Our Privacy Policy and Cookies
eBUROFAX® - Certified Delivery
eBUROFAX ® - Certified Delivery
This specific annex to our main Privacy Policy, provides an additional informative context on the data processing we perform in the provision of the eBurofax ® certified delivery service.
ANF Autoridad de Certificación [ANF AC], provides this service subject to the provisions of:
- Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS).
- Law 59/2003 on Electronic Signature.
- Law 34/2002, of July 11, 2002, on Information Society Services and Electronic Commerce (LSSI). In accordance with article 10 of the LSSI.
- General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR);
- Organic Law 3/2018, on the Protection of Personal Data and guarantee of digital rights.
The eBurofax ® application, includes the following personal data processing:
- Signature manager.
- Communications manager.
- Documents and messages manager.
- Legal evidence manager.
- 2FA manager.
- Secure encryption manager.
- Electronic audits.
ANF AC intervenes according to the service contracted as,
- data processor (RGPD), or
- intermediary service provider (LSSI), or
- trusted third party (LSSI), or
- qualified trust service provider (eIDAS).
ANF AC does not review the content of the documents that it is ordered to process, nor of the communications on which it receives a delivery order. For those contents whose content is confidential, the service has a secure encryption option.
Signature Manager
ANF AC, in this service area intervenes in the capacity of data processor, having formalized this relationship with the corresponding contract with the data controller.
This service offers the following modalities of expression of consent:
- Qualified electronic signature.
- Advanced electronic signature.
- Biometric signature.
- Express consent.
- Explicit consent.
In the case of biometric signature, ANF AC guarantees that only the signer's signature is captured, which is stamped at the same moment on the document whose content is accepted. The signature is not stored as an independent file, nor is a dynamic signature capture performed (biometric behavioral pattern of the signer: inclination, pressure, etc).
- Express consent requires an affirmative and clear act on the part of the person concerned.
- Explicit consent will require a confirmation for which you will receive a session key by SMS.
In order to build legal evidences, the Eburofax® service captures all the traces generated during the intervention of the signer (IP, time, terminal, and other data of interest which accredit his intervention and prevent its repudiation). This information is outlined in the legal evidences delivered to the originator.
Communications manager
Your personal data, delivery mailboxes, communications to be made, or documents to be delivered, are provided by the originator of the shipment. ANF AC only makes available to you the telecommunications networks and computer services that facilitate its performance. It does not make any modification, nor does it review the contents.
The communications to be made, the documents delivered or the answers made by the addressees, are made available to the parties. ANF AC only keeps the documents if it has been contracted to do so. ANF AC only makes available the telecommunication networks and computer services that facilitate its realization. It does not make any modification, nor does it review the contents. Our mission is to authenticate to ensure integrity, stamp TImeStamp to establish the moment of time of each event, and capture all traces of evidence that make it impossible to repudiate the participation of the parties and allow to generate strong legal evidence.
Legal evidence manager
Legal evidences are the documents prepared by ANF AC, which incorporate the entire history of a transaction, establish with full legal certainty the participation of each party, the time at which it participated, and include the traces that prevent any possibility of repudiation.
When a reinforcement of the security is required, the service of Double Factor Authentication generates a session key that is sent to one of the personal mailboxes of the interested party. ANF AC does not store this key, it uses hash technology, using SHA2 digest algorithm.
The systems collect the data of the mailbox to which it has been sent, and if the key subsequently entered is correct or not, establishing the IP and the time from which it was inserted.
Secure encryption manager
ANF AC only uses strong encryption. Our systems use AES algorithm with key lengths of 128 bits or higher.
AElectronic audits
ANF AC, as an essential part of its information security management systems, incorporates LOG logging and trace logging processes in which they can be obtained:
- IP of the remote operator.
- Time and day of connection.
- Browser used.
- OS used.
- UUID of the terminal.
Conservation
The conservation period is the duration of the service contract, and during the period that ANF AC needs to accredit the correct fulfillment of its services.
Recipients
Except in the cases established in the main Privacy Policy, ANF AC does not transfer the data to third parties.
For a greater detail of the data processing that we perform, we make available our RAT at, https://anf.es/en/activity-log-data-processing/