Privacy Policy

Telefónica Cybersecurity & Cloud Tech, S.L.U. (“Telefónica”), ("Telefónica"), as owner of this website (the "Website"), informs you that the companies of the Telefónica Group are committed to respecting the privacy of users and the secrecy and security of personal data, in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), as well as in Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights and other regulations in force.

Our principles are:

TRANSPARENCY

We will not process your data in an unexpected, obscure, or abusive way.

When we collect your personal data through our Website, you will be properly informed about: who processes your data, what is the purpose of the processing, what is the basis for the legitimacy of the processing, the possibility of exercising your rights and other relevant information. In addition, your data will be deleted according to the defined retention policy about which you will be informed and, in any case, when you request it by exercising your right of cancellation.

CONTROL

We will seek your consent where necessary and we will provide you with the necessary tools to access and update your personal information, as well as to decide how to manage your data, selecting the purposes for which we will process it.

SECURITY

We take care to ensure the security, secrecy and confidentiality of your data. Therefore, as part of our commitment and in compliance with current legislation, we have adopted the most demanding and robust security measures and technical means to prevent their loss, misuse or access without your authorisation, undertaking to keep them secret and guaranteeing our duty to safeguard them by adopting all necessary and reasonable measures to prevent their alteration, loss and unauthorised processing or access, in accordance with the provisions of the applicable legislation.

At Telefónica, your privacy is a priority, which is why we protect your information in accordance with the privacy policy you can read below. If you have any questions, please contact us at gdpr-comms.tech@telefonica.com and we will be happy to help you.

1. Who is the data controller?

   Telefónica Cybersecurity & Cloud Tech, S.L.U., company with Tax ID B-01636760 and registered office in Madrid (Spain), C.P. 28050, Ronda de la Comunicación, s/n, Edificio Oeste 3, will be responsible for the processing of your data in accordance with what we inform you in this Privacy Policy.

   Notwithstanding the foregoing, exceptionally with regard to the provision of certain online platforms such as the "Cybersecurity Services Portal" or the "Cloud Portal", Telefónica may act as Processor or Sub-Processor for the purposes of the applicable data protection regulations, especially in those cases in which it processes personal data on behalf of and for the account of other Operators of the Telefónica Group to which it belongs and/or its B2B customers.

   We also have a Data Protection Delegate who ensures compliance with data protection regulations at Telefónica, and who can be contacted for any questions, queries and/or complaints you may have when we process your data, by writing to DPO_telefonicasa@telefonica.com.

2. What data is processed, for what purpose and why do we process the data?

   Depending on the section of the Website, the data collection channel or the means by which you interact with Telefónica, your data may be processed for the following purposes:

   1. Attention to queries raised through forms or other contact channels

      For what? – Purposes of processing: the purpose of the processing that we pursue is to attend to and respond to queries made by users of the Website and/or, in general, people who contact Telefónica through the rest of the channels provided for this purpose.

      Why? – Applicable legal basis: the legal basis on which we rely to carry out this purpose is the consent you have given by voluntarily contacting us.

      What data? – Type of data: the data we process for this purpose are your identification, contact and/or professional data (e.g. name and surname, email, contact telephone number and/or company you work for), as well as the information contained in the query sent, the processing of which is necessary to provide you with a response.

      Where did they come from? – Origin: the data that we process for this purpose is obtained from you when you complete the contact forms included on the Website and/or send us an email at the contact addresses that we make available to users, including those mentioned in this Privacy Policy.

      Who does it belong to? – Categories of data subjects: the data we process for this purpose relate to users of the Website or, in general, data subjects who send enquiries and any other data subjects whose data have been provided by the sender of the enquiry.

      For how long is it processed? – Retention period: the data that we process for this purpose will be subject to the general retention criteria set out in section 3 of this Policy and, in any event, will not be kept for longer than is necessary to deal with queries and, where appropriate, to meet Telefónica's possible responsibilities in relation to the same.

   2. Sending regular news articles or newsletters

      For what? – Purposes of processing: the purpose of the processing we are pursuing is to send periodic newsletters by e-mail, upon request by the interested party, on the activities carried out by the Telefónica Group and the content generated by the Group through its different areas. Depending on the newsletter to which you have asked to subscribe, your data may be shared with the Telefónica Group companies responsible for it in order to process your subscription request and/or manage the associated mailings.

      Why? – Applicable legal basis: the legal basis on which we rely to carry out this purpose is the consent given when you subscribe to the newsletters.

      What data? – Type of data: the data we process for this purpose are your identification, professional and contact details necessary to send you the newsletter.

      Where did they come from? – Origin: the data we process for this purpose comes mainly from the newsletter subscription forms included on the Website, in addition to the other contact channels provided by Telefónica for this purpose.

      Who does it belong to? – Categories of data subjects: the data we process for this purpose relate to users of the Website and data subjects in general who subscribe to the newsletters.

      For how long is it processed? – Retention period: the data we process for this purpose will be subject to the general retention criteria set out in section 3 of this Policy.

   3. Maintenance and management of the Website owned by Telefónica, its security and user access to it

      For what? – Purposes of processing: the purpose of the processing that we pursue is to maintain active and technically manage the Website owned by Telefónica that is visited by the user and to which this policy and any applicable specific conditions are applicable, to protect it against security incidents and malicious attacks that it may suffer and, in general, to enable free and continuous access to it by all Internet users. The user can find further information on the scope of this purpose in the Cookies Policy applicable to the website owned by Telefónica.

      Why? – Applicable legal basis: The legal basis on which we rely to carry out this purpose is the legitimate interest of Telefónica, as owner, in ensuring the availability and security of its Website for all Internet users who visit it, in accordance with the relevant legal and usage notices.

      What data? – Type of data: the data we process for this purpose are those, generally pseudonymised, which are obtained directly from the devices with which the user accesses and browses the Website owned by Telefónica, the processing of which is strictly necessary for the fulfilment of the aforementioned purpose.

      This website browsing data may include the user's IP address; the date and time of connection; aggregate data on the type of audience browsing the website, such as geographical information, the device used for browsing, technology, etc.; browsing behaviour on the Website, such as the number of pages viewed, average time on the page, bounce rate, whether content is shared through social networks, etc.; as well as aggregate data on the channels from which the audience arrives: organic search, direct search, social networks or referrals.

      Where did they come from? – Origin: the data we process for this purpose comes from the devices with which the user accesses and browses the Website owned by Telefónica.

      Who does it belong to? – Categories of interested parties: the data we process for this purpose refers to users who access and browse the Telefónica-owned Website.

      For how long is it processed? – Retention period: the data we process for this purpose will be subject to the general retention criteria set out in section 3 of this Policy.

   4. Maintenance, management, access and security of the Cybersecurity and Cloud platforms and/or services accessible through the Website for authorised users

      For what? – Purposes of processing: the purpose of the processing that we pursue is to maintain active and manage the services, platforms and/or, in general, private areas that may be accessible at any time through the Website owned by Telefónica and to which, in addition to this Policy, the conditions expressly accepted or agreed to that effect in the framework of collaboration contracts and/or provision of services such as those related to Cybersecurity and Cloud signed with third parties (Telefónica's customer companies) will apply; as well as through the cookies generated in the private areas when users authorised by said third parties browse the Website.

      Why? – Applicable legal basis: the legal basis on which we base the processing of data of users authorised to access certain Telefónica online services and/or platforms, in their capacity as employees of a Telefónica customer company, is the appropriate fulfilment of the contractual relationship between Telefónica and the company in which the authorised user carries out their activity.

      What data? – Type of data: the data we process for this purpose are all those necessary to create, manage and maintain the authorised user's account on the Telefónica service or platform accessible through the Website, as well as those obtained directly from the devices with which the user accesses and browses the Website.

      Where did they come from? – Origin: the data that we process for this purpose are usually communicated either by the users themselves and/or, failing that, by the business customers in which these users carry out their professional activity, as well as from the devices with which the user accesses and browses the Website owned by Telefónica, the processing of which is strictly necessary for the fulfilment of the aforementioned purpose.

      Who does it belong to? – Categories of interested parties: the data we process for this purpose refers to users authorised by Telefónica's customer companies or collaborators to access and browse the private areas of the Website.

      For how long is it processed? – Retention period: the data we process for this purpose will be subject to the general retention criteria set out in section 3 of this Policy.

   5. Management of the relationship with users through Telefónica's social networks

      For what? – Purposes of processing: the purpose of the processing we pursue is to interact and maintain contact with users who interact with Telefónica through the different social networks in which Telefónica has created an official account. This includes the public response to public messages or comments made by such users, appointments, attention and response to private messages through such networks, processing of the request to the Telefónica area or to the Telefónica Group company competent to deal with it, etc. If strictly necessary, your data may be shared with the relevant Telefónica Group companies for the purposes of processing and giving due attention to your request.

      Why? – Applicable legal basis: the legal basis on which we base this purpose is the consent you give when you interact with Telefónica through the social network on which Telefónica has created an official account.

      What data? – Type of data: the data we process for this purpose are your public data in the profile of said social network, identification, contact and other data voluntarily shared during contact maintained through the social network or necessary to resolve the request made.

      Where did they come from? – Origin: the data we process for this purpose comes from the social network through which you contact us and the data we obtain directly from you in that contact.

      Who does it belong to? – Categories of data subjects: the data we process for this purpose refers to users who contact Telefónica through the social network and any other data subjects whose data the user of the social network has been informed of when contacting Telefónica.

      For how long is it processed? – Retention period: the data we process for this purpose will be subject to the general retention criteria set out in section 3 of this Policy.

   6. Management of events organised by or in collaboration with Telefónica

      For what? – Purposes of processing: the purpose of the processing that we pursue is to manage attendance and facilitate access to the event site by interested users who decide to register voluntarily for the events. In addition, we may send out evaluation surveys for events in which you choose to participate.

      Why? – Applicable legal basis: the legal basis on which we rely to carry out this purpose is the consent you give when you apply to attend and/or participate in the relevant event.

      What data? – Type of data: the data we process for this purpose are your identification, professional and contact details necessary to manage your registration, attendance and participation in the event.

      Where did they come from? – Origin: the data that we process for this purpose comes from the registration forms for the events provided for this purpose, whether they belong to Telefónica and/or, where appropriate, to the other co-organisers of the events, as well as from your participation in the event.

      Who does it belong to? – Categories of interested parties: the data we process for this purpose refers to interested users who contact Telefónica showing interest in attending or participating in events.

      For how long is it processed? – Retention period: the data we process for this purpose will be subject to the general retention criteria set out in the following section of this Policy.

   7. Sending commercial or advertising communications about Telefónica's products and services

      For what? – Purposes of processing: the purpose of the processing we are pursuing is to send commercial information, including by electronic means, about Telefónica's products and services.

      Why? – Applicable legal basis: the legal basis on which we rely to carry out this purpose is the express consent of the recipient as a general rule, all in accordance with the applicable regulations.

      What data? – Type of data: the data we process for this purpose are your identification, professional and contact data necessary to manage the shipment.

      Where did they come from? – Origin: the data that we process for this purpose comes from the forms and/or other means of data collection provided for this purpose by Telefónica.

      Who does it belong to? – Categories of interested parties: the data we process for this purpose refers to interested users who contact Telefónica showing interest in receiving commercial information.

      For how long is it processed? – Retention period: the data we process for this purpose will be subject to the general retention criteria set out in the following section of this Policy.

   8. Improving customer satisfaction

      For what? – Purposes of processing: the purpose of the processing that we pursue is to improve the satisfaction of our customers, attending to and responding to suggestions related to our products, services, procedures or attention in general made by users of the Website and/or, in general, people who contact Telefónica through the rest of the channels provided for this purpose. Once the suggestion has been dealt with, your data will also be processed in order to contact you and find out how satisfied you are with it.

      Why? – Applicable legal basis: the legal basis on which we rely to carry out this purpose is the consent you have given by voluntarily contacting us.

      What data? – Type of data: the data we process for this purpose are your identification, contact and/or professional data (e.g. name and surname, email, contact telephone number and/or company you work for), as well as the information contained in the query sent, the processing of which is necessary to provide you with a response.

      Where did they come from? – Origin: the data that we process for this purpose is obtained from you when you complete the contact forms included on the Website and/or send us an email at the contact addresses that we make available to users, including those mentioned in this Privacy Policy.

      Who does it belong to? – Categories of data subjects: the data we process for this purpose relate to users of the Website or, in general, data subjects who send suggestions or queries and any other data subjects whose data have been provided by the sender of the query.

      For how long is it processed? – Retention period: the data that we process for this purpose will be subject to the general retention criteria set out in section 3 of this Policy and, in any event, will not be kept for longer than is necessary to deal with queries and, where appropriate, to meet Telefónica's possible responsibilities in relation to the same. However, once the suggestion has been dealt with, the message may be anonymised, eliminating all personal data that could identify you, keeping the record of opinions in order to improve the processes, products and services provided by the organisation.

3. How long is the data retained?

   In general, we will retain your data for the time necessary to fulfil the purpose described in each processing activity and to determine any liability that may arise from that purpose.

   By way of example, Telefónica has established a series of retention periods that will be applicable depending on the purpose and the legitimate basis applicable to each processing activity, unless a different period has been specified in this Policy and/or in the specific conditions or conditions for the provision of each of Telefónica's products and services:

   • In order to carry out the processing related to the execution of the contract signed with Operators of the Telefónica Group to which it belongs and/or with B2B Customers, the data will be kept for the time strictly necessary to comply with the purposes required by each product or service contracted. For example, data obtained from the B2B Customer will be retained for as long as the B2B Customer is in registration status.
   • In application of civil, commercial and tax legislation, data related to the contracting and invoicing of products and services contracted from Telefónica will be stored for a minimum period of 6 years from the termination of the B2B Customer's contract.

   In any case, your data will be kept in accordance with the retention criteria or specific periods that we inform you of in each case, described in each data processing activity and, where appropriate, until you withdraw your consent and/or object to the processing of your data. In this regard, we will do our best to provide you with an automatic and simple mechanism for you to withdraw the consent granted and/or to object to the processing and, in any case, we are at your disposal at the mailing address for exercising your rights as indicated in section 5 of this Policy.

   Finally, please note that after the above deadlines, the data may be destroyed, blocked or anonymised, as appropriate, and in accordance with the provisions of the law. Consequently, it is hereby informed that the data processed may be subject to an irreversible anonymisation process in compliance, in any case, with the Code of good practices in data protection for Big Data projects, as well as the Guidelines and guarantees in personal data anonymisation procedures published by the Spanish Data Protection Agency with the aim of using all the guarantees established in the legislation, as well as any other measures permitted by the market and technology. In this respect, it should be noted that the principles of personal data protection do not apply to anonymous information.

4. Who is the recipient of the data? Are there any international transfers of data?

   In order to carry out the processing purposes described above, we may make use of authorised subcontractors acting on behalf of Telefónica, as processors (e.g. internet service providers, data hosting and technical support providers, platform providers, e-mail providers, security service providers, etc.) and contractually subject to our instructions, only for the lawful purposes described above and only for the period of time strictly necessary for that purpose.

   In particular, this involves giving access to your data to:

   • Suppliers, as well as the companies they subcontract to, which help to fulfil the purposes described in section 3 of this Policy and/or to communicate and be in contact with you (e.g. Microsoft as our provider of the Office 365 and SharePoint tools).
   • In the event that we need to share your information with other third parties (e.g. sponsors of events for which you have voluntarily registered or another Telefónica Group company for the proper management of such events), we will inform you accordingly and collect the necessary authorisations to do so. Such access shall only be for lawful purposes and for the period of time strictly necessary for that purpose.

   In line with the above, we also inform you that, to the extent strictly necessary to comply with the purposes stated above, your data may be shared with other companies or entities belonging to or linked to the Telefónica Group, for processing under their responsibility and always for the same purposes stated in this Policy. The companies or entities belonging to or linked to the Telefónica Group to which your data may be shared can be consulted in the section "about Telefónica", "about the Company" or the equivalent section that replaces it available on the website www.telefonica.com.

   In addition, where there is a legal obligation or requirement to do so, we may disclose your data to the competent public authorities in accordance with such legal obligation or requirement.

   Where authorised subcontractors acting on behalf of Telefónica or the above-mentioned recipients are located or process your data outside the European Economic Area, we will be making an international transfer of your data in accordance with the provisions of data protection law. In general, we will avoid international transfers and your data will be processed within the European Economic Area. However, where necessary, we will take such organisational, technical and contractual measures as may be necessary to ensure the protection and security of your data, such as, for example, signing the European Commission's Standard Contractual Clauses with the authorised subcontractor or third party transferee, carrying out impact assessments on the international transfer in question to assess the risk and take measures to mitigate it, encryption of data in transit or at rest, pseudonymisation of the data subject to the international transfer, the possibility for the data subject to claim damages directly against the authorised subcontractor or third party transferee, etc.

5. What rights do you have as a data subject?

   As a data subject, data protection regulations grant you certain rights over your data which, depending on how they apply, you may exercise against Telefónica. Here's what they are and how you can exercise them. We also inform you that on the website of the Spanish Data Protection Agency (www.aepd.es) you can find more information on the characteristics of these rights and download templates for exercising each of them.

   • Right to withdraw the consent: this is your right to withdraw your consent to the processing of your data for the purposes that are legitimate on that basis, at any time and in an easy way.
   • Right of access: this is your right to ask us for details of the data we hold about you and how we process it, and to obtain a copy of it.
   • Right to rectification: this is your right to obtain the rectification of your inaccurate or erroneous data, as well as to complete incomplete data.
   • Right to erasure: this is your right to request deletion or suppression of your data and information in certain circumstances. However, please note that there are certain occasions when we are legally entitled to continue to store and process your data, for example, in order to comply with a legal obligation to retain data.
   • Right to restriction: this is your right to restrict or limit the processing of your data in certain circumstances. For example, if you apply for deletion of data, but, instead of deleting it, you would prefer that we block it and process it only for retention purposes because you will need it later to make a complaint. Again, please note that there may be times when we are legally entitled to refuse your request for a restriction.
   • Right to object: this is your right to object to our processing of your data for a specific purpose, in certain circumstances provided for by law and related to your personal situation.
   • Right to portability: this is your right to ask us to receive your personal data in a structured, commonly used, machine-readable and interoperable format and to transfer it to another data controller, provided that we process your data by automated means.
   • Right not to be subject to automated individual decisions: this is your right to ask us not to subject you, in certain circumstances, to a decision based solely on automated processing of your data, including profiling, that produces legal effects concerning you or similarly significantly affects you.

   In general, you may exercise these rights at any time and free of charge by contacting Telefónica at gdpr-comms.tech@telefonica.com. Likewise, in general, mechanisms for the automated unsubscription of communications and other options for withdrawal of consent and opposition will be made available to the user.

   It is important to bear in mind that when you exercise a right, in most cases, you must clearly specify which right you are exercising and provide a copy of a document proving your identity.

   Any exercise of rights shall be answered within a maximum period of one month, which may be extended by two months if necessary, taking into account the complexity of the request and the number of requests.

   Finally, in the event that you do not agree with the way in which your data is handled by Telefónica, you have the right to lodge a complaint with the national supervisory authority by contacting the Spanish Data Protection Agency, whose contact details are as follows:

   Agencia Española de Protección de Datos
   C/ Jorge Juan, 6 – C.P. 28001, Madrid (España)
   www.aepd.es

6. Further processing of data and changes to the Privacy Policy

   Telefónica reserves the right to update this Privacy Policy at any time. Any such update will be made public by Telefónica, in any event, with such notice prior to its entry into force as is legally required. In addition, it shall be communicated directly to the data subject where it affects his or her rights or freedoms or where, for example, the inclusion of a new processing activity would require the data subject's consent or changes the scope of the legitimate interest that enables the processing to be carried out.

For more information, please note that you can also view Telefónica's Global Privacy Policy and Global Security Policy, which also apply generally to our company as part of the Telefónica Group.

Privacy Policy updated as of May 2022.