Multivalidation privacy



This specific annex to our main Privacy Policy provides additional informative context about the processing we perform for the provision of multivalidation services.

ANF Autoridad de Certificación [ANF AC], provides this service as a Qualified Trust Service Provider in accordance with:

  • Regulation (EU) 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS Regulation).
  • Law 59/2003 on Electronic Signature.
  • Law 34/2002, of July 11, 2002, on Information Society Services and Electronic Commerce (LSSI). In accordance with article 10 of the LSSI.
  • General Data Protection Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
  • Organic Law 3/2018, on the Protection of Personal Data and guarantee of digital rights.

ANF AC intervenes in the capacity of,

  • data processor (RGPD), and
  • qualified provider of trust services (eIDAS), qualified services of validation of signatures and electronic seals.

Modalities of the multivalidation service:
  • validation of signatures and certificates using Critical Access ® application, or
  • validation of signatures and certificates using API for Cloud services, or
  • validation of signatures and certificates by consulting our Cloud Platform.

In Critical Access ® mode, we do not receive identifiable information. The application intervenes autonomously, and performs the validation process in your own computer terminal.

In the rest of the modalities, ANF AC receives the signatures, certificates (public part) and/or electronic seals in order to determine their validity, for this purpose it uses technical data such as RSA public key, hash, certificate identifier, issuing CA identifier. The personal information contained in these instruments is not processed, therefore, the information is kept pseudonymized.

The minimum retention period is fifteen years in accordance with the Certification Practices Statement and other Certification Policies that have been approved by the Supervisory Body of Spain(eIDAS Regulation)..

Except in the cases established in the main Privacy Policy, ANF AC does not transfer the data to third parties. However, in accordance with current legislation and to ensure the security of third parties that trust, we maintain public repositories where you can check the validity of the certificates, check the authenticity of the certificates issued, and download a copy of the certificates issued ((public part).

Register of Processing Activities (RAT)
For further details of the data processing we perform, we make our RAT available to you at