Data Controller and Data Processor

INTERCAMBIADOR DE TRANSPORTES AVENIDA DE AMÉRICA SAU is the Data Controller of the User’s personal data and informs that these data will be processed in accordance with the provisions of Regulation (EU) 2016/679 of April 27 (GDPR), and Organic Law 3/2018 of December 5 (LOPDGDD).

If you are a User who needs information about your Personal Data, contact the Controller directly through the following contact details:

Controller’s contact email: intercambiador@intercambiador.net

Types of data collected

The Controller does not provide a list of categories of Personal Data collected.

Complete information regarding each category of Personal Data collected is provided in the sections of this privacy policy dedicated to this purpose or through specific explanatory texts shown before the collection of such Data.

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this Application.

Unless otherwise indicated, all Data requested by this Application are mandatory, and refusal to provide them may prevent this Application from providing its services. In cases where this Application specifically states that certain Data are not mandatory, Users are free not to communicate such Data without this having any consequence on the availability or functioning of the Service.

Users with doubts about which Data are mandatory may contact the Controller.

The use of Cookies – or other tracking tools – by this Application or by third-party service owners used by this Application is intended to provide the Service requested by the User, as well as any other purposes described in this document and in the Cookie Policy.

The User assumes responsibility regarding Personal Data of third parties obtained, published, or shared through this Application.

Mode and place of processing of the collected data

Processing methods

The Controller will process Users’ Data appropriately and adopt suitable security measures to prevent unauthorized access, disclosure, alteration, or destruction of the Data.

Data processing will be carried out by computers and/or IT tools, following procedures and organizational modes strictly related to the purposes indicated. Besides the Controller, in some cases certain categories of authorized persons related to the operation of this Application (administration, sales, marketing, legal department, and systems administration) or external contractors providing services to the Controller (such as external technical service providers, courier companies, hosting companies, IT companies, communication agencies) may access the Data and will be appointed by the Controller as Data Processors if necessary. An updated list of such persons may be requested from the Controller at any time.

Place

The Data are processed at the Controller’s offices as well as at any other place where the parties involved in the processing are located.

Depending on Users’ location, Data transfers may involve transferring Users’ Data to a country other than their own. For more information on the place of processing of such transferred Data, Users can consult the section containing details on the processing of Personal Data.

Retention period

Unless otherwise indicated in this document, Personal Data will be processed and stored for the time necessary and for the purpose for which they were collected and may be kept for a longer time due to a relevant legal obligation or based on Users’ consent.

Cookie Policy

This Application uses Trackers. For more information, Users can consult the Cookie Policy.

Legal basis for processing

The Controller may process the User’s Personal Data if one of the following conditions is met:

  • When Users have given their consent for one or more specific purposes.
  • When obtaining Data is necessary for the performance of a contract with the User and/or any other pre-contractual obligation;
  • When processing is necessary for compliance with a legal obligation binding on the User;
  • When processing is related to a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • When processing is necessary for the legitimate interest pursued by the Controller or a third party.

In any case, the Controller is at your disposal to define the specific legal bases applied to the processing and, in particular, if obtaining Personal Data is a contractual or statutory requirement or a necessary requirement to formalize a contract.

More information on retention period

Unless otherwise stated in this document, Personal Data will be processed and stored for the time necessary and for the purpose for which they were collected and may be kept for a longer time due to a relevant legal obligation or based on Users’ consent.

Therefore:

  • Personal Data collected for the formalization of a contract between the Controller and the User must be kept as such as long as that contract is fully formalized.
  • Personal Data collected in the Controller’s legitimate interest must be kept for the time necessary to fulfill that purpose. Users can find specific information related to the Controller’s legitimate interest by consulting the relevant sections of this document or contacting the Controller.

The Controller may keep Personal Data for an additional period when the User gives consent to such processing, as long as such consent remains valid. Also, the Controller may be obliged to keep Personal Data for an additional period when required for compliance with a legal obligation or by order from the authority.

Once the retention period ends, Personal Data must be deleted. Therefore, the rights of access, deletion, rectification, and data portability cannot be exercised once this retention period has expired.

Users’ Rights based on the General Data Protection Regulation (GDPR)

Users may exercise certain rights regarding their Data processed by the Controller.

In particular, Users have the right to do the following, to the extent permitted by law:

  • Withdraw their consent at any time. Users have the right to withdraw consent previously given for the processing of their Personal Data.
  • Object to the processing of their Data. Users have the right to object to the processing of their Data if it is carried out on a legal basis other than consent.
  • Access their Data. Users have the right to know if their Data are processed by the Controller, to obtain information about certain aspects of the processing, and to obtain a copy of the Data processed.
  • Verify and request rectification. Users have the right to verify the accuracy of their Data and request their update or correction.
  • Restrict the processing of their Data. Users have the right to restrict the processing of their Data. In that case, the Controller will only process their Data for storage purposes.
  • Delete or remove Personal Data. Users have the right to obtain the deletion of their Data by the Controller.
  • Receive their Data and transfer them to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, if technically possible, to have them transmitted to another controller without hindrance.
  • File a complaint. Users have the right to file a complaint with the competent authority regarding Personal Data protection.

Users also have the right to know the legal bases of Data transfers abroad, including to any international organization governed by Public International Law or composed of two or more countries, such as the UN, and to know the security measures taken by the Controller to safeguard their Data.

Information about the Right to Object to Processing

When the processing of Personal Data is carried out in the public interest, in the exercise of public powers conferred on the Controller, or for a legitimate interest pursued by the Controller, Users may object to such processing by stating reasons related to their particular situation.

However, Users should know that if their Personal Data are processed for direct marketing purposes, they can object at any time to such processing, free of charge and without any justification. When the User objects to processing for direct marketing purposes, the Personal Data cannot continue to be processed for such purposes. To know if Users’ Personal Data are being processed by the Controller for direct marketing purposes, Users should consult the relevant sections of this document.

How to exercise these Rights

Any request to exercise User rights can be addressed to the Owner via the contact details provided in this document. Such requests are free, and the Controller will respond as soon as possible and always within one month, providing Users with the information required by law.

The Controller will communicate any rectification or deletion of Personal Data or restriction of processing to each recipient, where applicable, to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort. At the Users’ request, the Controller will inform them of such recipients.

Additional information on Data Collection and Processing

Legal defense

The User’s Personal Data may be used for the legal defense of the Controller before a court or in judicial phases prior to possible litigation derived from improper use of this Application or related Services.

The User declares to be aware that the Controller may be required by public authorities to disclose Personal Data.

Additional information about the User’s Personal Data

Besides the information contained in this privacy policy, this Application may provide the User with additional and contextual information related to specific Services or the collection and processing of Personal Data.

System log and maintenance

For operational and maintenance reasons, this Application and any other service provided by third parties used may collect a system log; that is, files that record interaction with this Application and may contain Personal Data, such as the User’s IP address.

Information not contained in this Privacy Policy

Additional information about the collection and processing of Personal Data may be requested from the Controller at any time. Contact information is indicated at the beginning of this document.

Changes to this Privacy Policy

The Controller reserves the right to modify this privacy policy at any time, notifying Users through this page and, if possible, through this Application and/or, if technically and legally possible, notifying Users directly, if the Controller has the necessary contact information. It is strongly recommended to review this page frequently, taking as reference the date of the last update indicated at the bottom of the page.

If changes affect processing activities based on the User’s consent, the Controller must obtain, if necessary, the User’s new consent.

For more information about privacy guarantees, you can contact the Controller through INTERCAMBIADOR DE TRANSPORTES AVENIDA DE AMÉRICA SAU. AVENIDA DE AMÉRICA, 9A PLANTA -1 – 28002 MADRID (Madrid). E-mail: intercambiador@intercambiador.net