Libelium’s Privacy Policy: Securing your data

Information in compliance with personal data protection legislation

In Spain and the rest of Europe, there are data protection regulations in place designed to protect your personal data that, as a company, we need to be compliant with.

That is why it’s important for us that you clearly understand what we do with the data we request.

We will be transparent and ensure you have control over your data, using plain language and clear options that will allow you to decide what we are allowed to do with your personal data.

If anything is unclear after reading this information, please do not hesitate to contact us.
Thank you for your cooperation.

Who we are

  • Company name: Libelium Comunicaciones Distribuidas S.L.
  • Our tax identification code/tax ID: B99135832
  • Our primary activity: CONSULTORÍA / Empresas de consultoría informática
  • Our address: Avda. María Zambrano 31 Edificio WTCZ, Torre Este Planta 7, 50018, Zaragoza (Zaragoza)
  • Our telephone number: 976547492
  • Our website: https://www.libelium.com/
  • For your peace of mind and security, we are inscribed in the following Spanish Public Registry/Commercial and Trade Registry of Zaragoza.

Why do we use your data?

Generally, your personal data will be used to maintain a relationship with us to deliver our services to you. Your data may also be used for other purposes, such as sending you marketing communications or promoting our services.

Why do we need to use your data?

Your personal data is required for us to maintain a relationship with us in order to deliver our services to you. We will provide a series of tick-boxes that will allow you to make a clear and simple decision on how you want us to use your data.
Specifically, we will need your personal data for the following purposes:

  • Collection, always with your consent, either by filling our forms, by delivering your business card to our salesforce, or by entering a contractual relationship with LIBELIUM by purchasing our products and/or services. LIBELIUM shall not process any personal data not directly obtained from YOU. Any User feeling that his/her personal
    data have been disclosed to us without his/her consent, may contact us to ascertain the source from which his/her personal data originate, and to exercise any of the rights mentioned below. LIBELIUM reserves its right to exclude from any service for which prior registration is required, any User having provided false or inaccurate data, notwithstanding any other legal action to which LIBELIUM may be entitled.
  • Storage: our supplier is Amazon Web Services Inc., whose servers are located in Ireland. As already mentioned, our data bases are sent encrypted to Amazon.
  • Structuring of Users data by market, product, service, etc.
  • Recording: LIBELIUM may record phone conversations with Users, to have an evidence of their requests (of info, services, assistance…).
  • Pseudonymisation meaning the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately. This is what we do with any data concerning health and obtained through MySignals
    products and services, which are obtained only to provide MySignals Customers access to their historical.
  • Profiling: LIBELIUM shall not make any profiling by using personal data.
  • Disclosure by transmission to some of LIBELIUM´s service providers or partners (Recipients), who help us provide the services you enjoy by using our websites or purchasing our products and services.
  • Cross-border transfer: Cross-border transfer of data may exist, as LIBELIUM´s service providers and partners may be either in the European Union or in third countries, always within a Privacy Shield Framework
  • Consultation and use by Libelium, for the purposes explained above.
  • Restriction, erasure or destruction, as per your request, or when the term of data processing, as explained below, comes to an end.

With whom will we share the data you provide us?

Generally, only our staff members who have been fully authorised may access the data that you have provided.

Equally, we may pass your personal data on to other entities where this is required in order to provide our services to you. For instance, we will need to share your data with ourbank if you pay for our services by credit card or bank transfer.

We will also need to pass your data on to public or private entities when we are obliged to do so by law. For example, Spanish tax law requires us to provide the tax authorities with information on financial transactions that exceed a certain amount.

Nevertheless, if we otherwise need to disclose your personal data to other entities, we will ask your permission beforehand, providing you with clear options that will allow you to make a decision.

How do we protect your data?

We protect your data using effective security measures in proportion to the risks involved in using your data. We have adopted a Data Protection Policy, and we carry out checks and annual audits to verify that your personal data is secure at all times.

Will we transmit your data to other countries?

Many countries across the world offer secure protection for your data, while others not so much. The European Union, for example, is a secure environment for your data. Our policy is not to send your personal data to any country that does not offer secure protection for your data.

In the event that we need to send your data to a country that is not as secure as Spain, in order to deliver our services to you, we will always ask your permission beforehand and apply effective security measures to reduce the risk of sending your personal data to another country.

How long do we retain your data for?

We will store your data for the duration of our customer relationship, in compliance with the legislation. Once the statutory retention period has lapsed, we will then destroy your data in a secure and environmentally-friendly manner.

What are your rights when it comes to data protection?

You may contact us at any time to find out what personal data we hold about you, to have it rectified where it is incorrect and to have it erased once our customer relationship comes to an end, provided that it is lawful to do so.

You are also entitled to have your data transferred to other entities in certain situations, under your right to data portability.

If you wish to exercise any of these rights, please send us a written request, accompanied by a copy of your ID, so that we can confirm your identity.

We have specific forms that you can use to exercise these rights, which we would be happy to help you fill in. Alternatively, you may file a complaint through our Whistleblower Channel.

For more information about your data protection rights, please visit the Spanish Data Protection Agency website at www.aepd.es.

Can you withdraw your consent if you change your mind later?

Yes, you can withdraw your consent at any time if you change your mind about how your data may be used.

For example, if you were previously interested in receiving marketing communications about our products or services, but you no longer wish to receive these, you can let us know by using the consent withdrawal form available from us.

How can you submit a complaint if you feel your rights have not been honoured?

If you are not satisfied with how we have handled your request, you may submit a complaint to the Spanish Data Protection Agency, the Agencia Española de Protección de Datos. The agency can be contacted as follows:

  • Website: www.agpd.es
  • Address:Agencia Española de Protección de Datos C/ Jorge Juan, 6 28001 Madrid Spain
  • Telephone: +34 901 100 099, +34 91 266 35 17
 
You can submit a complaint to the Spanish Data Protection Agency free of charge and you do not need the assistance of a solicitor or lawyer.

Do we build profiles about you?

Our policy is not to build any profiles about the users of our services.

However, there may be situations when we need to develop information profiles about you in order to provide a service, commercial or otherwise. An example would be where we use your purchase or service history to offer products or services tailored to your tastes or needs.


In such cases, we will apply effective security measures to protect your data at all times against unauthorised persons intending to use it for their own benefit.

Do you use your data for other purposes?

Our policy is not to use your data for any purposes other than those that we have explained. However, if we need to use your data for another purpose, we will always ask your permission beforehand, providing you with clear options that will allow you to make a decision.

Our personal data protection undertaking: Informed persons and Protected Data

The Management / Governing Body of Libelium Comunicaciones Distribuidas S.L. (from now on, the data controller), assumes the maximum responsibility and commitment with the establishment, implementation and maintenance of this Data Protection Policy, guaranteeing the continuous improvement of the data controller with the aim of achieving excellence in relation to the compliance with Regulation (EU) 2016/679 of the European Parliament and the Council, of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free circulation of these data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJEU L 119/1, 04.05.2016), and of the Spanish regulations on the protection of personal data (Organic Law, specific sectoral legislation and its implementing rules)

The Data Protection Policy of Libelium Comunicaciones Distribuidas S.L. is based on the principle of proactive responsibility, according to which the data controller is responsible for compliance with the regulatory and jurisprudential framework that governs said Policy, and is able to demonstrate this to the competent control authorities.

In this regard, the data controller shall follow the following principles which should serve as a guide and framework for all his staff in the processing of personal data:

  1. Design of Data protection: the data controller shall, both when determining the means of processing and at the time of the processing itself, implement appropriate technical and organizational measures, such as pseudonymization, designed to apply effectively data protection principles such as data minimization and to integrate the necessary guarantees into the processing.

  2. Default data protection: the controller shall implement appropriate technical and organizational measures to ensure that, by default, personal data are processed only if they are necessary for each specific purpose of the processing

  3. Data protection during information life: measures ensuring the protection of personal data shall be applicable throughout the entire life cycle of the information.

  4. Legality, loyalty and transparency: personal data will be treated in a lawful, loyal and transparent manner in relation to the interested party.

  5. Purpose limitation: personal data shall be collected for specified, explicit and legitimate purposes and shall not be further processed in a way incompatible with those purposes.

  6. Minimization of data: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

  7. Accuracy: personal data must be accurate and, where necessary, kept up to date; all reasonable steps must be taken to ensure that personal data which are inaccurate in relation to the purposes for which they are processed are deleted or rectified without delay.

  8. Limitation of storage time: personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes of the processing of the personal data.

  9. Integrity and confidentiality: personal data shall be processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, through the implementation of appropriate technical or organizational measures.

  10. Information and training: one of the keys to guaranteeing the protection of personal data is the training and information provided to the personnel involved in the processing of such data. During the life cycle of the information, all personnel with access to the data will be properly trained and informed about their obligations in relation to compliance with data protection regulations.

The Data Protection Policy of Libelium Comunicaciones Distribuidas S.L. is communicated to all personnel of the data controller and made available to all interested parties.

Consequently, this Data Protection Policy involves all the personnel of the data controller, who must know and assume it, considering it as their own, each member being responsible for applying it and verifying the data protection rules applicable to their activity, as well as identifying and providing the improvement possibilities that they consider appropriate in order to achieve excellence in relation to its compliance.

This Policy will be reviewed by the Management / Governing Body of Libelium Comunicaciones Distribuidas S.L., as many times as deemed necessary, in order to comply, at all times, with the provisions in force regarding personal data protection.

Stay up to date in IoT!

Sign up to our newsletter and receive the latest, exciting news.

Sign up now!

Trusted by companies of all industries and sizes

More than 18 years of experience in IoT support us.

01
01
01
01
01
01
01
01
01
01
Acisa designs and develops state-of-the-art technology solutions and offers high quality engineering, installation and maintenance services operating as an innovative partner across five sectors.
01
asercontrol
SOCIOS ANESE - aquatec-logo
teva-pharmaceuticals-logo
telefonica
logotipo-pavapark
innovasur-web
More than 18 years of experience in the development of IoT solutions.

Behind the change.
Beyond the challenge.
Linkedin-in X-twitter Youtube Instagram Facebook

Quality Certifications​

grupo-libelium-distintivo-ens-certificacion-alta-rd311-2022
TUV Rheinland
Sello Aragón 2022 Circular
small-huella-carbono-2022-grupo-libelium
Applus ISO IEC 27001
EFR Certification

IoT Solutions for

IoT Products

Company

Newsletter

subscribe me

© Libelium Comunicaciones Distribuidas S.L.Terms And Conditions | Privacy Policy | Cookies PolicySecurity Policy | Reporting Channel