General Data Protection Regulation

Our commitment to the General Data Protection Regulation (Reglamento general de protección de datos – RGPD)


The RGPD (Reglamento general de protección de datos -General Data Protection Regulation of the EU 2016/679 of the European Parliament and of the Council, of April 27, 2016) implies for companies a change in the scenario of treatment of personal data. This change in scenario includes a review of the way in which data is obtained and how it is treated, and above all, new rights for users.

XPUNTOCERO, as always, is committed to complying with the different regulations that regulate our activity as a company and especially, with regard to the privacy of our users, to which we attach the utmost importance.

For this reason, this document tries to collect some of the questions that users normally ask us regarding the privacy of their data and wants to show our total commitment to compliance with data protection regulations.
Because you are our most important asset and your data, your most precious asset.


Do you comply with the RGPD?

For several years we have had the help of an advisor who guides us in compliance with privacy regulations and reviews each and every one of the procedures, so that they comply with the provisions of the RGPD.


What measures have been put in place to comply with the RGPD?

Specifically, the measures that have been followed to guarantee compliance with the RGPD are those indicated by the Data Protection Agency in its roadmap for the implementation of this regulation:

  1. Analysis of data processing.
  2. Record of treatment activities.
  3. Establishment of security measures
  4. Review and adaptation of informative clauses and data collection forms.
  5. Review of the procedures for exercising users’ rights.

Where can I see the privacy policy?

Our privacy policy is permanently available online at the following link


How can I exercise my rights: access, rectification, cancellation, etc?

We make it very easy for you. You just have to send us an email with the corresponding request to, including a copy of your ID, so that we can certify that you are the one who really makes the request.


Ok, you do well, but do your suppliers also comply with the RGPD?

As a result of the obligation to comply with the RGPD, we have established a procedure through which all of our suppliers have to guarantee compliance with the regulations. In addition, the treatment manager contracts have been updated to adapt them to the new regulatory framework.


If there was a loss or a data leak, how would you respond?

 We have established procedures so that within the maximum period established by the 72-hour rule, we can respond and communicate to the corresponding authorities or the user, if necessary, the incident that has occurred and the solution that has been ordered.


Where can I report an incident on your system?

The easiest method is to send us an email to and we will give you a solution and an answer as soon as possible.