Through this Policy it is reported that the personal data of IoT Cards customers will be treated in accordance with the principles of transparency, limitation of purpose, minimization of data, accuracy, integrity and confidentiality, as well as respecting the rest of obligations and guarantees established in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free circulation of such data.
To this end, we have updated our Privacy Policy, which affects individuals and business interlocutors, and which replaces the one that previously regulated the processing of IoT Cards customer data, with the aim of renewing the client's trust and providing an experience differential.
For the purpose of complying with the aforementioned regulations and helping the Client or user of any Product or Service to understand how your personal data is collected, used, processed and protected, IoT Cards informs you of the following aspects related to your right to personal data protection.
1. Who manage with your data?
IoT Cards will be jointly responsible for the treatment of the personal data of its customers based on the products and services contracted.
Likewise, we inform you that the Data Protection Delegate is the person in charge of ensuring the protection of your fundamental right to the protection of personal data within IoT Cards. To contact the Data Protection Delegate, you can write to contact@iot.cards indicating the following in the subject: A/A Delegate of Data Protection.
2. What is a personal data and what data do we manage with?
Personal data consist of information that identifies or identifies individual persons such as name, postal address, email address or telephone number, etc.
From IoT Cards, we treat personal information that the client facilitates for the contracting of a product or service, as well as the information generated through the provision thereof. Based on the principle of minimization, the data that we will be able to deal with will be adequate, pertinent and limited to those necessary in terms of the purposes for which they are treated, and always respecting the client's will. The data that may be subject to treatment, depending on the IoT Cards Products or Services that the Client has contracted, as well as the additional treatments allowed or authorized by the Client, will be those determined in the following categories:
- Customer data: is the data set formed by the contact data, age, terminal equipment used (brand and model), payment behavior, etc.
- Data of the Products or Services of IoT Cards: type of products or services that have been contracted by the customer, average monthly consumption (for example, minutes consumed, number of SMS sent, volume of data used), average monthly billing (arithmetic amount), type of services charged through your invoice.
- Traffic data : are the data associated with the detail of calls, that is, origin number and destination number, type of call (national, international, etc...); date, time and duration of the call; number of origin and destination of the SMS and MMS sent.
- Data of web visits : are the data of the public IP address of each connection made by the user, including its date and connection time, the query to the DNS, the web pages consulted or the applications used by the client, the IP of the web that the client consults, domain name (URL), sections visited within the web page (URI), volume of data used, date of connection and IMSI.
3. How do we manage your data?
In this Policy the detail of the way in which IoT Cards treats the personal data, and of which the Client has been informed is collected.
a. What does it mean to be a Client or a holder? The Client is responsible for the relationship established with IoT Cards, and the one that accepts the conditions in which it is developed. In this sense, it guarantees that it is authorized and has obtained the consent of the users or interlocutors to accept the privacy conditions established in this Policy as well as in the conditions of each of the Products and Services contracted. informs the Client that the faculties attributed to him for the management of his rights, are adapted according to the technology and characteristics of our different channels (web, stores, telephone, devices or applications), which may be different from those assigned to the user or interlocutor. The scope of these powers will be duly informed when accessing them.
b. What does it mean to be a user? Regardless of the condition of the owner or client, the user is the one who uses the products and services contracted by the owner. IoT Cards is committed to privacy, so that without prejudice to the powers established for the Client, the user will have the right to oppose all or any of the treatments managed by the client and that could affect the processing of their personal data.
c. What does it mean to be a business partner? The company's interlocutor is the one that maintains the direct relationship with IoT Cards, and the treatment that is carried out of their contact data is covered by the relationship established between IoT Cards and the client company. Without prejudice to the powers established for the Company, the interlocutor will have the power to oppose the reception of commercial communications through the means established by IoT Cards.
4. Why do we manage your data?
We manage customer data for the provision of the service, as well as for other purposes that it allows or authorizes in the terms informed in this Privacy Policy or in the specific Conditions of each Product or Service contracted. The Customer will be he is solely responsible for all the information provided to IoT Cards for the management and contracting of the products and services, guaranteeing that he is authorized and has obtained the consent of the owner for the delivery. IoT Cards is not responsible for the use of false, inaccurate, incomplete, non-updated data provided by the Client.
For this purpose, IoT Cards informs about the legitimizing bases that will allow the different treatments:
1st. Provision of the service
IoT Cards informs that for the provision of the service you can use, among the categories of data included in section 3, those that are necessary for the correct provision of the service. The specific specification of the treated data will be identified in the data protection clauses of the Conditions of each product or service. In addition, as a client of IoT Cards, the treatments that may be necessary for the provision of the contracted services will be carried out with the following purposes:
a. Provide the service, maintain it and manage the contractual relationship with the client.
b. Customer service through any channel to which you can go: service telephone number +34 810 10 19 99, our email contact@iot.cards or our Contact section.
c. Proof of hiring, improve the quality of technical and commercial attention, as well as verify customer satisfaction, through the recording of customer calls to telephone numbers enabled for this purpose, or those that could be made from IoT Cards or from any company authorized by it.
d. Check the solvency of the client by accessing credit information systems prior to the hiring of any product or service and while the aforementioned contractual relationship remains in force.
e. Realization of statistics, surveys or market studies, whose purpose is to evaluate the quality of the product or service, making business, commercial, investment decisions, checking the sales or products that are sold the most, etc.
f. Maintain the security of electronic communications networks and services, detect failures or technical errors in the transmission of electronic communications, as well as, any treatment that is necessary for the proper provision of telecommunications service or any other sectorial regulation is applicable.
g. Comply with the legal obligations of quality of service imposed by telecommunications legislation.
g. Detect or prevent the abusive or fraudulent use of services.
i. Any other that is mandatory and necessary for the fulfilment of its functions as a telecommunications operator or service provider of the information society.
2nd. Legitimate interest
Legitimate interest is a legitimate basis for processing, provided that such interest in treating customer data for the purpose indicated is within your reasonable expectations based on the relationship you have as a customer. We need to process your data in order to provide the best products and services with the highest quality, to adapt to your needs, as well as to improve your experience in the enjoyment of these products and services. Treating your data will allow us to be more efficient and therefore will help us to continue maintaining the highest levels of security and trust in the services we provide. In this sense, we consider that they are protected by legitimate interest and, therefore, IoT Cards will be able to process the following data for each of the purposes described below:
a. It will be possible to process the data about anomalous traffics that may be made from the client connection and that affect the security of the networks, systems or equipment so that IoT Cards can send the client, by any means, information or alert of cybersecurity.
b. They may be assigned to other companies of the Lantia Group that provide Products and Services, customer data, product or service data and consumption of other devices for internal administrative purposes or commercial management, so that IoT Cards can offer the customer, for any means, personalized offers of said Products and Services, whenever necessary and in a timely manner, as well as to avoid unnecessary repetition of commercial communications. In addition and for the realization of commercial offers, IoT Cards will be able to process the data provided by the user of those who have requested information about Products and Services by any means.
3rd. Express consent
The express consent constitutes a legitimating basis of the treatment that will allow IoT Cards to treat the following data for each of the purposes described below:
a. Customer data, product or service data, and visits to our web pages and applications made by the customer or user can be processed in order to make a commercial profile and IoT Cards can offer you, by any means, offers of products and services from other suppliers.
b. The traffic data, web visits and user's location can be processed, in order to make a commercial profile and be able to make personalized offers of Products and Services to it, by any means.
c. The traffic data, web visits and user's location can be processed, in order to make a commercial profile and to be able to do it, by any means, personalized offers of products and services of third parties.
5. Information storage deadlines
The client is informed that, in compliance with the principle of limiting the conservation period, the data collected will be treated only and exclusively for the time necessary and for the purposes for which they were collected at all times. They will therefore be maintained in such a way as to allow the identification of the interested parties for no longer than necessary for the purposes of processing personal data:
- Customer data: the data will be kept during the term of the contractual relationship plus a additional maximum term of 8 years after the end of the contract, in application of the Civil Code and fiscal regulations.
- Data of the Products or Services: the data will be kept during the term of the contractual relationship plus a maximum term additional 8 years after the end of the contract, in application of the Civil Code and tax regulations.
- Traffic data, web visits and location: the data will be kept for a period of 12 months.
6. Exercise of rights
In accordance with the applicable regulations, IoT Cards informs the client that it has the following rights derived from the applicable regulations:
- Access: allows the owner of the data to obtain information on whether IoT Cards is processing personal data concerning him or not, and in this case, right to obtain information about your personal data submitted to treatment.
- Rectification: it allows to correct errors and modify the data that prove to be inaccurate or incomplete.
- Suppression: allows that the data is deleted and is no longer treated by IoT Cards, unless there is a legal obligation to keep them and / or other legitimate reasons for its treatment by IoT Cards do not prevail. For example, when personal data are no longer necessary in relation to the purposes for which they were collected, the client may request that we suppress these data without undue delay.
- Limitation: under the legally established conditions, allows the treatment of data is paralyzed, in such a way that it is avoided by IoT Cards its treatment in the future, which will only keep them for the exercise or the defense of claims.
- Opposition: in certain circumstances and for reasons related to your situation In particular, the interested parties may object to the processing of their data. IoT Cards will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims.
7. Security and confidentiality in the processing of your information
IoT Cards is concerned with ensuring the security, secrecy and confidentiality of your data, communications and personal information. Therefore, as part of our commitment and in compliance with current legislation, we have adopted the most demanding and robust security measures and technical means to prevent their loss, misuse or access without your authorization. When we receive the data of the client, we use rigorous procedures and security functions to prevent any unauthorized access.
The personal data that we can collect through the various communications that we maintain with you will be treated with absolute confidentiality, committing to keep secret about them and guaranteeing the duty to keep them adopting all the necessary and reasonable measures that avoid their alteration, loss and treatment or unauthorized access, in accordance with what is established in the applicable legislation.
8. Existence of automated decisions that produce legal effects for the client
It is reported that the processing of your data for the purposes indicated, will not imply on the part of IoT Cards only, the application of automated decisions that produce legal effects for the client, unless the same has expressly consented to it.
However, if it were necessary for the provision of any of the services contracted by the client, it will be adequately informed in the corresponding General or particular Conditions.
9. Further treatment
If IoT Cards requires the further processing of your personal data for a purpose other than those contained in this Privacy Policy, it will be previously informed, including all the information that is legally required as well as the purposes foreseen for such treatment.
10. Cookies
Like other Internet portals, the IoT Cards website uses a technology called 'cookies' to gather information about the interactions of users and how to use the web pages.
11. Policy changes
IoT Cards may update this Privacy Policy at any time by communicating it to the client in the event that said update involves new data processing or a substantial change in it. Therefore, we recommend that you review this policy periodically.
The use of our services once this change is communicated will imply the knowledge of the same on the part of the client in the terms included in the new published privacy policy.
12. Miscellaneous
These conditions constitute the Privacy Policy with IoT Cards in relation to the use of its products and services, and replace any previous agreements that may exist between both.
Notwithstanding the foregoing, it is reported that the Privacy Policy is formed for this document as well as the specific conditions of privacy of each of the products and services that will be completed and interpreted in a consistent and systematic manner, respecting, in any case, the client's will with respect to the general treatments included herein, without affecting therefore, the specific conditions of the contracted services.
If any of the provisions of these conditions, or part of them, is declared illegal, invalid or not applicable by a competent administrative or judicial entity, it will be considered as not put, without affecting the other provisions.
The delay or lack of exercise by IoT Cards of a legal action or any right described in these conditions does not imply, in any case, a waiver of the same. In the same way, the lack of claim of a breach of the obligations established in these conditions, will not suppose a waiver to your subsequent claim.