Legal Notice

OMNITEL COMMUNICATIONS SL. - B81040669

OMNITEL COMUNICACIONES S.L. C/ Colquide 6 Edificio Prisma, portal 2, 1ºA - 28231 Las Rozas de Madrid (Spain). E-mail: privacity@grupo-omnitel.es

Purpose of processing: The provision of Marketing and Business Development services for the technology sector.

Interested parties: Companies that want to hire Marketing and Business Development services.

Addressees: Clients

Retention period: The data provided will be kept as long as the business relationship is maintained or for the time necessary to comply with legal obligations and meet any liabilities that may arise from the fulfillment of the purpose for which the data were collected.

This Privacy Statement informs you of our privacy practices and other choices you can make about the way we collect information about your online activity, device usage and information you provide to Omnitel Comunicaciones S.L. This privacy statement applies to all Omnitel Group investee companies(Omnitel Comunicaciones and Adjudicaciones TIC) as well as websites, domains, services, applications and products owned by Omnitel and its affiliates (collectively "Omnitel Group").

1 Introduction

1.1 Purpose

OMNITEL COMUNICACIONES S.L. attaches great importance to the processing of personal data as a key element in its activity.

For this reason, OMNITEL COMUNICACIONES S.L. has decided to define, approve and implement the present Personal Data Protection Policy that includes the regulatory requirements according to the particular characteristics of OMNITEL COMUNICACIONES S.L. in the processing of personal data in accordance with its activity and according to its structure and available resources.

This document is intended to be a stable framework, but due to the continuous evolution and intrinsic changes of information systems and the complexity of regulations, this Policy should be supplemented or developed by other documents.

Likewise, with the acceptance of the present policy, we proceed to the acceptance of the protocol in the matter of Data Protection.

1.2 Principles

The principles relating to the processing of personal data are as follows:

  • Principle of lawfulness, fairness and transparency: personal data must be processed in a lawful, fair and transparent manner in relation to the data subject.
  • Purpose limitation principle: personal data must be collected for specified, explicit and legitimate purposes and will not be further processed in a way incompatible with those purposes.
  • Data minimization principle: personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  • Principle of data accuracy: personal data must be accurate and, if necessary, updated.
  • Principle of limitation of the storage period: keeping the data no longer than necessary for the purposes of the processing.
  • Principle of integrity and confidentiality: personal data shall be treated in such a way as to ensure adequate data security.
  • Principle of proactive responsibility: manifested, among others, in extreme diligence in the choice of the data processing provider and in the implementation, prior to the start of processing, of appropriate technical and organizational measures (obligation of privacy by design) and allowing that, by default, only data necessary for each of the specific purposes are processed (obligation of privacy by default).

1.3 Regulatory framework

The specific related regulations are mainly the following:

Standard Reference
GDPR Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Recital 78
Article 24.2 Responsibility of the data controller
LOPD Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales. Full text

1.4 Legitimacy for treatment

The legal basis depends on the Services you use and how you use them. This means that we collect and use your information only when we need it to provide the Services to you, including to operate the Services, provide customer support and personalized features, and protect the security of the Services.

It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; we need to do so to satisfy the terms of our agreement with you; you consent to us doing so for a specific purpose; or we need to process your data to comply with a legal obligation.

If you have consented to us using your information for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we use your information because we or a third party (for example, your employer) have a legitimate interest in doing so, you have the right to object to that use, although, in some cases, this may mean ceasing to use the Services.

 

2 Scope

The scope of application of the present Policy is exclusively limited to OMNITEL COMUNICACIONES S.L.individually.

2.1 Legitimation of the data

We receive and store all information that you enter on our website or otherwise provide to us. You can choose not to provide certain information, but if you do, you may not be able to take advantage of many of the features we offer. The information you provide is useful to us in responding to your requests, personalizing future communications, improving our sites and contacting you.

The main purpose of collecting your personal data is to provide you with a secure, optimal, efficient and personalized experience. To this end, you agree that we may use your personal data to:

  • Customize, evaluate and improve our services, content and materials.
  • Analyze the volume and history of your use of our services.
  • Inform you about our services, as well as the services and promotional offers of our partners.
  • Prevent, detect and investigate any activities that are considered potentially prohibited, illegal or contrary to good practices and ensure compliance with our terms of use and shipping policy.
  • Comply with legal and regulatory obligations.

We use the personal data you provide only in accordance with applicable data protection legislation.

 

3 Structure and functions in the field of data protection

OMNITEL COMUNICACIONES S.L. has structured its organization with different data processing functions.

- Responsible for treatment

It is the responsibility of OMNITEL COMUNICACIONES S.L., to determine the purposes, means of the processing and the appropriate technical and organizational measures to be applied in order to guarantee and prove that the processing of personal data is carried out in accordance with the applicable regulations on the matter, taking into account the nature, scope, context and purposes of the processing, as well as the risks of varying probability and severity for the rights and freedoms of natural persons.

- Security Manager

This is the person designated primarily to coordinate and control security measures.

- System Administrator

It is responsible for managing and maintaining the operational environment of data processing.

- Personnel Manager

It is responsible for ensuring that the internal rules are known by the employees, adopting the necessary publicity and training measures for this purpose.

- Directly responsible for treatment activities

For each processing activity, a person directly responsible for it will be identified whose main function is to collaborate directly with the Security Officer in the performance of his or her duties. Likewise, he/she must propose changes and improvements and report any modification related to the processing activity.

- Data Processor

OMNITEL COMUNICACIONES S.L. may appoint processors to process personal data for which it is responsible. The processor may only process such data on its instructions.

OMNITEL COMUNICACIONES S.L. will choose only processors that offer sufficient guarantees in the implementation of appropriate technical and organizational measures, so that the processing by it ensures the protection of the rights of data subjects.

The processing by the processor shall be governed by a contract, which binds the processor to the controller and sets out the subject matter, duration, nature and purpose of the processing, the type of personal data and categories of data subjects, and the obligations and rights of the controller and processor, including the security measures to be implemented.

The processor may not use another processor without the prior written authorization, specific or general, of the controller.

OMNITEL COMUNICACIONES S.L. will have an updated list of all those service providers that perform data processing under its responsibility.

- Data Protection Officer

The Company will designate a Data Protection Delegate, to advise and inform to OMNITEL COMUNICACIONES S.L. of the obligations incumbent upon it in terms of data processing. His or her designation does not exempt him or her from responsibility for data processing.

OMNITEL COMUNICACIONES S.L. will provide the Data Protection Officer with the necessary resources for the performance of its functions, as well as access to personal data and processing operations.

The Data Protection Delegate is accountable to the highest hierarchical level of OMNITEL COMUNICACIONES S.L.

4 Security of personal data

Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing, as well as risks of varying likelihood and severity to the rights and freedoms of natural persons, OMNITEL COMUNICACIONES S.L. will apply appropriate technical and organizational measures to ensure a level of security appropriate to the risk. To ensure the security of special category data, specific measures will be adopted.

Within the framework of its services, OMNITEL COMUNICACIONES S.L attaches the highest importance to the security and integrity of its customers' personal data.

Therefore, and in accordance with the European General Data Protection Regulation 2016/679, OMNITEL COMUNICACIONES S.L undertakes to take all necessary precautions to preserve the security of the data and, in particular, to protect them against any accidental or unlawful destruction, accidental loss, corruption, unauthorized circulation or access, as well as against any other form of unlawful processing or disclosure to unauthorized persons.

To this end, OMNITEL COMUNICACIONES S.L applies industry standard security measures to protect personal data from unauthorized disclosure.

Also, to avoid, in particular, any unauthorized access, ensure the accuracy and correct use of the data, OMNITEL COMUNICACIONES S.L has implemented appropriate electronic, physical and management procedures to protect and preserve the data collected through its services.

However, absolute security against hacking or hackers is not guaranteed. Therefore, in the event of a security breach affecting you, OMNITEL COMMUNICATIONS S.L undertakes to inform you about it without undue delay and to take all necessary measures to stop the intrusion and minimize the consequences. In case of suffering any loss due to the exploitation by a third party of a security breach, omnitel comunicaciones s.l. undertakes to inform you without undue delay and to take all necessary measures to stop the intrusion and minimize the consequences, OMNITEL COMUNICACIONES S.L undertakes to provide you with all the necessary assistance so that you can assert your rights.

Any user, customer or hacker who discovers and takes advantage of a security breach exposes himself to criminal and criminal prosecution. OMNITEL COMUNICACIONES S.L will take all measures, including filing a lawsuit and/or initiating legal action, to preserve the data and rights of its users or itself and limit the effects.

 

5 Preparation, updating and approval

The responsibilities for preparing, updating and approving the Policy, in order to achieve a correct segregation of functions that avoids the existence of conflicts of interest, are distributed as follows:

  • The preparation and updating of the Policy is the responsibility of the Security Officer with the support of the Data Controllers.
  • The Company's management studies and proposes its approval.
  • The review of compliance with the Policy is the responsibility of Internal or External Audit.

Its content is reviewed and updated at least once a year and as many times as necessary to adapt it to significant changes that affect any of the elements that make up this Policy.
(Spain).

6 Information of general interest

This document has been designed for low risk personal data processing, from which it follows that it cannot be used for personal data processing that includes personal data related to ethnic or racial origin, political, religious or philosophical ideology, trade union affiliation, genetic and biometric data, health data, and sexual orientation data of individuals as well as any other data processing that involves high risk to the rights and freedoms of individuals.

Article 5.1.f of the General Data Protection Regulation (hereinafter GDPR) determines the need to establish adequate security safeguards against unauthorized or unlawful processing, against loss of personal data, accidental destruction or damage. This implies the establishment of technical and organizational measures aimed at ensuring the integrity and confidentiality of personal data and the possibility of demonstrating, as established in Article 5.2, that these measures have been put into practice (proactive liability).

In addition, it must establish visible, accessible and simple mechanisms for the exercise of rights and have defined internal procedures to guarantee effective attention to the requests received.

 

7 Attention to the exercise of rights

The controller shall inform all employees about the procedure for addressing the rights of data subjects, clearly defining the mechanisms by which the rights can be exercised and taking into account the following:

  • Upon presentation of their national identity card or passport, the holders of personal data (data subjects) may exercise their rights of access, rectification, deletion, opposition, portability and limitation of processing. The exercise of these rights is free of charge.
  • The data controller shall respond to data subjects without undue delay and in a concise, transparent, intelligible, clear and plain language and retain proof of compliance with the duty to respond to requests for the exercise of rights made.
  • If the request is submitted electronically, the information will be provided by electronic means whenever possible, unless the interested party requests otherwise.
  • Requests must be answered within 1 month of receipt, which may be extended by a further two months taking into account the complexity or number of requests, but in this case the interested party must be informed of the extension within one month of receipt of the request, stating the reasons for the delay.

 

RIGHT OF ACCESS: In the right of access, the interested parties will be provided with a copy of the personal data available together with the purpose for which they have been collected, the identity of the recipients of the data, the expected retention periods or the criteria used to determine it, the existence of the right to request the rectification or deletion of personal data as well as the limitation or opposition to its processing, the right to file a complaint before the Spanish Data Protection Agency and if the data have not been obtained from the interested party, any available information about its origin. The right to obtain a copy of the data may not adversely affect the rights and freedoms of other data subjects.

 

RIGHT OF RECTIFICATION: In the right of rectification will proceed to modify the data of the interested parties that were inaccurate or incomplete according to the purposes of treatment. The interested party must indicate in the request to which data refers and the correction to be made, providing, where necessary, supporting documentation of the inaccuracy or incompleteness of the data being processed. If the data have been communicated by the data controller to other data controllers, the data controller must notify them of the rectification of the data unless it is impossible or requires a disproportionate effort, providing the data subject with information about such recipients, if requested.

 

RIGHT OF DELETION: Under the right of deletion, data subjects' data will be deleted when they express their refusal to the processing and there is no legal basis to prevent it, it is not necessary in relation to the purposes for which it was collected, they withdraw the consent given and there is no other legal basis that legitimizes the processing or it is unlawful. If the erasure derives from the exercise of the data subject's right to object to the processing of his or her data for marketing purposes, the data subject's identification data may be retained in order to prevent future processing. If the data have been disclosed by the data controller to other data controllers, the data controller shall notify them of the erasure unless it is impossible or would require a disproportionate effort, providing the data subject with information about such recipients upon request.

 

RIGHT TO OPPOSITION: Under the right to object, where data subjects express their refusal to the controller to the processing of their personal data, the controller shall cease processing them provided that there is no legal obligation to prevent it. Where the processing is based on a public interest mission or on the legitimate interest of the controller, upon a request to exercise the right to object, the controller shall cease processing the data unless compelling grounds override the interests, rights and freedoms of the data subject or are necessary for the formulation, exercise or defense of claims. If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

 

RIGHT OF PORTABILITY: Under the right of portability, if the processing is carried out by automated means and is based on consent or is performed within the framework of a contract, data subjects may request to receive a copy of their personal data in a structured, commonly used and machine-readable format. They also have the right to request that it be transmitted directly to a new controller, whose identity must be communicated, where technically possible.

 

RIGHT OF LIMITATION OF PROCESSING: Under the right of limitation of processing, data subjects may request the suspension of the processing of their data to challenge its accuracy while the controller carries out the necessary verifications or in the event that the processing is carried out on the basis of the legitimate interest of the controller or in fulfilment of a public interest mission, while it is verified whether these reasons prevail over the interests, rights and freedoms of the data subject. The data subject may also request the retention of the data if he/she considers that the processing is unlawful and, instead of erasure, requests the restriction of the processing, or if, although the data are no longer needed by the controller for the purposes for which they were collected, the data subject needs them for the formulation, exercise or defense of claims. The fact that the processing of the data subject's data is restricted must be clearly stated in the data controller's systems. If the data have been disclosed by the data controller to other data controllers, the data controller shall notify them of the restriction of the processing of such data unless it is impossible or would require a disproportionate effort, providing the data subject with information about such recipients, if so requested.

 

If the data subject's request is not acted upon, the controller shall inform the data subject, without delay and no later than one month after receipt of the request, of the reasons for its failure to act and of the possibility of lodging a complaint with the Spanish Data Protection Agency and of taking legal action.

Omnitel with its alliance and commitment to Security and Privacy with Microsoft also provides the following link: https://privacy.microsoft.com/en-us/privacystatement