General terms and conditions

An incentive of up to 200,000 euros, 80% co-financed by the European Union through the European Regional Development Fund (ERDF), has been received from the Agency for Innovation and Development of Andalusia IDEA, of the Andalusian Regional Government, for the implementation of the project “Agile financing for the purchases of private customers” with the objective of “Achieving a more competitive business fabric“.


The SUPPLIER cannot guarantee that the Services will be provided uninterruptedly without errors or that they will all be corrected within a predefined time period.

THE PROVIDER may, without prior notice, temporarily suspend the Service, as a consequence of any of the Services requiring intervention to improve its operation.

In this regard, THE PROVIDER may also make any modifications to the Services that may be necessary without this implying any modification of the present conditions. In this regard, all necessary modifications or updates to the Services may be made unilaterally by the SUPPLIER. The purpose of such changes shall in any case be to improve the usability and/or security of the Software and its components, as well as the inclusion of new products or services of any kind.



THE PROVIDER hereby grants a non-transferable and non-exclusive right to use the Service for all available territories solely for its own business use subject to the terms and conditions of this Agreement. All rights not expressly granted are reserved in favour of THE PROVIDER, owner of the Technology Platform.

In the event that the Parties decide that the use of the Service covered by this Agreement shall take place outside the Spanish territory, they shall enter into an addendum reflecting the new territory in which the Service shall be provided.

Therefore, THE CUSTOMER may not:

  1. License, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to third parties the Service or Content that is the subject of this Agreement;
  2. Reverse engineer a product using ideas, features, or functions similar to those contained in the subject matter of this Agreement.
  3. Interfering with or affecting the integrity or performance of the Service that is the subject of this Contract.



THE CUSTOMER may activate the LENDIPLAN service, which will be implemented through the platform provided by THE SUPPLIER.

THE SUPPLIER will have the present financial support service in its favour, being able to split the amount of the purchase in different instalments to be determined by THE CUSTOMER, instrumented through an instalment purchase contract. The end customer will receive an SMS from a digital signature provider integrated in Lendismart (currently “Logalty Prueba por Interposición, S.L.”) to access the signature of the aforementioned contract, which will be implemented on the platform of THE PROVIDER. THE CLIENT’S vendor will additionally send the documentation required by THE CLIENT in order to formalise the operation (to be determined by THE CLIENT: valid ID card of the client, quotation or pro forma invoice). Once this has been done, the SUPPLIER will proceed to review the documentation provided. In the case of conformity, the customer will mark the operation as APPROVED on the platform.

The customer will assume any non-payment resulting from the use of this service, including possible fraud and inaccuracies in the documentation provided through its agents. It is the responsibility of THE CUSTOMER to ensure the veracity of the information provided, as well as the acceptance of the instalment operations based on their own criteria.

The CLIENT shall hold the SUPPLIER harmless for any errors relating to the identification documentation provided on the platform, or any liabilities that may arise from the foregoing. The CLIENT shall be solely responsible for the veracity and correctness of the data sent to the SUPPLIER, exonerating the latter from any liability. In this regard, the SUPPLIER shall not be liable for any contingencies caused by errors in the documentation or falsity of the same.


Collection management of unpaid debts

In cases where, once the LENDIPLAN service has been provided by the SUPPLIER, situations of non-payment by the debtor arise, the CUSTOMER may authorise the SUPPLIER, on the basis of “its best efforts” and in accordance with the action protocol agreed with the CUSTOMER, to take the necessary steps to recover the debt in order to repay it. The actions will be carried out amicably, and do not include legal proceedings.

It is expressly stated that the aforementioned collection service may be subcontracted by the SUPPLIER. Likewise, THE CUSTOMER declares the non-subscription of the present service under commitment of success, the parties being able, by mutual agreement, to modify the protocol subscribed to the object of recovery.


Economic conditions of the LENDIPLAN service

The use of LENDIPLAN technology as well as the collection management services provided by THE PROVIDER will generate a monthly fee for the value of the services according to the agreement between the parties. For its part, THE CLIENT will directly assume the cost of processing the payment through the credit card according to the agreement to be signed with the service provider.



Failure to pay any of the amounts set out in this contract will result in the termination of the contract, and will entitle the SUPPLIER to claim the amounts that are pending payment, and to proceed to the deactivation or cancellation of the Service. Likewise, without prejudice to the exercise of the corresponding legal or contractual actions, in the event that the CUSTOMER fails to pay an invoice within the agreed period, the SUPPLIER must notify the CUSTOMER in writing or by email of this fact and grant an additional period of five (5) days for payment. In the event that after the aforementioned five (5) additional days the invoice remains unpaid, the CUSTOMER shall automatically be in default and shall be obliged to pay the SUPPLIER interest of one percent (1%) per month until the outstanding invoice is paid in full, which interest shall be capitalised at each monthly due date. Interest shall accrue on the total amount of the invoice or on the outstanding balance in the event of partial payment.

Unless another form of payment is established, all payments shall be paid by THE CUSTOMER by SEPA B2B or SEPA CORE direct debit.

For possible direct debit refunds, a cost of thirty euros (€30) per bill will be charged to the CUSTOMER.

The SUPPLIER will issue the invoice in electronic format and send it to the email address designated by the CUSTOMER on a monthly basis.

THE SUPPLIER reserves the right to revise the prices of all its services, which shall be considered a contractual modification. THE SUPPLIER shall notify THE CUSTOMER of the new prices at least thirty (30) days in advance. Unless expressly opposed by the CUSTOMER, the new prices will come into effect from the date of notification.

The CUSTOMER undertakes to process all financing requests with the financing companies available on the platform only through the platform provided by the SUPPLIER. Failure to do so may lead to automatic termination of the contract by the SUPPLIER.



CUSTOMER shall indemnify and hold harmless SUPPLIER and each principal organisation, subsidiary, affiliate, officer, director, employee, legal representative and agent thereof from and against any and all claims, costs, damages, losses, liabilities and expenses (including fees and costs) arising out of: (i) a claim alleging that CUSTOMER’s use of CUSTOMER Data infringes the rights of third parties or has caused damage to third parties; or (ii) a claim arising out of a breach of this Agreement by CUSTOMER or its sub-clients, provided that in such case SUPPLIER (a) notifies SUPPLIER in writing of the claim promptly; (b) gives you sole control over the assertion and resolution of the claim (provided that you do not settle or assert any claim unless you release the SUPPLIER unconditionally from all liability and such settlement does not affect the Service or the business of the SUPPLIER); (c) provides you with all information and assistance available to you; and (d) has not compromised or settled such claim.

Neither party shall be liable – except in the case of gross negligence or wilful misconduct – for indirect, incidental, punitive or consequential damages, or for loss of profits or loss of revenue (other than fees under this contract), data or use of data. SUPPLIER’s liability for any damages arising under or in consequence of this contract, whether in contract, tort or otherwise, shall be limited to the total amount paid to SUPPLIER for the services in the twelve-month period immediately preceding the event giving rise to such liability.



THE PROVIDER is the owner of all rights and interests, including all intellectual property rights in the technology, Content and Service and any suggestions, ideas, enhancement requests, comments, recommendations or any other information provided by THE CUSTOMER or any other party related to the Service.

Accordingly, this Agreement is not a sale and does not grant you any ownership rights in the Service, THE PROVIDER’s technology or Intellectual Property Rights. The name and logo of THE PROVIDER, and product names associated with the Service are trademarks of THE PROVIDER and no right or license is granted to use them.



The Parties undertake to maintain absolute confidentiality regarding the information and documentation that both Parties provide to each other or have access to during the provision of the Service. While the present Contract is in force, the Parties undertake not to disclose, nor to use directly or indirectly, the information and knowledge acquired from the present contractual relationship for purposes other than those established in the present Contract. In this regard, the Parties undertake to treat as confidential and not to disclose to third parties the content (or any part thereof) of the agreements set forth herein.

The Parties represent and warrant that the personal data contained in this Contract will be processed by the other party in accordance with Organic Law 3/2018 of 5 December on Data Protection and the Guarantee of Digital Rights, such that the data provided under this Contract will be retained for the duration of this Contract.

Notwithstanding the foregoing, the CUSTOMER expressly authorises the communication by the SUPPLIER to third parties of the existence of the commercial relationship for promotional purposes.



The contract shall be terminated for the general causes of termination of contracts, and in particular, for the following:

  1. Serious breach of the contractual obligations of the parties.
  2. For unlawful use of the Service or use contrary to good faith or practices commonly accepted as correct use of the services by the CUSTOMER.

Termination of the contract shall not release the CUSTOMER from its obligations towards the SUPPLIER, including the obligation to pay.

In the event of termination of this contract, the SUPPLIER shall make a file containing the CUSTOMER’s data available to the CUSTOMER for a period of thirty (30) days. THE PROVIDER reserves the right to delete and/or discard the CUSTOMER’s Data without prior notice for non-compliance, including, but not limited to, non-payment.



The SUPPLIER may make changes to this contract and the General Terms and Conditions by notifying the CUSTOMER at the e-mail address provided. If the CUSTOMER does not accept the new conditions and so notifies the SUPPLIER by the same means, it may terminate the contract in advance and without penalty. If the CUSTOMER has not expressly stated its disagreement or uses the Service after the entry into force of the announced modification, it will be understood that it accepts the proposed modifications.



The CUSTOMER expressly authorises the communication by the SUPPLIER to third parties of the existence of the commercial relationship for promotional purposes, as well as the use of the CUSTOMER’s logo for these purposes.



Any notice to be given by the parties in connection with this agreement shall be in writing and by a means that provides a record of its receipt by one of the means of contact indicated at the beginning of the Contract.



If any provision of this contract is invalid, the parties agree that such invalidity shall not affect the validity and effectiveness of the remaining provisions of this contract.

The contract is governed by the laws of the Spanish State, and both parties submit to the jurisdiction of the Courts and Tribunals of the city of Seville. This document represents the entire contract between THE CUSTOMER and THE SUPPLIER which supersedes any previous contract, verbal or written.

The scope of application of this Contract is limited to Spanish territory.



On the one hand, the CLIENT (hereinafter, the CONTROLLER OF THE PROCESSING).

On the other hand, the PROVIDER (hereinafter, the PROCESSOR)

1. Purpose of the processing order

By means of the present clauses, the entity Lendismart, S.L., in charge of the processing, is authorised to process on behalf of the CLIENT, the party responsible for the processing, the personal data necessary to provide the service of use of the software service for the purpose of computerised management of the requests for financing at the point of sale.

The processing operations to be carried out are: Collection, Storage, Recording, Consultation, Cross-checking, Deletion, Communication.

2. Identification of the information concerned

For the execution of the services derived from the fulfilment of the object of this order, the CONTROLLER OF THE PROCESSING, makes available to the PROCESSING CONTROLLER, the information described below: Name and surname, date of birth, number of children and dependent adults, NIF/NIE, address, email, telephone, economic data and employment data of its clients and/or employees.

3. Duration

This agreement has a duration of one year, renewable automatically as long as the commercial relationship for the provision of services remains in force.

4. Obligations of the processor

The data processor and all its staff are obliged to:

A. Use the personal data undergoing processing, or those collected for inclusion, only for the purpose of this order. Under no circumstances may it use the data for its own purposes.

B. Process the data in accordance with the instructions of the controller.

If the processor considers that any instructions are in breach of the GDPR or any other Union or Member State data protection provisions, the processor shall immediately inform the controller.

C. Keep, in writing, a record of all categories of processing activities carried out on behalf of the controller, containing:

  1. The name and contact details of the data processor(s) and of each controller on behalf of whom the
    on whose behalf the processor is acting and, where applicable, of the representative of the controller or
    processor and of the data protection officer.
  2. Categories of processing operations carried out on behalf of each controller.
  3. Where applicable, transfers of personal data to a third country or international organisation,
    including the identification of that third country or international organisation and, in the case of
    transfers referred to in the second subparagraph of Article 49(1) of the GDPR,
    documentation of appropriate safeguards.
  4. A general description of the technical and organisational security measures relating to:
    1. The pseudo-animation and encryption of personal data.
    2. The ability to ensure the continuing confidentiality, integrity, availability and resilience of processing systems and services.
    3. The ability to restore availability and access to personal data promptly, in the event of a physical or technical incident.
    4. The process of regular verification, evaluation and assessment of the effectiveness of the technical and organisational measures to ensure the security of the processing.

The obligations set out in paragraphs 1 and 2 shall not apply to any undertaking or organisation employing fewer than 250 persons, unless the processing carried out by it is likely to result in a risk to the rights and freedoms of data subjects, is not occasional, or involves special categories of personal data referred to in Article 9(1) of the GDPR, or personal data relating to criminal convictions and offences referred to in Article 10 of the GDPR.

D. Not to communicate the data to third parties, except with the express authorisation of the data controller, in the legally admissible cases.

The processor may disclose data to other processors of the same controller, in accordance with the instructions of the controller. In this case, the controller shall identify, in advance and in writing, the entity to which the data are to be communicated, the data to be communicated and the security measures to be applied in order to proceed with the communication.

If the processor has to transfer personal data to a third country or to an international organisation under Union or Member State law applicable to it, it shall inform the controller of that legal requirement in advance, unless such law prohibits it for important reasons of public interest.

E. Subcontracting

The processor is authorised to subcontract with companies, or persons, directly related to the processor’s own activity the services involved in the following processing operations: Customers/Suppliers and/or Employees

The subcontractor, who also has the status of data processor, is also obliged to comply with the obligations established in this document for the data processor and the instructions issued by the data controller. It is up to the initial processor to regulate the new relationship, so that the new processor is subject to the same conditions (instructions, obligations, security measures) and the same formal requirements as the initial processor, as regards the proper processing of personal data and the guarantee of the rights of the data subjects. In the event of non-compliance by the sub-processor, the initial processor shall remain fully liable to the controller for compliance with the obligations.

F.To maintain the duty of secrecy with respect to personal data to which it has had access by virtue of this assignment, even after the end of its object.

G. Ensure that persons authorised to process personal data undertake, expressly and in writing, to respect confidentiality and to comply with the corresponding security measures, of which they must be duly informed.

H. Keep at the disposal of the person responsible the documentation accrediting compliance with the obligation established in the previous section.

I. Ensure the necessary training in personal data protection for persons authorised to process personal data.

J. Assist the controller in responding to the exercise of the rights of:

  1. Access, rectification, erasure and objection
  2. Limitation of processing

The processor must resolve, on behalf of the controller, and within the established time limit, requests to exercise the rights of access, rectification, erasure and objection, restriction of processing, data portability and the right not to be subject to automated individualised decisions, in relation to the data subject to the order.

K. Right to information

It is the responsibility of the data controller to provide the right to information at the time of data collection.

L. Notification of data security breaches

The processor shall notify the controller, without undue delay, and in any event not later than 48 hours, and by e-mail, of any breach of security of the personal data under its control of which it becomes aware, together with all relevant information for the documentation and communication of the incident.

Notification shall not be required where such a breach of security is unlikely to constitute a risk to the rights and freedoms of natural persons.

If available, at least the following information shall be provided:

(a) Description of the nature of the personal data breach, including, where possible, the categories and approximate number of data subjects affected, and the categories and approximate number of personal data records affected.

(b) the name and contact details of the data protection officer or other point of contact where further information can be obtained.

(c) description of the possible consequences of the personal data breach.

(d) a description of the measures taken or proposed to remedy the personal data breach, including, where appropriate, measures taken to mitigate possible negative effects.

If and to the extent that it is not possible to provide the information simultaneously, the information shall be provided gradually without undue delay.

M. Support the controller in carrying out data protection impact assessments, where appropriate.

N. Support the controller in carrying out prior consultations with the supervisory authority, where appropriate.

O. Make available to the controller all information necessary to demonstrate compliance with its obligations, as well as for audits or inspections carried out by the controller or another auditor authorised by the controller.

P. Security measures

The operator shall implement the measures detailed in its security document.

In any case, it should put in place mechanisms to:

a) Ensure the continued confidentiality, integrity, availability and resilience of the processing systems and services.
b) Restore availability and access to personal data promptly in the event of a physical or technical incident.
c) Regularly verify, evaluate and assess the effectiveness of the technical and organisational measures implemented to ensure the security of the processing.
d) Pseudonymise and encrypt personal data, where appropriate.

Q. Designate a data protection officer and communicate his/her identity and contact details to the data controller.

Not applicable

The data protection officer must be appointed when:

(a) the processing is carried out by a public authority or body, except for courts acting in their judicial role.
(b) the main activities of the controller or processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale.
(c) the main activities of the controller or processor consist of processing on a large scale of special categories of personal data and of data relating to criminal convictions and offences.

R. Destination of the data

The processor shall return the personal data and, where appropriate, the media on which they are stored to the controller upon completion of the service.

The return must entail the complete erasure of the data existing on the computer equipment used by the data processor.

However, the processor may keep a copy, with the data duly blocked, for as long as liability may arise from the performance of the service.

5. Obligations of the controller

It is the responsibility of the controller:

a) Deliver to the processor the data referred to in clause 2 of this document.
b) Carry out an assessment of the impact on the protection of personal data of the processing operations to be carried out by the processor.
c) Carry out the appropriate prior consultations.
d) Ensure, prior to and throughout the processing, the compliance of the processor with the GDPR.
e) Supervise the processing, including the performance of inspections and audits.