Index

Privacy Policy for the dōcō website

Valid from: 07/02/2022
Last modification:
09/06/2023

Índice

This document sets out the terms for personal data processing carried out as a result of you accessing and using the dōcō platform, in either of its forms: web site and/or mobile app. When you access dōcō via our web site, the Política de Privacidad de la página web de dōcō will be applicable, while if you access using our mobile app the Política de Privacidad de la App dōcō will be applicable.

dōcō Web Site Privacy Policy

 

This document (hereinafter, the “Privacy Policy”) sets out the terms and conditions for personal data processing (hereinafter, the “Personal Data”) carried out as a result of you accessing and using the dōcō platform (hereinafter, the “Platform”), owned by Entidad Pública Empresarial Renfe-Operadora (hereinafter, “Renfe”).

For the purposes of this Privacy Policy, the terms defined in the document dōcō Terms and Conditions for access, use and sale (the ‘Conditions’) will apply.

Bear in mind that anonymised information and purely statistical data used by Renfe will not be regarded as Personal Data.

The Personal Data requested in the Platform’s different forms are, as a general rule, obligatory (except where otherwise specified in the required filed) in order to fulfil the purposes for which they are being requested. Therefore, if the data are not provided, or are not provided correctly, it will not be possible to fulfil those purposes, although it will still be possible to view the content of the Platform freely.

Please read this Privacy Policy carefully before accessing, registering on and using the Platform.

  1. Who is the Data controller?

Entidad Pública Empresarial Renfe-Operadora (‘Renfe’) is the controller of the data generated in the context of the Platform’s activity. Renfe is a Spanish public business entity having NIF (tax ID number) Q-2801659J and its registered office at Avenida de Pío XII, nº 110, 28036 Madrid.

Renfe’s contact details:

  1. What Personal Data we process?

As a result of access to and use of the Platform we may process the following Personal Data:

  • Identificationa Data:

    • Name
    • First Surname
    • Second surname
    • Age
    • Gender
    • Type of document (DNI, passport, TIE)
    • Nationality
    • Date of birth
    • Driving licence: Type, validity, number, support number*
    • Identification codes and keys to access and use the Platform

      *When you want to take out Third Party Services who require it.

  • Contact and Communicationa Data:

    • Place of residence (favourite addresses - home, work, etc. Configurable.)
    • Country
    • Mobile phone or land line (either one)
    • Email
    • Comments / opinions / queries / claims

  • Bank details:

    • 4 last digits of the payment card
    • Expity Date

  • Browser Data:

    • IP address
    • Domain name
    • Unique device identifier*
    • Digital footprint of the browser and/or device*
    • Location of the browser and/or device*
    • Cookie IDs*

      *When you have set this up on your browser and/or device.

  • Other types of Personal Data communicated to us by the service providers:

    • Trip details
    • Travel preferences**
    • Location (including location in real time)*
    • Geolocation*

      *When you have set this up on your browser and/or device.

  1. Where do your data come from?

  • a) The ones you yourself give us: the Personal Data that you give us when you access and use the Platform and the Services available on it (including registering).

  • b) From cookies on the Platform and the use of similar technologies: for more information see our Cookie Policy on the dōcō web site.

  • c) From Third Parties: Personal Data given to use by Third Parties in the event that you take out an Third Party Services available on the Platform (such as, amongst others, Suppliers of transport services and leisure, etc).

  • d) From social networks: these are Personal Data communicated to us by social networks when you interact with us via our company profile for the Platform on each social network.

In the event that Users provide the Personal Data of third parties for any purpose, they guarantee that they have previously informed the data subjects and have obtained their consent to communicate their data to Renfe. In the event that you provide personal data referring to minors, you guarantee that you are legally empowered to provide them (you have parental authority or guardianship over the minor) and that the information provided is exact and truthful.

Renfe may verify the consent of the data subjects by means of an email of a non-commercial nature, requesting verification of the consent given on their behalf by you.

In the event of any liability arising from non-compliance with these conditions by you, you will be liable for the consequences of such non-compliance.

  1. What are the purposes we process Personal Data for and what are the Legal Bases?

We will process your personal data for the following purposes:

4.1. Management, administration and control of access to and use of the Platform and its services

This management includes:

a) Managing access to, use of, registration and de-registration on the Platform and any interaction you carry out on the Platform.

b) Providing the intermediation services that allow you access to and use of Third Party Services available on the Platform, for example, monitoring requests sent by registered Users and locating fleets; checking that the planner, the booking system, the payment system and the pick-up of Users/use of vehicles is functioning correctly; managing payments, invoicing, cancellations and refunds, etc.

Legal basis: entering into, performing and controlling the contractual relationship, or pre-contractual measures.

4.2. Manage customer services on the Platform: this service includes offering consultation and customer support to manage any requests we may receive. This service includes offering consultation and customer support to manage any requests we receive to guarantee the quality of service to the user, such as, among others, requests for information, incidents and complaints related to the use of the Platform through:

a) the web site

b) the mobile app

c) the social networks

d) by telephone

Legal basis: Renfe’s legitimate interest in ensuring the quality of the service.

4.3. Complaint Management: Related to services provided by the Platform, and those provided by Third parties, your enquiry may be helpful to other users and we guarantee the services provided.

Legal basis: Public interest.

4.4. Improving the quality of the Platform and managing satisfaction survey forms about the Platform ant its services.

Legal basis: legitimate interest of RENFE to improve the quality of the service.

4.5. Dealing with requests for information from the Authorities.

Legal basis: complying with Renfe’s legal obligations.

4.6 Sending commercial communications, offers and promotions: relating to products that are similar to the ones you have booked, both general and personalised, by any media, including digital.

Legal basis: User consent.

4.7. Sending commercial communications, offers and promotions: for the Platform, its services and products and services marketed by Renfe group companies, Third Party service providers and other Third Parties on the Platform, both general and personalised, by any media, including digital.

Legal basis: User consent.

4.8. Sending communications relating to the provision of the service: For the purpose of sending you notifications relating to the use of the Platform, and communications about Third Party Services you book, for example, reminders/updates, etc.

Legal basis: Renfe’s legitimate interest.

4.9. Communicating your data to Renfe Group Companies, Third Party providers of services and other collaborators on the Platform for the provision of the service.

Legal basis: User consent.

4.10. Management of browsing data: obtained using cookies in order to analyse the User’s preferences and improve our products and services.

Legal basis: User consent.

4.11. Drawing up profiles: At Renfe we want your experience as a customer to be the most satisfactory possible, with a personalised relationship which is fully in line with your customer profile and your needs. To achieve this, we have to analyse not just the data that allow us to identify you as a customer, but also the products and services you have taken out with us, as well as the use of Renfe’s products, services and channels. Furthermore, we use statistical and classification methods to adjust your profile correctly. Using this analysis, we can show you functions, products and services that we consider are in line with your profile; information about the products and service you have with Renfe; and personalised offers with more competitive prices for you.

Legal basis: User consent.

  1. Which recipients will your data be shared with?

The following may access your Personal Data:

  • a) Providers or partners that provide services on behalf of Renfe: for the purpose of managing the provision of the Platform’s services. In this case, such access to Personal Data by providers or partners that provide services on behalf of Renfe will be regulated in the relevant data processing contract, in compliance with the applicable regulations.

  • b) Third Parties: we will only transfer the Personal Data necessary for the provision of Third-Party Services, as set out and with the scope stated in point 9 of this Privacy Policy. In the event that you give us your consent, we may also communicated your Personal Data as shown in point 4.10 above.

  • c) Third-party technology platforms designed for the digital intermediation of transport services and which Renfe has a collaboration agreement with: we will only communicate the Personal Data necessary for the provision of the Platform’s Services. In the event that you give us your consent, we may also communicated your Personal Data as shown in point 4.10 above and paragraph 9 of this Policy.

  • d) Authorities: we may share certain information that is strictly necessary with the relevant public authorities, as well as Judges and Courts, if the law demands it.

  1. WillUsers' data be transferred outside the European Union?

Renfe will not carry out international transfers of Personal Data. In any event, should it be necessary to carry out transfers to other countries not regarded as secure, they will be done protecting the Personal Data by means of appropriate guarantees, which may involve the exporter and the importer of the data signing Standard Contractual Clauses, approved by the European Commission.

  1. How long will your data be retained for?

Your Personal Data will be retained for the time that is strictly necessary to carry out the processing they were provided for, or until you request the deletion of your Personal Data or, as long as this is legally admissible, you state your objection to such processing.

  1. How can I exercise my rights?

You can (i) write to Renfe, at the address given at the start of this policy, stating the number of your identity document or equivalent document and the precise nature of request; or (ii) send an email to the address DERECHOSPRIVACIDAD@docoapp.com. In the event of doubt when verifying your identity, we may request your identity document, or equivalent document, number in order to:

  • a) Withdraw your consent.

  • b) Obtain confirmation regarding whether Renfe is processing your Personal Data.

  • c) Access your Personal Data.

  • d) Rectify inaccurate or incomplete Personal Data.

  • e) Request the deletion of your Personal Data when, among other reasons, they are no longer necessary for the purposes they were collected for.

  • f) Restrict the processing of your Personal Data by Renfe, when any of the relevant conditions laid down in the data protection regulations is satisfied.

  • g) Request the portability of the Personal Data provided, in the cases provided for in the regulations.

  • h) Contact Renfe’s Data Protection Officer.

In the event that you do not believe the above rights have been correctly complied with by Renfe, you may contact the Data Protection Officer at the address DPD@renfe.es or lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos) at www.aepd.es or at its postal address, C/ Jorge Juan, 6, 28001 – Madrid.

  1. Personal Data processing by Third Party service providers

Within the Platform, Renfe acts as a provider of intermediation services and, consequently, Registered Users of the Platform who contract for Third-Party Services available on the Platform will be doing so with the Third Parties directly. For more information see the Terms and Conditions.

For the purpose of the provision of the Third-Party and Platform Services selected by the User, Renfe will communicate, to the Third Parties and/or the third-party technology platforms designed for the digital intermediation of transport services and which Renfe has a collaboration agreement with (and which act as data processors for the Third Parties), such personal data of the Registered User as are necessary for the provision of the Services and with the sole and exclusive purpose of those Third Parties being able to provide the Services to the Registered User, in accordance with the Terms and Conditions of the Platform and those of the Services. This communication of data is necessary so that the Third Party can provide the Service to Registered Users.

The Third Parties will act as data controllers of the Personal Data communicated by Renfe, assuming, at their sole risk, exclusive responsibility for any processing that is carried out on those Personal Data, which are subject to the privacy policy of the Third Party.

You can see more information about our Third Parties by clicking here.

  1. Personal Data processing via the dōcō mobile App

When you access dōcō using our mobile app, the provisions on data protection in our Política de Privacidad de la App dōcō will apply.

  1. Changes to the Privacy Policy

Our Privacy Policy may undergo updates, due to legal changes and requirements, and also as a result of improvements and changes made to the way in which we offer and provide our services and facilities. We therefore recommend that you visit and access our Privacy Policy periodically, in order to have access to and be aware of the latest changes that may have been incorporated.

Where such changes relate to the consent given, we will send you an independent, separate notification in order to obtain it once again.

If any queries or questions have occurred to you while reading our Privacy Policy, or if you want to exercise any right or take any action in relation to your Personal Data, please get in touch with us at the following email DERECHOSPRIVACIDAD@docoapp.com.