil and criminal action to which it might be entitled in Law.

FACEPHI may at any time amend the conditions here established, to be duly published as they here appear.

These conditions will be in effect during the time they are displayed and will be valid until they are amended by other duly published conditions.