Who is responsible for the processing of your personal data?
The entity responsible for the processing of personal data is ZINNIA TELECOMUNICACIONES, S.L. with N.I.F B87836607 and domiciled in MADRID, CALLE MARÍA TUBAU 3, PLANTA 5, MÓDULO C (28050) (hereinafter, by its trade name, “Lobster”).
We also inform you that the Data Protection Officer is the person in charge of ensuring the protection of your fundamental right to the protection of personal data. You can contact Lobster’s Data Protection Officer at: email@example.com
What data are processed and from what sources are they obtained?
Lobster may process the following data:
- Identifying data (name and surname, NIF/DNI, address, telephone, image/voice, signature).
- Electronic communications metadata (call and SMS records -CDRs, MSISDN, MAC addresses, IP addresses, navigation data, communication location data, location data other than the above in calls to emergency services).
- Economic and financial data (billing, banking data, credit card, credit information).
- Data on date of birth, place of birth, age, gender, nationality.
The sources from which we acquire your data are as follows:
Data provided directly by you
At the time of contracting, the Client must provide the data marked as mandatory in the corresponding form, such contracting not being possible if the Client does not agree to provide any of such data. The Client guarantees that the information provided is truthful and accurate, and authorizes Lobster to require, if it deems it appropriate or necessary, additional or complementary data in order to ensure and confirm the identity of the Client.
If the Client is not the owner of the data provided (data of dependants, employees, family members, etc.), he/she guarantees that he/she is authorized and has obtained the consent of the owner for the provision of the data and will be liable to Lobster for the same.
Lobster also collects personal data directly from the Client through its customer service channels.
Data collected automatically through cookies
When using Lobster’s service, it uses traffic data, navigation data, location, as well as information that we may collect through cookies when accessing or browsing our website.
Purpose and legitimacy of the processing
Lobster processes the Client’s personal and traffic data for the following purposes:
Formalizing the contract and providing the Service in execution of the Contract
Lobster processes your identification data for the purpose of contracting the service and invoicing for the same. On the other hand, your traffic data is processed by Lobster in order to provide you with the contracted mobile communications service. Lobster informs you that the routing of calls you make through Lobster’s electronic communications service necessarily involves the transmission of traffic data for call routing and termination at the desired numbering. However, the transmission of traffic metadata does not allow for your personal identification, nor is location data other than traffic data transmitted except in the case of calls to emergency services and this by legal obligation.
Legitimate interest of Lobster
Lobster may use your traffic data in an anonymous and aggregated form, for statistical purposes and to learn about the status and operation of the network in order to ensure efficient management of the network and to be able to develop new functionalities.
Lobster may also process your personal and traffic data for internal credit control and fraud prevention.
Compliance with a legal obligation
Lobster is obliged to comply with certain legal obligations, which legitimize the processing of your personal and traffic data, in particular:
- those arising from compliance with Law 9/2014 of May 9, General Telecommunications, such as: (a) the processing and communication of data to the National Commission for Markets and Competition for subsequent transfer to the entities authorized under Circular 1/2013 regarding the procedure for the provision of subscriber data for the provision of directory services, telephone consultation on subscriber numbers and emergencies, (b) to the central node and other electronic communications operators in the framework of the management of portability if you request the change of operator while retaining your numbering, (c) to other operators in the framework of the obligations of identification of non-permitted or irregular traffic for fraudulent purposes established in Royal Decree 381/2015 of May 14 as well as (d) to other operators with which Lobster collaborates in order to comply with the obligations of legal interception of communications in the event of such a request for interception by the empowered agents;
- obligations to retain and transfer identification data and data on electronic communications to authorized agents in accordance with Law 25/2007 of 18 October;
- processing of personal data relating to the fair use policy to determine residence or stable links to Spain under the provisions of Regulation (EU) 531/2012 on roaming;
- processing their data by virtue of interceptions that are authorized in accordance with the provisions of Article 579 of the Criminal Procedure Act, Organic Law 2/2002, of May 6, regulating prior judicial control of the National Intelligence Center and other regulations with the rank of organic law, and
- other legal obligations to communicate data derived from tax, judicial, emergency services, obligations, etc.
Lobster may send you commercial communications about its services or make commercial customer service calls subject to express, unequivocal and informed consent. Such consent must be given at the time of contracting, and you may modify such option and withdraw such consent (if you have given it) at any time in your Client Area or by calling 1661. If you do not consent or object to this treatment we will not send you commercial communications.
To whom is your data communicated?
Lobster may entrust the processing of your data to trusted suppliers established within the European Union.
They process your data on behalf of Lobster:
- Group companies for the provision of customer services (Zinnia Ltd.);
- Network providers (electronic communications operators) for the provision of the contracted electronic communications service (Gibtelecom); and
- Banking or/and credit institutions in charge of managing the collection of the contracted services on behalf of Lobster (Worldpay).
Lobster informs you that some of these trusted suppliers are based in Gibraltar and the United Kingdom.
Lobster may also communicate your data to:
- Third party electronic communications operators for the management of portability processes or/and fraud control in compliance with legal obligations.
International data transfers are carried out with Gibtelecom, ensuring an adequate level of security and guarantor with the GDPR.
How long will we keep your data?
The customer is informed that, in compliance with the principle of limitation of the retention period, the data collected will be processed only and exclusively for the time necessary and for the purposes for which they have been collected at any given time.
Once this purpose has elapsed or the right of deletion of data is exercised, the data will be duly deleted except for those that, by legal obligation and in accordance with the provisions of Article 32 LOPDGDD must be blocked. The blocked data will not be accessible by Lobster, nor will it be possible to view them. Certain data will be kept blocked for the purpose of making them available to judges and courts, the Public Prosecutor’s Office or the competent Public Administrations, in the event of a possible requirement or the demand for possible liabilities arising from the processing and for the period provided for in the applicable legislation in force.
Once this period has elapsed, your data will be destroyed.
Regarding traffic data and communications metadata, Lobster must comply with certain legal obligations, for example, Law 25/2007 of October 18, 2007 on the conservation of data relating to electronic communications and public communications networks, which involves storing traffic and location information for a period of 12 months to provide in the event of a court order.
What measures do we take to protect your personal data?
Lobster is concerned to ensure the security, secrecy and confidentiality of your data, communications and personal information. Therefore, in compliance with current legislation and as part of our commitment, we have adopted the most stringent and robust security measures and technical and organizational means to ensure the security of your data and prevent its destruction, loss, unlawful access or alteration. In determining these measures, we have taken into account criteria such as the scope, context and purposes of the processing, the state of the art and the existing risks.
What are your rights regarding your personal data?
In accordance with the provisions of the applicable regulations, Lobster informs the client that he/she has the following rights derived from the applicable regulations:
- Access: allows the data subject to obtain information about whether or not we at Lobster are processing personal data concerning him/her and, if so, the right to obtain information about your personal data undergoing processing.
- Rectification: allows you to correct errors and modify data that proves to be inaccurate or incomplete.
- Deletion: allows data to be deleted and no longer processed by Lobster, unless there is a legal obligation to retain it and/or there are no other legitimate grounds for its processing by Lobster. For example, when personal data is no longer necessary in relation to the purposes for which it was collected, the client may request that we delete such data without undue delay.
- Limitation: under the legally established conditions, allows the processing of data to be stopped, so that future processing is prevented by Lobster, which will only keep it for the exercise or defense of claims.
- Opposition: in certain circumstances and for reasons relating to their particular situation, data subjects may object to the processing of their data. Lobster will stop processing the data, except for compelling legitimate reasons, or the exercise or defense of possible claims. In particular, you may object at any time to the sending or sending of commercial communications by Lobster by managing such consent through your Client Area or by calling 712, to the inclusion of all or some of your personal data in subscriber telephone directories, and to the processing of your personal and traffic data only when they are no longer necessary for the transmission of communications, the billing of the service or for the processing, response and, where appropriate, defense of possible claims.
- Portability: allows the data subject to receive their personal data and to be able to transmit it directly to another data controller in a structured, commonly used and machine-readable format. In order to exercise this right, it will be necessary for the customer to provide a valid email address.
The Customer may exercise the above rights by writing to LOBSTER (CALLE MARÍA TUBAU 3, PLANTA 5, MÓDULO C, 28050 MADRID), by e-mail to: firstname.lastname@example.org indicating their identification number, or through the Customer Personal Area.
In addition, and especially when the Client considers that he/she has not obtained full satisfaction in the exercise of his/her rights, he/she may write to Lobster’s data protection officer.
He/she may also file a complaint with the competent Data Protection Control Authority, which in Spain is the Spanish Data Protection Agency (www.agpd.es).