In accordance with article 10 of the Law 34/2002, of 11 of July, on services of the Society of Information and Electronic Commerce (hereinafter, the “LSSICE”), article 13 of the Regulation (EU) 2016/679, of 27 of April, 2016 general data protection (RGPD) and the current the Organic Law 3/2018, of 5 of December, of Personal Data Protection and guarantee of digital rights (LOPD).

Responsible for the treatment:
INTERCAMBIO ELECTRÓNICO DE DOCUMENTOS, S.L. (hereinafter “eDiversa Group”) - CIF: B63383830.
Address: C/ Diputación, 119, 4º 1ª, 08015 - Barcelona.
Telephone: 931 833 790.

Data typology

The data treated will be the following: name and surnames, contact telephone number, email, Fiscal Identification Number (N.I.F.) or Fiscal Identification Code (C.I.F.) , Company name, contact person, their position, name and surnames of the rest of the users, contact telephone, mobile phone, email and any other information necessary for their identification in the web.

Purpose of the treatment:

To maintain a sales relationship with the User. The forecasted operations to be carried out are the following:
  • Offer of information and contact to all users that access and interact in the web.
  • Provision and management of interchange and document management services.
  • Administration and invoicing of the services contracted.
  • Delivery of commercial communications, whenever previously authorized, by email, SMS, direct messaging or any other electronic or physical media, present or future, that allows commercial communications.


Request, use and hiring of the Service for a correct management of the solicited service.
Legitimate interest from the company responsible for the Service contracted by client.
Explicit consent by the user for promotional purposes through the management of mailing.
Fulfillment of applicable legal obligations in the transfer of data to organisms or public authorities, whenever they are required in compliance with legal and regulatory provisions.


The data will be kept during the time there is a contractual and commercial relationship with us as well as the time necessary to fulfill legal obligations.


Unless legally obligated, eDiversa specifically informs and guarantees users that their personal data will not be given to third parties except when there is express, informed and unequivocal consent requested by the interested parties. Exceptionally, data can be transferred to companies of the business group of eDiversa, especially the companies OMA TECHNOLOGIES, SL, Ronda Universitat 31, 5- 4 and CIF B62567318 (OMATECH) and the company DATA JUICE SOFTWARE, S.L., Parque Empresarial Zuatzu, Edificio Urumea, 2nd floor, office 1, 20018, Donostia, and CIF B01645977R (DataJuice). In the case of data transfer to third parties who offer services to the clients of eDiversa, they will be regulated through a contract of responsibility of treatment in order to guarantee personal data treatment in compliance with that established in current legislation.

Data communication and transfers:

If necessary and exclusively for the fulfillment of the purposes of this data processing, the company will communicate the data to external service providers and consultants.

Among others, transfer will be made to these companies:

Country : USA
Services: Cloud Services
Guarantees: Privacy shield
You can request at any time the details of those in charge of treatment by contacting us using contact data located in the Legal Warning.

User rights:

In accordance with the LOPD and the RGPD, the User can exercise rights in relation to the data held by the Company:
Access: right to solicit and obtain, at no charge, information of the data being treated, the origin and the communications made or to be made.

Rectification: right to modify incorrect or incomplete data.

Cancellation: right to delete inadequate or excessive data.

Opposition: right to impede the treatment of the data when the consent for the treatment is not necessary due to a legitimate and founded reason, when there are files whose purpose is for advertising activities and commercial prospects, when the treatment is to make a decision referring to the affected and based only on an automated treatment of the personal data.
Portability: right to receive the personal data in a structured manner, of common use and mechanical reading to send it to another RT.

Profile evaluations: foresees the right to not be object of a decision based solely on the automated treatment (including the elaboration of profiles) that produce legal effects to the affected or that significantly affect them.

Limitation: right to obtain the limitation of the treatment of data in legally anticipated cases.

The exercise of the rights will be in writing accompanied by a copy of the official document that identifies it and directed to the person responsible for the treatment. In the case of disconformity with the treatment, there is also the right to present a reclamation before the control authority (AEPD).

You can find forms to exercise your rights at the website of the Data Protection Agency (

Security measures:

eDiversa Group complies with the current data protection laws, and states that all data is treated in a lawful, legal and transparent manner in regards to the interested party and adequate, pertinent and limited to that for which they are intended.

eDiversa Group at it has implemented the technical and organizational policies appropriate to apply the security measures that the current data protection regulation establishes in order to protect the rights and liberties of the Users and that it has communicated the adequate information so they can exercise them. Also, the Company guarantees that the personnel and its consultants have the knowledge necessary in accordance with the data protection regulation.

The personal data collected will be saved and managed in observance with the liabilities of confidentiality that are required in attention to the services offered, applying the computer security measures established in the legislation applicable to impede the access or incorrect use of the data, its manipulation, impairment or loss.

In the improbable case of a “security violation” defined by the Control Authorities, like all incidents that cause the destruction, loss, accidental or illicit alteration of personal data sent, conserved or treated or when there is an unauthorized communication or access, the Company will notify the AEPD and the User on the nature of the violation, the category and approximate number of people and data registers affected, the name and contact data of the DPD or failing that of the person responsible at the AEPD of the Company, the measures or proposal adopted to remedy the security violation, including, if necessary, the measures applied to reduce the negative effects.

The information provided by the User, their personal data, which is necessary to offer services by the Company, will be saved and managed in observance with the liabilities of confidentiality that are required in attention to the services offered, applying the computer security measures established in the legislation applicable to impede the access or incorrect use of the data, its manipulation, impairment or loss.