Who is responsible for processing your personal data?
The party responsible for the processing is ITINERE INFRAESTRUCTURAS S.A., with Spanish tax code A28 200392 and registered offices in Bilbao (48013), Capuchinos de Basurto n6, 4ª (hereinafter, ITINERE).
ITINERE has formally appointed a Data Protection Officer and has also activated the following address for communication with users: firstname.lastname@example.org
What do we process your personal data for?
Personal data facilitated by users of the Website will be processed by ITINERE to ensure Website-user contact and management. This means that the personal data of users contacting ITINERE over any of the channels made available to them on the Website managed by ITINERE will be processed in order to manage the contact, deal with requests received, provide the services required or facilitate the information requested by the user.
What data are processed by ITINERE and what are their sources?
The data ITINERE processes as a consequence of interactions between users and the Website come from the following sources:
- Data from users who completed forms made available to them by ITINERE, filled out the spaces and forms provided to get into contact with ITINERE, sent emails or used other means of communication with ITINERE.
- Data generated by users browsing and utilising ITINERE websites.
- Data generated in the development, arrangement and maintenance of the relationship between users and ITINERE.
- Third-party data submitted by users.
ITINERE may process personal data of the following kinds, in line with the relationship it has established with each user:
- Identification data (eg, full name, email address, postal address, telephone, IP address, photo, etc).
- Data on personal characteristics and social circumstances (eg, age, date of birth, etc).
- Browsing data (eg, use of the ITINERE website, sections visited, etc).
What is the legal framework in which ITINERE processes your data?
ITINERE processes personal data facilitated by users of its Website pursuant to the following legal regulations, depending on the type of data and the interactions users establish with ITINERE:
The data processing for “Website user contact and management” is based on managing and processing the legal relationship established between users and ITINERE, ie, managing users’ requests, maintaining contact between the parties and, where appropriate, providing the service users may have requested.
Might your data be passed on?
How long does ITINERE keep your data?
ITINERE will keep your personal data for the time needed to provide the service requested and/or achieve the purpose of the processing.
After this end is reached, should users not have exercised their right to suppression, their data will be held during the legally established time periods for each case, taking into account the type of data and why they are being processed.
What personal data should you facilitate us in each case?
ITINERE informs users that, when the personal data are received through a form made available through our website, users must at least complete the fields marked with an asterisk (*). Should this minimum data not be supplied, ITINERE will be unable to provide the service or deal with the query or claim filed by the user.
What must we guarantee when submitting personal data?
Users guarantee that the data submitted are true, accurate, complete and current. Users are responsible for any direct or indirect loss or damage that may be caused as a consequence of failing to ensure this is the case.
ITINERE informs users that, in order to submit personal data over our Website, you must be older than 16. Users submitting data to ITINERE on the Website declare and guarantee that they are older than 16, assuming full responsibility for such declaration.
What measures does ITINERE adopt to protect your personal data?
ITINERE is fully committed to the security and confidentiality of your information and has adopted the levels of security required to protect personal data, installing all reasonable technical media to avoid loss, misuse, alteration, unauthorised access or theft of the personal data users facilitate over the Website. Nevertheless, please bear in mind that security measures on internet can never be 100% guaranteed.
What rights do you have over your personal data?
ITINERE informs you that you have the right to access your personal data and obtain confirmation on how they are being processed. You are also entitled to request the rectification of inaccurate data or, where appropriate, request their suppression when, among other reasons, the data are no longer necessary for the purposes for which ITINERE was using them.
Under certain circumstances, you may request limits to the processing of your data. Should you do so, ITINERE will only conserve those data for the purpose of dealing with possible claims.
Likewise, under certain circumstances, you may oppose or challenge the processing of your personal data for the purpose reported by ITINERE. In such case, ITINERE will cease to process your personal data, unless it has legitimate grounds to do otherwise, or needs to ensure that all parties may exercise their right to defence in the event of possible claims.
Finally, you have the right to request portability of your data and obtain specific information stemming from the relationship established between you and ITINERE for yourself or for other servicer.
Such rights can be exercised over the following channels, identifying your communication with the reference “DATA PROTECTION”:
- You may write to ITINERE INFRAESTRUCTURAS S.A., to the attention of the Data Protection Officer, at Poeta Joan Maragall, 1 Planta 11ª (28020 Madrid), Spain
- Or you may send an email to the Data Protection Officer at email@example.com
In both cases, you must accredit your identity as the person enforcing their rights, by sending a copy of the two sides of your identity document (DNI, NIE, passport or equivalent).
ITINERE will facilitate the requested information to you within one month after receiving the request. This term may be extended a further two months should this be necessary due to the complexity or number of requests.
You may present a complaint to the competent Data Protection Authority. However, at first instance, you should contact the Data Protection Officer, who should resolve the issue within a maximum of two months.