VisionF2F Privacy Policy

Introduction and scope of application

This Privacy Policy regulates the processing of personal data carried out by BENHER TECH SOLUTIONS, S.L. (hereinafter, "BenHer") through:

1.1. The website accessible at https://www.visionf2f.es and any other domains or subdomains owned by BenHer linked to the VisionF2F brand (hereinafter, the "Website").

1.2. The VisionF2F platform offered in SaaS mode for fundraising agencies and non-profit organizations (hereinafter, the "Platform").

1.3. Contact forms, demonstration requests, commercial communications and technical support related to VisionF2F.

Data processing is carried out in accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD) and Law 34/2002 (LSSI).

Access to or use of the Website and/or the Platform implies reading and understanding this Privacy Policy.

Data controller

For the processing described in this Privacy Policy related to the Website, commercial management and customer account administration:

Controller: BENHER TECH SOLUTIONS, S.L.

Tax ID: B21656855

Registered and tax address: Plaza Ciudad de Viena, 6, Torre Metropolitana, 28040, Madrid (España)

Contact phones: +34 632 373 946 / +34 627 54 46 18

Email: info@visionf2f.com

Website: https://www.visionf2f.es

Commercial Registry registration data: Registro Mercantil de TARRAGONA, Folio electrónico, Hoja T-63639, Inscripción 1.

BenHer is the owner and provider of the VisionF2F solution and acts:

a) As DATA CONTROLLER with respect to:

  • Data of Website visitors.
  • Data of potential customers and commercial contacts.
  • Data of representatives and authorized users of agency and NGO clients.

b) As DATA PROCESSOR with respect to:

  • Data of partners, donors or third parties entered into the Platform by agency or non-profit organization clients, in accordance with the contracts and data processing agreements signed with said entities.

Categories of data subjects and types of data

3.1. Website visitors and information requesters

  • Identifying information: first name, last name.
  • Contact: email, phone.
  • Basic professional data: entity, position when provided.
  • Minimal technical connection data strictly necessary for secure browsing (server logs).
  • Currently no cookies are used for analytical or advertising purposes.

3.2. Customer representatives and Platform users

  • Identifying information: first name, last name.
  • Professional: organization, role or position, user permissions.
  • Contact: corporate email, phone.
  • Usage data: access logs and operations performed on the Platform necessary for service management, security and traceability.

3.3. Data processed as data processor (partners/donors/third parties)

According to the instructions of the controllers (NGOs/agencies), the Platform may host, among others:

  • Identifying and contact data.
  • Economic data and payment methods linked to donation or membership fee management.
  • Data relating to the relationship with the responsible entity (registrations, cancellations, contribution history, fundraising channel, etc.).

The specific definition of data categories and purposes corresponds to each NGO/agency as data controller and is established in their own policies and in the processing agreements signed with BenHer.

Processing purposes (BenHer as controller)

BenHer will process personal data, as controller, for:

4.1. Handling requests and contacts

Managing inquiries submitted through Website forms, email or phone, including requests for information or Platform demonstration.

Legal basis: application of pre-contractual measures (art. 6.1.b GDPR) and legitimate interest in responding to requests (art. 6.1.f GDPR).

4.2. Management of contractual relationship with clients

  • Registration and administration of customer accounts.
  • Management of authorized Platform users.
  • Billing, collections, technical support and operational communications.

Legal basis: contract performance (art. 6.1.b GDPR).

4.3. Security and access control to the Platform

  • Identity verification of authorized users.
  • Recording of access and relevant operations on the database (logs) to ensure security, information integrity, fraud prevention and traceability.

Legal basis: legal obligation regarding security when applicable (art. 6.1.c GDPR) and legitimate interest in ensuring service security (art. 6.1.f GDPR).

4.4. Informative and commercial B2B communications

Sending information about updates, improvements, technical or functional news about VisionF2F to professional contacts of entities with which there is a prior relationship or who have requested information.

Legal basis: legitimate interest in the B2B framework and art. 21 LSSI.

When required, express consent will be obtained and opposition or unsubscription will be allowed in all cases in each communication.

4.5. Management of applications (if employment forms are enabled)

Receipt and evaluation of resumes and applications.

Legal basis: application of pre-contractual measures (art. 6.1.b GDPR).

Processing performed as data processor

Regarding data entered into the Platform by agencies and NGOs:

5.1. BenHer acts as DATA PROCESSOR.

5.2. Each NGO/agency is CONTROLLER of the processing, determining purposes, means and retention periods.

5.3. BenHer will process the data only following documented instructions from the controller, in accordance with service contracts and signed data processing agreements (art. 28 GDPR).

5.4. BenHer will not use partner/donor data for its own purposes unrelated to the contracted service.

5.5. If a data subject contacts BenHer directly regarding this data, their request will be forwarded to the corresponding controller for proper handling.

Recipients and providers

As data controller, BenHer may communicate data to:

  • Service providers necessary for the provision of the Website and Platform (hosting, maintenance, technical support, communication tools), who act as data processors and with whom the corresponding contracts have been signed.
  • Public administrations, judges and courts, or other competent authorities when there is a legal obligation.

In particular, the VisionF2F infrastructure is hosted on the Heroku platform, using PostgreSQL database add-ons in data centers located in the European Union, configured to process data within the European region. In case the provider, as part of its business group or technical support, may involve access from outside the EEA, appropriate safeguards required by the GDPR (standard contractual clauses or other valid mechanisms) will be applied.

As data processor, any communication of data to third parties will be made exclusively in accordance with the instructions of the NGO/agency controller or when there is a legal obligation.

International data transfers

As a general rule, data is stored in infrastructures located in the European Union.

If it is necessary to rely on providers established in countries outside the European Economic Area for service provision, or that may access data from such countries, BenHer will ensure that the conditions of Chapter V of the GDPR are met, including, where appropriate:

  • Adequacy decisions from the European Commission, and/or
  • Signature of standard contractual clauses or other appropriate safeguards.

Retention periods

As controller:

  • Contact and information request data: as long as the relationship or interest is maintained and, subsequently, during applicable limitation periods, duly blocked.
  • Customer and Platform user data: during the term of the contract and the periods necessary to address possible legal or contractual responsibilities.
  • Access and activity logs: during periods proportional to security, traceability and regulatory compliance purposes.

As processor:

Data hosted on the Platform will be retained as long as the contract with the responsible NGO/agency is in force and according to their instructions. Once the service ends, data will be returned or deleted as agreed, except for retention required by law.

Rights of data subjects

When BenHer acts as controller, data subjects may exercise the following rights:

  • Access to their data.
  • Rectification of inaccurate data.
  • Deletion when appropriate.
  • Restriction of processing.
  • Opposition to processing in certain cases.
  • Data portability when applicable.
  • Withdrawal of consent when the legal basis is consent, without retroactive effects.

To exercise rights:

Send written request to info@visionf2f.com, indicating the right being exercised and attaching, when necessary, a copy of identification document.

Likewise, the data subject may file a complaint with the Spanish Data Protection Agency (www.aepd.es) if they consider that the processing of their data does not comply with the regulations.

When data is processed by BenHer as processor, requests must be addressed to the responsible NGO/agency; BenHer will collaborate with it for proper handling.

Security measures

BenHer applies appropriate technical and organizational measures to protect personal data, including, among others:

  • Use of encrypted connections (HTTPS) for Platform access.
  • Access control through individualized credentials.
  • Recording of relevant operations on data.
  • Internal procedures for incident and security breach management.
  • Limitation of access to authorized personnel and providers under contract.

Measures are adapted to the risk level and may be updated based on technological and regulatory evolution.

Minors

The Website and Platform are not directed to minors under 18 years of age. Any processing of minor data associated with NGO/agency activities will be the responsibility of these entities as data controllers.

Cookies

At the present time, the VisionF2F Website does not use its own or third-party cookies for analytical, personalization or advertising purposes.

Only technical elements essential for correct visualization and security of the Website or Platform access may be used, if applicable. If non-technical cookies are incorporated in the future, users will be duly informed and consent will be obtained in accordance with current regulations.

Privacy Policy updates

BenHer may modify this Privacy Policy to adapt it to legal, technical or service offering changes. The current version will be the one published on the Website, indicating the date of last update. Use of the Website or Platform after publication of changes implies acceptance of the new version.