Last updated March 2022
The Mobi4U application (hereinafter the “App”), was developed by FOSTERING MOBILITY, S.L., domiciled for tax purposes at Paseo de la Habana 26, 1º-2, 28036, Madrid (Spain) for the company Alsa Grupo, S.L.U. (hereinafter, Alsa) with Tax ID No. (CIF) B-82059478 and registered offices at Calle Josefa Valcárcel, 20, 28027, Madrid (Spain), who is the Data Controller of any personal data provided by the users of the App.
This Privacy Policy regulates the processing of personal data belonging to users of the App (hereinafter, the “User” or the “Users”, as applicable) by Alsa, as part of the provision of services via the App (hereinafter, the “Services”).
The downloading and use of the App implies that the User has read and is in full agreement with this privacy policy (hereinafter, the “Privacy Policy”). The date indicated at the beginning of this Privacy Policy is the date it was last revised and the time from which it applies. Alsa reserves the right to modify the Privacy Policy and, therefore, recommends that the User check it on a regular basis.
The simple access to the "Services" after the modification will imply the acceptance of any modification introduced, for which Alsa recommends periodically consulting this Privacy Policy.
Some of the Services provided through the Application may be subject to specific privacy policies, which will complete or, if they are contrary to this Privacy Policy, will replace the content of this Privacy Policy, and which will be understood to be accepted when the User requests the provision of the service, for example, from the provider and operator of transport or the corresponding linked service.
Furthermore, the General Conditions of use of the App apply with regard to the downloading and use of the App and its Services.
1.- DATA CONTROLLER
Alsa Grupo, S.L.U., Tax ID No. (CIF) B-82059478 and registered offices at Calle Josefa Valcárcel, 20, 28027, Madrid (Spain); contact email address: asesoria@alsa.es; Data Protection Officer contact details: dpo@alsa.es
2.- PERSONAL INFORMATION CONTAINED IN THE APP
Registration details. When a User registers to create an account in the App, they must indicate their name, surname(s), email address, date of birth and mobile phone number.
Service provision data. Information regarding the reservation or purchase of Operator Services.
Payment method. When the User adds their credit card details to the payment platform, a third-party company will received said card information. Alsa does not store their credit card details on its servers. Likewise, the User may add pass cards, which will be communicated to the operator in question.
User profile information. When using the App, the User may select mobility preferences. The User can opt to complete their profile if they wish.
Communications. Should the User contact Alsa directly, Alsa may receive additional information about said User. Alsa may use automated systems to review communications for the purposes of security, fraud prevention, compliance with legal and regulatory requirements, investigation of potentially abusive behaviour, product development and improvement, research, technical support, and commitment to customers, which includes offering the User information and offers that Alsa deems could be of interest to the former (consent will be requested for said processing).
Location information. Subject to your prior authorization, when the User uses the Application on their mobile device, Alsa receives their location. Alsa may also collect the precise location of the User's device when the Application is running in the foreground or background.
User's location information is necessary to provide the best transportation options, determine pick-up locations, suggest the best route options based on your travel history, and generally to provide the Services.
In addition, if the User authorizes Alsa through the configuration of his device or the Application, Alsa may collect his location while the Application is deactivated to identify service suggestions in his location.
At any time through the configuration of the operating system of your device, the User can prevent your device from sharing your location. However, the location of the users is essential for the Application and without it Alsa cannot provide the User with the Services.
Usage information. In order for Alsa to understand how the App is used by the Users so that it can be improved, Alsa automatically receives information on their interactions, as well as the pages or other content they view in the App, their actions in the App, and the dates and times of their visits.
User comments. If they wish, operators and Users can review and rate each other at the end of each trip. Alsa receives information on reviews and ratings if the User authorises this.
Partners. Alsa may receive additional information from partners offering mobility services through which the User is registered, such as demographic information, information on payment and fraud detection, and may combine said information with the information it possesses.
3.- PURPOSE OF THE PERSONAL DATA COLLECTED
Alsa uses the information it collects from all Users for the following purposes:
A) Based on the contractual relationship:
- To provide the services offered via the App.
- To improve the User’s mobility experience.
- To connect Users with mobility providers or operators.
- To provide, improve, expand and promote the App.
- To facilitate transactions and payments.
- To provide technical support.
B) Based on a legal requirement:
To comply with any legal obligations pertaining to us and to communicate your personal data to the State Armed and Security Forces as well as any other agencies with competence in this area, if we are required to do so.
To correctly handle any situations of emergency, disaster or force majeure it may be necessary to communicate your personal data to institutions or agencies with competence in this area.
Contact the user to inform them, if necessary, with regards to contact traceability in situations of epidemic control and its propagation.
C) On the basis of the data subject’s consent:
- To communicate with the User even for advertising or marketing purposes, as long as their consent is given.
- To send text messages and push notifications.
Consent may be withdrawn by the User at any time without affecting the lawfulness of processing based on consent before its withdrawal. To withdraw consent, the User may either automatically unsubscribe from the commercial communications service, disable push notifications on their device, or submit their request to asesoria@alsa.es
D) On the basis of Alsa’s legitimate interests:
- To analyse how Users use the App.
- Statistical analysis on the use of the App and its Users’ behaviours, market research and analytical tasks regarding the use of the App. This data processing is carried out on an aggregate (i.e. in such a way as to ensure that you cannot be identified) or pseudoanonymised basis.
- To control, analyse and manage situations of risk, fraud, or incidents in order to prevent potential fraud. If we consider that a transaction may be fraudulent, this processing could result in the transaction being blocked.
- To take actions and conduct quality surveys aimed at knowing our customers’ and users’ level of satisfaction and to detect those areas where we could improve.
We believe that we have a legitimate interest as the processing of this data is also beneficial to you in that it allows us to properly attend to you, to provide you with a better service that suits your needs, expectations and level of user satisfaction, as well as benefiting and guaranteeing transactional security.
4.- LAWFUL BASIS FOR DATA PROCESSING
The lawful bases for processing this information are the performance of the previously contracted transport contract, the user’s consent, compliance with a legal requirement and Alsa’s legitimate interest, in the terms set out in point 3 on this Privacy policy. The assessment of interests is described in greater detail in referenced point 3.
5.- HOW ALSA SHARES THE INFORMATION COLLECTED
In certain circumstances, Alsa shares Users’ personal data with third parties.
When booking a trip, Alsa transfers the relevant details of the booking to the operator in question. This may include: the User’s name, contact details, payment details and any preferences that the User may have specified when making their booking. If the User has a query regarding their booking, Alsa may contact the operator to resolve it. Unless the User pays via the App during the booking process, Alsa will send the payment details to the payment gateway for processing. In the event of a dispute or claim, Alsa may provide the operator with information regarding the booking process. This may include a copy of the booking confirmation as proof.
Third parties, service providers: Alsa may use service providers to process the User’s personal data on its behalf. Third-party service providers are subject to confidentiality clauses and may not use personal data for other purposes.
Payment providers and other financial institutions: when the User or holder of the credit card used to making a booking requests a refund, Alsa may be required to share certain details of the booking with the payment service provider and the corresponding financial institution. This may also include a copy of the booking confirmation from when the User made the booking. Alsa may also share relevant information with financial institutions if it deems this to be strictly necessary for the purposes of fraud detection and prevention.
Competent authorities: Alsa shares personal data with law enforcement agencies when required to by law, or when this is strictly necessary for the prevention, detection or prosecution of criminal offences and fraud. Alsa may be required to share more personal data with the competent authorities to protect and defend its rights or property, or the rights and property of its trading partners.
Trading partners: Alsa works with other trading partners and operators. Some of those trading partners distribute or advertise Alsa's services. This may mean that their services are integrated into the App and have been enabled to display a personalised advertisement to the User, or that the App services are integrated into their own websites and/or apps.
When the User makes a booking on any of Alsa's trading partners’ platforms, certain personal data provided by the User will be sent to the trading partner in question. If a trading partner provides customer service, Alsa will share the relevant booking details with its partners (as necessary) in order to provide the User with the appropriate support.
When the User makes a booking on the website of an operator, they should take the time to read the respective privacy policies to know how the operator might process their personal data. When Alsa offers the User other mobility services, the User's information may be shared with trading partners to manage their order. In order to detect and prevent fraud, Alsa may exchange information on its Users with its trading partners.
6.- DATA RETENTION PERIOD
We only store users’ personal data to use it for the purpose it was originally collected and in accordance with the legal basis for processing it. We will retain personal data as long as there is a contractual relationship with the user, and as long as the user does not exercise the right to erasure, cancellation, and/or restriction with regard to the processing of such data.
Should this occur, said data will be blocked and not used as long as it may be needed to lodge or defend complaints or when any kind of legal or contractual responsibility may be derived from processing it that must be addressed and for which the data must be retrieved.
Alsa must comply with current legislation as regards its obligation to cancel the personal information that is no longer needed for the purpose or purposes for which it was collected, blocking the same so as to be able to respond to any possible liabilities arising from the processing of data, and solely for the duration of the limitation periods for any such liabilities. After the aforementioned limitation periods have elapsed the information in question shall be erased by secure methods.
7.- RIGHTS OF DATA SUBJECTS
Data subjects may exercise their rights to access, rectification, erasure, portability, restriction and objection to processing, as well as the right not to be subject to a decision based solely on automated processing of their data, when applicable, by contacting Alsa Grupo, S.L.U. with their request at the following email address: asesoria@alsa.es, or by writing to the following address: Alsa Grupo, S.L.U., Dpto. Asesoría Jurídica, Calle Josefa Valcárcel, 20, 28027, Madrid, Spain. Any such requests must be accompanied by a photocopy of a valid National ID card or equivalent document accrediting the data subject’s identity and must specify the right being exercised. Furthermore, all data subjects have the right to obtain information on how their data is processed in the Alsa.
Data subjects may, at any time and under the terms set out in the applicable data protection regulations, withdraw their consent, without affecting the lawfulness of processing based on consent before its withdrawal.
The data subject has the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es) as well as with the Alsa Data Protection Office (dpo@alsa.es).
8.- OTHER DETAILS CONCERNING THE PRIVACY POLICY
Data security. Alsa has adopted the security levels for the protection of personal data required by current law (REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC and hereinafter referred to as the General Data Protection Regulation) depending on the type of information stored.
Alsa has also implemented other additional technical means and taken the available measures to prevent the alteration, loss or unauthorised access or processing of the personal data provided. Alsa is committed to protecting the Users’ data, but cannot guarantee that their data will be 100% secure.
Children’s privacy. The App is not designed for children and Alsa does not deliberately collect personal information from children under 14 years of age. If it becomes known to Alsa that a child under the age of 14 has provided their personal information, it will take measures to delete said information. If the User believes that a child under 14 years of age has provided Alsa with personal information, they should contact Alsa by emailing asesoria@alsa.es
Changes to the Privacy Policy. Alsa may occasionally make changes to this Privacy Policy. Alsa will inform the User via the App, by email, or another means of communication. Alsa recommends that the User regularly read this privacy policy to stay up to date with our practices in this regard. The User accepts this Privacy Policy and any updates made to it every time they use the App.
Contact information. The User may contact Alsa at asesoria@Alsa.es at any time with any questions or comments regarding this Privacy Policy, their personal information, Alsa’s use and shared-use practices or its consent options.
In accordance with current legislation, Alsa will comply with its obligation to delete any personal information when it is not needed for the purpose or aims for which it was collected. The information will be blocked, but the company will keep it in the event of any liability that could arise from the processing of data during the required storage periods. Once the required period has elapsed, the information will be permanently deleted using secure methods.