Privacy Policy

1. Our principles and the purpose of this Privacy Policy

Telefónica Group companies are committed to respecting the privacy of users and the secrecy and security of personal data, in accordance with the provisions of applicable data protection legislation.

Your privacy and the security of your data is our priority. It is part of our DNA and is reflected in the principles that govern our Privacy Policy:

Transparency: we are 100% transparent with you about the data we collect and/or process about you and explain why we use it and for what purposes. We will not treat your data in an unexpected, obscure or abusive way.
Control: you are the only one who can control how your data is used. We provide you with the tools to decide at any time how you want us to handle your data, how long you can access and update your personal information, and how you can access and update your personal information.
Security: we take care to ensure the security, secrecy and confidentiality of your personal data and information. We adopt the most demanding and robust security measures to prevent their loss, alteration, misuse or unauthorised access.

In compliance with these principles, below you will find the sections that make up our Privacy Policy, where we inform you about everything necessary for you to maintain control over your data.

2. Who is the data controller?

Telefónica Open Innovation, S.L.U. (formerly named as “Wayra Investigación y Desarrollo, S.L.U.) ("Telefónica"), company with ID number B86230562 and registered office at Ronda de la Comunicación, SN, C.P. 28050, Madrid will be the data controller for the processing of your data in accordance with what we inform you in this Privacy Policy.

We also have appointed a Data Protection Officer who ensures compliance with applicable data protection legislation at Telefónica, and who can be contacted for any questions, doubts and/or complaints you may have when we process your data, by writing to [DPO email which, unless the company has designated another specific email address, would be DPO_telefonicasa@telefonica.com].

3. What data is processed, for what purpose and why do we process the data?

On the web: oicampus.telefonica.com

For what? Purposes of the treatment: The purpose of the treatment that we are carrying out is to manage the requests of:

Contact through the different forms in the "contact us" section and to strengthen the projects, initiatives and open innovation activities carried out by the different institutions and companies of the Telefónica Group.
Registration through the forms enabled in calls for challenges, innovation challenges, or any other activity linked or published in / from Telefónica's Open Innovation Campus.

Why? - Applicable legal basis: the legal basis on which we rely to carry out that purpose is the consent given in the checkbox.

What data?

The data that we treat for this purpose from the "contact us" section are the name, the email, and any other personal or informative data that is provided in the forms enabled for each typology described as University / Institution and Talent.
The data that we treat for this purpose from the "participate" section are the name, the email, and any other personal, informative, file or link data, which is provided within the forms enabled in each call for challenges, innovation challenges, or any other activity linked or published in / from Telefónica's Open Innovation Campus.

Where does the data come from? – Data source: the source of the data we process for this purpose is given by you.

Who do they belong to? Categories of interested parties: the data we process for this purpose refers to any person or entity interested in contacting us; entities, institutions, universities, students, doctoral students, professors, researchers or any other interested person.

How long is the data processed? - Retention periods: the data we process for this purpose will be deleted in accordance with our internal policies, but not more than three years.

4. How long is the data retained?

In general, we will keep your data for the period necessary to comply with each of the purposes described in each processing activity and to determine the possible liabilities that may arise from that purpose.

In any case, your data will be kept in accordance with the retention criteria or specific periods described in each processing activity and, where appropriate, until you withdraw your consent and/or object to the processing of your data. In this regard, we will make our best efforts to provide you with an automatic and simple mechanism so that you can withdraw the consent granted and/or object to the processing and, in any case, we are at your disposal at the e-mail address for exercising your rights as indicated in section 6 of this Privacy Policy.

5. Who is the recipient of the data? are there any international transfers of data?

In order to carry out the processing purposes described above, we may make use of authorised subcontractors acting on behalf of Telefónica, as data processors (e.g. internet service providers, data hosting and technical support providers, e-mail providers, general service providers and physical security service providers, etc.) and contractually subject to our instructions, only for the lawful purposes described above and only for the period of time strictly necessary for that purpose.

Where authorised subcontractors acting on behalf of Telefónica or such recipients are located or process your data outside the European Economic Area, we will be making an international transfer of your data in accordance with applicable data protection legislation. In general, we will avoid international transfers of data and your data will be processed within the European Economic Area. However, in the event that such international transfers are necessary, we will take the necessary organisational, technical and contractual measures to ensure the protection and security of your data, such as, for example, signing the European Commission's Standard Contractual Clauses with the authorised subcontractor or third party recipient, carrying out impact assessments on the relevant international transfer to assess the risk and adopt measures to mitigate it, encryption of data in transit or at rest, pseudonymisation of the data transferred, the possibility for the data subject to claim damages directly against the authorised subcontractor or third party recipient, etc.

6. What rights do you have as a data subject?

As a data subject, applicable data protection legislation grants you certain rights over your data which, depending on how they apply, you may exercise against Telefónica. Below you will find details of these rights and how you can exercise them. We also inform you that on the website of the Spanish supervisory authority (www.aepd.es) you can find further information on the characteristics of these rights and download templates for exercising each of them.

Right of access: this is your right to ask us for details of the data we hold about you and how we process it, and to obtain a copy of it.
Right to rectification: this is your right to obtain the rectification of your inaccurate or erroneous data, as well as to complete incomplete data.
Right to erasure: this is your right to request deletion or suppression of your data and information in certain circumstances. However, please note that there are certain occasions when we are legally entitled to continue to retain and process your data, for example, to comply with a legal obligation to retain data.
Right to restriction of the processing: this is your right to restrict or limit the processing of your data in certain circumstances. For example, if you apply to have your data erased, but, instead of erasing it, you would prefer that we block it and process it only for record- keeping purposes because you will need it later to file a complaint. Again, please note that there may be times when we are legally entitled to refuse your request for restriction.
Right to object: this is your right to object to our processing of your data for a specific purpose, in certain circumstances provided for by law and related to your personal situation.
Right to data portability: this is your right to ask us to receive your personal data in a structured, commonly used, machine-readable and interoperable format and to transfer it to another data controller, provided that we process your data by automated means.
Right not to be subject to automated individual decisions: this is your right to ask us, in certain circumstances, not to make you subject to a decision based solely on automated processing of your data, including profiling, that produces legal effects on you or similarly significantly affects you.

In general, you may exercise these rights at any time and free of charge by contacting Telefónica at privacidad@wayra.com.

It is important to bear in mind that when you exercise a right, in most cases, you must clearly specify which right you are exercising and provide a copy of a document proving your identity.

Any exercise of rights shall be answered within a maximum period of one month, which may be extended by two months if necessary, taking into account the complexity of the request and the number of requests.

Finally, in the event that you do not agree with the way in which your data is handled by Telefónica, you have the right to lodge a complaint with the national supervisory authority by contacting the Agencia Española de Protección de Datos, whose contact details are as follows:

Agencia Española de Protección de Datos
C/ Jorge Juan, 6 - 28001 Madrid
www.aepd.es

7. Further processing of data and changes to the Privacy Policy

Telefónica reserves the right to update this Privacy Policy at any time. Such update will be made public by Telefónica, in any case, with the legally required notice prior to its entry into force. In addition, it will be communicated directly to the data subject in the event that it affects their rights or freedoms or when, for example, the inclusion of a new processing activity requires the consent of the data subject or modifies the scope of the legitimate interest that enables the processing.