Last updated: 17/10/2024
This TU Wallet Privacy Policy (the "Privacy Policy" or "Policy") has been drawn up by Telefónica Innovación Digital, S.L. ("Telefónica"), in order to comply with the duty of transparency in the processing of personal data that it may carry out in its capacity as data controller, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, "GDPR"), and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (hereinafter, "LOPDGDD"), as well as any other regulations that may be applicable.
By accepting this Privacy Policy, you consent to the processing of personal data by Telefónica as data controller in connection with your use of (i) the "TU Wallet" application (the "App") and (ii) the TU Wallet contact means made available to you by Telefónica; in particular, with respect to your Telefónica Account and the Telefónica Services on TU Wallet, as defined in the TU Wallet Terms and Conditions.
Please read this Privacy Policy and the TU Wallet Terms and Conditions carefully and in detail to understand what data we process, how we process it and how you can exercise your rights if you wish to do so.
Please note that certain TU Wallet services or features may have their own terms and conditions or privacy policies. In such cases, it is those terms and policies that you should read to understand how your data is treated and how you can control it in those situations .
You are also reminded that this Privacy Policy forms part of the TU Wallet Terms and Conditions (the "T&Cs").
Certain concepts and definitions used in this Policy are detailed in the T&Cs . Furthermore, the T&Cs complement and supplement everything that is not expressly provided for in this Policy. If there is any contradiction or inconsistency between this Policy and the T&Cs, the Policy shall prevail with respect to the processing of your personal data.
Please also note that the processing of your personal data when you use or browse the public part of the wallet.tu.com website is governed by TU's Privacy Policy and the General Terms and Conditions of Use of the "Tu.com" Services, and this Privacy Policy or the T&Cs do not apply.
As a general rule, the categories of personal data subject to processing by Telefónica as Data Controller will be the following:
This category includes the following types of personal data:
We inform you that your personal data may be communicated to the following entities in the following cases:
In addition, in order to carry out the processing explained in this Policy, we may use subcontractors and authorised service providers who process your personal data on behalf of and in the name of Telefónica as processors. Their processing of your personal data will be contractually subject to our instructions and they must comply with the necessary security measures to protect your data and information.
Such subcontractors and service providers include, for example, internet and telecommunications service providers, audit firms, consulting and other professional service providers, cloud hosting providers, email providers, technology providers, as well as general and security service providers.
Below we explain the purposes for which we process your data and how we are entitled to do so:
| Purpose of processing |
Legitimising basis |
Data type |
|---|---|---|
| Registering and creating your Telefónica Account in TU Wallet |
Execution of pre-contractual measures prior to acceptance of the T&Cs and execution of the contract after acceptance of the T&Cs (art. 6.1 b) GDPR). |
|
| Communication of your email address and mobile phone number between Telefónica and Bit2Me , both in the registration and creation of your Bit2Me Account, and if you update, modify or rectify such data through the App or directly by contacting Bit2Me or Telefónica through the means provided, in order to ensure that such data match both in your Telefónica Account and in your Bit2Me Account, as set out in the T&Cs. |
Execution of contract (art. 6.1 b) GDPR) |
|
| Provision, operation, maintenance and management of the App, the Telefónica Services and the Telefónica Account of TU Wallet Users, as well as performance of obligations and exercise of rights under the T&Cs and the Policy. Both the App and the Telefónica Services and the Telefónica Account may be personalised according to the preferences and interests expressly indicated by the User, as well as the profiling explained later in this section. In addition, such personalisation may be the result of automated decision-making based on the preferences or interests you indicate, the use and interactions you make with the App, your Telefónica Account or the Telefónica Services, as well as your profile. |
Execution of contract (art. 6.1 b) GDPR) |
|
| Monitoring of compliance with the obligations of the T&Cs and the Privacy Policy , as well as execution of the measures foreseen in the T&Cs and the Privacy Policy in case of non-compliance. Such measures may involve automated decisions, in particular with respect to suspension, limitation, restriction, discontinuation and termination of the Telefónica Account or Telefónica Services in the event of non-compliance with the following |
Execution of contract (art. 6.1 b) GDPR) |
|
| Response, attention and management of contacts and communications sent by Users through the channels and means of contact set up by Telefónica in TU Wallet. |
Execution of contract (art. 6.1 b) GDPR) |
|
| Sending service communications by electronic means, or any other means, that are necessary and related to the App, the Telefónica Services and/or the Telefónica Account. Such mailings may be the result of automated decision-making, specifically, based on your use of and interactions with the App, your Telefónica Account or Telefónica Services, as well as profiling as explained later in this section. |
Execution of contract (art. 6.1 b) GDPR) |
|
| Sending information or advertising, offers and promotions, prize draws, loyalty programmes or any other actions of a commercial nature, by electronic means, or any other means, about the App and the Telefónica Services, as well as about other Telefónica products and/or services similar to those contracted by the User in TU Wallet that may be of interest to the User, including those of the TU ecosystem detailed in tu.com ("Similar Products"). Telefónica will make such commercial communications in order to (i) promote the marketing and use of the App, Telefónica's Services and Similar Products, as well as (ii) build user loyalty. These communications respond to Telefónica's legitimate interest in carrying out direct marketing actions and promoting its image by means of commercial communications sent through different media and channels in accordance with the applicable regulations in force. Such mailings may be the result of automated decision-making, specifically, based on your use of and interactions with the App, your Telefónica Account or Telefónica Services, as well as profiling as explained later in this section. |
Legitimate interest (Article 6(1)(f) GDPR) |
|
| Conducting surveys, user tests, trials and other research activities related to the App, Telefónica's Services and/or Similar Products. Telefónica will carry out these activities in order to maintain and improve the quality of the App, Telefónica Services and Similar Products. This responds to Telefónica's legitimate interest in gathering information relating to the satisfaction, opinions, preferences and evaluations of Users for the aforementioned purpose. The performance of such actions may be the result of automated decision-making, in particular, based on your use of and interactions with the App, your Telefónica Account or the Telefónica Services. |
Legitimate interest (Article 6(1)(f) GDPR) |
|
| Creating individualised profiles of Users in order to analyse or predict information about their preferences, interests or behaviour in relation to the App or Telefónica's Services; this for direct marketing purposes or to personalise their experience, the services they access or enjoy and the sending of service communications. In order to (i) improve the receptiveness of the aforementioned commercial communications, as well as to (ii) personalise the experience or interface of the App, the Telefónica Services and the sending of service communications, Telefónica will prepare a profile of Users based on their personal characteristics and the information obtained from their activity, to enable the preparation of personalised offers, personalisation of experiences and services, as well as sending commercial or service communications that it considers may be of interest to the User; all based on said profile and including automated decision making for such purposes. This profiling responds to Telefónica's and Users' legitimate interest in (i) sending/receiving commercial and service communications, as well as (ii) providing/enjoying services and experiences, which are relevant and of interest to Users, so that deliveries, experiences and services are better adapted to their needs and interests. |
Legitimate interest (Article 6(1)(f) GDPR) |
|
| Consent (Article 6.1.a GDPR) |
|
|
| Performing statistical analysis for the purposes of (1) measuring the quality of the App, its services and content in order to take the necessary measures to prevent and remedy any degradation and to improve such quality; and (2) reporting on key business metrics related to the App, its services and content in order to obtain aggregated business intelligence and make better decisions (e.g. on evolutions, improvements or corrections). These statistical analyses respond to Telefónica's and Users' legitimate interest in providing/receiving the best possible quality, as well as Telefónica's legitimate interest in obtaining reports and business intelligence in order to make better strategic or operational business decisions. |
Legitimate interest (Article 6(1)(f) GDPR) |
|
| Consent (Article 6.1.a GDPR) |
|
|
| Maintenance of the activity and security of the App, its services and content, in order to prevent, detect and avoid breaches, incidents or security breaches . This processing may involve the configuration of alerts and the active or passive monitoring of the App, its services or content, and its use by Users. During the investigation processes, we may process more personal data provided that they allow us to carry out a better investigation and assessment of the specific case, in order to make decisions regarding the establishment and implementation of control and mitigation measures for the risks detected at any given time This is done based on the legitimate interest of Telefónica and the Users themselves that the App, its services and content are available in a secure manner and that they are protected against security incidents and malicious attacks ; all in accordance with the T&Cs, industry standards and applicable regulations. The maintenance of business and security may involve automated decisions, in particular with respect to suspension, limitation, restriction, discontinuance and termination of the Telefónica Account or the Telefónica Services in the event of a breach of the T&Cs or regulations. |
Legitimate interest (Article 6(1)(f) GDPR) |
|
| Detection and prevention of fraud and/or activities considered illicit in the App, its services or contents . This processing may involve the setting of alerts and the active or passive monitoring of the App, its services or content, and its use by Users. During the investigation processes, we may process more personal data provided that they allow us to carry out a better investigation and assessment of the specific case, in order to make decisions regarding the establishment and implementation of control and mitigation measures for the risks detected at any given time. This is done based on the legitimate interest of Telefónica and the Users themselves that fraud and illegal activities on the App, its services or content are investigated, detected and prevented in order to avoid harm and damage to the Users, Telefónica, Bit2Me or third parties (e.g. in the form of abusive, fraudulent or irregular uses of the App, its services or content); all in accordance with the T&Cs, industry standards and applicable regulations. The detection and prevention of fraud and/or unlawful activities may involve automated decisions, in particular with regard to the suspension, limitation, restriction, discontinuation and termination of the Telefónica Account or Telefónica Services in the event of a breach of the T&Cs or regulations. |
Legitimate interest (Article 6(1)(f) GDPR) |
|
| Defence, exercise, response and intervention as an interested party in legal and administrative actions, lawsuits, complaints or claims of any nature , related to or concerning the App, its services or content, as well as with Telefónica, the Telefónica Group, Bit2Me, Users and/or applicable third parties. This is done on the basis of Telefónica's legitimate interest associated with the exercise and defence of legal actions, as well as its right to effective judicial protection . |
Legitimate interest (Article 6(1)(f) GDPR) |
|
| Compliance with applicable regulations and attention to requirements and official requests made by public administrations, state security forces and/or any other competent authority. This includes the communication of personal data that, for this purpose, must be made to or received from Bit2Me, its partners, as well as the competent authorities mentioned above. |
Legal obligation (Article 6(1)(c) GDPR) |
|
| Pseudonymisation, de-identification and/or anonymisation of your personal data , applying the corresponding technical and organisational measures to limit or prevent your identification, both directly and, where appropriate, indirectly. This processing is considered to be processing compatible with the purposes listed above and for which the personal data were initially collected, obtained and processed. |
Compatible further treatment (Article 6.4 GDPR) |
|
Legitimate interest is a legitimate basis for processing as provided for and permitted by law, provided that such interest is within your reasonable expectations for the stated purpose. To this end, in the table above we have explained and detailed in detail each of the applicable legitimate interests and why we understand that they are within your reasonable expectations . To this end, we have analysed the proportionality and necessity of the processing operations based on legitimate interests, and weighed the benefits and risks to your privacy.
For further information, please contact soporte@tu.com.
Remember that you may object to this processing on the grounds of legitimate interest at any time by exercising your right at soporte@tu.com or any other alternative means indicated in the section on exercising your rights in this Privacy Policy. In general, your right to object will be automatically exercised and we will stop processing your personal data for the purpose to which you object. However, please note that, in certain cases, the legitimate interest indicated may prevail over this right of objection, in which case, it may be rejected, giving you the detailed reasons and reasons why your right of objection is not met.
Likewise, when the legal basis for the processing is express consent, you may withdraw such consent easily, simply and free of charge at any time via soporte@tu.com or any other alternative means indicated in the section on the exercise of rights in this Privacy Policy. The withdrawal of consent will not affect the lawfulness of the processing based on the consent prior to its withdrawal .
If Telefónica requires additional or further processing of your personal data for a different purpose compatible with those previously set out in this Privacy Policy, you will be informed in advance , including all legally required information, as well as the intended purposes of such processing and, where appropriate, you will be given the option to object to such processing or we will request your consent to carry it out.
In general, Telefónica does not transfer your personal data to countries outside the European Economic Area ("EEA").
However, where communication or access to your personal data by the recipients set out above in this Policy involves the international transfer of your data outside the EEA , such transfer will only take place:
Telefónica will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected and/or obtained in accordance with the information provided in this Policy.
Subsequently, if necessary, Telefónica may anonymise your personal data or keep it blocked until such time as any legal actions or liabilities that may be applicable as a result of the processing of your personal data expire, at which time the personal data will be definitively and irreversibly deleted.
However, the specific criteria we will use to retain your personal data are set out below.
In general, we will process your personal data until you opt out or unsubscribe from TU Wallet as set out in the T&Cs and this Privacy Policy.
However, in certain cases a different retention period may be applicable:
Please note that the obligations to delete or erase data will not apply to non-personal information or data that, where applicable, has been properly anonymised. Likewise, we remind you that in those situations in which we communicate your personal data to other data controllers for the purposes detailed in this policy, said recipients will retain your personal data for the terms or periods established by them , which they must duly inform you of in accordance with the applicable regulations.
As a User, data protection regulations grant you certain rights over your data which, depending on how they apply, you may exercise against Telefónica. Below you will find details of these rights and how you can exercise them.
We also inform you that on the website of the Spanish Data Protection Agency (www.aepd.es) you can find further information on the characteristics of these rights and download templates to exercise each of them, although it is not necessary to use any template to exercise a right before us.
Right to withdraw consent
It is your right to withdraw your consent to the processing of your data for the purposes that are legitimate on that basis, at any time and in an easy way.
Right of access
It is your right to ask us for details of the data we hold about you and how we process it, and to obtain a copy of it.
Right of rectification
It is your right to obtain the rectification of your inaccurate or erroneous data, as well as to complete incomplete data.
Right of suppression
It is your right to request deletion or suppression of your data and information in certain circumstances. However, please note that there are certain occasions when we are legally entitled to continue to retain and process your data, for example, to comply with a legal obligation to retain data.
Right of limitation
This is your right to restrict or limit the processing of your data in certain circumstances. For example, if you apply to have your data erased, but, instead of erasure, you would prefer that we block it and process it only for record-keeping purposes because you will need it later to make a complaint. Again, please note that there may be times when we are legally entitled to refuse your request for restriction.
Right to object
This is your right to object to our processing of your data for a specific purpose, in certain circumstances provided for by law and related to your personal situation.
Right to portability
It is your right to ask us to receive your personal data in a structured, commonly used, machine-readable and interoperable format and to transmit it to another data controller, provided that we process your data by automated means.
Right not to be subject to automated individual decisions
It is your right to ask us not to subject you, in certain circumstances, to a decision based solely on automated processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Means of exercising them and deadlines for response
In general, you may exercise these rights at any time and free of charge by contacting Telefónica at soporte@tu.com. Similarly, in general, mechanisms will be made available to the User to automatically unsubscribe from communications and other options for withdrawal of consent and opposition.
To this end, it is important to bear in mind that, when exercising a right, in some cases you will have to specify clearly which right you are exercising and authenticate yourself or provide a copy of a document proving your identity. It should also be noted that some of the data processing is carried out by Telefónica in a way that does not require the direct identification of Users, without Telefónica being obliged to obtain and/or process additional information to verify said User for the purposes of allowing him/her to exercise his/her data protection rights.
In the event that a User exercises a data protection right and, due to the reasons indicated, Telefónica is not in a position to identify the User in order to deal with the request, it will inform the User to that effect if possible. Said request will be suspended until the User provides additional information that allows him/her to be identified.
Likewise, in the event that you exercise a right before Telefónica that affects or relates to other data controllers, we will forward your request to them so that it can be duly dealt with and responded to by them.
Any exercise of rights will be answered within a maximum period of one month, which may be extended by two months if we reasonably require it, taking into account the complexity of the request and the number of requests.
Finally, in the event that you do not agree with the way in which we process your data or the response we give to the exercise of your rights, you will have the right to lodge a complaint with the national supervisory authority, by contacting the Spanish Data Protection Agency (AEPD) , whose contact details are as follows:
Spanish Data Protection Agency
C/ Jorge Juan, 6 – 28001 Madrid
www.aepd.es
We recommend that before submitting any complaint or claim to the Spanish Data Protection Agency (AEPD), you contact our Data Protection Delegate in order to analyse the specific situation and try, if necessary, to find an effective and amicable solution.
Apart from the above, if you wish, you can also refer to the AEPD.
The User represents and warrants that:
For these purposes, the User shall be responsible for any breach of these representations and warranties, and shall be liable for any damages , direct or indirect, that such breach causes Telefónica, Bit2Me and/or applicable third parties.
Please also note that in the event that we are unable to process your personal data for certain purposes (e.g. if you do not provide such information, you do not provide applicable consents or you refuse or exercise any right that does not prevent such processing), the creation of your Telefónica Account may not be possible, or we may not be able to provide you with access to the Telefónica Services or such access may take place in a different manner.
Your data will be treated in the strictest confidence and will be kept confidential, in accordance with the provisions of the applicable regulations, adopting the necessary technical and organisational measures to preserve the security of the data and prevent their alteration, loss, unauthorised processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.
Telefónica reserves the right to update this Privacy Policy at any time.
You will in any case be informed of any such update with the legally required notice.
In addition, it will be communicated directly to the User in the event that it affects his rights or freedoms or when, for example, the inclusion of a new processing activity would require consent.
© 2024 TELEFÓNICA INNOVACIÓN DIGITAL, S.L.U. All rights reserved.