Legal
Privacy Policy
Last updated: 5 July 2026
This Privacy Policy explains how EPRNIF ("we", "us", "our") collects, uses, and protects your personal data when you use our website at eprnif.com and our services for obtaining a Spanish NIF (Número de Identificación Fiscal) and related EPR compliance support.
We are committed to protecting your privacy and to handling your data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Spanish data protection law.
1. Who we are
EPRNIF is the service provided at eprnif.com, operated from Spain. For the purposes of the GDPR, we are the data controller of the personal data described in this policy.
If you have any questions about this policy or how we handle your data, you can contact us at support@eprnif.com.
2. Data we collect
We collect the following categories of personal data:
- Identity and contact details: your name, email address, phone number, and the name of the company you represent.
- Company and tax information: company name, registered address, country of incorporation, VAT / EU VAT ID, and other details required to apply for a Spanish NIF.
- Order and account information: the services you purchase, order history, partner account details, and login credentials (stored securely).
- Payment information: payments are handled by our payment provider (Stripe). We do not store full card details on our servers.
- Communications: the content of emails and chat messages you send us, including messages to support@eprnif.com.
- Technical data: IP address, browser and device information, and cookies used to keep you signed in and to remember your language preference.
3. How we use your data
We use your personal data to:
- Provide the service: prepare and submit your NIF application to the Spanish Tax Agency (AEAT) and deliver the resulting NIF and documentation.
- Process payments and issue invoices.
- Manage your account and, for partners, your credit balance and orders.
- Communicate with you about your order, respond to support requests, and send service-related notifications.
- Comply with our legal, accounting, and tax obligations.
- Maintain the security and integrity of our website and prevent fraud.
4. Legal bases for processing
Under the GDPR, we rely on the following legal bases:
- Performance of a contract: to provide the services you have requested.
- Legal obligation: to comply with tax, accounting, and anti-fraud requirements.
- Legitimate interests: to operate, secure, and improve our services, where your rights do not override those interests.
- Consent: where required, for example for certain communications; you may withdraw consent at any time.
5. Who we share your data with
We share personal data only as necessary to provide the service, with providers who process data on our behalf under appropriate data-processing agreements. These include:
- The Spanish Tax Agency (AEAT): to submit your NIF application, as required to deliver the service.
- Stripe: payment processing.
- Supabase: database and authentication hosting.
- Resend: sending and receiving service emails.
- Our hosting and infrastructure providers.
We do not sell your personal data. We may disclose data where required by law or to establish, exercise, or defend our legal rights.
6. International data transfers
Some of our providers may process data outside the European Economic Area. Where this happens, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, to ensure your data remains protected.
7. Data retention
We keep your personal data for as long as necessary to provide the service and to meet our legal obligations. Order, invoicing, and tax-related records are retained for the period required by Spanish law (generally several years). When data is no longer required, we delete or anonymise it.
8. Your rights
Under the GDPR, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request erasure of your data, where applicable.
- Restrict or object to certain processing.
- Request portability of the data you provided to us.
- Withdraw consent where processing is based on consent.
To exercise any of these rights, contact us at support@eprnif.com. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD, www.aepd.es) or your local supervisory authority.
9. Cookies
Our website uses a small number of cookies that are strictly necessary to operate the site, for example, to keep you signed in to your account and to remember your language preference. We do not use these cookies for advertising or cross-site tracking.
10. Data security
We use appropriate technical and organisational measures to protect your personal data, including encryption in transit, access controls, and secure, reputable service providers. However, no method of transmission over the internet or electronic storage is completely secure.
11. Children
Our services are intended for businesses and are not directed at children. We do not knowingly collect personal data from children.
12. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date above reflects the current version, and material changes will be communicated where appropriate.
13. Contact
For any questions or requests regarding this Privacy Policy or your personal data, contact us at support@eprnif.com.