The owner of the website https://www.verifacti.com/ (hereinafter, the Website) and the provider of Verifacti services is the company Bilbabit, S.L., with registered office at c/ Udaberría, 10 -4º B -48992 - Getxo (Bizkaia), duly registered in the Commercial Registry of Bizkaia, Section 8, Sheet BI-84418, and with Tax ID (NIF): B75777847. Hereinafter, BILBABIT.
BILBABIT can be contacted directly and effectively at the email address: info@verifacti.com.
The contracting party of Verifacti shall have the status of Client (regardless of whether they have contracted a free or paid plan) and by accepting these T&C, declares that they have read and understood their content, are of legal age, with the capacity to be bound in accordance with the provisions herein, in their own name and right or on behalf of any natural or legal person, private or public, legally constituted with the intention of contracting Verifacti for a purpose related to their commercial, business, trade, or professional activity, consisting of integrating Verifacti into their Invoicing Information System.
Certain aspects of the service may be subject to specific particular conditions duly accepted by the parties, which, as the case may be, shall replace, supplement, and/or modify these T&C. In case of contradiction, those particular conditions shall prevail.
By accepting these T&C, the Client contracts a license to use Verifacti, which may be free or subject to the payment of a price as stated, depending on the contracted plan and in accordance with these terms.
By contracting Verifacti and accepting these T&C, BILBABIT grants the Client a non-exclusive, non-transferable, temporary (for the duration of the service contract) license to use Verifacti, for the territories in which the Client carries out its activity, and against payment of the corresponding price. This license consists of the API integration of Verifacti into the Client's Invoicing Information System, for use by its clients or by the Client itself, together with the other functionalities of the Invoicing Information System.
The Verifacti license may include, depending on the contracted plan:
Verifacti's REST API operates in four fundamental steps:
BILBABIT will perform updates to Verifacti for technical reasons, for aesthetic reasons of the interface, or arising from regulatory changes. The update service is included in the license contracted by the Client.
The license granted by BILBABIT shall in no case entitle the Client to use Verifacti:
The integration of Verifacti with the Client's Invoicing Information System shall be carried out solely and exclusively via Application Programming Interface (API) following the detailed instructions in the BILBABIT API documentation, which BILBABIT makes available to the Client through the links published on the Website.
The Client shall be responsible for performing such integration using the instructions and technical information provided by BILBABIT, expressly declaring that:
BILBABIT shall not be liable in any case for the SIF not complying with the above or for the delay in integrating Verifacti with the SIF.
Currently, the contracting procedure can be carried out in Spanish.
BILBABIT will not retain a copy of these conditions linked to the contract, therefore it is recommended that a copy of these be kept.
BILBABIT does not have the technical means to identify and correct errors in the Client's data entry, except for detecting whether any field necessary to process the request has not been completed.
In order to use Verifacti services, it is an indispensable requirement to register as a client.
To register as a Client, the Client must click on the registration button provided for that purpose on the Website and provide their data through any of the following options:
To do so, the Client must log in to Google and accept the permissions that through the Google platform are granted to BILBABIT, which will allow Verifacti to access the name, email, and profile picture, for the purpose of providing the contracted service.
BILBABIT will make available to the Client information regarding the processing of personal data, which will be carried out in accordance with the Privacy Policy, as well as the T&C, which the Client must read and, if in agreement, accept by checking the box provided for that purpose.
Upon successful completion of the registration, the Client will be able to access Verifacti services that are not paid.
For the contracting of paid services, the Client's fiscal data will be requested, as well as the data related to the payment method used.
The Client is solely responsible for ensuring that the data provided is up to date, complete, accurate, and truthful. BILBABIT disclaims any liability for non-compliance with such requirements in connection with registration.
If the Client detects any error in the data provided, they should proceed to correct it as soon as possible by contacting BILBABIT at the support email soporte@verifacti.com.
Access credentials (email and password) are confidential. Therefore, the Client must be diligent in their use and safekeeping, so that unauthorized third parties cannot use them. Consequently, the Client is obliged to immediately notify BILBABIT of any loss of their access credentials, as well as any risk to or breach of their confidentiality. Otherwise, the Client shall be liable for any damage or loss caused through accesses verified using their access credentials.
If the Client does not remember their password, they may enter their email address to reset it.
If the Client does not remember the email address provided at the time of registration, they should contact BILBABIT at the email address soporte@verifacti.com, reporting the issue. BILBABIT will contact the Client and may request the submission of appropriate documentation (ID card, passport, Tax ID, articles of incorporation, power of attorney, or documentation of any other kind) that allows BILBABIT to identify the Client as such and, where appropriate, restore the use of Verifacti, all in the interest of security in the provision of the service.
Only the creation of a single Client account in Verifacti per natural or legal person will be permitted. BILBABIT reserves the right to cancel accounts that fail to comply with the above.
To contract the paid plan that best suits the Client's needs, they must access, through the Website or their Private Area, https://www.verifacti.com/precios and select:
Payment of the price shall be made at the beginning of each Billing Cycle through the payment method selected by the Client during the contracting process.
Payment methods will be subject to checks and authorizations by the issuing entity, but if said entity does not authorize the payment, the contract will not be activated.
The Client guarantees that they have full authorization to use the payment method chosen during the contracting process.
Upon successful completion of the contracting of the corresponding paid plan, the Client will have access to the services associated with it.
The price (monthly or annual) of the Verifacti Plans in effect at the time of contracting are those agreed with Verifacti in exceptional cases for customized special plans or those published in euros at https://www.verifacti.com/precios, which do not include legally applicable taxes, and which will be applied as appropriate during the contracting process.
The prices indicated on the Website cover up to a maximum of 3,000 invoices per month for each Computable NIF. If any Computable NIF exceeds that limit, an additional charge of €0.005 per invoice exceeding that monthly maximum will be applied.
Prior to contracting, once the corresponding options have been selected, a summary of the price of the contracted plan and applicable taxes will be displayed.
Prices may be modified upward or downward for various reasons; however, any price modification shall take effect from the date of contracting or service renewal subsequent to said modification.
Prices shall be updated upward on January 1 of each year, regardless of the date of contracting the corresponding service, based on the percentage variation of the Consumer Price Index (CPI) published by the National Statistics Institute (INE), considering the period between December of the previous year and the December immediately preceding said update date. Until the indices to be applied to determine the revision amount are published, the CLIENT will continue to pay the amount they were paying before the revision date, but it shall be understood that such payment is made on account of the amount due under this section, the application of which shall have retroactive effect from the date set for revision.
Without prejudice to the update in accordance with the CPI, BILBABIT reserves the right to increase the price of the service by notifying the Client at least thirty (30) calendar days prior to the effective date of the modification, by email to the address provided by the Client.
The Client may oppose the price modification by notifying BILBABIT in writing before the expiration of the aforementioned notice period. If the Client does not express their opposition before the expiration of the aforementioned thirty (30) calendar day period, it shall be understood that they accept the new price and will continue to enjoy the Verifacti service at the new prices from the effective date of the modification. In the event that the Client expresses disagreement, they may terminate the contract within the following 3 months without the new rates being applied.
The charge of the corresponding price amount (monthly or annual) will be made to the payment method selected by the Client during the contracting process, the first at the time of contracting and the subsequent ones on the same day of the following months/years, as applicable.
Payment of the corresponding monthly Consideration shall entitle the Client to use the number of Computable NIFs during the current Billing Cycle. If during the Billing Cycle the Client deactivates or requests the deactivation of any Computable NIF, there will be no refund of the monthly Consideration paid for that Billing Cycle.
If during a current Billing Cycle the Client contracts a payment plan increasing the number of Computable NIFs, they must pay at that time the corresponding price amount in proportion to the remaining Billing Cycle.
The Computable NIFs of a Billing Cycle shall be maintained for the following Billing Cycle, unless the Client requests their deactivation before the next Billing Cycle begins.
If the limit of 3,000 invoices per Computable NIF is exceeded during a billing cycle, the corresponding additional charge will be added to the amount payable by the Client at the beginning of the next Billing Cycle.
The Client may maintain their Client account on the free version indefinitely.
The Client may maintain the paid plan they have contracted as long as they are current on the payment of the price and during the contracted term (monthly or annual). The contract shall be automatically renewed for an identical term to the one initially contracted unless either Party notifies the other of its intention not to renew at least five (5) days prior to the expiration date of the initial term (monthly or annual) or any of its renewals.
If the Client requests cancellation of the contracted plan, they may continue using the service until the end of the contracted period (monthly or annual), without being charged the amount corresponding to the next Billing Cycle.
If the Client terminates the Verifacti service contract, the data stored in Verifacti (including invoicing records and invoices generated from client API calls) shall be retained for a period of THIRTY (30) calendar days. After such period, all such information shall be automatically and permanently deleted. Likewise, data of those End Users whose NIF has been deactivated shall be retained for a period of THIRTY (30) calendar days from the deactivation date, and shall be automatically and permanently deleted after such period. In any of the above cases, it shall be the Client's responsibility to download, if necessary, the corresponding information within the aforementioned thirty calendar day period.
Early termination of the service contract may also occur if any of the causes provided for in the applicable legislation or in these T&C exist.
BILBABIT may withdraw or suspend the provision of services at any time and without prior notice in the event of breach of any of the obligations assumed under the T&C, with express reservation of the right to claim, where applicable, any damages that may be incurred as a result of such breach.
BILBABIT shall issue the corresponding invoice detailing the Value Added Tax (VAT) and applying the tax withholdings that, where applicable, correspond according to the rate in effect at the time. For this purpose, complete billing information must be provided.
BILBABIT may deny the Client access to Verifacti in any of the following cases:
The denial of access to the services will be communicated by email to the address provided by the Client.
BILBABIT shall have the right to establish at any time promotional campaigns for its services with certain advantages for users, which shall remain in effect for the time they are published on the Website or for the time established in the corresponding promotion. Promotions are not cumulative.
The use of Verifacti for any purpose other than that for which its functionalities are intended is strictly prohibited.
The Client shall be liable for any improper use they make, as well as for the improper use by any third party to whom they grant access to their account.
The Client shall be solely liable to its End Users for their contracting of a license to use the Client's SIF.
The Client declares and warrants that they are authorized and/or have all necessary authorizations to communicate to Verifacti all personal data and fiscal information of End Users in order to fulfill the purpose of these T&C.
In the event that the Website or Verifacti allows participation through the posting of comments or the creation of content, it is absolutely prohibited to disseminate content or propaganda of an unlawful, racist, xenophobic nature, in support of terrorism, contrary to human rights, or that incites hatred, violates the dignity of the person, or is of a defamatory, slanderous nature, or against public order or safety. BILBABIT reserves the right to remove all comments and/or content that violate the foregoing or that are not suitable for publication.
In any case, BILBABIT shall not be liable for the opinions expressed or for the content published by users through forums, chats, blogs, or other participation tools that may be created, except as expressly provided by applicable regulations.
The use of screen scraping, web scraping, or any other programming technique or technique of any kind that allows the extraction of information or data hosted, stored, or accessible in Verifacti without the express written authorization of BILBABIT is expressly prohibited.
BILBABIT shall provide the Client with support service through the email address soporte@verifacti.com or any other means of communication that BILBABIT establishes during the term of the service contract:
BILBABIT shall in no case provide support service directly to the Client's End Users.
The support service shall be provided from Monday to Thursday in Spanish peninsular time from 09:00 to 13:00, except for national, regional, or local holidays in Bilbao (Bizkaia).
BILBABIT expressly declares and warrants that it is the legitimate owner of all intellectual property exploitation rights that may apply to Verifacti; by way of example and not limitation, the rights of reproduction, distribution, public communication, and transformation. In accordance with current regulations, the rights over Verifacti also cover its preparatory documentation, its technical documentation, and its user manuals.
BILBABIT shall be liable to the Client for the originality of Verifacti and the ownership of the rights therein, and expressly declares that it has no impediment whatsoever in granting a license to use Verifacti in accordance with the provisions of these T&C.
BILBABIT guarantees the Client that access to Verifacti is secure and free from any type of computer virus or harmful component that could damage the Client's Invoicing Information System.
Verifacti and the data stored therein are hosted on BILBABIT's own servers and/or on subcontracted servers of third-party hosting service providers located in European territory.
BILBABIT shall make commercially reasonable efforts to provide a service available 24 hours a day, 7 days a week, except in the following cases:
Notwithstanding the foregoing, the Parties agree to the following Service Level Agreement (SLA) regarding service failures not caused by the exceptional causes described above.
BILBABIT commits to resolving incidents within the following repair times counted in business hours:
Business hours are considered to be those between 09:00 and 15:00 (Spanish peninsular time) from Monday to Friday, excluding national, regional, or local holidays in Bilbao (Bizkaia).
However, in the event of a Critical Failure (CF) outside of business hours, BILBABIT has enabled the email address emergencias@verifacti.com with the commitment to begin diagnostic work within 4 hours following the notification of the failure, regardless of the day or time it occurs. If the Client uses said email address when no Critical Failure (CF) has occurred, BILBABIT may charge the Client the amount that attending to the reported incident has cost BILBABIT at a rate of €50.00/hour.
The repair time count (8 business hours) shall begin on the next business day, but this initial attention shall ensure early detection and the activation of mitigating or preventive measures.
In the event of non-compliance with repair times, or if failures reach the frequency detailed below, the corresponding penalties shall apply, to be deducted from the price amount payable by the Client to BILBABIT, upon request from the Client through soporte@verifacti.com.
| Time exceeded ("t") or No. of monthly failures | Penalty (%) on the Monthly Price |
|---|---|
| 30 min < t ≤ 1 hour / 2 MF or 5 mF | 3% |
| 1 hour < t ≤ 3 hours / >2 MF or >5 mF | 6% |
| 3 hours < t ≤ 8 hours / > 5 MF or >10 mF or 1 CF | 15% |
| 8 hours < t ≤ 24 hours / > 7 MF or > 14 mF or 2 CF | 25% |
For unavailability times exceeding the above, the penalty shall be calculated proportionally according to the above tiers, without exceeding, in any case, 100% of the Monthly Consideration.
For the purposes of this SLA, Monthly Price means the amount that the Client must pay to BILBABIT as the Verifacti license fee, i.e., the monthly fee or the proportional part of the annual fee, for the month in which the failure(s) occurred.
BILBABIT declares, under its sole responsibility, that the Verifacti REST API and its components comply with the requirements established in the Regulation approved by Royal Decree 1007/2023, of December 5, as well as with the provisions of Order HAC/1177/2024, of October 17, regarding the technical and functional characteristics of invoicing information systems, when Verifacti is integrated as a component of the Client's SIF.
BILBABIT shall make the Verifacti REST API available to the Client "as is," without any other implied or presumed warranty, except those expressly set forth in these T&C.
BILBABIT solely commits to guaranteeing the correct technical functioning of Verifacti in accordance with the provisions of these T&C. In the event of technical errors attributable to BILBABIT, its liability shall be limited to correcting the detected defect or, where applicable, to a partial refund of the Monthly Price as provided in the Service Level Agreement (SLA).
The Client relies on Verifacti and the results derived from its integration with their own SIF solely at their own risk. BILBABIT assumes no liability for indirect damages or loss of profits arising from the use of Verifacti by the Client or its End Users, except in cases of willful misconduct or breach of contract by BILBABIT.
BILBABIT and the Client, in the exercise of their respective activities, shall be directly responsible for compliance with all obligations that legally correspond to them.
BILBABIT shall not be liable in any case for:
BILBABIT reserves the right to modify or include changes in these T&C as a result of the modification, evolution, and enactment of laws, regulations, and standards applicable to the provision of the service and/or aspects related thereto, or in connection with technical or technological aspects that could not have been foreseen at the time these conditions were drafted.
BILBABIT shall have the right to:
BILBABIT commits to providing the services in accordance with the terms established in these T&C.
The Client shall have the right to use the contracted services in accordance with the provisions of these T&C.
By contracting Verifacti services, the Client shall be obliged to:
The personal data that BILBABIT processes as Data Controller shall be processed in accordance with the Privacy Policy published on the Website (https://www.verifacti.com/privacidad) to which we refer to avoid unnecessary repetition.
By contracting the services of BILBABIT, it is authorized to process, on behalf of the Controller, the personal data necessary to provide the contracted services.
The processing of the Processed Data shall take place for as long as the service contract with the Client is in effect.
The processing of data by BILBABIT as Data Processor shall be carried out at its own facilities through its own digital means and systems. The nature of the processing of the Processed Data is automated and consists of storing and having access to personal data.
The purpose of the processing of the Data by the Data Processor on behalf of the Data Controller is exclusively the provision of the services contracted by the Data Controller.
For these purposes, the categories of Data Subjects and the types of data that may be processed by BILBABIT as Data Processor are detailed below:
| Data Subject | Types of Personal Data | Authorized Data Operations |
|---|---|---|
| Client employees with access to Verifacti | Name and email address | Those strictly necessary to achieve the purpose of providing the contracted services, and specifically:
|
| End Users of the SIF | Fiscal invoicing data (name, surnames, Tax ID, fiscal address, billable items) | |
| Clients of End Users |
The duty to inform the Data Subject of the processing shall be the sole responsibility of the Data Controller.
The Controller guarantees that the data provided to the Processor has been obtained lawfully and that it is adequate, relevant, and limited to the purposes of processing.
The Controller shall make available to the Processor all information necessary for the provision of the services.
BILBABIT commits to complying with all obligations incumbent upon it as Data Processor in accordance with the provisions of current legislation and any other provisions or regulations that also apply.
BILBABIT shall not use or apply the Processed Data for purposes other than the provision of the contracted service.
The Data Processor shall make available to the Data Controller the necessary information to demonstrate compliance with the data processing agreement, allowing inspections and audits necessary to assess the processing.
BILBABIT guarantees that the persons authorized to process the Processed Data have expressly committed in writing to respect the confidentiality of the data and are subject to a legal obligation of confidentiality.
BILBABIT shall take measures to ensure that any person acting under its authority and having access to personal data can only process it in accordance with the instructions of the Data Controller and is obliged to do so under current legislation.
BILBABIT guarantees that the persons authorized to process the data have received the necessary training to ensure that the protection of personal data will not be put at risk.
BILBABIT declares that it is up to date with the obligations arising from data protection regulations, especially with regard to the implementation of security measures for the different categories of data and processing established in Article 32 of the GDPR.
BILBABIT guarantees that these security measures will be properly implemented and that they will help the Data Controller comply with the obligations established in the GDPR, taking into account the nature and information available to the Data Processor.
The Data Controller shall carry out an analysis of the potential risks arising from the processing in order to determine the appropriate security measures to guarantee the security of the processed information and the rights of the Data Subject. If the Data Controller determines that risks exist, they shall send the Processor a report with the impact assessment so that the Data Processor can proceed to implement the appropriate measures to prevent or mitigate the risks.
BILBABIT must analyze the potential risks and other circumstances that may impact security and that may be attributable to it, and, where applicable, must inform the Data Controller in order to assess their impact.
Security breaches of which the Data Processor becomes aware shall be notified without undue delay to the Data Controller for their knowledge and application of measures to remedy and mitigate the effects caused.
The notification of a potential security breach shall contain at least the following information:
The Data Processor may not disclose data to other recipients unless they have previously obtained the written authorization of the Data Controller, which, if it exists, shall be attached to this agreement.
The transmission of data to public authorities in the exercise of their public service does not require the authorization of the Controller if such transmissions are necessary to achieve the purpose of the processing.
BILBABIT commits to fully complying with the applicable Data Protection Laws regarding the engagement of Sub-processors, including the conditions referred to in Article 28 of the GDPR, where applicable.
BILBABIT shall have general authorization for the engagement of the following sub-processors currently used:
| Sub-processor | Sub-processor Information | Description of Processing |
|---|---|---|
| Google Cloud EMEA Limited | Velasco Clanwilliam Place Dublin 2 Ireland IE3668997OH | Hosting on Verifacti servers |
BILBABIT shall specifically inform the Controller in writing of any change it intends to make to the list, whether by adding to it or replacing a Sub-processor with another, with a minimum of 30 days' notice, thereby giving the Controller sufficient time to object to such changes before the engagement of the Sub-processor(s) in question.
BILBABIT shall provide the Controller with the necessary information so that they may exercise their right of objection. If the Controller does not object within the aforementioned 30-day period, authorization to appoint the Sub-processor shall be deemed granted.
BILBABIT shall observe, where applicable, the implementation of appropriate safeguards, including, but not limited to, the use of Standard Contractual Clauses (SCCs) and/or other applicable measures.
BILBABIT must include in any agreement with Sub-processors who receive Confidential Information a provision whereby the Sub-processor shall be subject to the same confidentiality, data protection, and data security obligations to which the Processor is bound under the Agreement and this DPA.
In any case, BILBABIT shall remain fully liable for any negligence and/or damage caused to the Controller and/or their Processed Data and for any violation of Data Protection Laws or Data Subject Rights by its Sub-processors.
BILBABIT provides its services through servers located in European territory, and therefore there is no international transfer of Processed Data. Notwithstanding the foregoing, if the Processor intends to process the Processed Data outside the territory of the European Economic Area (EEA), including through the use of Sub-processors or transfer data to any third country or international organization without an adequacy decision in accordance with Article 45.3 GDPR, or any other existing legal requirement/limitation under applicable data protection laws with respect to transfers of personal data, BILBABIT shall only do so subject to the prior written approval of the Data Controller and subject to the implementation of appropriate safeguards, including, but not limited to, the use of Standard Contractual Clauses (SCCs), which shall apply automatically where necessary, and/or other applicable measures, to ensure sufficient safeguards for compliance with such requirements and any applicable data protection law.
BILBABIT shall create, whenever possible, and taking into account the nature of the processing, the necessary technical and organizational conditions to assist the Controller in their obligation to respond to requests regarding their rights from any Data Subject.
In the event that the Processor receives a request for the exercise of such rights, it shall notify the Controller immediately, and in no case later than the next business day following receipt of the request, together with any other information that may be relevant for the resolution of the request.
In accordance with Article 82 of the GDPR, the Data Controller shall be liable for damages caused by any processing operation in which it participates and which does not comply with the provisions of the GDPR, and only the Data Processor shall be liable for damages and losses caused by the processing when it has not fulfilled the obligations of the GDPR specifically directed at the Data Processor or has acted outside or against the lawful instructions of the Data Controller.
Likewise, the Data Processor shall be exempt from liability if it can demonstrate that it was in no way responsible for the event that caused the damage or loss.
Once the contracted services have ended for any reason, if the Data Processor has stored personal data, or any other document and/or medium that may have been provided by any means, it must return or delete them, at the discretion of the Data Controller, including any existing copies.
Data shall not be deleted when their retention is required by a legal obligation, in which case the Data Processor shall continue to store them, blocking the data and limiting their processing to the extent that liabilities may arise from its relationship with the Data Controller.
The Data Processor shall maintain the obligation of secrecy and confidentiality of the data even after the relationship arising from the service contract has ended.
In the event that the Client wishes to have a signed copy of the Data Processing Agreement (DPA), they may request it by sending an email to info@verifacti.com.
By accepting these T&C, the Client authorizes BILBABIT to publicize the Client's name, trademark, or logo on the website and other advertising media of BILBABIT, as a reference that they are a user of Verifacti, unless they communicate their opposition in this regard to BILBABIT.
BILBABIT reserves the right to modify the services in order to adapt them:
These terms and conditions shall be governed by Spanish law, although the choice of law does not prevent invoking the protection afforded by the mandatory provisions of the law of habitual residence in the event of having consumer or user status, although Verifacti is directed at companies and/or professionals that contract it for a purpose related to their commercial, business, trade, or professional activity.
Any divergence and/or disagreement with respect to the provisions of these conditions shall be submitted to the Courts and Tribunals of Bilbao.
In the unlikely event that the Client may be considered a consumer or user under consumer protection regulations, the courts and tribunals of their domicile shall have jurisdiction.