Privacy policy and personal data protection

Privacy statement

The companies Socibus S.L. and Secorbus S.A. (from now onwards, “The Group”), in the course of its commercial activities, gathers and processes personal data belonging to the individuals with which it holds commercial associations, including Clients, Passengers, Employees, Potential Employees and Providers.

The Group respects their privacy, and it is because of it, based on the current legislation, that it has implemented a high level of data protection that complies with said legislation.

The Group is responsible for the processing of their personal data and therefore, acts as a controller of such. You understand and accept that the Company, in its aim to offer a high quality service, works regularly with certain trusted service providers that have access and process your data under our command, never meaning the release of such. These providers, acting as In-Charge of the processing of data, possess equivalent data protection levels as those the Company does. Principles of personal data that govern the activity of the company.

Privacy principles

What is a personal detail?

A personal detail is any type of information (numeric, alphabetic, photographic, acoustic or of any other kind) that identifies or can make a physical person identifiable.

Under this definition, the following data processing principles are declared:

1. Equity and legality

When processing your personal data, the individual rights of the interested individuals will be protected.

The personal data will be collected and processed in a legal, fair and transparent manner. 

2. Limitations of specific aims

Los datos personales se procesarán sólo para los propósitos para los que hayan establecido, antes de que los datos sean recogidos. Los posibles cambios posteriores a dichas finalidades serán son posibles de forma limitada y requerirán justificación y/o consentimiento de los interesados.

3. Transparency

Those individuals interested in our management of personal data will be informed of how their data are being managed. As a general rule, the data will be directly collated from the person in question. When the data is collected, those concerned will be informed of:

4. Downsizing of data and data economy

Before processing personal data, it will be determined what data is necessary to achieve the purpose for which this collection is performed.
The personal data will not be collected in advance and saved for potential future purposes.

5. Removal

The personal data not needed anymore (after the legal or commercial terms have expired) will be deleted. Should there be a historical interest, the conditions and necessities for said purpose will be evaluated and justified.

6. Accuracy and upgrade of dat

The personal data stored ought to be correct, completed, and, should there be a need for it, upgraded. Adequate measures will be taken in order to guarantee that the inaccurate or incomplete data is deleted, corrected, complemented or upgraded.

7. Confidentiality and security of the data

The personal data is subject to confidentiality. It should be secured with organizational measures and adequate techniques to avoid the unauthorized access, processing or legal distribution, as well as the accidental loss, modification or destruction.

8. Legitimacy

The collection, processing and use of personal data are only allowed under the legal established premises by the company, according to the normative in force.

Recipients of the data

The Company works with trusted suppliers to facilitate the compilation and processing of the Clients and Passengers data, primarily with the following types:

These providers act always under the Business command and as Managers of Data Processing, not establishing themselves in any case as distributors of your data.

Your data will be distributed to other companies of the group with statistical aims or internal obligations (for example for corporate reports etcetera). Your data won’t be distributed to other third parties, except due to a legal obligation o through your specific consent.

Recipients in third countries

The Company processes and stores personal data in the EU., as well as in the United States, through technology service providers (for example, Google). In all cases, the Group will take the necessary measures to guarantee that its data continue to be protected in these suppliers according to the high standards required by EU regulations.

Terms of retention

To determine the retention time of said data, the Group follows the following criteria:

Your rights

You have the right to request access of your data to the Group, the correction or elimination of your data, the blocking of the processing of your data, or to object to the processing of your data and to request the portability of your data. You can invoke your rights contacting our Protection of Data Delegate at fjurado@sigma-data.com.

If you understand that we haven’t met your petition adequately, you can also present a complaint before the data protection national authority

Point of contact

If you have a question or wish to present a complaint in relation to the compiling and processing of your data, you can get in touch with our Protection of Data Delegate at fjurado@sigma-data.com.

Information for Clients and Passengers

If you are a Client (purchaser of one of our services) or a Passenger (user of one of our services), we inform you that we process your data as described below in a concise manner:

Responsible for the processing of data

Socibús S.A, Secorbús S.A.

 

Estación Sur de Autobuses de Madrid, Calle de Méndez Álvaro, 83, 28045 Madrid

Categories of interested parties

Clients (purchasers)

 

Passengers (service users)

 

End goals

The management of the passenger’s transportation service

 

The management of the purchase and payment of tickets

 

The forwarding of your tickets via email or SMS

 

The forwarding of commercial communications via email and SMS

 

The management of additional services such as voluntary insurance

 

The management of fraud and fraudulent complaints

 

The management of technical incidences

 

Legitimation

For the execution of a passenger’s transportation contract, including the management of complaints and incidences of clients and passengers

 

For your given consent to carry out commercial communications

 

Addressees

The responsible for the processing described before.

 

Your data won’t be given to third parties, unless it is due to a legal obligation or with your explicit consent

 

Rights

You can access, rectify, delete and object to the management, as well as request their transfer.

 

Origin

If you are the buyer, the data is provided by you when acquiring the tickets

 

If you are the passenger, the data is provided by the buyer that acquires the tickets

 

Use of cookies

We use our own and third party cookies to better the browsing quality of this website. If you continue browsing in this website, we understand that you approve of their use. If you don’t wish to accept their use, please don’t use this website or set your browser to avoid the use of cookies. Read further down on how to do this.

 

Categorías de datos personales procesados por el Grupo

We compile personal data directly from the clients that buy their tickets through online services, and personal data of passengers directly from them (if they are clients) or of the clients, that in the event of purchase, can register other passengers’ data. If this last mentioned is your case, we understand your data has been legitimately provided by the client.

The Group compiles and processes data of clients and passengers, specifically, of the following categories:

Compromiso de información a terceros interesados

In the case that you, as a passenger and/or client, provide data of a third party to our systems (for example, personal data of other passengers that travel with you), you commit yourself to inform said passengers of their implicit acceptance of this Privacy and Data Protection Policy, from which the Terms and Conditions of the purchase have been accepted, and that they have to read the Privacy Policy in this link. When providing third party data, you advocate for their truth in their name.

Payment method

When purchasing your tickets, we don’t store data of the payment method chosen (credit card or other payment methods). The client is re-directed to an external payment getaway (Virtual TPV) of a payment methods service provider, that acts as the Responsible of Processing. For any issue related to the data protection of your payment method, you can reach the provider in question.

End goal and basis of legitimization

The Company compiles and processes the data described with multiple goals, as described in the following chart.

End goal

One of the following legal basis

The management of the passenger transport service

 

The management of ticket payment

 

The management of complaints and incidences, as well as the management of fraud and fraudulent complaints

 

Enforcement of a trading contract

 

For the fulfilment of legal obligations

 

For the company’s own interest in the management of fraud and complaint resolution

The sending of your tickets via email and SMS

 

The sending of commercial communications via email and SMS

 

Explicit consent granted by you

Billing and invoicing, accounting, treasury, tax, reports, statistics and financial and management reports

The Company’s legitimate interest to carry out its business activity

Data of the voluntary insurance

Needed to comply with the legal requirements

 

Needed to execute a contract

 

Information for Employees and Partners

If you are an Employee or Partner (I.e. a driver of a hired bus), we inform you that we process your data as described below in a concise manner: 

Responsible for the processing of data

Socibús S.A, Secorbús S.A. Other companies that act as investees

 

Estación Sur de Autobuses de Madrid, Calle de Méndez Álvaro, 83, 28045 Madrid

 

Categories of interested parties

Employees / Partners

 

End goals

The management of the hiring

 

The management of HR

 

Prevention of Occupational Risks

 

Organization and optimization of the work

 

Legitimation

For the execution of an employment contract

 

For the organization of the work

Addressee

Aside from those in charge of the management, described before, your data can be transferred to other businesses of the company for internal managerial purposes

 

Your data won’t be given to third parties, unless it is due to a legal obligation or with your explicit consent

 

Rights

You can access, rectify, delete and object to the management, as well as request their transfer. Some of these rights may be limited by the labor legislation

Origin

Provided directly by the party concerned and compiled during the business activity

Categories of personal data processed by the Company

The Group compiles and processes data of the employees / partners of the following categories:

End goal and basis of the legitimation

The Group compiles and processes the data described for multiple purposes, such as is described in the chart below.

End goal

Una de las siguientes bases legales

Management of employment

 

Management of human resources

 

Prevention of occupational risks

Execution of a legal contract

 

For the compliance with legal obligations

 

Legitimate interest of the Company to optimize the work

 

Management of HR, accounting, treasury, tax, Reports, statistics and financial and management statements

 

Legitimate interest of The Company to carry out its business activity

 

Needed to comply with legal requirements

 

Needed for the execution of a contract

 

Information for Candidates for Employment 

If you are a Candidate for employment, we inform you that we process your data as described below in a concise manner:

Responsible for the processing of data

Socibús S.A, Secorbús S.A.

 

Estación Sur de Autobuses de Madrid, Calle de Méndez Álvaro, 83, 28045 Madrid

Categories of interested parties

 

Employment candidates

End goals

 

The selection of candidates of employment

Legitimation

Legitimate interest of the Group

 

Consent given by the interested, in the case of certain data (social media profiles, etcetera)

 

Addresses

Aside from those responsible for the processing of data described before, your data can be transferred to other businesses of the group with the goal of selecting staff

 

Rights

You can access, rectify, delete and object to the management, as well as request their transfer.

 

Origin

Directly given by the interested party

 

Public data obtained from social mediums of communication

 

 

Categories of personal data processed by the Group

The Group compiles and processes data of the employees of the following categories:

Information for Providers, Travel Agencies and Business Contacts

If you are a Provider, a Travel agency or a Business contact (any person interested in conducting business with any of our businesses), we inform you that we process your data as described concisely as follows:

Responsible for the processing of data

Socibús S.A, Secorbús S.A.

 

Estación Sur de Autobuses de Madrid, Calle de Méndez Álvaro, 83, 28045 Madrid

 

Categories of interested parties

Providers

 

Travel agencies

 

Business contacts

 

End goals

The processing of deliverables and provision of services contracts

 

The selling of tickets through an Agency

 

Legitimation

For the execution of a contract

 

For the legitimate interest of the Group in having trusted providers

 

For your consent when you contact us and ask for a budget or any other type of business information

 

Addressees

Aside from those in charge of the processing previously described, your data can be transferred to the group’s businesses for internal administrative purposes

 

Your data won’t be given to third parties, unless it is due to a legal obligation or with your explicit agreement

 

Rights

You can access, rectify, delete and object to the management, as well as request their transfer.

 

Some of these rights might be limited by the commercial law

 

Origin

The party interested themselves

 

Accessible sources to the public such as Registers

 

Company and business directories

 

Debtor and risk databases

 

Use of Cookies (only Agencies)

We use our own as well as and third party cookies to better the browsing quality of this website. If you continue browsing in this website, we understand that you approve of their use. If you don’t wish to accept their use, please don’t use this website or set your browser to avoid the use of cookies. Read below on how to do this.

 

 

Categories of personal data processed by the Group

The Group receives personal data directly from the Providers, Travel Agencies and Business Contacts through online media and directly from them.

The Group compiles and processes the data of the following categories specifically:


Cookie Policy

So that this website can facilitate the experience of a satisfactory purchase, we install small data files known as cookies.

What are cookies?

A cookie is a small text file that websites install in your computer or mobile device when you visit our website. Cookies enable the website to remember the actions and preferences of the user (it identifies the sign in, the language, size of writing, data from the shopping basket), so that the website doesn’t have to introduce or configure them again, when the user returns to the site or browses through its pages.

Even though cookies are not imperative for the website to work, if you enable them you will enjoy a better browsing experience. If your cookies are disabled, you will, for example, receive constant messages in regards to the Privacy Policy, or when you log in, the system won’t recognize you as a registered user. However, you can delete and block cookies as you please.

The information associated with the cookies isn’t used to personally identify the user, even when some cookie data is associated to the purchases of registered and unregistered users. On the other hand, we keep the data referring to your browsing patterns completely under our control. These cookies are exclusively used for the purposes indicated here.

How and what cookies do we use?

We use the following personal and third party cookies:

How to manage cookies

You can delete or disable the cookies in your browser whenever you wish to.

To know how to do this, refer to aboutcookies.org. Aside from being able to eliminate every cookie already stored in your computer, you can also set your browser up so that it stops accepting them, but bear in mind it might be the case of you having to set up your preferences manually again, every time you visit a website, and some services and features might stop working too.


Information updated to January 21, 2019