The companies Socibus S.L. and Secorbus S.A. (from now onwards, “The Group”), in the course of its commercial activities, gathers and processes personal data belonging to the individuals with which it holds commercial associations, including Clients, Passengers, Employees, Potential Employees and Providers.
The Group respects their privacy, and it is because of it, based on the current legislation, that it has implemented a high level of data protection that complies with said legislation.
The Group is responsible for the processing of their personal data and therefore, acts as a controller of such. You understand and accept that the Company, in its aim to offer a high quality service, works regularly with certain trusted service providers that have access and process your data under our command, never meaning the release of such. These providers, acting as In-Charge of the processing of data, possess equivalent data protection levels as those the Company does. Principles of personal data that govern the activity of the company.
A personal detail is any type of information (numeric, alphabetic, photographic, acoustic or of any other kind) that identifies or can make a physical person identifiable.
Under this definition, the following data processing principles are declared:
When processing your personal data, the individual rights of the interested individuals will be protected.
The personal data will be collected and processed in a legal, fair and transparent manner.
Los datos personales se procesarán sólo para los propósitos para los que hayan establecido, antes de que los datos sean recogidos. Los posibles cambios posteriores a dichas finalidades serán son posibles de forma limitada y requerirán justificación y/o consentimiento de los interesados.
Those individuals interested in our management of personal data will be informed of how their data are being managed. As a general rule, the data will be directly collated from the person in question. When the data is collected, those concerned will be informed of:
Before processing personal data, it will be determined what data is necessary to achieve the purpose for which this collection is performed.
The personal data will not be collected in advance and saved for potential future purposes.
The personal data not needed anymore (after the legal or commercial terms have expired) will be deleted. Should there be a historical interest, the conditions and necessities for said purpose will be evaluated and justified.
The personal data stored ought to be correct, completed, and, should there be a need for it, upgraded. Adequate measures will be taken in order to guarantee that the inaccurate or incomplete data is deleted, corrected, complemented or upgraded.
The personal data is subject to confidentiality. It should be secured with organizational measures and adequate techniques to avoid the unauthorized access, processing or legal distribution, as well as the accidental loss, modification or destruction.
The collection, processing and use of personal data are only allowed under the legal established premises by the company, according to the normative in force.
The Company works with trusted suppliers to facilitate the compilation and processing of the Clients and Passengers data, primarily with the following types:
These providers act always under the Business command and as Managers of Data Processing, not establishing themselves in any case as distributors of your data.
Your data will be distributed to other companies of the group with statistical aims or internal obligations (for example for corporate reports etcetera). Your data won’t be distributed to other third parties, except due to a legal obligation o through your specific consent.
The Company processes and stores personal data in the EU., as well as in the United States, through technology service providers (for example, Google). In all cases, the Group will take the necessary measures to guarantee that its data continue to be protected in these suppliers according to the high standards required by EU regulations.
To determine the retention time of said data, the Group follows the following criteria:
You have the right to request access of your data to the Group, the correction or elimination of your data, the blocking of the processing of your data, or to object to the processing of your data and to request the portability of your data. You can invoke your rights contacting our Protection of Data Delegate at fjurado@sigma-data.com.
If you understand that we haven’t met your petition adequately, you can also present a complaint before the data protection national authority
If you have a question or wish to present a complaint in relation to the compiling and processing of your data, you can get in touch with our Protection of Data Delegate at fjurado@sigma-data.com.
If you are a Client (purchaser of one of our services) or a Passenger (user of one of our services), we inform you that we process your data as described below in a concise manner:
|
Responsible for the processing of data |
Socibús S.A, Secorbús S.A.
Estación Sur de Autobuses de Madrid, Calle de Méndez Álvaro, 83, 28045 Madrid |
|
Categories of interested parties |
Clients (purchasers)
Passengers (service users)
|
|
End goals |
The management of the passenger’s transportation service
The management of the purchase and payment of tickets
The forwarding of your tickets via email or SMS
The forwarding of commercial communications via email and SMS
The management of additional services such as voluntary insurance
The management of fraud and fraudulent complaints
The management of technical incidences
|
|
Legitimation |
For the execution of a passenger’s transportation contract, including the management of complaints and incidences of clients and passengers
For your given consent to carry out commercial communications
|
|
Addressees |
The responsible for the processing described before.
Your data won’t be given to third parties, unless it is due to a legal obligation or with your explicit consent
|
|
Rights |
You can access, rectify, delete and object to the management, as well as request their transfer.
|
|
Origin |
If you are the buyer, the data is provided by you when acquiring the tickets
If you are the passenger, the data is provided by the buyer that acquires the tickets
|
|
Use of cookies |
We use our own and third party cookies to better the browsing quality of this website. If you continue browsing in this website, we understand that you approve of their use. If you don’t wish to accept their use, please don’t use this website or set your browser to avoid the use of cookies. Read further down on how to do this.
|
We compile personal data directly from the clients that buy their tickets through online services, and personal data of passengers directly from them (if they are clients) or of the clients, that in the event of purchase, can register other passengers’ data. If this last mentioned is your case, we understand your data has been legitimately provided by the client.
The Group compiles and processes data of clients and passengers, specifically, of the following categories:
In the case that you, as a passenger and/or client, provide data of a third party to our systems (for example, personal data of other passengers that travel with you), you commit yourself to inform said passengers of their implicit acceptance of this Privacy and Data Protection Policy, from which the Terms and Conditions of the purchase have been accepted, and that they have to read the Privacy Policy in this link. When providing third party data, you advocate for their truth in their name.
When purchasing your tickets, we don’t store data of the payment method chosen (credit card or other payment methods). The client is re-directed to an external payment getaway (Virtual TPV) of a payment methods service provider, that acts as the Responsible of Processing. For any issue related to the data protection of your payment method, you can reach the provider in question.
The Company compiles and processes the data described with multiple goals, as described in the following chart.
|
End goal |
One of the following legal basis |
|
The management of the passenger transport service
The management of ticket payment
The management of complaints and incidences, as well as the management of fraud and fraudulent complaints
|
Enforcement of a trading contract
For the fulfilment of legal obligations
For the company’s own interest in the management of fraud and complaint resolution |
|
The sending of your tickets via email and SMS
The sending of commercial communications via email and SMS
|
Explicit consent granted by you |
|
Billing and invoicing, accounting, treasury, tax, reports, statistics and financial and management reports |
The Company’s legitimate interest to carry out its business activity |
|
Data of the voluntary insurance |
Needed to comply with the legal requirements
Needed to execute a contract |
If you are an Employee or Partner (I.e. a driver of a hired bus), we inform you that we process your data as described below in a concise manner:
|
Responsible for the processing of data |
Socibús S.A, Secorbús S.A. Other companies that act as investees
Estación Sur de Autobuses de Madrid, Calle de Méndez Álvaro, 83, 28045 Madrid
|
|
Categories of interested parties |
Employees / Partners
|
|
End goals |
The management of the hiring
The management of HR
Prevention of Occupational Risks
Organization and optimization of the work
|
|
Legitimation |
For the execution of an employment contract
For the organization of the work |
|
Addressee |
Aside from those in charge of the management, described before, your data can be transferred to other businesses of the company for internal managerial purposes
Your data won’t be given to third parties, unless it is due to a legal obligation or with your explicit consent
|
|
Rights |
You can access, rectify, delete and object to the management, as well as request their transfer. Some of these rights may be limited by the labor legislation |
|
Origin |
Provided directly by the party concerned and compiled during the business activity |
The Group compiles and processes data of the employees / partners of the following categories:
The Group compiles and processes the data described for multiple purposes, such as is described in the chart below.
|
End goal |
Una de las siguientes bases legales |
|
Management of employment
Management of human resources
Prevention of occupational risks |
Execution of a legal contract
For the compliance with legal obligations
Legitimate interest of the Company to optimize the work
|
|
Management of HR, accounting, treasury, tax, Reports, statistics and financial and management statements
|
Legitimate interest of The Company to carry out its business activity
Needed to comply with legal requirements
Needed for the execution of a contract |
If you are a Candidate for employment, we inform you that we process your data as described below in a concise manner:
|
Responsible for the processing of data |
Socibús S.A, Secorbús S.A.
Estación Sur de Autobuses de Madrid, Calle de Méndez Álvaro, 83, 28045 Madrid |
|
Categories of interested parties
|
Employment candidates |
|
End goals
|
The selection of candidates of employment |
|
Legitimation |
Legitimate interest of the Group
Consent given by the interested, in the case of certain data (social media profiles, etcetera)
|
|
Addresses |
Aside from those responsible for the processing of data described before, your data can be transferred to other businesses of the group with the goal of selecting staff
|
|
Rights |
You can access, rectify, delete and object to the management, as well as request their transfer.
|
|
Origin |
Directly given by the interested party
Public data obtained from social mediums of communication
|
The Group compiles and processes data of the employees of the following categories:
If you are a Provider, a Travel agency or a Business contact (any person interested in conducting business with any of our businesses), we inform you that we process your data as described concisely as follows:
|
Responsible for the processing of data |
Socibús S.A, Secorbús S.A.
Estación Sur de Autobuses de Madrid, Calle de Méndez Álvaro, 83, 28045 Madrid
|
|
Categories of interested parties |
Providers
Travel agencies
Business contacts
|
|
End goals |
The processing of deliverables and provision of services contracts
The selling of tickets through an Agency
|
|
Legitimation |
For the execution of a contract
For the legitimate interest of the Group in having trusted providers
For your consent when you contact us and ask for a budget or any other type of business information
|
|
Addressees |
Aside from those in charge of the processing previously described, your data can be transferred to the group’s businesses for internal administrative purposes
Your data won’t be given to third parties, unless it is due to a legal obligation or with your explicit agreement
|
|
Rights |
You can access, rectify, delete and object to the management, as well as request their transfer.
Some of these rights might be limited by the commercial law
|
|
Origin |
The party interested themselves
Accessible sources to the public such as Registers
Company and business directories
Debtor and risk databases
|
|
Use of Cookies (only Agencies) |
We use our own as well as and third party cookies to better the browsing quality of this website. If you continue browsing in this website, we understand that you approve of their use. If you don’t wish to accept their use, please don’t use this website or set your browser to avoid the use of cookies. Read below on how to do this.
|
The Group receives personal data directly from the Providers, Travel Agencies and Business Contacts through online media and directly from them.
The Group compiles and processes the data of the following categories specifically:
So that this website can facilitate the experience of a satisfactory purchase, we install small data files known as cookies.
A cookie is a small text file that websites install in your computer or mobile device when you visit our website. Cookies enable the website to remember the actions and preferences of the user (it identifies the sign in, the language, size of writing, data from the shopping basket), so that the website doesn’t have to introduce or configure them again, when the user returns to the site or browses through its pages.
Even though cookies are not imperative for the website to work, if you enable them you will enjoy a better browsing experience. If your cookies are disabled, you will, for example, receive constant messages in regards to the Privacy Policy, or when you log in, the system won’t recognize you as a registered user. However, you can delete and block cookies as you please.
The information associated with the cookies isn’t used to personally identify the user, even when some cookie data is associated to the purchases of registered and unregistered users. On the other hand, we keep the data referring to your browsing patterns completely under our control. These cookies are exclusively used for the purposes indicated here.
We use the following personal and third party cookies:
You can delete or disable the cookies in your browser whenever you wish to.
To know how to do this, refer to aboutcookies.org. Aside from being able to eliminate every cookie already stored in your computer, you can also set your browser up so that it stops accepting them, but bear in mind it might be the case of you having to set up your preferences manually again, every time you visit a website, and some services and features might stop working too.
Information updated to January 21, 2019