Privacy Policy


Discoverfy’s privacy policy follows international data protection legislation. In addition, Discoverfy intends to inform the user through this document of their rights and obligations regarding the privacy of their data whilst explaining the reasons for the storage and use of the data.

Data collected by Discoverfy

Discoverfy collects all the information entered in the application by the user and stores it on their own servers or on the servers of the Discoverfy storage provider. Being a Cloud service, server storage is a requirement for the operation of the application, that is why the user accepts this fact.

Discoverfy classifies data into two categories: user data and account data. The user data includes the user name and personal data, as well as photographs or other documentation that the user chooses to upload to the application in the account information part and the contact information. The account data are those related to the business account created by the user.

Finally, Discoverfy collects data from the connected device through cookies. The user can deactivate the cookies in his browser so that Discoverfy does not collect such information in case the user wants it to be so. This information is used to perform navigation studies and access to the application, as well as the use of it. The navigation information includes the type of device and its characteristics, location, and connection times. This statistical data is shared with our clients so they may improve their web page and the services that they render. Discoverfy never divulges the information added to a client in such a way that the client can be identified.

Who is responsible for the processing of your data?

Company: Surmile Box, S.L.

Address: Avinguda Josep Tarradellas i Joan 12, 08870 Sitges, Spain


For what purpose do we keep your personal data?

In Surmile Box S.L. We treat the information that the interested persons facilitate us with the purpose of lending and/or commercializing the products and/or services offered by our firm.

How long will we keep your data?

The personal data provided will be kept for the time necessary for the provision of the service requested or marketing of the product and during the legally established periods.

What is the legitimacy of the treatment of your data?

The legal basis for the processing of your data is through the consent of the affected party, the execution of a service contract, and providing answers to your queries received through the contact form or email (according to the terms and conditions contained in our privacy policy).

To which recipients will your data be communicated?

The data will not be communicated to third parties except when legally obligated.

What are your rights when you provide us with your data?

Anyone has the right to obtain information about whether Surmile Box, S.L. is processing personal data that concerns them, or not.

Interested persons have the right to access their personal data, as well as to request the rectification of inaccurate data or, where appropriate, request its deletion when, among other reasons, the data is no longer necessary for the purposes that were collected.

In certain circumstances, the interested parties may request the limitation of the processing of their data, in which case we will only keep them for the exercise or defense of claims.

You can materially exercise your rights in the following way: by sending an email to, duly identifying yourself and expressly indicating the specific right you wish to exercise.

If you have given your consent for a specific purpose, you have the right to withdraw the consent granted at any time, without affecting the legality of the treatment based on the consent prior to its withdrawal.

In case you feel your rights are violated in relation to the protection of your personal data, especially when you have not obtained satisfaction in the exercise of your rights, you can submit a claim to the competent Data Protection Control Authority through its website:

How have we obtained your data?

All personal data obtained by Discoverfy has been advanced directly by the user. We do not deal with special categories of personal data pursuant to Article 9 of the EU General Data Protection Regulation (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership)

Data shared by user

Many of our services allow you to share information with other users. Remember that when you share information publicly, it can be indexed by search engines. Our services provide you with different options on how to share and delete your content. How to access your personal data and update them whenever you use our services, our goal is to provide access to your personal information. If that information is not correct, we strive to provide you with ways to eliminate or update it quickly, unless we have to maintain that information for legitimate business or legal reasons. By updating your personal information, we may ask you to verify your identity so we can process your request.

We may reject requests that are more repetitive than reasonable, requiring a disproportionate technical effort (for example, developing a new system or radically changing an existing practice) that endanger the privacy of other users or are not at all practical (For example, requests that refer to information stored in backup systems). When we can offer you the possibility to access your personal data and modify it, we will do it for free, unless it requires a disproportionate effort.

By providing our services, we will protect your data so that it can not be accidentally or intentionally disposed of. For this reason, even if you delete your data from our services, we may not immediately destroy the residual copies stored on our active servers or the data stored in our security systems.

Access and modification of user data

The user can modify at any time his user data or the accounts of which he owns. Discoverfy does not store the modified information so that once the user modifies or deletes the information, he will lose it forever within the application.

The data we share

We do not share personal information with companies, organizations, or individuals that are not related to Discoverfy unless any of the following circumstances apply:

  • Consent: We will share your personal information with companies, organizations, or individuals outside of Discoverfy when you have given us your consent to do so. Your consent will be required to share specially protected personal data.

  • External Treatment: We provide personal information to our affiliates or other persons or companies of confidence to carry out their processing by Discoverfy, following our instructions and in accordance with our Privacy Policy, and taking other appropriate security and confidentiality measures.

  • Legal Reasons: We will share your personal data with companies, organizations, or individuals outside of Discoverfy if we consider in good faith that there is a reasonable need to access, use, retain or disclose such information in order to: comply with any requirement under applicable legislation or regulations; Comply with the provisions of the current Conditions of Service, including investigating possible infringements, detecting or preventing any fraud or technical or security incidents, or otherwise dealing with them, protecting the rights, property or the security of Discoverfy, our users or the general public to the extent required or permitted by applicable law.

We will be able to share consolidated and non-personal data with the general public and for the promotional purposes of our services. For example, we may share data publically to display trends about the general use of our services.

If Discoverfy participates in a merger, acquisition, or sale of assets, we will ensure the confidentiality of any personal data and will give prior notice to the clients concerned before their personal data is transferred or becomes subject to a different privacy policy.

Data security

For Discoverfy, security is the most important thing. Currently, the data storage service is done through specialized providers with security certificates and anti-hacking systems. Discoverfy has decided to outsource storage to ensure the vendor meets the highest security standards, at levels that Discoverfy could not offer on its own storage servers.

We endeavor to protect Discoverfy and our users from any unauthorized modification, disclosure, or destruction of the data we hold or unauthorized access to them. In particular: We encrypt many of our services through the SSL protocol. We review our policy on data collection, storage, and processing, including physical security measures, to prevent unauthorized access to our systems. We limit the access of Discoverfy contractors, agents, and employees to the personal information they must process for Discoverfy and we ensure that they comply with strict contractual confidentiality obligations and are subject to the relevant disciplinary conditions or dismissal if they fail to comply with such obligations.

Application of the privacy policy

Our Privacy Policy applies to all services offered by Discoverfy and its affiliates, including Discoverfy, but excludes services that are subject to independent privacy policies that do not incorporate this Privacy Policy.

Law compliance

At Discoverfy we verify compliance with our Privacy Policy on a regular basis. We also adhere to different self-regulation codes. In the event that we receive a formal written complaint, we will contact the person who made it follow up on it. We will work with the relevant regulatory authorities, including local data protection authorities, to resolve any claims related to the transfer of personal data that we have not been able to resolve directly with the user.


Our Privacy Policy may be modified at any time. We will not limit your rights under this Privacy Policy without your express consent. We will post all modifications to this Privacy Policy on this page and, if significant, we will make a more noticeable notification (for example, we will send you an email notification if the modification affects certain services). In addition, we will archive the previous versions of This Privacy Policy so that you can consult them.

Other Modifications

When we need to obtain information from you, we will always ask you to provide it voluntarily by giving your consent expressly through the means enabled for it. The processing of data collected through the data collection forms of the website or other channels will be incorporated into the Registry of Treatment Activities for which Surmile Box, S.L. is responsible.

Surmile Box, SL treats the data confidentially and adopts the appropriate technical and organizational measures to guarantee the appropriate level of security for the treatment, in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Board of 27 April 2016 and other regulations applicable in the field of Data Protection.

However, Surmile Box, S.L can not guarantee the absolute invulnerability of the systems, therefore, it does not assume any responsibility for the damages and losses derived from alterations that third parties may cause in the computer systems, electronic documents, or files of the user.

If you choose to leave our website through links to websites not belonging to our entity, Surmile Box, S.L will not be responsible for the privacy policies of these websites or the cookies they may store on the user’s computer.

Our policy regarding the sending of our emails is focused on sending only communications that you have requested to receive. If you prefer not to receive these messages by email, we will offer you the possibility to exercise your right to suppress and waive the receipt of these messages, in accordance with the provisions of Title III, article 22 of Law 34 / 2002, Services for the Information Society and Electronic Commerce.