Privacy policy

Information on how we process your personal data

Data controller: VOIPER TELECOM, S.L. — NIF B86990827
Address: Camino de las Cañadas, 1D, Office 21 — 29651 Las Lagunas de Mijas (Málaga), Spain
DPO contact: dpd@voiper.es

1. Purpose and scope

This Privacy Policy aims to inform you about the processing of your personal data by VOIPER TELECOM, S.L. (also The SIP House) in compliance with Regulation (EU) 2016/679 (GDPR) and Spanish Organic Law 3/2018 on Personal Data Protection and Guarantee of Digital Rights (LOPD-GDD).

This policy applies to all personal data collected through our website thesiphouse.com, contact forms, service requests and any other interaction you have with us.

We recommend that you read this policy carefully before providing us with your personal data. For any question, you can reach our Data Protection Officer at dpd@voiper.es.

2. Identity of the data controller

VOIPER TELECOM, S.L.
Tax ID (NIF): B86990827
Camino de las Cañadas, 1D, Office 21
29651 Las Lagunas de Mijas — Málaga (Spain)
General email: info@thesiphouse.com
DPO email: dpd@voiper.es

3. Personal data we process

We process personal data you provide directly when you complete our forms, contract our services or contact us, including: name and surname, email, phone number, company name, professional position, billing details and data related to the contracted services.

We may also collect navigation data through cookies, on the terms described in our Cookies Policy.

In some cases we may receive personal data from third parties — for example, when a corporate customer registers extensions or accounts on behalf of their employees or collaborators. In those cases the corporate customer acts as data controller and is responsible for informing those individuals under art. 14 GDPR. VOIPER TELECOM, S.L. will process such data solely for the provision of the contracted service.

4. Legal basis

The processing of your personal data is based on the following legal bases under art. 6 GDPR, linked to each purpose:

  • Performance of a contract (art. 6.1.b): management and provision of the contracted VoIP services, extension configuration, invoicing and collection, and customer support.
  • Legal obligation (art. 6.1.c): compliance with tax, accounting and commercial obligations; retention of communications traffic data for 12 months under Spanish Law 25/2007; and other regulatory obligations applicable to telecommunications operators.
  • Legitimate interest (art. 6.1.f): maintaining systems security, fraud detection and prevention, and network incident management.
  • Consent (art. 6.1.a): sending commercial communications about our products and services. You can withdraw this consent at any time without affecting the lawfulness of prior processing.

5. Purposes of processing

VOIPER TELECOM, S.L. acts as data controller for personal data of its customers (companies and professionals) and of users who interact directly with the website. As a telecommunications operator providing SaaS services, it may also act as data processor (art. 28 GDPR) for personal data of end users managed by its corporate customers through the platform (e.g., employee extensions, call recordings). In those cases the data controller is the corporate customer and the relationship is formalised through the corresponding Data Processing Agreement.

With your prior, express consent, we may process your data to send commercial communications about our products and services. You may withdraw this consent at any time by writing to dpd@voiper.es or by clicking the unsubscribe link in any of our communications.

Summary of purpose → legal basis → retention period (following AEPD's layered-information guidance):

Purpose Legal basis (GDPR art. 6) Retention period
Provision of contracted services (technical management, extension provisioning, customer support) Performance of contract (6.1.b) Duration of contract + applicable limitation periods
Invoicing and accounting Legal obligation (6.1.c) — Spanish Commercial Code, LGT 6 years (Commercial Code), 4 years (LGT)
Retention of traffic and location metadata Legal obligation (6.1.c) — Spanish Law 25/2007 12 months
Anti-money laundering (where applicable) Legal obligation (6.1.c) — Spanish Law 10/2010 10 years
Systems security, fraud prevention (IRSF, wangiri) Legitimate interest (6.1.f) Duration of service + 12 months post-mortem analysis
Commercial communications about our own products and services Consent (6.1.a), revocable Until consent withdrawal

6. Data recipients

Your personal data may be communicated to the following categories of recipients where necessary:

  • Financial institutions for payment processing.
  • Public administrations and regulatory bodies where required by applicable regulations.
  • Technology and infrastructure service providers acting as data processors.
  • Companies in the VOIPER TELECOM, S.L. group for coordinated service delivery.
  • Auditors and legal, financial or technical advisors in the framework of their professional services.

7. International data transfers

In carrying out its activity, VOIPER TELECOM, S.L. may use services from providers located outside the European Economic Area (EEA). Where such transfers occur, they take place under one of the mechanisms in Chapter V GDPR (adequacy decision, standard contractual clauses or equivalent safeguards).

Main categories and providers:

  • Security and CDN: Cloudflare, Inc. (United States), adhering to the EU–US Data Privacy Framework (DPF), recognised by the European Commission as an adequate protection mechanism (art. 45 GDPR).
  • Email and productivity: corporate email and office suite providers (selectively Google Workspace and/or Microsoft 365 depending on the department); transfers covered by DPF and/or standard contractual clauses.
  • Cloud infrastructure and backups: primary in EEA-based providers; occasionally hyperscale regions outside the EEA for backup storage, always with standard contractual clauses and in-transit and at-rest encryption.
  • Support and CRM: ticketing and CRM for commercial and support management; where the provider operates outside the EEA, via DPF or standard contractual clauses.

For any other international transfers that may occur, VOIPER TELECOM, S.L. ensures appropriate safeguards under art. 46 GDPR. For more information, contact our DPO at dpd@voiper.es.

8. Data retention

We retain your personal data for the time necessary to fulfil the purpose for which it was collected and, in any case, for the applicable statutory limitation periods. Once the contractual relationship ends, data is blocked and retained for the periods set out in tax, commercial and telecommunications regulations, after which it is securely deleted.

  • Billing and accounting data: 6 years (art. 30 Spanish Commercial Code).
  • Tax obligations: 4 years (art. 66 Spanish General Tax Law).
  • Electronic communications traffic metadata: 12 months (Law 25/2007 on retention of electronic communications data).
  • Prevention of money laundering: 10 years (Law 10/2010).
  • Data of active customers: for the duration of the contract and until the end of the applicable limitation periods.

As a telecommunications operator subject to Spanish General Telecommunications Law 11/2022 and Law 25/2007, VOIPER TELECOM, S.L. retains certain traffic and location data associated with communications carried over its services. Access to such data by competent authorities will only occur in the cases provided for by law and pursuant to a judicial decision or order from a competent authority.

9. Rights of data subjects

The General Data Protection Regulation grants you a number of rights regarding the processing of your personal data. You can exercise these rights free of charge, although we may charge a reasonable fee if requests are manifestly unfounded or excessive.

To exercise your rights, you can contact the Data Protection Officer through the channels indicated in the contact section of this policy.

10. How to exercise your rights

You can exercise your rights by sending a written request, together with a copy of your ID document, by email to dpd@voiper.es or by postal mail to the address of the controller indicated in this policy.

We will respond to your request within one month of receipt. This period may be extended by two more months where necessary, taking into account the complexity and number of requests.

11. List of recognised rights

Specifically, you have the right to:

  • Access: know what personal data we process about you.
  • Rectification: request the correction of inaccurate or incomplete data.
  • Erasure (right to be forgotten): request the deletion of your data when it is no longer necessary for the purposes for which it was collected.
  • Objection: object to the processing of your data on grounds related to your particular situation.
  • Restriction of processing: request that we restrict the processing of your data in certain circumstances.
  • Portability: receive your data in a structured, commonly used and machine-readable format.
  • Not to be subject to automated decisions: not to be subject to decisions based solely on automated processing that produce legal effects on you or significantly affect you.
  • Withdraw consent: at any time when the processing is based on your consent (art. 7.3 GDPR), without affecting the lawfulness of prior processing.
  • Complaint to the AEPD: lodge a complaint with the Spanish Data Protection Agency (www.aepd.es) if you consider that the processing does not comply with the GDPR.

12. Data Protection Officer contact

For any query, request or complaint related to the processing of your personal data, you can contact our Data Protection Officer:

  • Email: dpd@voiper.es
  • Postal address: Camino de las Cañadas, 1D, Office 21 — 29651 Las Lagunas de Mijas (Málaga), Spain

We guarantee a response within one month of receiving your request, except in cases of particular complexity where the period may be extended by two additional months, with prior reasoned notice.

13. Right to lodge a complaint with the supervisory authority

Without prejudice to the rights above, you have the right to lodge a complaint with the competent supervisory authority for data protection in Spain: the Spanish Data Protection Agency (AEPD).

14. Children's data

The SIP House services are aimed exclusively at corporate and professional customers. They are not directed to children under 14 and we do not knowingly collect their data. If we detect that personal data of a minor has been provided without parental consent, it will be immediately deleted in accordance with art. 7 LOPDGDD. Anyone may request such deletion by contacting dpd@voiper.es.

15. Cookies Policy

For more information about cookies used on this website, see our Cookies Policy.

16. Updates to this policy

VOIPER TELECOM, S.L. reserves the right to update or amend this Privacy Policy at any time. Where substantial changes are made, we will notify you by email or by a prominent notice on our website before they take effect.

17. Governing law and jurisdiction

This Privacy Policy is governed by Spanish and European data protection law, in particular the GDPR and LOPD-GDD. For business (B2B) relationships, disputes are submitted to the Courts and Tribunals of Málaga. For users acting as consumers (B2C), the jurisdiction of the consumer's domicile applies under art. 52 LEC and the TRLGDCU.