Protection of personal data
1. Which entities are responsible for controlling the processing of users’ data obtained through the website?
The three entities act as co-controllers of the data processed in that they decide jointly on the methods used and purposes for which the processing of data is carried out through the website.
The TMB Personal Data Protection and Confidentiality Policy refers to the compiling and use of information provided through the website.
TMB has introduced policies and procedures into its systems and facilities to guarantee and protect the privacy of its users’ personal data. It has introduced the necessary levels of protection as well as technical and organisational measures to avoid, as far as possible, unauthorised access, illicit modifications, removal or loss of data.
2. For what purpose do we process your personal data?
Here users are advised that TMB will process personal data provided through the online form, or that have been collected while browsing the website, in order to reply to queries or requests and to communicate corporate news about the organisation to subscribers.
3. What is the legal basis for processing users’ personal data?
The legal basis for processing users’ personal data is the legitimate interest of TMB to reply to, manage or provide a solution to requests.
Users are advised that they can withdraw their consent at any time.
Users understand and accept that failure to fill in the personal data marked with an asterisk on the request form will prevent TMB from responding to or managing the request made. Under no circumstances will TMB pass on and exploit these data or make different use of them other than that which is expressly stated herein. During the registration process, users will be advised about any data whose collection are not compulsory in order for TMB to provide their services.
4. How long are users’ personal data kept?
TMB keeps data on its users for as long as is necessary to be able to offer service and manage requests regarding information and subscriptions. As a general rule, data are erased once the subscription is cancelled and for a maximum of three years after the last interaction.
All of the foregoing is without prejudice to data maintained in order to comply with legal obligations, the formulation, exercise or defence of potential claims or the length of time permitted under current legislation.
5. Who has access to users’ personal data?
Offering the best possible service through its website may require TMB to provide access to user data to other third party TMB suppliers as data processors.
In addition to the foregoing, TMB may transfer or communicate personal data and any other information held in its files to fulfil its obligations to Public Administrations when requested to do so in accordance with the legal and regulatory requirements applicable in each case and, where appropriate, also to other bodies such as the State Security Forces and the judiciary.
6. What rights do users have?
TMB advises users of the possibility of exercising their right to access, rectification, objection, erasure and restriction of the processing of personal data collected by TMB.
These rights may be exercised freely by users and, where appropriate, by their representatives by sending a written and signed request to the following address: Carrer 60, No. 21-23. Sector A, Zona Franca, 08040 Barcelona, indicating in the subject line: “Exercise of GDPR rights” and including the following information: name and surname(s) of the user, address for correspondence, photocopy of the National Identity Document or Passport, and details of the request being submitted. Furthermore, the right of rectification can be exercised through the website itself. The exercise of the right to erasure, out of necessity, implies that TMB will not be able to respond to or manage the user’s request or notification. The production of a reliable document of proof will be required in the case of representation. Similarly, users can exercise the aforementioned rights through the email address: email@example.com.
In addition to the foregoing rights, users have the right to withdraw the granting of their consent to subscription at any time, without this withdrawal of consent affecting the legitimacy of the processing carried out prior to that point. TMB may continue to process the user’s data to the extent allowed under applicable law.
In the same way, users can contact the TMB Data Protection Officer via the email address firstname.lastname@example.org to raise any queries thay might have, including those relating to the co-responsibility agreement made between the Data Controllers of their data.
TMB reminds users that they can submit a claim to the Catalan Data Protection Agency at any time with regard to the processing of their personal data. Contact can be made via http://apdcat.gencat.cat.