Privacy Policy for the dōcō website - App

Privacy Policy for the dōcō App

 

This document (hereinafter, the “Privacy Policy”) sets out the terms and conditions for personal data processing (hereinafter, the “Personal Data”) carried out as a result of you accessing and using the dōcō platform (hereinafter, the “Platform”), owned by Entidad Pública Empresarial Renfe-Operadora (hereinafter, “Renfe”).

For the purposes of this Privacy Policy, the terms defined in the document dōcō Terms and Conditions for access, use and sale (the ‘Conditions’) will apply.

Bear in mind that anonymised information and purely statistical data used by Renfe will not be regarded as Personal Data.

The Personal Data requested in the Platform’s different forms are, as a general rule, obligatory (except where otherwise specified in the required filed) in order to fulfil the purposes for which they are being requested. Therefore, if the data are not provided, or are not provided correctly, it will not be possible to fulfil those purposes, although it will still be possible to view the content of the Platform freely.

Please read this Privacy Policy carefully before accessing, registering on and using the Platform.

1. Personal Data Processing via the dōcō mobile app

When you access dōcō using our mobile app, the provisions on data protection in this Privacy Policy will apply.

2. Who is the Data controller?

Entidad Pública Empresarial Renfe-Operadora (‘Renfe’) is the controller of the data generated in the context of the Platform’s activity. Renfe is a Spanish public business entity having NIF (tax ID number) Q-2801659J and its registered office at Avenida de Pío XII, nº 110, 28036 Madrid.

Renfe’s contact details:

• Email of our Data Protection Officer: DPD@renfe.es

3. What Personal Data we process?

As a result of access to and use of the Platform we may process the following Personal Data:

• Identificationa Data:

  Necessary for the basic operation of the Platform:

  • Name
  • First Surname
  • Second surname
  • Document type and number (DNI, passport, TIE)

  Optional for the operation of the Platform:

  • Age
  • Gender
  • Nationality
  • Date of birth
  • Driving licence: Type, validity, number, support number*
  • Identification codes and keys to access and use the Platform
    

    *When you take out Third Party Services who require it.

• Contact and Communicationa Data:

  Necessary for the basic operation of the Platform:

  • Mobile phone or land line
  • Email
  • Place of Residence (depending on the Transport Services Provider)

  Optional for the operation of the Platform:

  • Place of residence* (favourite addresses - home, work, etc. Configurable.)
  • Country
  • Comments/opinions/queries/claims
    

    *When you book certain Third Party Services that require it, this data may be compulsory.

• Bank details:

  Necessary for the basic operation of the Platform:

  • 4 last digits of the payment card
  • Expity Date

• Browser Data:

  Necessary for the basic operation of the Platform:

  • IP address
  • Domain name
  • SDKs needed

  Optional for the operation of the Platform:

  • Unique device identifier
  • The device’s digital footprint*
  • Device location*
  • Others SDKs*
    

    *When you have set this up on your mobile device.

• Other types of Personal Data communicated to us by the service providers:

  Necessary for the basic operation of the Platform:

  • Trip details

  Optional for the operation of the Platform:

  • Travel preferences
  • Location (including location in real time)*
    

    *When you have set this up on your mobile device.

Please remember that, when we ask you for your personal data to give you access to a feature or service on the app, some fields will be marked as mandatory. These are the personal data that we need to be able to give you access to the feature or service requested.

 

4. Where do your data come from?

• a) The ones you yourself give us: the Personal Data that you give us when you access and use the Platform and the Services available on it (including registering).

• b) From the SDKs and similar technologies included on the Platform and from the use of similar technologies: for more information, see our  SDK Policy on the dōcō app.

• c) From Third Parties: Personal Data given to use by Third Parties in the event that you take out an Third Party Services available on the Platform (such as, amongst others, Suppliers of transport services and leisure, etc).

• d) From social networks: these are Personal Data communicated to us by social networks when you interact with us via our company profile for the Platform on each social network.

In the event that Users provide the Personal Data of third parties for any purpose, they guarantee that they have previously informed the data subjects and have obtained their consent to communicate their data to Renfe. In the event that you provide personal data referring to minors, you guarantee that you are legally empowered to provide them (you have parental authority or guardianship over the minor) and that the information provided is exact and truthful.

Renfe may verify the consent of the data subjects by means of an email of a non-commercial nature, requesting verification of the consent given on their behalf by you.

In the event of any liability arising from non-compliance with these conditions by you, you will be liable for the consequences of such non-compliance.

5. What are the purposes we process Personal Data for and what are the Legal Bases?

We will process your personal data for the following purposes:

5.1.  Facial recognition of the user for authentication and access to the Platform: The user may opt to enable this to log into the app.

Legitimate basis: The user's consent.

5.2. Management, administration and control of access to and use of the Platform and its services

This management includes:

a) Managing access to, use of, registration and de-registration on the Platform and any interaction you carry out on the Platform.

b) Providing the intermediation services that allow you access to and use of Third Party Services available on the Platform, for example, monitoring requests sent by registered Users and locating fleets; checking that the planner, the booking system, the payment system and the pick-up of Users/use of vehicles is functioning correctly; managing payments, invoicing, cancellations and refunds, etc.

Legitimate basis: entering into, performing and controlling the contractual relationship, or pre-contractual measures.

5.3. Management of the Platform's customes care services: This service includes offering consultation and customer services to manage any requests we receive to guarantee the quality of service to the user, such as, among others, requests for information, incidents and complaints related to the use of the Platform through:

a) the web site

b) the mobile app

c) the social networks

d) by telephone

Legitimate basis: Renfe’s legitimate interest in ensuring the quality of the service.

5.4.  Complaint Management: Related to services provided by the Platform, and those provided by Third parties; your enquiry may be helpful to other users and we guarantee the services provided.

Legitimate basis: Public interest.

5.5. Improving the quality of the Platform and managing satisfaction survey forms about the Platform ant its services.

Legitimate basis: legitimate interest of RENFE to improve the quality of the service.

5.6. Dealing with requests for information from the Authorities.

Legitimate basis: complying with Renfe’s legal obligations.

5.7. Sending commercial communications, offers and promotions: relating to products that are similar to the ones you have booked, both general and personalised, by any media, including digital.

Legitimate basis: User consent.

5.8. Sending commercial communications, offers and promotions: for the Platform, its services and products and services marketed by Renfe group companies, Third Party service providers and other Third Parties on the Platform, both general and personalised, by any media, including digital.

Legitimate basis: User consent.

 

5.9. Sending communications relating to the provision of the service: For the purpose of sending you notifications relating to the use of the Platform, and communications about Third Party Services you book, for example, reminders/updates, etc.

Legitimate basis: Renfe’s legitimate interest.

5.10. Communicating your data to Renfe Group Companies, Third Party providers of services and other collaborators on the Platform for the provision of the service.

Legitimate basis: User consent.

5.11. Management of browsing data: obtained using cookies in order to analyse the User’s preferences and improve our products and services.

Legitimate basis: User consent.

5.12. User segmentation: At Renfe we want your experience as a customer to be the most satisfactory possible, with a personalised relationship which is fully in line with your customer profile and your needs. To achieve this, we have to analyse not just the data that allow us to identify you as a customer, but also the products and services you have taken out with us, as well as the use of Renfe’s products, services and channels. Furthermore, we use statistical and classification methods to adjust your profile correctly. Using this analysis, we can show you functions, products and services that we consider are in line with your profile; information about the products and service you have with Renfe; and personalised offers with more competitive prices for you.

        Legitimate basis: User consent.

5.13.  The use of sensors in iOS and Android such as the camera, external library, localisation, sending push and tracking notifications. Each has a different function and permissions, which are developed in more depth in Point 7.

Legitimate basis: The user's consent to offer a satisfactory experience within the application and to enjoy the features provided by dōcō.

 

6. Which permissions and resources do we request on the Platform?

When you use the Platform, we may ask you to give us your permission to access certain data or resources on your mobile device:

a) Location: we will request your permission to access the location of your mobile device in order to locate you on the map and select a location as a route origin, provide you with better results for your trips, guide you accurately in real time and offer you alternative routes if necessary.mobile device in order to locate the customer on the map and select the location as the start of the route.

b) Camera: we will ask for your permission to access the camera on your mobile device to verify your identity document; and, if appropriate, your driver’s licence. The purpose of this permission is to use public transport services.You also have the opportunity to allow its use to access the platform using facial recognition.

c) External storage libraries: we will ask your permission to access the storage library of your mobile device to be able to select the images and/or documents you want to attach when processing a query or incident.

d) Push notifications: we will ask you for permission to access the notifications on your mobile device to send you notifications, travel alerts and marketing messages.

e) Tracking: we will ask your permission to use tracking to offer you better results for your trips, guide you precisely in real time and offer you alternative routes if necessary.

f) Microphone: we will ask for your permission to access the microphone when you want to enable the voice-activation function along the route and when you want to add doco to Siri shortcuts (Apple).

 

7. Which recipients will your data be shared with?

The following may access your Personal Data:

• Providers or partners that provide services on behalf of Renfe: for the purpose of managing the provision of the Platform’s services. In this case, such access to Personal Data by providers or partners that provide services on behalf of Renfe will be regulated in the relevant data processing contract, in compliance with the applicable regulations.

• b) Third Parties: we will only transfer the Personal Data necessary for the provision of Third-Party Services, as set out and with the scope stated in point 9 of this Privacy Policy. In the event that you give us your consent, we may also communicated your Personal Data as shown in point 5.10 above.

• c) Third-party technology platforms designed for the digital intermediation of transport services and which Renfe has a collaboration agreement with: we will only communicate the Personal Data necessary for the provision of the Platform’s Services. In the event that you give us your consent, we may also communicated your Personal Data as shown in point 15.11 above and paragraph 9 of this Policy.

• d) Authorities: we may share certain information that is strictly necessary with the relevant public authorities, as well as Judges and Courts, if the law demands it.

8. What use is made of social networks?

On dōcō, social networks are used to enable login functions. It should be taken into account that this feature may lead to the exchange of personal data between dōcō and the chosen social network's service provider. The function available to you is an add-on that you can, or may not, use. The details of dōcō’s use are:

a) Log in with one of your Google, Facebook and Apple accounts. Gives the opportunity to log in using the data that you have already given permission to these service providers to use, so you don’t need to remember various usernames and passwords in order to log in easily and link them to our services. You can unlink your dōcō user account from the chosen social network at any time. We think it is appropriate to let you know that data transfers are not made other than for the processing to configure the login. In the event you decide to connect using your Google, Facebook or Apple account, click on the following links to get information about how these social networks process the data: Google, Facebook and Apple.

9. Will Users' data be transferred outside the European Union?

Renfe will not carry out international transfers of Personal Data. In any event, should it be necessary to carry out transfers to other countries not regarded as secure, they will be done protecting the Personal Data by means of appropriate guarantees, which may involve the exporter and the importer of the data signing Standard Contractual Clauses, approved by the European Commission.

10. How long will your data be retained for?

Your Personal Data will be retained for the time that is strictly necessary to carry out the processing they were provided for, or until you request the deletion of your Personal Data or, as long as this is legally admissible, you state your objection to such processing.

11. How can I exercise my rights?

You can (i) write to Renfe, at the address given at the start of this policy, stating the number of your identity document or equivalent document and the precise nature of request; or (ii) send an email to the address DERECHOSPRIVACIDAD@docoapp.com. In the event of doubt when verifying your identity, we may request your identity document, or equivalent document, number in order to:

• a) Withdraw your consent.

• b) Obtain confirmation regarding whether Renfe is processing your Personal Data.

• c) Access your Personal Data.

• d) Rectify inaccurate or incomplete Personal Data.

• e) Request the deletion of your Personal Data when, among other reasons, they are no longer necessary for the purposes they were collected for.

• f) Restrict the processing of your Personal Data by Renfe, when any of the relevant conditions laid down in the data protection regulations is satisfied.

• g) Request the portability of the Personal Data provided, in the cases provided for in the regulations.

• h) Contact Renfe’s Data Protection Officer.

In the event that you do not believe the above rights have been correctly complied with by Renfe, you may contact the Data Protection Officer at the address DPD@renfe.es or lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos) at www.aepd.es or at its postal address, C/ Jorge Juan, 6, 28001 – Madrid.

12. Personal Data processing by Third Party service providers

Within the Platform, Renfe acts as a provider of intermediation services and, consequently, Registered Users of the Platform who contract for Third-Party Services available on the Platform will be doing so with the Third Parties directly. For more information see the Terms and Conditions.

For the purpose of the provision of the Third-Party and Platform Services selected by the User, Renfe will communicate, to the Third Parties and/or the third-party technology platforms designed for the digital intermediation of transport services and which Renfe has a collaboration agreement with (and which act as data processors for the Third Parties), such personal data of the Registered User as are necessary for the provision of the Services and with the sole and exclusive purpose of those Third Parties being able to provide the Services to the Registered User, in accordance with the Terms and Conditions of the Platform and those of the Services. This communication of data is necessary so that the Third Party can provide the Service to Registered Users.

The Third Parties will act as data controllers of the Personal Data communicated by Renfe, assuming, at their sole risk, exclusive responsibility for any processing that is carried out on those Personal Data, which are subject to the privacy policy of the Third Party.

You can see more information about our Third Parties by clicking here.

13. Personal Data processing via the dōcō Web Site

When you access dōcō using our mobile app, the provisions on data protection in our Política de Privacidad de la Página Web de dōcō will apply.

14. Changes to the Privacy Policy

Our Privacy Policy may undergo updates, due to legal changes and requirements, and also as a result of improvements and changes made to the way in which we offer and provide our services and facilities. We therefore recommend that you visit and access our Privacy Policy periodically, in order to have access to and be aware of the latest changes that may have been incorporated.

Where such changes relate to the consent given, we will send you an independent, separate notification in order to obtain it once again.

If any queries or questions have occurred to you while reading our Privacy Policy, or if you want to exercise any right or take any action in relation to your Personal Data, please get in touch with us at the following email DERECHOSPRIVACIDAD@docoapp.com.