TU Wallet Privacy Policy

Last updated: 21/02/2025

This TU Wallet Privacy Policy (the "Privacy Policy" or "Policy") has been drawn up by Telefónica Innovación Digital, S.L. ("Telefónica"), in order to comply with the duty of transparency in the processing of personal data that it may carry out in its capacity as data controller, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, "GDPR"), and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (hereinafter, "LOPDGDD"), as well as any other regulations that may be applicable.

By accepting this Privacy Policy, you consent to the processing of personal data by Telefónica as data controller in connection with your use of (i) the "TU Wallet" application (the "App") and (ii) the TU Wallet contact means made available to you by Telefónica; in particular, with respect to your Telefónica Account and the Telefónica Services on TU Wallet, as defined in the TU Wallet Terms and Conditions.

Please read this Privacy Policy and the TU Wallet Terms and Conditions carefully and in detail to understand what data we process, how we process it and how you can exercise your rights if you wish to do so.

Please note that certain TU Wallet services or features may have their own terms and conditions or privacy policies. In such cases, it is those terms and policies that you should read to understand how your data is treated and how you can control it in those situations.

You are also reminded that this Privacy Policy forms part of the TU Wallet Terms and Conditions (the "T&Cs").

Certain concepts and definitions used in this Policy are detailed in the T&Cs. Furthermore, the T&Cs complement and supplement everything that is not expressly provided for in this Policy. If there is any contradiction or inconsistency between this Policy and the T&Cs, the Policy shall prevail with respect to the processing of your personal data.

Please also note that the processing of your personal data when you use or browse the public part of the tu.com/wallet website is governed by TU's Privacy Policy and the General Terms and Conditions of Use of the "Tu.com" Services, and this Privacy Policy or the T&Cs do not apply.

1. IDENTIFICATION OF THE CONTROLLER

• Company name: Telefónica Innovación Digital, S.L. ("Telefónica" or the "Data Controller").
• Address: Distrito Telefónica, Ronda de la Comunicación S/N, Edificio Central, C.P. 28050, Madrid
• VAT NO: B-83188953
• DPO contact: DPO_telefonicasa@telefonica.com
• Support email: soporte@tu.com
• Email for exercising data protection rights: legal@tu.com

2. TYPE OF DATA WE PROCESS

As a general rule, the categories of personal data subject to processing by Telefónica as Data Controller will be the following:

1. Data obtained directly from the User: Data provided by the User to Telefónica when registering and creating their Telefónica Account, when using the Telefónica App and Services, and/or when communicating with Telefónica through any of the TU Wallet contact methods provided by Telefónica. This category includes the following types of personal data:
   
   
   • Identification data, contact details and access credentials for your Telefónica Account: email address, mobile phone number and passwords or authentication factors.
     
     
   • Preference data: Data relating to permissions, preferences, consents, authorisations, oppositions and any exercise of rights that you communicate, provide or make known to us
     
     
   • App Usage Data: Technical and navigation data associated with each access or use of the App by the User, including the IP address of the User's device and other data obtained through the technical protocols that enable the operation of the App and Telefónica's Services on the App, the User's interactions with his/her Telefónica Account and Telefónica's Services on the App, as well as diagnostic and error data in the execution of the App and Telefónica's Services.
     
     
   • Data obtained from the device: data obtained from and/or stored on your device through cookies and/or similar technologies, if such collection or storage is necessary for the proper functioning of the Telefónica App and Services or if you have expressly consented to it. This data may include: data stored on your device, such as your address book, biometric capabilities of your device, technical identifiers of your device, language, app version, time zone, SIM card operator, status of permissions granted by the User, tokens, size of size and/or any other characteristic of the device
     
     
   • Other data provided by the User: Any information provided through the TU Wallet contact means provided by Telefónica in relation to TU Wallet and Telefónica's Services, such as for the reception and/or management of requests, contacts, incidents, requests, complaints, suggestions, assessments and/or opinions by Users.
     
     
2. Data not obtained directly from the Customer or user:
   
   

• Data assigned by Telefónica: Any technical identifier assigned by Telefónica to your User Account, such as your User ID assigned by Telefónica when you created your User Account.
  
  
• Data generated or derived by Telefónica, including profiling: Some of the information we process about you may be generated or inferred by Telefónica through the use of data analytics technologies that allow us to analyse or predict information about your preferences, interests or behaviour for commercial and direct marketing purposes or to personalise the App experience and the services or content accessible through TU Wallet. This may include "derived data", which is obtained through the processing of data collected and provided by the User, and "inferred data" obtained from the analytical processing of a broad set of data including data from multiple Users and various sources, including information provided by Bit2Me as described below.
  
  
• Information provided by Bit2Me: Bitcoinforme, S.L. ("Bit2Me"), a business entity with tax identification number B-54835301 and registered office at C/ Germán Bernacer, núm. 69, CP 03203 - Elche, Alicante, a cryptoasset service provider registered in the applicable register of the Bank of Spain on 16/02/2022 and number D592, may communicate certain personal data about you, including:
  
  
  • Your email or mobile phone number used in the Telefónica Account of the App, in case you contact Bit2Me directly to update or rectify such information and Telefónica must also proceed with such update or rectification.
    
    
  • Information about your Bit2Me Account (such as identification and contact details) and/or your use of the Bit2Me Services on the App (details of transactions you make on TU Wallet or interactions you make with Bit2Me functionalities on the App), in order to:
    
    
    • Respond to requests for information on such information sent to Telefónica by the competent authorities and which Telefónica is obliged to respond to;
    • That Telefónica can comply with applicable regulations;
    • Commercial profiling and personalisation of the App experience and TU Wallet services or content;
    • Carrying out statistical business analysis.
      
      
  • Information provided by your mobile operator with whom you access and use TU Wallet: this is the information provided to us by your mobile operator when, through the advanced security and fraud prevention features, we verify (1) if you access the App from the mobile line associated with the mobile phone number of your Telefónica Account, and/or (2) if there has been a duplication of your SIM card on the mobile line linked to that mobile phone number.

3. RECIPIENTS OF YOUR DATA

We inform you that your personal data may be communicated to the following entities in the following cases:

1. Bit2Me:
   • We will communicate your email and mobile phone number to Bit2Me in the following cases in order to ensure that these details are the same for your Telefónica Account and Bit2Me Account:
     • When you sign up for Bit2Me Services and create your Bit2Me Account in the App;
     • When you update or modify such data through any of the mechanisms or methods available to you to do so;
       
       
2. To your mobile operator with whom you access and use TU Wallet:
   • We will communicate to your mobile operator the telephone number that you have provided to us in the TU Wallet registry, in those cases in which the advanced security and fraud prevention functionalities are executed when you carry out transactions or operations in Bit2me Services.
     
     
3. To public administrations, state security forces and any other competent authority:
   • We may disclose your information to these entities where it is necessary for Telefónica to comply with the regulations and legal obligations to which we are subject.

In addition, in order to carry out the processing explained in this Policy, we may use subcontractors and authorised service providers who process your personal data on behalf of and in the name of Telefónica as processors. Their processing of your personal data will be contractually subject to our instructions and they must comply with the necessary security measures to protect your data and information.

Such subcontractors and service providers include, for example, internet and telecommunications service providers, audit firms, consulting and other professional service providers, cloud hosting providers, email providers, technology providers, as well as general and security service providers.

4. WHAT WE PROCESS YOUR DATA FOR AND WHY

Below we explain the purposes for which we process your data and how we are entitled to do so: 

Purpose of processing	Legitimising basis	Data type
Registering and creating your Telefónica Account in TU Wallet	Execution of pre-contractual measures prior to acceptance of the T&Cs and performance of a contract after acceptance of the T&Cs (art. 6.1 b) GDPR).	Identification data, contact details and access credentials Preference data
Communication of your email address and mobile phone number between Telefónica and Bit2Me , both in the registration and creation of your Bit2Me Account, and if you update, modify or rectify such data through the App or directly by contacting Bit2Me or Telefónica through the means provided, in order to ensure that such data match both in your Telefónica Account and in your Bit2Me Account, as set out in the T&Cs.	Performance of a contract (art. 6.1 b) GDPR)	Identification data, contact details and access credentials
Provision of, operation of, maintenance of and management of the App, the Telefónica Services and the Telefónica Account of TU Wallet Users, as well as execution of the obligations and exercises of the rights provided for in the T&Cs and the Policy Both the App and the Telefónica Services and the Telefónica Account may be customised according to the preferences and interests expressly indicated by the User, including with regard to the advanced security and fraud prevention features available in the App that allow TU Wallet Users who have activated this feature to carry out more secure transactions or operations in Bit2Me Services. In this sense, the aforementioned functionalities will imply that we communicate your telephone number to your mobile operator to verify that (1) the mobile line from which you are carrying out the transaction or operation is associated with the telephone number of your Telefónica Account, or (2) the SIM card linked to that telephone number has recently been duplicated or changed. This information will serve as an indication of fraud or identity theft, in which case we may request additional information to ensure that you carry out the transaction or operation securely through the App. Likewise, for this purpose, we may carry out the profiling that we explain later in this section. With regard to access to and the functioning of the aforementioned functionalities and such personalisation, we inform you that they may involve and/or result from automated decision-making based on the preferences or interests you indicate, the use of and interactions you have with the App, your Telefónica Account or Telefónica Services, the information collected from your mobile operator, as well as your profile.	Performance of a contract (art. 6.1 b) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy.
Monitoring of compliance with the obligations of the T&Cs and the Privacy Policy , as well as execution of the measures foreseen in the T&Cs and the Privacy Policy in case of non-compliance. Such measures may involve automated decisions, in particular with respect to suspension, limitation, restriction, discontinuation and termination of the Telefónica Account or Telefónica Services in the event of non-compliance with the following	Performance of a contract (art. 6.1 b) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy. Data obtained from your mobile operator with whom you access and use TU Wallet
Response, attention and management of contacts and communications sent by Users through the channels and means of contact set up by Telefónica in TU Wallet.	Performance of a contract (art. 6.1 b) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy.
Sending service communications by electronic means, or any other means, that are necessary and related to the App, the Telefónica Services and/or the Telefónica Account. Such mailings may be the result of automated decision-making, specifically, based on your use of and interactions with the App, your Telefónica Account or Telefónica Services, as well as profiling as explained later in this section.	Performance of a contract (art. 6.1 b) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Data assigned by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy.
Sending information or advertising, offers and promotions, prize draws, loyalty programmes or any other actions of a commercial nature, by electronic means, or any other means, about the App and the Telefónica Services, as well as about other Telefónica products and/or services similar to those contracted by the User in TU Wallet that may be of interest to the User, including those of the TU ecosystem detailed in tu.com ("Similar Products"). Telefónica will make such commercial communications in order to (i) promote the marketing and use of the App, Telefónica's Services and Similar Products, as well as (ii) build user loyalty. These communications respond to Telefónica's legitimate interest in carrying out direct marketing actions and promoting its image by means of commercial communications sent through different media and channels in accordance with the applicable regulations in force. Such mailings may be the result of automated decision-making, specifically, based on your use of and interactions with the App, your Telefónica Account or Telefónica Services, as well as profiling as explained later in this section.	Legitimate interest (Article 6(1)(f) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Data assigned by Telefónica Data generated or derived, including profiling The email and telephone number that Bit2Me provides to us as provided in this Policy.
Conducting surveys, user tests, trials and other research activities related to the App, Telefónica's Services and/or Similar Products. Telefónica will carry out these activities in order to maintain and improve the quality of the App, Telefónica Services and Similar Products. This responds to Telefónica's legitimate interest in gathering information relating to the satisfaction, opinions, preferences and evaluations of Users for the aforementioned purpose. The performance of such actions may be the result of automated decision-making, in particular, based on your use of and interactions with the App, your Telefónica Account or the Telefónica Services.	Legitimate interest (Article 6(1)(f) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy.
Creating individualised profiles of Users in order to analyse or predict information about their preferences, interests or behaviour in relation to the App or Telefónica's Services; this for direct marketing purposes or to personalise their experience, the services they access or enjoy and the sending of service communications. In order to (i) improve the receptiveness of the aforementioned commercial communications, as well as to (ii) personalise the experience or interface of the App, the Telefónica Services and the sending of service communications, Telefónica will prepare a profile of Users based on their personal characteristics and the information obtained from their activity, to enable the preparation of personalised offers, personalisation of experiences and services, as well as sending commercial or service communications that it considers may be of interest to the User; all based on said profile and including automated decision making for such purposes. This profiling responds to Telefónica's and Users' legitimate interest in (i) sending/receiving commercial and service communications, as well as (ii) providing/enjoying services and experiences, which are relevant and of interest to Users, so that deliveries, experiences and services are better adapted to their needs and interests.	Legitimate interest (Article 6(1)(f) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica Data generated or derived by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy.
Consent (Article 6.1.a GDPR)	Information communicated to Telefónica by Bit2Me about the User's Bit2Me Account and the User's use of the Bit2Me Services in the TU Wallet App.
Performing statistical analysis for the purposes of (1) measuring the quality of the App, its services and content in order to take the necessary measures to prevent and remedy any degradation and to improve such quality; and (2) reporting on key business metrics related to the App, its services and content in order to obtain aggregated business intelligence and make better decisions (e.g. on evolutions, improvements or corrections). These statistical analyses respond to Telefónica's and Users' legitimate interest in providing/receiving the best possible quality, as well as Telefónica's legitimate interest in obtaining reports and business intelligence in order to make better strategic or operational business decisions.	Legitimate interest (Article 6(1)(f) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica Data generated or derived by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy.
Consent (Article 6.1.a GDPR)	Information communicated to Telefónica by Bit2Me about the User's Bit2Me Account and the User's use of the Bit2Me Services in the TU Wallet App.
To properly monitor the contractual, commercial and economic relationship between Telefónica and Bit2Me. To this end, and given that certain aspects of this relationship depend on your use of the Bit2Me Services and your Bit2Me Account, it is necessary for Bit2Me to communicate to Telefónica certain information about your Bit2Me Account and your use of the Bit2Me Services in the App to enable and monitor compliance with the obligations and the exercise of those established in the contractual, commercial and economic relationship between Telefónica and Bit2Me, without which it would not be possible to make TU Wallet available to the User. This tracking and communication of data responds to the legitimate interest of Telefónica, Bit2Me and the Users themselves in allowing and monitoring the execution of the obligations and rights of the contractual, commercial, and economic relationship between Bit2Me and Telefónica, without which it would not be possible to make TU Wallet available to the User.	Legitimate interest (Article 6.1 f) GDPR)	Information communicated to Telefónica by Bit2Me about the User's Bit2Me Account and the User's use of the Bit2Me Services in the TU Wallet App.
Maintenance of the activity and security of the App, its services and content, in order to prevent, detect and avoid breaches, incidents or security breaches . This processing may involve the configuration of alerts and the active or passive monitoring of the App, its services or content, and its use by Users. During the investigation processes, we may process more personal data provided that they allow us to carry out a better investigation and assessment of the specific case, in order to make decisions regarding the establishment and implementation of control and mitigation measures for the risks detected at any given time This is done based on the legitimate interest of Telefónica and the Users themselves that the App, its services and content are available in a secure manner and that they are protected against security incidents and malicious attacks ; all in accordance with the T&Cs, industry standards and applicable regulations. The maintenance of business and security may involve automated decisions, in particular with respect to suspension, limitation, restriction, discontinuance and termination of the Telefónica Account or the Telefónica Services in the event of a breach of the T&Cs or regulations.	Legitimate interest (Article 6(1)(f) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica Data generated or derived by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy.
Detection and prevention of fraud and/or activities considered illicit in the App, its services or contents . This processing may involve the setting of alerts and the active or passive monitoring of the App, its services or content, and its use by Users. During the investigation processes, we may process more personal data provided that they allow us to carry out a better investigation and assessment of the specific case, in order to make decisions regarding the establishment and implementation of control and mitigation measures for the risks detected at any given time. This is done based on the legitimate interest of Telefónica and the Users themselves that fraud and illegal activities on the App, its services or content are investigated, detected and prevented in order to avoid harm and damage to the Users, Telefónica, Bit2Me or third parties (e.g. in the form of abusive, fraudulent or irregular uses of the App, its services or content); all in accordance with the T&Cs, industry standards and applicable regulations. The detection and prevention of fraud and/or unlawful activities may involve automated decisions, in particular with regard to the suspension, limitation, restriction, discontinuation and termination of the Telefónica Account or Telefónica Services in the event of a breach of the T&Cs or regulations.	Legitimate interest (Article 6(1)(f) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica Data generated or derived by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy.
Defence, exercise, response and intervention as an interested party in legal and administrative actions, lawsuits, complaints or claims of any nature , related to or concerning the App, its services or content, as well as with Telefónica, the Telefónica Group, Bit2Me, Users and/or applicable third parties. This is done on the basis of Telefónica's legitimate interest associated with the exercise and defence of legal actions, as well as its right to effective judicial protection .	Legitimate interest (Article 6(1)(f) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica Data generated or derived by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy.
Compliance with applicable regulations and attention to requirements and official requests made by public administrations, state security forces and/or any other competent authority. This includes the communication of personal data that, for this purpose, must be made to or received from Bit2Me, its partners, as well as the competent authorities mentioned above.	Legal obligation (Article 6(1)(c) GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica Data generated or derived by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy. Information communicated to Telefónica by Bit2Me about the User's Bit2Me Account and the User's use of the Bit2Me Services in the TU Wallet App.
Pseudonymisation, de-identification and/or anonymisation of your personal data , applying the corresponding technical and organisational measures to limit or prevent your identification, both directly and, where appropriate, indirectly. This processing is considered to be processing compatible with the purposes listed above and for which the personal data were initially collected, obtained and processed.	Compatible further treatment (Article 6.4 GDPR)	Identification data, contact details and access credentials Preference data App usage data Data obtained from the device Other information provided by the User Data assigned by Telefónica Data generated or derived by Telefónica The email and telephone number that Bit2Me provides to us as provided in this Policy. Information communicated to Telefónica by Bit2Me about the User's Bit2Me Account and the User's use of the Bit2Me Services in the TU Wallet App.

 

Legitimate interest is a legitimate basis for processing as provided for and permitted by law, provided that such interest is within your reasonable expectations for the stated purpose. To this end, in the table above we have explained and detailed in detail each of the applicable legitimate interests and why we understand that they are within your reasonable expectations. To this end, we have analysed the proportionality and necessity of the processing operations based on legitimate interests, and weighed the benefits and risks to your privacy.

For further information, please contact legal@tu.com.

Remember that you may object to this processing on the grounds of legitimate interest at any time by exercising your right at legal@tu.com or any other alternative means indicated in the section on exercising your rights in this Privacy Policy. In general, your right to object will be automatically exercised and we will stop processing your personal data for the purpose to which you object. However, please note that, in certain cases, the legitimate interest indicated may prevail over this right of objection, in which case, it may be rejected, giving you the detailed reasons and reasons why your right of objection is not met.

Likewise, when the legal basis for the processing is express consent, you may withdraw such consent easily, simply and free of charge at any time via legal@tu.com or any other alternative means indicated in the section on the exercise of rights in this Privacy Policy. The withdrawal of consent will not affect the lawfulness of the processing based on the consent prior to its withdrawal.

If Telefónica requires additional or further processing of your personal data for a different purpose compatible with those previously set out in this Privacy Policy, you will be informed in advance, including all legally required information, as well as the intended purposes of such processing and, where appropriate, you will be given the option to object to such processing or we will request your consent to carry it out.

5. INTERNATIONAL TRANSFERS

In general, Telefónica does not transfer your personal data to countries outside the European Economic Area ("EEA").

However, where communication or access to your personal data by the recipients set out above in this Policy involves the international transfer of your data outside the EEA , such transfer will only take place:

1. If necessary for the purposes set out in this Policy;
   
   
2. If realised:
   
   
   • To countries with an adequate level of protection, as set by the European Commission; and/or
     
     
   • After taking the necessary organisational, technical and contractual measures to ensure the protection and security of your data, such as signing the European Commission's Standard Contractual Clauses, carrying out impact assessments on the international transfer in question to assess the risk and adopt mitigation measures, encrypting the data in transit or at rest, or pseudonymising the data subject to the international transfer.

6. PRESERVATION OF YOUR PERSONAL DATA

Telefónica will only retain your personal data for as long as is necessary to fulfil the purposes for which it was collected and/or obtained in accordance with the information provided in this Policy.

Subsequently, if necessary, Telefónica may anonymise your personal data or keep it blocked until such time as any legal actions or liabilities that may be applicable as a result of the processing of your personal data expire, at which time the personal data will be definitively and irreversibly deleted.

However, the specific criteria we will use to retain your personal data are set out below.

In general, we will process your personal data until you opt out or unsubscribe from TU Wallet as set out in the T&Cs and this Privacy Policy.

However, in certain cases a different retention period may be applicable:

1. If the processing is carried out in order to comply with the law or a legal obligation, or if such law or legal obligation provides for a specific retention period or time limit, your personal data will be retained and processed for as long as necessary to comply with such law or legal obligation or until the end of the specific retention period or time limit, if any, defined by the law or legal obligation;
   
   
2. Your personal data in connection with the conduct of surveys, user tests, trials and other research activities will be retained for a maximum of 48 months from the time your data was collected or obtained;
   
   
3. Your personal data in relation to the performance of statistical analyses will be retained for a maximum of 48 months from the time your data was collected or obtained.
   
   
4. Your personal data in relation to the contractual, commercial and economic follow-up between Telefónica and Bit2Me will be retained for as long as this relationship remains in force or until the expiry of the statute of limitations for any legal actions or liabilities that may arise or derive from it;
   
   
5. Your personal data in connection with maintaining the availability and security of the App, as well as the detection and prevention of fraud or unlawful activities, will be retained for the minimum period of time necessary for this purpose. However, if as a result of the investigation and/or alarming processes derived from this processing, incidents or situations are detected that need to be analysed or investigated in more detail, we will process your personal data until such analysis or investigation has been resolved and concluded. Likewise, the results and details of such analysis or investigation may be kept for the purpose indicated in the following point, for the period of time defined below;
   
   
6. Your personal data in relation to the defence, exercise, reply and intervention as an interested party in legal and administrative actions of any nature may be kept for this purpose until the end of the term or period of limitation of such actions or responsibilities in accordance with the applicable regulations;
   
   
7. In the event that (i) you object to the processing based on legitimate interest and we comply with your request, (ii) you withdraw your consent to the applicable processing, or (iii) you exercise a right by virtue of which we must delete your personal data, we will cease to retain your personal data in question by anonymising, blocking or permanently deleting it, unless it can continue to be processed for another lawful and legitimate purpose provided for in this Policy, in which case the retention period corresponding to that other purpose will apply.

Please note that the obligations to delete or erase data will not apply to non-personal information or data that, where applicable, has been properly anonymised. Likewise, we remind you that in those situations in which we communicate your personal data to other data controllers for the purposes detailed in this policy, said recipients will retain your personal data for the terms or periods established by them, which they must duly inform you of in accordance with the applicable regulations.

7. EXERCISE OF RIGHTS

As a User, data protection regulations grant you certain rights over your data which, depending on how they apply, you may exercise against Telefónica. Below you will find details of these rights and how you can exercise them.

We also inform you that on the website of the Spanish Data Protection Agency (www.aepd.es) you can find further information on the characteristics of these rights and download templates to exercise each of them, although it is not necessary to use any template to exercise a right before us.

Right to withdraw consent

It is your right to withdraw your consent to the processing of your data for the purposes that are legitimate on that basis, at any time and in an easy way.

Right of access

It is your right to ask us for details of the data we hold about you and how we process it, and to obtain a copy of it.

Right of rectification

It is your right to obtain the rectification of your inaccurate or erroneous data, as well as to complete incomplete data.

Right of suppression

It is your right to request deletion or suppression of your data and information in certain circumstances. However, please note that there are certain occasions when we are legally entitled to continue to retain and process your data, for example, to comply with a legal obligation to retain data.

Right of limitation

This is your right to restrict or limit the processing of your data in certain circumstances. For example, if you apply to have your data erased, but, instead of erasure, you would prefer that we block it and process it only for record-keeping purposes because you will need it later to make a complaint. Again, please note that there may be times when we are legally entitled to refuse your request for restriction.

Right to object

This is your right to object to our processing of your data for a specific purpose, in certain circumstances provided for by law and related to your personal situation.

Right to portability

It is your right to ask us to receive your personal data in a structured, commonly used, machine-readable and interoperable format and to transmit it to another data controller, provided that we process your data by automated means.

Right not to be subject to automated individual decisions

It is your right to ask us not to subject you, in certain circumstances, to a decision based solely on automated processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Means of exercising them and deadlines for response

In general, you may exercise these rights at any time and free of charge by contacting Telefónica at legal@tu.com. Similarly, in general, mechanisms will be made available to the User to automatically unsubscribe from communications and other options for withdrawal of consent and opposition.

To this end, it is important to bear in mind that, when exercising a right, in some cases you will have to specify clearly which right you are exercising and authenticate yourself or provide a copy of a document proving your identity. It should also be noted that some of the data processing is carried out by Telefónica in a way that does not require the direct identification of Users, without Telefónica being obliged to obtain and/or process additional information to verify said User for the purposes of allowing him/her to exercise his/her data protection rights.

In the event that a User exercises a data protection right and, due to the reasons indicated, Telefónica is not in a position to identify the User in order to deal with the request, it will inform the User to that effect if possible. Said request will be suspended until the User provides additional information that allows him/her to be identified.

Likewise, in the event that you exercise a right before Telefónica that affects or relates to other data controllers, we will forward your request to them so that it can be duly dealt with and responded to by them.

Any exercise of rights will be answered within a maximum period of one month, which may be extended by two months if we reasonably require it, taking into account the complexity of the request and the number of requests.

Finally, in the event that you do not agree with the way in which we process your data or the response we give to the exercise of your rights, you will have the right to lodge a complaint with the national supervisory authority, by contacting the Spanish Data Protection Agency (AEPD), whose contact details are as follows:

Spanish Data Protection Agency
C/ Jorge Juan, 6 – 28001 Madrid
www.aepd.es

We recommend that before submitting any complaint or claim to the Spanish Data Protection Agency (AEPD), you contact our Data Protection Delegate in order to analyse the specific situation and try, if necessary, to find an effective and amicable solution.

Apart from the above, if you wish, you can also refer to the AEPD.

8. OBLIGATIONS OF THE USER

The User represents and warrants that:

1. You are of legal age and have sufficient legal capacity to (i) understand this Policy, (ii) grant, where applicable, the applicable consents or authorisations, and (iii) provide or provide the personal data of yourself or third parties indicated in this Policy, guaranteeing that they are true, accurate, complete and up to date;
   
   
2. You have (i) previously informed those third parties whose personal data you provide to Telefónica in the context of the data processing provided for in this Policy of this Privacy Policy, and (ii) obtained their prior and express authorisation to provide such data to us for the purposes indicated;

For these purposes, the User shall be responsible for any breach of these representations and warranties, and shall be liable for any damages, direct or indirect, that such breach causes Telefónica, Bit2Me and/or applicable third parties.

Please also note that in the event that we are unable to process your personal data for certain purposes (e.g. if you do not provide such information, you do not provide applicable consents or you refuse or exercise any right that does not prevent such processing), the creation of your Telefónica Account may not be possible, or we may not be able to provide you with access to the Telefónica Services or such access may take place in a different manner.

9. SECURITY MEASURES

Your data will be treated in the strictest confidence and will be kept confidential, in accordance with the provisions of the applicable regulations, adopting the necessary technical and organisational measures to preserve the security of the data and prevent their alteration, loss, unauthorised processing or access, taking into account the state of technology, the nature of the data stored and the risks to which they are exposed.

10. PRIVACY POLICY UPDATE

Telefónica reserves the right to update this Privacy Policy at any time.

You will in any case be informed of any such update with the legally required notice.

In addition, it will be communicated directly to the User in the event that it affects his rights or freedoms or when, for example, the inclusion of a new processing activity would require consent.

 

© 2025 TELEFÓNICA INNOVACIÓN DIGITAL, S.L.U. All rights reserved.