Privacy Policy

DigosMovis Mobile Spain S.L. ("we," "our," or "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy describes how we collect, use, disclose, and protect the information you provide when using our mobile telecommunications services, including voice and data plans, eSIM provisioning, physical SIM ordering, MVNO wholesale services, number portability, corporate plans, M2M/IoT connectivity, roaming optimization, and customer support. Our online platform, including our Progressive Web App (PWA), is designed with your privacy in mind.

1. Information We Collect

We collect various types of information to provide and improve our telecommunication services to you.

• Personal Identification Data: Name, address, date of birth, national identification document number (DNI/NIE), passport number, and contact details such as email address and phone number. This is collected when you subscribe to our services, activate an eSIM, place an order for a physical SIM, or register an account.
• Service Usage Data: Details of your calls, data usage (including volume of data consumed and type of data services accessed), SMS messages, dates and times of communications, and the duration of calls. This data is essential for billing and service provision.
• Network and Device Information: IP address, device type, operating system, browser type, unique device identifiers (e.g., IMEI), and mobile network information.
• Location Data: General location information (e.g., cell tower location, IP address) for network optimization, roaming compliance, and service delivery. Specific granular location data is only collected with your explicit consent for specific services.
• Payment Information: Billing address and payment method details (e.g., credit card numbers, bank account details) necessary for processing payments for our services.
• Customer Support Interactions: Records of your communications with our customer support team, including calls, emails, and chat transcripts for quality assurance and issue resolution.
• Website and Online Platform Usage Data: Information about how you interact with our online platform, including pages visited, features used, and technical data related to your interaction with our PWA. This is collected through cookies and similar technologies, adhering to our Cookie Policy.

2. How We Use Your Information

We use the collected information for the following purposes, based on legal grounds as applicable:

• Service Provision and Management: To provide and maintain your mobile voice and data services, activate eSIMs, process physical SIM orders, manage your account, facilitate number portability, and enable M2M/IoT connectivity. This includes billing, technical support, and service announcements.
• Customer Support: To respond to your inquiries, provide assistance, and resolve service-related issues.
• Network Operation and Optimization: To manage, operate, maintain, and secure our telecommunications network, analyze network performance, detect and prevent fraud, and ensure service quality and reliability. This includes coverage mapping and network analytics.
• Billing and Payments: To process payments, issue invoices, and manage credit control.
• Compliance with Legal and Regulatory Obligations: To comply with applicable laws, regulations (e.g., CNMC compliance), judicial processes, and requests from public and governmental authorities. This includes data retention requirements for telecommunications operators.
• Product Development and Improvement: To understand how our services are used, conduct research and analysis, and develop new features and services. This includes analytics-driven UX iterations for our online platform.
• Marketing and Communication: To send you updates, promotional materials, and offers related to our services, but only where you have provided consent, or where permitted by law based on our legitimate interests. You can opt-out at any time.
• Security: To protect our services and users from fraud, security breaches, and other harmful activities.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds, as required by the General Data Protection Regulation (GDPR) and Spanish data protection laws:

• Performance of a Contract: Processing is necessary for the performance of the contract for telecommunications services to which you are a party or in order to take steps at your request prior to entering into a contract (e.g., activating your SIM, providing data plans).
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., data retention laws, regulatory compliance with CNMC).
• Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (e.g., network security, fraud prevention, service improvement, direct marketing where permitted).
• Consent: Where required by law, we will obtain your explicit consent for specific processing activities (e.g., sending marketing communications, collecting specific location data). You have the right to withdraw your consent at any time.

4. How We Share Your Information

We may share your personal information with the following categories of recipients:

• Service Providers: Third-party companies that provide services on our behalf, such as payment processing, logistics for SIM delivery, IT infrastructure, data analytics, and customer support. These providers are obligated to protect your data and only use it for the purposes specified by us.
• MVNO Wholesale Partners and Carrier Partners: For the provision of mobile services, network access, and inter-operator functionalities like roaming and number portability.
• Business Partners: In certain specific cases, with partners with whom we offer co-branded services or joint marketing activities, with your consent where required.
• Legal and Regulatory Authorities: To comply with legal obligations, respond to lawful requests from government, judicial, or regulatory bodies (e.g., CNMC), or protect our rights, privacy, safety, or property, and that of our users or the public.
• Affiliates and Subsidiaries: Within our corporate group, for internal administration, service delivery, and legitimate business purposes.

We ensure that any sharing of data is done in accordance with applicable data protection laws and that adequate safeguards are in place. We do not sell your personal data to third parties.

5. International Data Transfers

As a Spanish company, we primarily store and process your data within the European Economic Area (EEA). However, some of our service providers or partners may be located outside the EEA. In such cases, we ensure that any transfer of your personal data to countries outside the EEA is conducted in compliance with Chapter V of the GDPR. This includes relying on adequacy decisions, Standard Contractual Clauses (SCCs), or other legally approved transfer mechanisms, ensuring your data receives an adequate level of protection.

6. Data Security

We implement robust technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our security measures include, but are not limited to:

• Encryption of data in transit and at rest where appropriate.
• Access controls and authentication protocols (e.g., secure authentication flows including passwordless and two-factor authentication).
• Regular security assessments and vulnerability testing.
• Employee training on data protection and security best practices.
• Physical security measures at our data centers.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the internet or method of electronic storage is 100% secure.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention periods are determined based on the type of data, the purpose of processing, and legal or regulatory obligations (e.g., telecommunications data retention laws). Once your data is no longer required, we will securely delete or anonymize it.

8. Your Data Protection Rights

Under GDPR and Spanish data protection laws, you have the following rights regarding your personal data:

• Right to Access: You have the right to request access to the personal data we hold about you.
• Right to Rectification: You have the right to request that any inaccurate or incomplete personal data be corrected.
• Right to Erasure (Right to Be Forgotten): In certain circumstances, you have the right to request the deletion of your personal data.
• Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain situations.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw your consent at any time.
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) or the relevant supervisory authority in your country of residence if you believe your rights have been violated.

To exercise any of these rights, please contact us using the contact details provided below. We may require specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

9. Children's Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete that information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We encourage you to review this policy periodically. When we make material changes, we will notify you by posting the updated policy on our online platform and, where appropriate, through other communication channels.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Company Name: DigosMovis Mobile Spain S.L.
• Address: 34 Port Avenue, 3rd Floor, Suite B, Valencia, Valencian Community, 46003, Spain