Proteccion de Datos_

Data Protection Policy

1. Who is TIS and what services does it offer?

TELEFÓNICA INGENIERÍA DE SEGURIDAD, S.A.U. and its group of companies (“TIS”), is a group of companies within Telefónica Group. The Partner Company was incorporated and registered in Spain, at Ramón Gómez de la Serna 109-111 street- (28035 Madrid). Tax identification number A-28980910.
TIS is a leader company which aims to offer a new concept of security to companies, providing security services and value-added services to business customers.
More than 30 years of experience in the security sector and 30 thousand projects, make TIS the leading company in comprehensive security projects in Spain, Europe and Latam. Its value is based on a new concept of the development of Electronic Security Services as CCTV (Video Surveillance), Access Control as well as Security Information Services, IoT Services and IT integration.
If anyone wants to get in touch with the person in charge of guaranteeing the protection of the fundamental rights related to the protection of personal data within TIS, please contact TIS through the following e-mail address: tis.protecciondedatos@telefonica.com

2. TIS as data processor

Regarding its Electronic Security Services, TIS is in charge of the installation, integration and start-up as well as customer's disposal of their products, at customer's facilities. Likewise, TIS provides those services related to the subsequent operation and maintenance of the installed systems.
As for the Security Information Services, TIS services are focus on the operation of the customer 's own information.
In this sense, and according to the regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) Regulation (EU) 2016/679 ("GDPR") and the Spanish Regulation Organic Law 3/2018 of 5th December 2018 on the Protection of Personal Data and guarantee of digital rights (“LOPDGDD”).
TIS as security service provider mostly assumes a Data Processor’s Role, offering added value-services to its business customers, processing data on their behalf.
In its role as Data Processor, TIS always guarantees its customers compliance with data protection applicable regulations and in particular the application of appropriate technical and organizational measures to ensure a level of security appropriate to the risk to privacy arising from the data processing and to ensure such compliance by its partners and subcontractors.
In order to give effect to these guarantees as Data Processor, TIS signs Data Processing Agreements (“DPAs”) both with its customers and with its suppliers, in order to fulfil its obligations in accordance with the GDPR. customers can request through their commercial contact the model data processing agreement, suitable for contractually implementing the obligations, guarantees and commitments according to the GDPR.

3. What is TIS commitment in terms of data protection?

TIS is committed to ensuring the adequate protection of personal data and compliance with relevant regulations, in particular the obligations and guarantees set out in regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) Regulation (EU) 2016/679 ("GDPR") and the Spanish Regulation Organic Law 3/2018 of 5th December 2018 on the Protection of Personal Data and guarantee of digital rights (“LOPDGDD”).
TIS, as Data Processor, undertakes that at all times:
- It shall only process such Personal Data for the purpose of providing the Services already contracted by the customer, and it will not process Personal Data for internal purposes.
- It shall Process only on documented instructions of the Data Controller.
- It shall notify It will notify Data Controller, without undue delay, of any security Breach related to the Personal Data under its responsibility and will attach any relevant information to the notification.
- It shall inform Data Controller about any exercise of rights, incident, circumstance or facts related to the processing that could be relevant or may affect to the Data Controller.
- When feasible and applicable, It shall implement the security measures indicated by Data Controller.
In addition to the previous obligations, TIS is committed to ensuring the security, secret and confidentiality of its customers' data and personal information.
Therefore, as part of its commitment and in compliance with current legislation, TIS has adopted the most demanding and robust security measures and technical means to prevent their loss, misuse or access without authorization, committing it selves to keeping them secret and guaranteeing the duty to keep them safe by adopting all necessary and reasonable measures to prevent their alteration, loss and unauthorized access or processing, in accordance with the provisions of applicable legislation.
Likewise, TIS guarantees the exercise of the rights of data subjects in accordance with the GDPR:
1. Access: allows the data subject to obtain information on whether or not TIS is processing personal data concerning him/her and, if so, the right to obtain information on the personal data being processed.
2. Rectification: allows for the correction of errors and the modification of inaccurate or incomplete data.
3. Erasure: allows data to be erased and not processed by TIS, unless there is a legal obligation to retain them.
4. Restrict data processing: under the conditions established by law, it allows the processing of data to be stopped, in such a way as to avoid future processing by TIS, which will only keep them for the exercise or defence of claims or for the rigths of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
5. Right to object: in certain circumstances and for reasons related to their particular situation, data subjects may object to the processing of their data. TIS will cease processing the data, except for compelling legitimate reasons, or the exercise or defence of any claims.
6. Portability: it allows the data subject to receive the personal data concerning him or her, and be able to transmit those data to another data controller in a structured, commonly used and machine-readable format. TIS as Data Processor shall comply with all indication of Data Controller and shall inform about all exercise of this right.
TIS guarantees that the necessary measures will be taken to ensure the exercise of these rights, provided that TIS has all the sufficient information that enable it to identify the data subject for the proper and safe exercise of its rights, without interfering with the rights of other data subjects.
According to the technical characteristics of some types of services, such as Video Surveillance services, TIS shall comply with specific regulations which complete and specified the execution of the rights and obligations.
Finally, TIS would like to remind that the data subjects have the right to submit complaints with the national supervisory authority. To this effect, they must address the Spanish Data Protection Agency.

4. Information to be provided

TIS complies with data protection regulation and respects privacy of the data subjects, confidentiality and security of personal data, in compliance with the provision of GDPR.

Transparency

According to GDPR and LOPDGDD, TIS will only collect personal data when this is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed, and it will not treat this personal data in an unexpected, obscure or abusive manner.

Control

When appropriate, TIS will collect data subject consent or will inform the Data Controller of the need to obtain this consent.
TIS as Data Processor shall make available to the Data Controller all information necessary to demonstrate compliance with the obligations and allow for and contribute to audits, including inspections conducted by the Data Controller or another authorized auditor mandated by Data Controller.

Security

TIS is concerned about guaranteeing the security, secret and confidentiality of personal data. Therefore, as part of its commitment and in compliance with current legislation, it has adopted the most demanding and robust security measures and technical means to prevent the loss, misuse or access without authorization.
TIS has evaluated all risks and vulnerabilities related to those threats that could impact over the rights and the correct application of the data protection regulations.

Storage Period

TIS will store personal data during the legal time stablished in the applicable law in order to comply with the legal obligations, in this case, after the purpose, personal data shall be deleted. At the end of the provision of the Services and at the choice of the Data Controller, Data Processor shall delete or return all Personal Data to the Data Controller, and where appropriate, the medium in which they are stored at the end of the provision of Services, unless European Union or Member State law requires storage of the Personal Data.
If there is any specific regulation that regulates particular retention periods for some personal data, TIS will keep these data during the time stipulated in said specific regulations.
TIS always guarantees the confidentiality of all information and personal data.

5. What personal data does TIS process and for what purposes?

TIS processes personal data in its normal traffic for two types of purposes: those directly related to the security services provided to its customers and for the day-to-day management of its products and services with its customers and suppliers.

Period for the purpose of providing security services & end to end solutions to TIS corporate customers

As a leader company dedicated to the provision of electronic and information security services, as well as other services related to TIC´s, some of them are Video Surveillance, Accesses Control or Vivo Smart Security, including management and configuration of applications on platforms service, TIS has to process personal data in order to provide its services with the highest possible quality standards and thus protect the set of goods and rights for which they have been hired.
In this line, TIS will process different types of personal data associated with each service, such as:
- Access control: The processed data will depend on the customer's requirement, but some of them could be: ID, passport, e-mail, name, surnames, photo, car registration number, telephone number, biometric identifiers data (fingerprint, facial recognition), travel data (flight number, seat, etc.). In cases of visits, where the ID or passport is entirely scanned, all the data of them is registered.
- Video surveillance: Videos and images (people, car registration number...) recorded, biometric identifiers data (facial recognition).
- Vivo Smart Security: Name and surname of the individual entrepreneur and in some cases of their employees or even their family members, telephone number, e-mail, NIF, geolocation data, voice, video images and photograms of the local employees and potential clients.
- Information security services: All information that the customer has in their systems and to which TIS has access as it is necessary to carry out the service for which it has been hired.
The aforementioned data may also be processed for the following purposes:
- For billing customers for the services they have contracted;
- For the security of the networks and equipment connected to them, both its own and its customers';
- To guarantee the correct quality of its services.

To mantain technical, commercial or relatioships in connection with the provision of services commercialised by TIS

In order to offer its services to current or potential corporate customers, or to deal with technical, operational and service configuration issues, or to send out surveys to evaluate the quality of services or any other type of information related to the provision of services to corporate customers.
TIS will need to process data on individuals providing services to such customers. The data that TIS will process will be those strictly necessary for the professional location such as name, address, e-mail address or telephone number. TIS will not process such information for any purpose other than the relationship with the corporate customer where the data subject provides its services.
TIS will also process the data on behalf of its customers' representatives related to the contracts’ signature for the purpose of the day-to-day management of the company's contracting.
In all these cases, the processing for the above-mentioned purposes is carried out on the basis of TIS' legitimate interest in offering its products and services to companies and for their ordinary technical, commercial and legal management.
In some cases, TIS may need to disclosure data subject data to other companies of the Telefónica Group for administrative or commercial purposes in connection with the products and services marketed by the Telefónica Group to its corporate customers. TIS does not disclosure personal data to third parties (recipients) different from Telefónica Group and/or for other purposes.
TIS will keep data subject data for as long as it maintains the business relationship with the customer.
All data subjects are able to exercise their rights by sending an e-mail to the following address, where they may oppose the processing of their data for this purpose:tis.protecciondedatos@telefonica.com

International Transfers

In some specific cases, and always allowed by the data subject, TIS may contract the management of some of the functions necessary for the provision of its services to data processors located outside the EU and which, in any case, these data processor ensures an adequate level of protection of personal data according to the Data Protection Applicable Regulation.