PRIVACY POLICY

Effective date: April 15, 2025

Data Controller:

Artivit AI, S.L.
Tax ID: B21879945
Registered address: TR. DE COLLBLANC, 5 Pta. 1 4 - 08904, Hospitalet de Llobregat, L' (Barcelona)
Contact email: miquel@numerand.com

1. IDENTITY AND CONTACT DETAILS OF THE CONTROLLER

Artivit AI, S.L. (hereinafter, "Artivit") is the controller of your personal data processing. You can contact us for any data protection related inquiries at the address or email indicated above.

2. PERSONAL DATA PROCESSED

Depending on the services you use, we may process the following categories of data:

• Identification data: name, surnames, ID/NIE, postal address, email, phone number.
• Professional data: position, company, business sector.
• Billing data: bank details, tax address.
• Navigation data: IP, device type, browser used, pages visited.
• Commercial documents: invoices, delivery notes and other commercial documents stored and processed through our services.
• User's customer data: contact information of their customers for sending payment reminders.
• Access credentials: authorization tokens to access Gmail and Google Drive services of the user.
• Session tokens or access cookies: technical identifiers used to maintain authentication in third-party portals connected by the user.
• Other data voluntarily provided through forms, surveys or communications.

3. PROCESSING PURPOSES

Personal data may be processed for the following purposes:

• Service provision: managing access and use of Artivit services.
• Billing: issuing invoices, managing collections and payments.
• Document processing: collect, store and process invoices and commercial documents from Gmail and Google Drive.
• Collection management: send payment reminders to customers using the user's Gmail account.
• Commercial communication: send you information about news, products or services of Artivit if you have given your consent.
• Customer service: manage inquiries, incidents or requests.
• Legal compliance: comply with applicable legal obligations (for example, tax and accounting obligations).

4. LEGAL BASIS FOR PROCESSING

The processing of your personal data is based on:

• Contract performance: for the provision of requested services.
• Consent: for sending commercial communications or for processing data not necessary for service provision.
• Compliance with legal obligations.
• Legitimate interest: to improve our services and ensure website security.

5. DATA RECIPIENTS

We may communicate your data to:

• Service providers who provide services on our behalf (for example, hosting, billing, communication services) through data processing agreements in accordance with GDPR.
• Google LLC: for accessing and processing data stored in Gmail and Google Drive, in accordance with their privacy policy and Google Workspace terms of use.
• Public administrations and competent authorities when required by applicable regulations.

Some of our service providers, such as Google LLC, may be located outside the European Economic Area. These transfers are made with adequate safeguards in accordance with GDPR, including standard contractual clauses and adequacy certifications.

6. GOOGLE SERVICES

Our services use Google APIs to access Gmail and Google Drive for the purpose of:

• Collecting and processing invoices and commercial documents stored in Google Drive.
• Accessing Gmail emails to extract relevant invoices and documents.
• Sending payment reminders through the user's Gmail account.

Access to these services requires your express authorization through Google's OAuth 2.0 authentication system. You can revoke these permissions at any time from your Google account settings.

The use of Google services is subject to Google's Privacy Policy and Terms of Service. Artivit does not permanently store your Google account access credentials, but only the authorization tokens necessary for service operation.

7. ACCESS TO THIRD-PARTY PORTALS

Our services allow users to connect external provider portals (for example, billing platforms or third-party service user accounts) to automate the collection of invoices and documents. To facilitate this integration, we securely store session tokens, cookies or other technical authentication mechanisms authorized by the user.

This data is stored encrypted and used exclusively to automatically access such portals on behalf of the user. You can request the deletion of these credentials at any time.

The processing is based on the explicit consent of the user and the performance of the service provision contract.

8. DATA RETENTION

Personal data will be retained as long as necessary for the purpose for which it was collected and, subsequently, for the legally required periods to address possible liabilities. Regarding commercial communications, they will be retained until you revoke your consent.

9. DATA SUBJECT RIGHTS

You can exercise your rights at any time:

• Access: know what data we process.
• Rectification: request correction of inaccurate data.
• Erasure: request deletion of your data.
• Objection: object to the processing of your data in certain cases.
• Restriction: request restriction of processing of your data.
• Data portability: request delivery of your data in structured format.

You can exercise these rights by sending a written request to our email or postal address. You can also file a complaint with the Spanish Data Protection Agency (www.aepd.es) if you consider that your rights have been violated.

10. SECURITY MEASURES

Artivit implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, in order to protect personal data against destruction, loss or accidental or unlawful alteration, as well as against unauthorized communication or access.