DAPIBUS TECH, SL commits to adopting the necessary technical and organizational measures appropriate to the level of security according to the risk of the data collected. This privacy policy is adapted to the current Spanish and European regulations on personal data protection on the internet. Specifically, it respects the following regulations:
- Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
- Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights (LOPD-GDD).
- Royal Decree 1720/2007, of December 21, approving the Regulation implementing Organic Law 15/1999, of December 13, on the Protection of Personal Data (RDLOPD).
- Law 34/2002, of July 11, on Information Society Services and Electronic Commerce (LSSI-CE).
The data controller for personal data collected on this website is DAPIBUS TECH, SL, with the following contact details:
- Address: Carrer del Dr. Carulla, 45, 08017, Barcelona
- Email: [email protected]
Personal Data Registration and Applicable Principles for Its Processing
In compliance with the GDPR and LOPD, all personal data collected by DAPIBUS TECH, SL through the appropriate forms will be stored on the website and processed in our files to fulfill the obligations and commitments established between DAPIBUS TECH, SL and the User.
DAPIBUS TECH, SL maintains a record of processing activities specifying the processing carried out, its purpose, the data category, the recipients, and other terms set forth in the GDPR and LOPD.
The processing of personal data will be subject to the principles outlined in Article 5 of the GDPR:
- Principle of lawfulness, fairness, and transparency: The User’s consent will be required at all times, following completely transparent information on the purposes for which their personal data is collected.
- Purpose limitation principle: Personal data will be collected for specified, explicit, and legitimate purposes.
- Data minimization principle: The personal data collected will only be those strictly necessary concerning the purposes for which they are processed.
- Accuracy principle: Personal data must be accurate and kept up to date at all times.
- Storage limitation principle: Personal data will only be kept to allow User identification for as long as necessary for the processing purposes.
- Integrity and confidentiality principle: Personal data will be processed to ensure security and confidentiality.
- Accountability principle: The Data Controller will be responsible for ensuring compliance with the above principles.
Categories of Data Processed and Categories of Recipients
The data processed on this website are solely identifying personal data. No sensitive data as defined in Article 9 of the GDPR are processed.
If the data controller intends to transfer personal data to a third country or international organization, the User will be informed of the third country or international organization to which the data will be transferred at the time of data collection.
Legal Basis for Processing
The legal basis for processing personal data is consent. DAPIBUS TECH, SL commits to obtaining the User’s explicit consent for specific processing. The User has the right to withdraw their consent at any time.
Processing Purposes
DAPIBUS TECH, SL will collect and manage data to fulfill the service agreements established between the website and the User. When data is collected, the User will be informed of the specific purposes for which their data will be processed. Data may also be collected for commercial, statistical, or marketing purposes to improve the website’s quality, functionality, and navigation.
Data Retention
When data is collected, the User will be informed of the retention period or the criteria for determining it. DAPIBUS TECH, SL will retain data for as long as necessary to carry out data processing purposes or until the User decides to terminate the service.
Data Processing Security
DAPIBUS TECH, SL will adopt the necessary technical and organizational measures to ensure the security of the collected data, preventing unauthorized access, loss, destruction, or alteration of data.
In case of a security breach, as outlined in Article 4 of the GDPR, entailing high risk or harm to the rights and freedoms of the data subjects, the controller commits to promptly inform the data subject without undue delay.
Confidentiality
The personal data will be treated as confidential by the Data Controller, who commits to ensuring that this confidentiality is respected by anyone to whom the information is made accessible, whether by legal or contractual obligation.
User Rights Arising from Data Processing
The User may exercise the following rights against DAPIBUS TECH, SL, in accordance with the GDPR:
- Right of access: The right of the User to be informed about the data being processed, its purposes, and the recipients.
- Right of rectification: The right of the User to request modification of inaccurate or incomplete data.
- Right to erasure: The right of the User to request the deletion of their data when it is no longer necessary for the purposes for which it was collected, provided there is no legal requirement preventing it.
- Right to restrict processing: The right of the User to restrict processing when challenging the accuracy of personal data; when processing is unlawful; when the Data Controller no longer needs the personal data, but the User requires it for claims; and when the User has objected to processing.
- Right to data portability: The right of the User to request the transfer of their data to another controller, where technically feasible.
- Right to object: The right of the User to object to the processing of their personal data.
- Right not to be subject to automated decision-making: The right of the User not to be subject to automated decisions, including profiling unless legally authorized.
To exercise these rights, the User should contact the Data Controller in writing, specifying:
- Notification address
- The specific right exercised and/or explanation of the request
- Date and signature of the applicant
- Supporting documents to substantiate the request
This request should be sent to the email address: [email protected], or by mail to Carrer Dr. Carulla, 45, 08017, Barcelona.
If the User believes there is a violation of current regulations regarding the processing of their data, they have the right to effective judicial protection and to lodge a complaint with a supervisory authority, especially in the State of habitual residence, place of work, or location of the alleged violation. In Spain, the supervisory authority is the Spanish Data Protection Agency (http://www.agpd.es).
Links to Third-Party Websites
This website may include hyperlinks or links allowing access to third-party websites, not managed by DAPIBUS TECH, SL. These third parties, as owners of their websites, will have their privacy and data protection policies, being solely responsible for the processing of their files.
Changes to the Privacy Policy
This privacy policy is updated as of February 2024 and therefore is adapted to the GDPR and LOPD.
DAPIBUS TECH, SL reserves the right to modify its privacy policy, and such changes will be notified to the User.