Our privacy and Cookies policy

Privacy of electronic signature certificates

Electronic Signature Certificates

This specific annex to our main Privacy Policy, provides an additional informative context about the treatment we perform for the provision of electronic certification services.

ANF Autoridad de Certificación [ANF AC], provides this service as a Qualified Trust Service Provider in accordance with:

  • Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation)
  • Law 59/2003 on Electronic Signature.
  • Law 34/2002, of July 11, 2002, on Information Society Services and Electronic Commerce (LSSI). In accordance with article 10 of the LSSI.
  • General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
  • Organic Law 3/2018, on the Protection of Personal Data and guarantee of digital rights.

Prior to the collection of your data you will be informed of your rights, how to exercise them and remaining information required by the legislation of reference, and other rules and standards whose compliance is required in the field of electronic certification.

ANF AC has the obligation to perform checks with third party information sources in order to perform the necessary checks to ensure the reliability and accuracy of the information you have provided. In the development of these consultations, documentary and informative evidences are collected to accredit the correct fulfillment of our obligations.

The data collected are:

Those that you directly provide to us for the fulfillment of the contract for the provision of services. These data are:

  • Those required by the legislation on qualified certificates,
  • those that are expressly requested by the interested party to be incorporated, and
  • those necessary in administrative processes for the collection of services and customer service.

  • From third party sources:

  • Public records. E.g. Mercantile Registry.
  • Registries of Public Law entities. E.g. Professional Associations.
  • EPrivate capital entities. E.g. Professional role certificates or authorizations.
  • Other sources required to ensure the accuracy of the information. E.g. Whois.

  • In addition, for security reasons, ANF AC sends communications to interested parties via SMS messages, email and/or Whatsapp. These communications may include confidential information, so we recommend that you make sure to provide email accounts or phone numbers over which you have absolute control of receipt. And, in case of change notify us immediately.

    We do not collect credit card data, this service is performed through virtual POS bank, we do not have access to this information. We do not collect data of special categories, nor do we provide service to minors under 18 years of age.

    In the application process of our services, specifically in the collection of data, ANF AC can obtain the information through a Registration Authority (RA) or an On-Site Verification Office (OVP), which intervene as a mediator, this intermediation is authorized by the eIDAS Regulation and the Electronic Signature Law.


    The minimum retention period is fifteen years in accordance with the Certification Practices Statement and other Certification Policies that have been approved by the Spanish Supervisory Body.(eIDAS Regulation).


    Except in the cases established in the main Privacy Policy, ANF AC does not transfer the data to third parties. However, in accordance with current legislation and to ensure the security of third parties that trust, we maintain public repositories where you can check the validity of the certificates, check the authenticity of the certificates issued, and download a copy of the certificates issued (public part).

    Register of Processing Activities (RAT)
    For further details of the data processing we perform, we make our RAT available to you at,