We are taking part in the Mobile World Congress 2025, come and find out!

Privacy Policy of Telefónica Innovación Digital

1.    Our principles and the purpose of this Privacy Policy

Telefónica Group companies are committed to respecting the privacy of Users and the secrecy and security of personal data, in accordance with the provisions of the applicable regulations.

Your privacy and the security of your data are our priority. It is part of our DNA and is reflected in the principles that govern our Privacy Policy.

Transparency

We are 100% transparent with you about the data we collect and/or process about you and explain why we use it and for what purposes. We will not process your data in an unexpected, obscure or abusive way.

Control

You are the only one who can control how your data is used. We provide you with the tools so that you can decide at any time how you want us to process your data, up to when and how you can access and update your personal information.

Security

We care about ensuring the security, secrecy and confidentiality of your data and personal information. We have carried out the proper analysis and risk assessments according to the best standards of security and privacy, in order to adopt the most demanding and robust security measures on your data to prevent its loss, alteration, misuse or unauthorized access.

These principles are set out in detail in the following sections that make up our Privacy Policy, which we encourage you to read carefully. In it we inform you about everything necessary for you to maintain control over your data as a user of a web portal, mobile and/or desktop application (hereinafter, as a whole, the "Application(s)") of Telefónica Innovación Digital, S.L.U. (hereinafter, the "User" or the "Users")

However, certain Telefónica Innovación Digital, S.L.U. services may have their own Privacy Policy. In these cases, it is these Privacy Policies that you should read to understand how your data is processed and how you can control it in these specific services.

Please also note that the services and/or programs of Telefónica Innovación Digital, S.L.U. available in each Application are provided and/or executed in accordance with the corresponding documentation applicable to each service and/or each program of TID (both, hereinafter, defined as the "Services and/or Programs Conditions").

2.   Who is the data controller?

Company name: Telefónica Innovación Digital, S.L.U. (hereinafter, "TID" or "we" or "us").

TAX ID: B83188953

Registered office: Distrito Telefónica, Ronda de la Comunicación, S/N, 28050 Madrid.

For any questions, requests or complaints regarding the content of this Privacy Policy and our processing of your data, you can contact us by writing to legal@tu.com

We also inform you that we have a Data Protection Delegate who ensures compliance with data protection regulations in Telefónica, and with whom you can contact, for any questions, doubts, suggestions and / or complaints you have when we process your data, by writing to  DPO_telefonicasa@telefonica.com

3.  What data is processed, for what purpose and why do we process the data?

Data we process about you.

As a User of the Applications and/or as a participant of our programs, or an attendee of our events, we process various personal data about you for the purposes and for the reasons explained below.

In this sense, the personal data that we may process about you would be the following:

•    Basic, identifying, personal and/or professional contact data: name and surname, personal identification number, User name, email, telephone, curriculum vitae, job position, company you represent, academic training, profile in social networks and any other basic or identifying information completed in the user profile of the services, in forms of registration in programs or events or in any other data form that we have for this purpose.

•    Health data: in those programs in which they are expressly specified, it is possible that certain health data of the participants may be requested or processed, for which the User's consent will be obtained.

•    Image and/or voice: in your attendance to events and/or in those programs that are expressly specified, it is possible that audiovisual and/or voice recordings of the participants may be made during their participation in the event and/or program.

•    Service usage data generated or that you provide and share when using the Application and enjoying the TID services you have contracted.

•    Credentials of access to the services and identifiers assigned to the User when there is an access record for a specific service.

•    Statistical data of use and interactions of the User with TID and/or corresponding services.

•    Data relating to the device and/or connection with which TID is accessed: the IP address and other connection metadata, as well as information that we may have obtained using cookies and similar technologies (SDKs, pixels, tags, beacons, etc.).

•    Data of the services contracted in TID, as well as payment and invoicing data, when applicable according to the service contracted.

•    Data related to queries, support, complaints and/or suggestions.

•    Data provided in surveys and user tests that we may conduct, in particular, information regarding satisfaction with our services, programs or events.

Origin and source of your data

In general, we obtain this data either directly from you, when you complete our registration form for services, programs or events, make a query, complaint or suggestion, or contact us by any means and provide us with the required or voluntary data, or we may generate or capture it automatically during registration, during the process of creating your User account or during the use of the Application and its services, depending on the operational functioning and/or functionalities existing at any given time.

In this case, all the information you provide as a User must be truthful and accurate. For these purposes, the User guarantees the authenticity of all data provided because of the completion of the corresponding forms. The User will be solely responsible for any false or inaccurate statements made, and for any damages caused to Telefónica, or to third parties, because of the information provided.

In case of providing false data or data that does not correspond to the account holder, TID reserves the right to cancel the User's account, suspend the services contracted and/or take any measures it deems appropriate for the best defense of its interests and rights, or those of affected third parties that may be concerned because of the above.

TID reserves the right to verify the information provided by the User by any means that may be appropriate for the purposes of control and/or verification, according to the state of the art always and what is most appropriate for the protection of the interests and rights of the parties involved.

If the User provides personal data of third parties through Telefónica's services, programs and/or events, said User shall be obliged to inform them of such processing as detailed in this Privacy Policy and that their data will be provided to TID for these purposes, responding exclusively and fully in case of any breach in this regard, being TID exempt from any liability in this area.

Purposes we pursue and reasons we have for processing your data

Depending on the context, the purposes for which we process your data as a User would be the following:

•    Provision of the services and all available functionalities, operation, administration, support, maintenance and management of the TID Applications and the corresponding services and/or programs: based on the execution of the Terms of Services and/or Programs applicable to those services you use and/or programs in which you participate, we will process your data in order to provide you with the corresponding service and/or manage your participation in the program, allowing you to enjoy all the functionalities available at any given time, operate and maintain it so that the service functions correctly and securely, or, if applicable, withdraw or block your access to the service or program, which includes allowing us to check the requirements demanded of the user, your compliance with the Terms of Services and/or Programs, proceed or facilitate the registration of the User and, where appropriate, the updating of his data, send communications by any means provided relating to the service or program and the functionalities of the services (for example, communications on the launch of new features or on the processes of registration and verification of the identity of User, among others), access and use of the services or programs at any time, among other similar purposes in execution and compliance with all the points incorporated in the Conditions of Services and/or Programs, this while maintaining the condition of User and not requesting the cancellation.

•    Management of events and activities: as organizers of events and activities related to this website, we will process your data to manage the event or activity in which you are interested and communicate with you promptly through the e-mail you have provided, inform you about its development, date and content, instructions to connect and attend virtually, thank you for attending, extract aggregate statistics on the development of the event and conduct opinion surveys after the development of the event or activity that allow us to improve in the future. This purpose is developed on the basis of the consent you have given us when registering for the event or activity, as well as our legitimate interest as organizers in meeting the requests of interested parties, in the event or activity goes well and is organized with adequate security, as well as that it has sufficient relevance and dissemination in its sector.

•    Diffusion of our main activities and events in the social networks and media we use: in general, we usually record and take pictures of the activities and events we organize. In this case, we may process your image or voice if, voluntarily and with your consent, you wish to appear in a photo or video, for subsequent dissemination in such social networks and media, with the aim of disseminating the activity or event. In addition, based on the aforementioned legitimate interest as organizers, we may also take images or videos with general or broad perspectives of the activity or event where neither your image nor your voice will be distinguished.

•    Organization of sweepstakes and contests: we usually organize sweepstakes and contests about our products and services, among attendees at events and activities or among the general public who wish to participate. In this case, in accordance with the legal bases applicable to the aforementioned sweepstakes or contest, we may process your data to manage its development and deliver the corresponding prize, as well as its dissemination.

•    Conducting surveys, user tests and other research activities: based on our legitimate interest to maintain and improve the quality of service and user experience of our services, programs or events, we may contact you to collect information regarding your satisfaction or opinion in relation to the service provided and its functionalities, provided that you have not objected to such legitimate interest.

•    Maintenance and management of the activity and security, detection and prevention of information security breaches and possible breaches: based on our legitimate interest, as the owner of and responsible for the Applications, in ensuring the availability and security of the Applications for all users, and in accordance with the Terms of Services and/or Programs, legal notices and other relevant notices of use, as well as the provisions of our cookie policy and cybersecurity regulations applicable to Telefónica, we will process your data in order to keep active and manage the security of the Applications, protect against security incidents and malicious attacks that may occur and, in general, to enable free and continuous access to our Applications in a secure manner by all Users.

•    Internal management and response to claims, demands, complaints and litigation related to TID: based on our legitimate interest associated with the right to effective judicial protection that protects us, we may process your data to manage, respond and intervene as an interested party or similar in administrative or judicial proceedings, when they, in any way, are related to you or refer to you in the corresponding condition. e.

•    Management of billing, accounting and taxation of TID's collection services: based on compliance with the legal obligations imposed on us in terms of billing and accounting, we are obliged to process your data for the proper management of billing, accounting and taxation, which includes collecting or declaring your data in the invoices, in the accounting books we keep or in the declarations that for tax purposes may be required by the applicable regulations in this area.

•    Retention of data on transactions, identification of Users and other procedures derived from the regulations on prevention of money laundering and financing of terrorism: we have a legitimate interest in acting with due diligence and proactivity in compliance with the aforementioned regulations, so that, depending on the service, we may process your data in order to identify you properly and keep them together with the history of the actions performed, always with the aim of, if necessary, to make this information available to the competent authorities that may require it.

•    Prevention and investigation of fraud and/or illicit activities: based on our legitimate interest in preventing and investigating fraud within Tu.com, we may process personal data of users for the purpose of setting up alerts that indicate potential fraud and/or illicit activity for the purpose of further investigation. During such investigation process, we may process more personal data provided that it allows us to conduct a better investigation and evaluation of the specific case, in order to make decisions regarding the establishment and implementation of those control measures and mitigation of the risks detected at any given time. 

•    Compliance with applicable regulations and response to requests and official requests made by the authorities: in general, as any actor providing information society services and responsible for data processing, various legal obligations apply to us, including obligations in terms of consumer affairs, data protection and security, services and digital markets, as well as in terms of mandatory collaboration with the competent authorities, including the law enforcement agencies . Based on the foregoing, we may need to process your data in order to comply with such obligations, for example, to respond to data protection rights exercises that we receive, or to respond to legitimate requests or requests notified to us that require, for example, providing any information about you.

•    Attention and response to contracting requests, doubts, queries, suggestions and any other type of contact received: based on our legitimate interest in managing and providing an effective response to the request or other type of contact made by a user, as well as to the extent necessary for the execution of pre-contractual measures at the request of the user, aimed at the acceptance of Terms of Services and/or Programs or registration in our events or the signing with TID of an agreement to contract our services or, we may process the data of the person who contacts us to give an effective response based on the contact made, to respond to the suggestion to correct or improve the service in the sense raised or, where appropriate, to report on the commercial conditions of services and enter into a contractual relationship to that effect.

•    Statistical analysis: based on our legitimate interest to measure the quality of the Applications and  services, as well as to know how it is used by the Users, we may perform appropriate statistical analysis with data on the use of the services in order to: (1) measure their quality and, in case of degradation, take the necessary measures to prevent and/or remedy such degradation; and (2) make better business decisions regarding the future evolution of our services or other products or services, as well as to make improvements or evolutionary corrections that, if necessary, must be made to offer an adequate experience.

•    Personalization and profiling: Based on TID's and App Users' legitimate interest in enjoying relevant services and experiences and receiving communications of interest to you, we may process your data to (1) personalize such services or experiences, as well as to (2) segment and customize communications with you. For example, some functionalities may work differently and/or have particular features depending on the device you use. Similarly, if some services or programs are only available to certain Users, we may target communications to them. Also based on the aforementioned legitimate interest, we may process your personal data for basic profiling in order to infer your preferences or interests in relation to current and future services, programs or experiences as Users of our Applications, services, programs or events, and to better personalize your experiences and target communications. In general, the data that we may process for this purpose will be: basic and identifying data, interactions with our Applications and services, data from your devices and from the contracts you make or programs or events you participate in.

•    Sending newsletters and other communications about our programs, products or services: if you request it and have subscribed to our newsletter, we will send you our newsletter as often as appropriate or we will contact you through the contact information you have provided to send you information about our programs, products. Also, if you have contracted any of our products and services and / or enrolled in our programs, we may also send you communications about products, services or programs similar to those contracted, based on our legitimate interest in maintaining business contact and disseminate our products and services.

•    Sending third party advertising: if you expressly consent, through the corresponding form available in the subscription section of the services, programs or events, we may send you advertising, offers, promotions and, in general, commercial communications from TID partners with whom we have signed agreements to that effect ("TID Partners").

•    Transfer of your data to Telefónica Group companies for advertising: in the event that you expressly consent, through the corresponding form available in the subscription section of the services, programs or participation in our events, we will share your contact information, as well as data related to such services, programs or events that you use or have contracted, with Telefónica Group companies so that they can send you by any means advertising about their products and services.

•    Transfer of your data to Telefónica Group companies for profiling and analytics: if you expressly consent, through the corresponding form available in the subscription section of the services, programs or participation in our events, we will share your basic and identifying data, interactions with the services or programs, data from your devices and the contracts you make, with Telefónica Group companies so that they can combine this information with other information they already process about you, in order to make commercial profiles with your interests and preferences to: (1) segment communications and personalize the communications they send you, as well as (2) to personalize the services and experiences they provide or offer you. These Telefónica Group companies may also process such data for statistical analysis and to obtain aggregated business intelligence. 

•    Anonymization: we may anonymize your data collected and processed for the above-mentioned legitimate purposes, such processing relating to the anonymization process being considered compatible with each of the purposes for which they were initially collected and processed. The anonymization process will involve a whole set of technical and organizational measures to prevent the direct and indirect re-identification of your personal data.  

4.  How long is the data retained?

In general, we will retain your data for the time necessary to fulfill each purpose described in each processing activity and to determine any liability that may arise from such purpose and/or processing.

 Personal data associated with the reported processing purposes 

 Time periods or criteria for the conservation of your personal data

 Provision of the services and all available functionalities, operation, administration, support, maintenance and management of the TID Applications and the corresponding services and/or programs.

The data will be kept for the essential and necessary time to allow you the correct navigation and the use of our Applications and services while you do not unsubscribe as a User.

Event and activity management.

The data will be kept for the time necessary to carry out the event and/or activities, if you do not cancel your participation. 

Dissemination of our main activities and events in the social networks and media we use.

We will process your data if you do not withdraw your consent or do not indicate that you object to the processing for the purposes indicated.  

Organization of raffles and contests.

The data will be kept for the time necessary to carry out the sweepstakes or contest, as informed in its rules, if you do not cancel your participation. 

Conducting surveys, user tests and other research activities.

In general, we may process your personal data for this purpose if you have not objected to the processing based on TID's legitimate interest. However, even if you have not objected to such processing, we will only keep the answers you give to surveys and user tests for a maximum period of 24 months after they have been carried out.

Maintenance of the activity and security of the Applications and services, avoidance of information security breaches and possible breaches.

We will process your personal data for this purpose if you have not objected to the processing on the basis of TID's legitimate interest and provided that such objection is met in view of the circumstances you communicate. However, even if you have not objected to this processing, we will only keep your data for this purpose for a maximum period of 48 months from its collection.

Internal management and response to TID-related claims, lawsuits, complaints, and litigation.   

For the time necessary for the possible purification of the liabilities arising during the processing of the data, always in accordance with the applicable regulations, and may not be used for purposes other than these.

Management of TID's invoicing, accounting and taxation. 

If we are obliged to conserve them in compliance with a tax obligation (general conservation for 4 years, without prejudice to the provisions of the applicable tax legislation) and commercial (conservation for 6 years).

Data storage on transactions, identification of Users and other procedures derived from the regulations on prevention of money laundering and financing of terrorism.    

 We will process your personal data for this purpose if you have not objected to the processing based on TID's legitimate interest and provided that such objection is met in view of the circumstances you communicate. However, even if you have not objected to this processing, we will only keep your data for this purpose for a maximum period of 48 months from its collection.

Prevention and investigation of fraud and/or illicit activities.

 We will process your personal data for this purpose if you have not objected to the processing on the basis of TID's legitimate interest and provided that such objection is met in view of the circumstances you communicate. However, even if you have not objected to this processing, we will only keep your data for this purpose for a maximum period of 48 months from its collection.

Compliance with applicable regulations and attention to requirements and official notices issued by the authorities.

 If we are obliged to keep them in compliance with a legal obligation.

Attention and response to hiring requests, doubts, queries, suggestions and any other type of contact received. 

 For the time necessary to properly address your requests and/or specific requests on a case-by-case basis. If these requests consist of the execution, at your request, of pre-contractual measures or the signing of a contract with TID, your data will be kept for as long as necessary to give due satisfaction to such pre-contractual measures or contractual relationship between the parties.

Statistical Analysis of Applications

 We will process your personal data for this purpose as long as you have not objected to the processing on the basis of TID's legitimate interest and provided that such objection is met in view of the circumstances you communicate. However, even if you have not objected to this processing, we will only keep your data for this purpose for a maximum period of 48 months from its collection.

Customization andprofiling

 We will process your personal data for this purpose as long as you have not objected to the processing on the basis of TID's legitimate interest and provided that such objection is met in view of the circumstances that you communicate. However, even if you have not objected to this processing, we will only keep your data for this purpose for a maximum period of 24 months from its collection.

Sending newsletters and other communications about our products, services and programs.

 We will process your personal data for this purpose if (1) you have not objected to the processing on the basis of TID's legitimate interest and provided that such objection is met according to the circumstances you communicate; and (2) regarding the newsletter, until you cancel your subscription to it.

Third-party advertising

 We will process your personal data for these purposes when you expressly consent to this processing and if you have not withdrawn your consent.

 Transfer of your data to Telefónica Group companies for advertising purposes. 

Transfer of your data to Telefónica Group companies for profiling and analytical purposes. 

Anonymization

We will process your personal data for the time strictly necessary to carry out the anonymization process. Once anonymized, such data will no longer be personal data.

 

Once the indicated retention periods are exceeded, we will proceed to block your personal data during the period of limitation of legal actions and, after this period, we will proceed to its final deletion according to the applicable regulations, and/or to its anonymization in a secure way by TID.

5.  Who is the recipient of the data? Are there any international data transfers?

Third parties that may access, receive and process your data

In general, in order to provide the service and carry out the processing purposes described above, we may make use of authorized subcontractors acting on behalf of Telefónica, as processors (e.g., internet service and software development providers, data hosting and technical support providers, e-mail providers, general service providers and digital or physical security service providers, etc.) and subject to our contractual instructions, only on our instructions. Internet service and software development providers, data hosting and technical support providers, e-mail providers, general service providers and providers of digital or physical security services, etc.) and contractually subject to our instructions, only to the extent strictly necessary for the provision of the services contracted with them and for the period of time strictly necessary for that purpose.

We will share your data with Telefónica Group companies when you have consented to the transfer of your data to them. For these purposes, the Telefónica Group companies to which we may transfer your data are:

•    Telefónica, S.A.

•    The following Operators of the Telefónica Group: Telefónica de España, S.A.; Telefónica Móviles España; Telefónica Soluciones de Informática y Comunicaciones de España, S.A.U, Telefónica Brasil, Ltda., Telefónica Germany GmbH & Co. OHG.

In addition, if there is a legal obligation to do so, we may communicate your data to the competent public administrations according to such obligation or legal requirement and, where appropriate, to other bodies such as State Security Forces and Corps and judicial bodies.

International transfers of your data

Finally, you should be aware that when authorized subcontractors acting for and on behalf of TID or when the aforementioned potential recipients are located or process your data outside the European Economic Area, we will be making an international transfer of your data, in accordance with the provisions of the data protection regulations.

In general, we avoid making international transfers and your data are processed within the European Economic Area or in countries with adequate level of data protection in accordance with the Applicable Data Protection Regulation, but sometimes we cannot avoid it or it is strictly necessary for you to benefit from the use of the Applications or our services or their functionalities described in the Terms of Services and/or Programs. In addition, in the event that we do transfer your data internationally, we assure you that we will take the necessary organizational, technical and contractual measures to ensure the protection and security of your data, such as, for example, signing Binding Corporate Rules with the authorized subcontractor or third party transferee, Certifications and Standard Contractual Clauses approved by the competent Authorities, as well as the performance of impact assessments on the international transfer in question that allow us to evaluate the risk and adopt measures for its mitigation, the encryption of data in transit or at rest, the pseudonymization of data subject to international transfer, and/or other additional or complementary measures to the above. 

Your rights

The data protection regulations grant you certain rights over your data which, depending on their application, you may exercise against Telefónica. Below, we detail what they are and how you can exercise them.

In addition, we inform you that on the website of the Spanish Data Protection Agency (www.aepd.es) you can find more information about the characteristics of these rights and download templates to exercise each of them, although it is not necessary to use any template to exercise a right before us.

Right to withdraw the consent given

It is your right to withdraw the consent given for the processing of your data for the purposes that are legitimized on that basis, at any time and in an easy way.

Right of access

It is your right to ask us for details of the data we hold about you and how we process it, and to obtain a copy of it.

Right of rectification

It is your right to obtain the rectification of your inaccurate or erroneous data, as well as to complete incomplete data.

Right to suppression

It is your right to request deletion or suppression of your data and information in certain circumstances. However, please note that there are certain occasions when we are legally entitled to continue to retain and process your data, for example, to comply with a legal obligation to retain data. 

Right of limitation

This is your right to restrict or limit the processing of your information in certain circumstances. For example, if you apply for deletion of data, but instead of deleting it, you would prefer that we block it and process it only for record-keeping purposes because you will need it later to file a complaint. Again, please note that there may be times when we are legally entitled to refuse your request for restriction.

Right of opposition

It is your right to object to the processing of your data for a specific purpose, in certain circumstances provided for by law and related to your personal situation.

Right to portability

It is your right to ask us to receive your personal data in a structured, commonly used, machine-readable and interoperable format and to transmit it to another data controller, provided that we process your data by automated means. 

Right not to be subject to automated individual decisions

It is your right to ask us not to subject you, in certain circumstances, to a decision based solely on automated processing of your data, including profiling, that produces legal effects concerning you or similarly significantly affects you.

Means of exercising them and response deadlines

In general, you may exercise these rights at any time and free of charge by contacting TID legal@tu.com

Likewise, in general, mechanisms for the automated cancellation of communications and other options for the withdrawal of consent and opposition will be made available to the User.

To this end, it is important to note that when you exercise a right, in some cases you must clearly specify which one you are exercising. It should also be noted that some of the data processing is carried out by TID in a way that does not require the direct identification of Users, without TID being obliged to obtain and/or process additional information to verify said User for the purposes of allowing him/her to exercise his/her data protection rights.

If a User exercises a data protection right and, due to the reasons indicated, TID is not in a position to identify him/her in order to fulfill the request, it will inform him/her to that effect if possible. Such request will be suspended until the User provides additional information that allows him/her to be identified.  

Any exercise of rights will be answered within a maximum period of one month, and this period may be extended by two months if we need it in a reasoned manner, considering the complexity of the request and the number of requests.

Finally, if you do not agree with the way in which we process your data by Telefónica, you have the right to file a complaint with the national supervisory authority, by contacting the Spanish Data Protection Agency (AEPD), whose contact details are as follows:

Spanish Data Protection Agency
C/ Jorge Juan, 6 - 28001 Madrid

www.aepd.es

We recommend that before filing any complaint or claim before the Spanish Data Protection Agency (AEPD), you contact our Data Protection Officer in order to analyze the specific situation and try, if necessary, to find an effective and amicable solution. Apart from the above, if you wish, you can also refer to the AEPD.

6.  Further processing of data and changes to the Privacy Policy

TID reserves the right to update this Privacy Policy at any time. Any such update will be made public by Telefónica, in any event, with such notice prior to its entry into force as may be legally required.

In addition, it will be communicated directly to the User if it affects his rights or freedoms or when, for example, the inclusion of a new processing activity requires the User's consent or modifies the scope of the legitimate interest that enables the processing.

Date of last update: February 04 February 2025