Telefónica Group companies are committed to respecting the privacy of Users and the secrecy and security of personal data, in accordance with the provisions of the applicable regulations.
We are 100% transparent with you about the data we collect and/or process about you and we explain why we use it and for what purposes. We will not process your data in an unexpected, opaque, or abusive manner.
You are the only one who can control how your data is used. We provide you with the tools so that you can decide at any time how you want us to handle your data, up to when and how you can access and update your personal information.
We take care to ensure the security, secrecy and confidentiality of your data and personal information. We have carried out the necessary analysis and risk assessments in accordance with the best security and privacy standards in order to implement the most stringent and robust security measures to prevent the loss, alteration, misuse or unauthorised access to your data.
Hereinafter, both entities indistinctly "Telefónica" or "we".
We also inform you that we have a Data Protection Officer who ensures compliance with data protection regulations at Telefónica, and who can be contacted for any questions, queries and/or complaints you may have when we process your data, by writing to DPO_telefonicasa@telefonica.com.
The data that we process about you are as follows:
In general, we obtain this data either directly from you, when you fill in the registration form in Latch, fill in the User profile, make an enquiry, complaint or suggestion, or contact us by any means and provide us with the required or voluntary data, or we may generate or capture them automatically during registration, during the process of creating a User or during the use of Latch itself in accordance with the operational functioning and/or functionalities existing at any given time.
In this case, all information you provide as a User must be truthful and accurate. For these purposes, the User warrants as to the authenticity of all data provided as a result of filling in the corresponding forms. The User shall be solely responsible for any false or inaccurate statements made, and for any damage caused to Telefónica, or to third parties, as a result of the information provided.
In the event of the provision of false data or data that do not correspond to the account holder, Telefónica reserves the right to cancel the User’s account and/or to take such measures as it deems appropriate for the best defence of its interests and rights, or those of affected third parties who may be affected as a result of the foregoing.
Telefónica reserves the right to verify the information provided by the User by any means that may be appropriate for the purposes of control and/or verification, depending on the state of the art at any given time and what is most appropriate for the protection of the interests and rights of the parties involved.
In other cases, we may also obtain data from third parties with whom, as a User, you have a relationship, and these third parties have reached agreements with Telefónica so that you can become a User, and so they provide us with your basic and strictly necessary data so that you or we can register you and access Latch.
The purposes for which we process your data as a User are as follows:
In general, we will retain your data for the time necessary to fulfil the purpose described in each processing activity and to determine any liability that may arise from that purpose and/ processing.
|Personal data associated with informed processing purposes||Periods and criteria of retention of personal data|
|Provision of the Service and all available functionalities, operation, administration, support and maintenance of Latch||The data will be kept for the essential and necessary time to enable you to correctly browse and use Latch and the content available through Latch, to which you access as a User and, where appropriate, as long as you do not unsubscribe as a User.|
|Conducting surveys, user tests and other research activities.||In general, we may process your personal data for this purpose as long as you have not objected to the processing on the basis of Telefónica’s legitimate interest. However, even if you have not objected to such processing, we will only keep the answers you give to surveys and user tests for a maximum period of 24 months after they have been conducted.|
|Maintaining the activity and security of Latch, preventing information security failures and possible breaches.||We will process your personal data for this purpose for as long as you have not objected to the processing on the basis of Telefónica’s legitimate interest and provided that such objection is considered in the circumstances that you communicate. However, even if you have not objected to this processing, we will only keep your data for this purpose for a maximum period of 48 months after collection.|
|Internal management and response to complaints, claims, reports and litigation related to Latch.||For the time necessary for the possible identification of the parties responsible arising during the processing of the data, always in accordance with the applicable regulations, and may not be used for purposes other than these.|
|Compliance with applicable regulations and response to subpoenas and official letters from the authorities.||For as long as we are obliged to keep them in compliance with a legal obligation.|
|Attention and response to contracting requests, queries, enquiries, suggestions and any other type of contact received.||For the time necessary to correctly deal with your requests and/or specific requests on a case-by-case basis. If they consist of the performance, at your request, of pre-contractual measures or the signing of a contract with Telefónica, your data will be kept for as long as necessary to give due satisfaction to such pre-contractual measures or contractual relationship between the parties.|
|Statistical analysis of Latch||We will process your personal data for this purpose for as long as you have not objected to the processing on the basis of Telefónica’s legitimate interest and provided that such objection is considered in the circumstances that you communicate. However, even if you have not objected to this processing, we will only keep your data for this purpose for a maximum period of 48 months after collection.|
Once the aforementioned retention periods have expired, we will block your personal data during the period of limitation of legal actions and, once this period has expired, we will proceed with its definitive erasure in accordance with the applicable regulations, and/or to its secure anonymisation by Telefónica.
On a general basis, for the provision of the Service and to carry out the processing purposes described above, we may make use of authorised subcontractors acting on behalf of Telefónica, as data processors (e.g. internet service providers, data hosting and technical support providers, platform providers, e-mail providers, security service providers, etc.) and contractually subject to our instructions, only insofar as they are strictly necessary for the provision of the contracted services and only for the period of time strictly necessary for that purpose.
In addition, in the event that there is a legal obligation or requirement to do so, we may disclose your data to the competent public administrations in accordance with said legal obligation or requirement and, where appropriate, also to other bodies such as the State Security Forces and Corps and the justice system.
Finally, you need to be aware that, when the authorised subcontractors acting on behalf of Telefónica or the above-mentioned recipients are located or process your data outside the European Economic Area, we will be making an international transfer of your data in accordance with the provisions of data protection law.
In general, we avoid making international transfers and your data are processed within the European Economic Area, but sometimes we cannot avoid it, or it is strictly necessary for you to benefit from the use of Latch and all its functionalities described in the General Conditions. Furthermore, in the event that we do in fact conduct an international transfer of your data, we assure you that we will take such organisational, technical and contractual measures as may be necessary to ensure the protection and security of your data, such as, for example, signing the European Commission’s Standard Contractual Clauses with the authorised subcontractor or third-party transferee, carrying out impact assessments on the international transfer in question to assess the risk and take measures to mitigate it, encryption of data in transit or at rest, pseudonymisation of the data subject to the international transfer, our best endeavours to ensure you have the possibility to claim damages directly against the authorised subcontractor or recipient of your data located in a third country, etc.
As a User, data protection regulations grant you certain rights over your data which, depending on how they apply, you may exercise against Telefónica. Here’s what they are and how you can exercise them.
We also inform you that on the website of the Spanish Data Protection Agency (www.aepd.es) you can find more information on the characteristics of these rights and download templates for exercising each of them.
This is your right to withdraw your consent to the processing of your data for the purposes that are legitimate on that basis, at any time and in an easy way.
It is your right to ask us for details of the data we hold about you and how we process it, and to obtain a copy of it.
It is your right to obtain the rectification of your inaccurate or erroneous data, as well as to complete incomplete data.
It is your right to request deletion or suppression of your data and information in certain circumstances. However, please note that there are certain occasions when we are legally entitled to continue to store and process your data, for example, in order to comply with a legal obligation to retain data.
It is your right to restrict or limit the processing of your data in certain circumstances. For example, if you apply for deletion of data, but instead of deleting it, you would prefer that we block it and process it only for retention purposes because you will need it later to make a complaint. Again, please note that there may be times when we are legally entitled to refuse your request for a restriction.
It is your right to object to our processing of your data for a specific purpose, in certain circumstances provided for by law and related to your personal situation.
It is your right to ask us to receive your personal data in a structured, commonly used, machine-readable and interoperable format and to transfer it to another data controller, provided that we process your data by automated means.
This is your right to ask us not to subject you, in certain circumstances, to a decision based solely on automated processing of your data, including profiling, that produces legal effects concerning you or similarly significantly affects you.
It is important to bear in mind that when you exercise a right, in some cases, you must clearly specify which right you are exercising and provide a copy of a document proving your identity. It should also be noted that some of the data processing is carried out by Telefónica in a way that does not require the direct identification of the Users, without Telefónica being obliged to obtain and/or process additional information to verify the User for the purposes of enabling the data subject to exercise his/her data protection rights.
In the event that a User exercises a data protection right and, due to the reasons indicated, Telefónica is not in a position to identify him or her in order to deal with the request, it will inform him or her to that effect if possible. Such a request shall be suspended until such time as the User provides additional information enabling him or her to be identified.
Any exercise of rights shall be answered within a maximum period of one (1) month, which may be extended by two (2) months if we need to do on a reasoned basis, taking into account the complexity of the request and the number of requests.
Finally, in the event that you do not agree with the way in which your data is handled by Telefónica, you have the right to lodge a complaint with the national supervisory authority by contacting the Spanish Data Protection Agency (AEPD, by its initials in Spanish), whose contact details are as follows:
Agencia Española de Protección de Datos
C/ Jorge Juan, 6 – 28001 Madrid
We recommend that before submitting any complaint or claim to the Spanish Data Protection Agency (AEPD), you contact our Data Protection Officer in order to analyse the specific situation and try, if necessary, to find an effective and amicable solution. Apart from the above, if you wish, you can also contact the AEPD.
In addition, it shall be communicated directly to the User where it affects his or her rights or freedoms or where, for example, the inclusion of a new processing activity would require the User’s consent or changes the scope of the legitimate interest that enables the processing to be carried out.
Date of publication: October 2022