CONTRACT CONDITIONS NOTICE: For all legal purposes, the Spanish language version of the contract conditions shall be the legally binding one. This English language version is a translation and may contain errors.
Last updated: May 8, 2026.
Version: V2
This legal instrument constitutes the Privacy Policy and the applicable Data Processing Agreement, which is mandatory for all users, visitors, and clients who access, browse, or interact with the digital ecosystem operated by Fiscaledge S.L., covering both the main informative web domain and the software-as-a-service infrastructure hosted on its associated subdomains. For the purposes of strictly complying with the information requirements set forth by the General Data Protection Regulation of the European Union and the Organic Law on the Protection of Personal Data and Guarantee of Digital Rights, Fiscaledge S.L. is unequivocally identified as the managing entity of the platform marketed under the name Taxolé, with Tax Identification Number B22471056 and its registered office for notification purposes located at Calle María de Molina, 39, floor 3, 28006 Madrid, Spain.
An absolute hermeneutic and material differentiation is established regarding the legal positions adopted by the company; on one hand, Taxolé assumes the non-waivable status of Data Controller exclusively regarding data generated by web browsing, analytical marketing metrics, and administrative and billing information inherent to the subscription of the software service itself. On the other hand, and concurrently but separately, regarding the entire body of data, third-party client lists, product listings, and billing records that the User independently enters, hosts, or processes within the application environment, the User shall originally and non-delegably hold the status of Data Controller, with Taxolé limiting itself to acting strictly and passively as a Data Processor, subjecting said activity to the mandatory rules of the Processing Agreement integrated into the architecture of this document. Any communication aimed at safeguarding privacy or exercising rights must be channeled inexorably through the official electronic channel [email protected].
Categorization of Collected Information and Purpose of Processing
The collection of personal information is structured in two clearly differentiated operational aspects. In the browsing and marketing aspect deployed in the public domain, automated systems capture, in a silent but consented manner, internet protocol addresses, chronological timestamps, unique device identifiers, and complex analytical behavior patterns through the technical implementation of consolidated industry third-party solutions such as Google Analytics, Google Search Console, and Google Ads advertising networks. Likewise, through lead capture forms, basic identification data such as first name, email address, and telephone contact number are proactively collected, which are injected and managed through the customer relationship management infrastructure operated by the Pipedrive platform. The teleological purpose, unique and exclusive to this superficial collection, focuses on ensuring the operability of the site, performing web performance metric analysis, articulating direct commercial prospecting campaigns, and providing support in the pre-sales phase, with the lawfulness of this processing being based entirely and irrevocably on the affirmative, free, and prior consent granted by the user in accordance with European regulations.
In a second aspect, inherent to the material provision of the software service through the cloud application, the system mandatorily requires the deep collection of account data, including the corporate name, Tax Identification Number, structured address, and sensitive payment information, which is tokenized and processed under the highest security standards by the Stripe financial gateway. Simultaneously and critically, automated identity validation and real-time verification processes are executed against official European censuses such as the VIES system, configuring a strict know-your-customer protocol intended to prevent documentary fraud and guarantee the legitimacy of transactions. This deep processing finds its unbreakable legal foundation in the imperative need to execute the service provision contract, as well as in the unavoidable compliance with tax legal obligations incumbent upon the technological provider.
Express Authorization for Social Collaboration and Tax Transmission
A structural pillar of the Taxolé platform is its full approval and technical adaptation to the rigorous dictates of the Billing Computer Systems Regulation, universally referenced as the Verifactu system, derived from the current Law on measures to prevent tax fraud. To materialize and enable the instantaneous data submission functionality required by said regulation, the User, through the electronic acceptance of these policies, grants a conscious, express, and formal representation mandate in favor of Fiscaledge S.L., fully authorizing it to act under the legal umbrella of the Social Collaboration Agreement applicable before the State Tax Administration Agency.
This voluntary acceptance is established and acquires the evidentiary value of a standard representation document, enabling the technological provider not only to perform the automated, sequential, and encrypted transmission of registration and cancellation billing records on behalf of the client but also to intervene technically in the resolution and correction of submission error codes determined by the public administration servers. The User retains in their sphere of control the sovereign power to revoke this direct submission mandate at any time during the commercial relationship, an action that will exclusively require modifying the configuration parameters of their account to the local conservation operational modality known as “No VeriFactu,” assuming from that moment full responsibility for safeguarding the electronic signatures generated.
Exceptional Regime for Conservation, Legal Blocking, and Limitation of Rights
The technical nature and functional design of the Taxolé software, specifically conceived to comply with the requirements of unalterability and traceability imposed by Spanish anti-fraud legislation, impose an exceptional, restrictive, and severe modulation on the general principles of limitation of the conservation period and data deletion. The User is reliably and unequivocally warned that all invoices issued, system event logs, and generated cryptographic traces acquire an unalterable and persistent character from the very millisecond of their creation. Consequently, this critical fiscal information will be mandatorily conserved and subjected to a rigorous state of technical and procedural legal blocking for an impassable minimum period of four years, in strict observance of the limitation periods dictated by the General Tax Law, and this period may extend to the maximum threshold of six years required by the commercial provisions of the Commercial Code. This imperative public law obligation collides directly and prevails hierarchically over the right to deletion or the right to be forgotten that the User could invoke, with the platform being absolutely unable and legally disabled to proceed with the elimination, physical deletion, or overwriting of those current transactional data that constitute the evidentiary support of tax obligations before the Tax Agency. For its part, information collected for purely analytical or promotional communication purposes will be conserved in the company’s repositories only and exclusively until the precise moment when the User decides to exercise their legitimate right to withdraw the previously granted consent.
Network of Sub-processors, International Transfers, and Security Architecture
To ensure the resilience, high availability, and global scalability of the service, Taxolé relies on a strategically selected network of top-tier technology providers, who assume the legal role of sub-processors. The operational transfer of data to the Amazon Web Services infrastructure for hosting in servers located predominantly within the European Union, to the Cloudflare network for the mitigation of cyberattacks and perimeter security, to the Stripe gateway for uninterrupted processing of recurring payments, to the Pipedrive system for managing commercial relationships, and to the SendGrid platform for transactional email distribution is expressly authorized.
Taxolé guarantees, under its exclusive corporate responsibility, that any eventual international transfer of data to jurisdictions located outside European borders is robustly protected and shielded through the adherence of said providing entities to the approved international data privacy framework, or in its subsidiary absence, through the unavoidable formalization and signing of the relevant Standard Contractual Clauses approved by the European Commission. In the field of information security, the provider deploys a defense-in-depth architecture, implementing systematic and mandatory encryption of all communications through advanced cryptographic protocols in transit and at rest, as well as the uninterrupted execution of incremental and daily backup routines. In the pathological event that a security breach materializes that compromises the confidentiality, integrity, or availability of the hosted data, Fiscaledge S.L. assumes the unavoidable legal commitment to issue the relevant notifications to the Spanish Data Protection Agency and the affected users within a maximum and peremptory period of seventy-two hours from the time confirmed and technical knowledge of the incident is obtained.
Guarantee and Mechanisms for the Exercise of Data Subjects’ Rights
The User, in their inalienable condition as the owner of the personal data, retains at all times, in an unrestricted and free manner, the right to exercise the control prerogatives over their information consecrated in the European legal system. This includes the right of access to know what data is being processed, the right to rectification to correct manifest inaccuracies in their profile, the right to limitation of processing in situations of legal controversy, the right to portability to receive the entirety of their business intelligence in a structured and machine-readable format, and the right to object to the use of their data for direct marketing purposes. Likewise, the right to deletion is explicitly recognized, although the User accepts and understands beforehand that the material execution of this right is heavily conditioned and severely restricted by the unavoidable legal obligations of unalterable conservation of tax records detailed exhaustively in the preceding paragraphs (specifically in the paragraph “Exceptional Regime for Conservation, Legal Blocking, and Limitation of Rights”). The materialization and the formal channel for the exercise of any of these rights must be mandatorily carried out by sending a reliable written communication addressed to the institutional electronic address dedicated for this purpose ([email protected]), with the owner being advised that they have the sovereign power, in case of considering their rights violated, to file any claim, complaint, or discrepancy they consider appropriate before the competent national control authority, uniquely represented in Spanish territory by the Spanish Data Protection Agency through its electronic headquarters.
Data Processing Agreement
This paragraph is established, constitutes, and deploys its full legal effects as the mandatory Data Processing Agreement, forged in strict subjection to the imperative mandates of article twenty-eight of the General Data Protection Regulation, regulating in a meticulous and exhaustive manner the processing that Fiscaledge S.L., acting exclusively under the subordinate figure of Processor, performs on behalf, in the name, and under the full assumption of responsibility of the Client, who holds the hierarchical position of Data Controller. The sole, instrumental, and rigidly defined purpose of this assignment is limited to the secure hosting, database structuring, and computational processing of the information strictly necessary to guarantee the operation of the native functionalities of the contracted billing software. The Data Processor assumes the grave contractual obligation to subject the processing of data only and exclusively to the precise, documented, and lawful instructions given by the Controller, it being understood that said instructions are materialized in the very architecture of use of the platform and unbreakably limited by the technical barriers imposed by anti-fraud regulations and the national billing regulations themselves. The Controller grants their general, explicit, and fully informed authorization for the subcontracting of the cloud infrastructure technology sub-processors previously detailed in this legal body, with the Processor assuming the unavoidable responsibility of imposing on them privacy and perimeter security obligations identical or superior to those agreed upon here.
Fiscaledge S.L. solemnly and audifiably certifies that all human personnel, whether direct employees or independent contractors who have logical access to the Client’s information repositories, are constrained and bound by contractual obligations of extreme confidentiality and absolute professional secrecy, obligations that will endure unchanged even after the termination of their employment relationships. Upon completion or termination of the main software services contract, the Controller will have the technical mechanisms enabled in their administration interface to carry out the full export and recovery of their corporate data; however, and in view of the indelible nature of the tax records required by the Tax Agency in its audit programs, the Processor will not proceed to the physical destruction of the billing databases but will execute their retention in a state of strict, opaque, and encrypted legal blocking for the uninterrupted duration of the tax limitation periods ranging from four to six years.
Given the constant evolution of technology and Spanish tax legislation, Fiscaledge SL reserves the right to modify or update this Privacy Policy, as well as the terms and conditions of its plans and commercial rates, at any time. Users will be notified of any substantial changes with reasonable advance notice, which will always be at least fifteen (15) calendar days prior to their effective date.
Given the constant evolution of technology and Spanish tax legislation, Fiscaledge SL reserves the right to modify or update this Privacy Policy, as well as the terms and conditions of its plans and commercial rates, at any time. Users will be notified of any substantial changes with reasonable advance notice, which will always be at least fifteen (15) calendar days prior to their effective date. The validity, interpretation, application, and resolution of disputes arising from this Engagement Agreement shall be subject, without exception, exclusively, and solely to the substantive laws of the Kingdom of Spain and to the jurisdiction of the courts and tribunals physically located in the city of Madrid, with the contracting parties waiving any other jurisdiction that might apply to them by reason of their present or future domiciles.