Organic Law of Protection of Personal Data


According to the Organic Law of Protection of Personal Data 15/1999 of December 13 (hereinafter LOPD), holders of personal data must give their unequivocal consent to the incorporation of the same to automated files and to the treatment thereof.


ANF Autoridad de Certificación (hereinafter ANF AC) is responsible for the file and the processing of personal data supplied through its services and its website https://www.anf.es, and in accordance with the law has registered its files with the Data Protection Agency.


System Users


The use and end of the treatment is to manage the users who use the certification services. The information is guarded in accordance with what is specified in the ANF AC Security Plan, in accordance with the provisions of the Electronic Signature Law of Spain.


Billing Services


The use and end of the treatment is to facilitate the billing of the services provided, either through the Internet or through any other means.


Registration Authorities


The use and end of treatment is to facilitate the obtaining of an Electronic Certificate from this Certification Services Provider.


It is stated that:


ANF AC may use "cookies" when a user accesses the pages contained in the website of his property. In case of using them, these cookies will only associate an anonymous user and his / her equipment for the information process, without providing any type of reference from which personal data can be derived.


ANF AC has adopted the levels of security of the Personal Data legally required, and has installed all means and technical and organizational measures at its disposal to prevent loss, misuse, alteration, unauthorized access and theft of the data, whose secret And confidentiality guarantees.


The acceptance of the user so that their data can be treated in the indicated manner, is a necessary condition for the provision of these services, so that the use of them implies such acceptance, which is always revocable, without retroactive effects, according to Which provides the Organic Law of Protection of Personal Data 15/1999 of December 13.


The user responds, in any case, of the veracity of the data facilitated. ANF AC can exclude from the services provided to the user that it has provided false information, without prejudice to the other actions that proceed in Law.


In order to guarantee the confidentiality of your personal data, we inform you that the sending of the data will be done in encrypted form using the Secure Sockets Layer (SSL) protocol.


The owner is aware of the processing of his data for profiling, using techniques of segmentation or "Customer Relationship Management" (CRM), in order to get you the most appropriate offers, as well as their processing and transfer for the exchange of information With the collaborating entities, as is the case of the Registration Authorities in the field of Public Key Infrastructure of ANF AC; For the analysis of the training of the applicant for the service; And for the collation or contrast of their data in order to verify the accuracy and veracity thereof, and those assignments that could occur in favor of a third party that acquired the rights and obligations derived from the electronic certification system of ANF AC.



ANF AC, as the person responsible for the file and the processing, is the entity receiving the data before which the legitimated persons can exercise their rights of access, rectification, cancellation and opposition recognized in the aforementioned Organic Law and its development regulations, by writing Addressed to his address, in the street Gran Via de les Corts Catalanes, 996, 4º 2ª, 08018 Barcelona, or by e-mail, to the address mcmateo@anf.es.



General Data Protection Regulation

The General Data Protection Regulation (GDPR) came into force on May 25, 2016, which will replace the existing regulations and will be implemented on May 25, 2018. This two-year period aims to allow States of the European Union, institutions and also companies and organizations dealing with data to be prepared and adapted for the time when the Regulation is applicable.

Said regulation repeals the Organic Law on Data Protection.

Sanctions are exemplary:

• Fine up to 10 M € or for companies, opting for the highest amount, up to 2% annual worldwide turnover 

» Obligations of responsible

» Obligation of certification bodies

» Obligations of Conduct Codes Supervision Bodies (Measures for non-compliance with Conduct C.)

• Fine up to € 20 M or up to 4%

» Basic principles

» Rights

» International transfers..

• Fine up to € 20 M or up to 4%

» Non-compliance with APD resolutions

See the complete document


See here the General Regulation on Data Protection.

The technology of a Qualified TSP has the capacity to guarantee 100% the privacy and integrity of the information. The PKI system allows meeting the requirements of the General Data Protection Regulation (EU) 2016/679.