DURCAL
PRIVACY POLICY
1. Introduction
Alpify Software S.L (hereinafter referred to as "Durcal") is the owner of the website
https://durcal.com/es/ (hereinafter, the "Website") and the mobile application "Durcal-Family
Locator" (hereinafter the "App"). Durcal acts as the Data Controller for the personal data of the
users of the Website (hereinafter, the "Web Users"), the App users (hereinafter the "App
Users"), and the users of the Durcal watch (hereinafter the "Watch Users") (collectively
referred to as the "User/s") who access and use the Website, the App, and the Watch.
Through this Privacy Policy, and in compliance with Regulation (EU) 2016/679 ("GDPR") and
Organic Law 3/2018, of December 5, on Personal Data Protection and the guarantee of digital
rights ("LOPDPGDD"), Durcal informs the Users who register and/or use the Portal, the App,
and/or the Durcal Watch, about the processing of personal data that may be collected through
the Website, the App, and/or the Durcal Watch, and processed by Durcal, so that the Users can
decide, freely and voluntarily, whether they wish to provide the requested information.
I Who is responsible for data processing?
Data Controller: Alpify Software S.L.
Tax Identification Number (NIF): B66162694
Registered address: Calle Santa Teresa, 6, Barcelona, Spain 08012 Barcelona (Spain)
DPO (Data Protection Officer): dpo@durcal.com
For the provision of services to the Users, Durcal will process personal data of third parties
unrelated to the Terms and Conditions between the User and Durcal, which is regulated in
accordance with Annex I (Transfer Agreement). In compliance with the GDPR and the
LOPDPGDD, the User contracting the services of Durcal or using the App is the Data Controller
of the personal data of such third parties provided to Durcal. Thus, as established in the Terms
and Conditions agreed upon by both parties, the User guarantees compliance with data
protection regulations regarding the processing of such third-party personal data. Specifically,
the User guarantees they have properly informed the interested third parties about the
processing and transfer of their personal data to Durcal, and that they have legitimately
obtained consent for this processing. Furthermore, the User guarantees that they have
collected explicit consent from the Watch User for the processing and transfer of their
health-related personal data.
Durcal will be the Data Controller independently of the User for those personal data essential
for providing the service. For non-essential data provided by the User, Durcal will act as the
Data Processor. Notwithstanding the above, Durcal provides the Watch User with a mechanism
to manage their personal data, either through creating a user account or, if they do not have an
account, via the following phone number: 900 900 916.
The User and Durcal are obliged to process the personal data of the interested party in
accordance with the Data Transfer Agreement and the Data Processing Agreement of Annexes I
and II of this Privacy Policy.
2. Data collected, purposes, legal basis, and retention period
Durcal may process the personal data of Users both as a Data Controller and as a Data
Processor. Below, Users are informed about each type of personal data processing that Durcal
will carry out.
2.1.Data processed as Data Controller
Data obtained through the Website.
Collected Data
Legal Basis
Purpose
Browsing:Due to internet
communication standards, when the
Web User visits our website, we
automatically receive the URL of the
site they came from and the site they
visit when they leave our website. We
also receive the Internet Protocol ("IP")
address of their computer and the type
of browser they use. We use this
information to analyze general trends
and improve the service. This
information is not shared with third
parties without their consent. The Web
User can find more information in our
Cookies Policy.
Legitimate Interest/
Consent
Conduct analysis of
browsing behavior and
statistics: The
information collected
through cookies and
other similar tracking
technologies allows for
an analysis of the
browsing done by Web
Users.
Web User Contact: name, surname,
email address, and the content of the
message to address your comments,
requests, suggestions, etc.
Consent
Assist the Web User in
case they have any
questions while using
the platform.
Additionally, we may
process this data for
statistical studies using
pseudonymization and
even anonymization
techniques, such as data
aggregation, ensuring
that this subsequent
processing does not
individually identify the
Web Users.
Professional Information for CV: Name,
email address, phone number, work
experience, LinkedIn account.
Consent
Manage personal data of
the candidates: Process
the data of candidates
received through the
website.
Order Management: First and last
name, delivery address, email, and
phone number.
Execution of the
contractual relationship.
Legitimate interest.
Consent.
Process and manage
order deliveries:
Register the web user's
subscription and deliver
the product.
Commercial communications: Email,
phone number.
Consent
Commercial information
of interest to the Web
User: Communicate
business opportunities,
events, and more.
Communications related to the service:
email, first and last name.
Execution of the
contractual relationship.
Legitimate interest.
Provide additional
information about the
contracted service:
Notify the Web User in
relation to the services,
in particular,
transactional
communications such as
product purchase
confirmations, invoice
shipments, payment
updates, security
incidents regarding
passwords or Web User
Account, etc.
Likewise, we can also
send Newsletters to Web
Users about the activity
and news from Durcal.
Data obtained from the App.
Collected Data
Legal Basis
Purpose
Browsing Data: Due to internet
communication standards, when the
user visits our App, we automatically
receive the Internet Protocol ("IP")
address of their device. We use this
information to analyze general trends
and improve the service. This
information is not shared with third
parties without your consent. The User
can find more information in our
Cookie Policy
Legitimate
Interest/Consent.
Conduct browsing
behavior and statistical
analysis: The
information collected
through cookies and
other similar tracking
technologies allows for
an analysis of the
browsing done by the
Users
Registration Data: Photo, first name,
last name, and phone number of the
User
Execution of the
contractual relationship
in which the interested
party is involved.
Creating an account for
the User: This data will be
processed with the aim of
creating a user account for
the User so they can use
all the features of the App.
Without this data, we
cannot create their user
account.
App User Identification Data:
Photograph, first name, last name,
email address, phone number, User's
home address, User's workplace
Execution of the
contractual relationship
Provide remote
assistance services to
the Users: using this
data with the aim of
contacting the App User
when an emergency
situation is detected for
the App User or a family
member.
Watch User Identification Data: Watch
User's Data: First name, last name,
phone number, address, NIF (Tax
Identification Number).
Consent
Provide remote
assistance services to
the Watch Users, using
this data with the aim of
contacting the Watch
User or the App User
when an emergency
situation is detected for
the Watch User
Location Data: Geolocation of the App
User in background mode.
Execution of the
contractual relationship
Provide remote
assistance services to
Users so that family
members can know
where they are at all
times and, if necessary,
Durcal can initiate its
emergency protocol
Physical activity data: Daily steps
Execution of the
contractual relationship
Provide remote
assistance services to
Users, so that the User
can have visibility of
their health status based
on the steps taken each
day.
Communications related to the service:
User's first name, last name, and email
addres
Execution of the
contractual relationship
The User's data is used
to send them
commercial information
about Durcal that may
be of interest to them
based on the existing
contractual relationship
between the User and
Durcal. For more
information on
commercial
communications, please
consult our Legal Notice.
Data obtained from the Durcal Watch.
Watch User Identification Data: Durcal
Watch identification number
Consent
Provide remote
assistance services to
the Watch Users, using
this data with the aim of
contacting the Watch
User or the App User
when an emergency
situation is detected for
the Watch User
Watch User Location Data: Geolocation
of the Watch User.
Consent
Provide remote
assistance services to
the Watch Users so that
family members can
know where they are at
all times and, if
necessary, Durcal can
initiate its emergency
protocol.
Watch User Health Data: Vital signs.
Consent
Provide remote
assistance services to
the Watch Users so that
family members can
know where they are at
all times and, if
necessary, Durcal can
initiate its emergency
protocol
Watch User's Physical Activity Data:
Daily steps.
Consent
Provide remote
assistance services to
the Watch Users, with
the aim of monitoring
the physical activity of
the Watch User.
2.2.Data processed as Data Processing Manager
Identification data: photograph of the
App User and the Durcal Watch User
Consent of the
interested party
Being able to identify the
App and Web Users
The data collected by Durcal will be used for specific purposes; once they are no longer
necessary for the purpose of processing, such data will be deleted. Only the data necessary for
compliance with legal obligations will be stored, which in no case will exceed a duration of 10
years.
The previously mentioned collected data may be used by Durcal for purposes compatible as
recognized by the GDPR in Article 89, for the purpose of producing reports and statistical
studies in order to increase knowledge about products demanded by Users, as well as to
improve the quality of the website's services. For this, pseudonymization systems are applied,
ensuring the confidentiality and security of the Users' personal data
3. Data communication to third parties
Durcal informs that, in order to fulfill the previously described purposes, it will be necessary to
grant access to personal data provided by the User to:
Payment service providers: Durcal has on its website services from the payment
service providers listed below, which comply with the security measures established by
the payment services regulations and have Level 1 certification according to the
Payment Card Industry Data Security Standard or PCI DSS.
Technology service providers: involved in the operation of the Website and the App to
allow communications between Users and Durcal in case any questions arise during the
use of the platform or to be able to apply for a job offer from Durcal.
Transport service providers: Durcal hires third-party services for the transportation of
goods and delivery of orders made by the Web User. Durcal will communicate to the
transport company the buyer's identification information, delivery address, and
contact details to coordinate said delivery between the Web User and the
corresponding transport company.
Remote assistance service providers: Durcal hires third-party services for the provision
of remote assistance services to Users. Durcal will communicate to the remote
assistance company the User's identification information and location data.
Telephone service providers: Durcal hires third-party services for the provision of
telephone services, so that the Durcal Watch has a connection to make calls, location,
etc. Durcal will communicate to the company the User's identification information and
location data.
Other App Users: As long as the User has given their consent, the identification,
location, and physical activity data of the App User and Watch User may be shared with
other Users who are part of the App's family group.
The mentioned providers may be located in jurisdictions that generally do not offer adequate
guarantees regarding the processing of personal data. For all entities that are not part of the
European Economic Area (EEA), Durcal has signed contracts with these entities that include
such safeguards, including the European Commission's model clauses.
Users can obtain more information about the technological service providers by requesting it
from Durcal through the contact means provided in this privacy policy.
Likewise, Durcal may disclose your data to:
Companies interested in buying or acquiring the company or a part of its business and,
consequently, give access to any national or international auditor to carry out their
due diligence
Authorities to investigate suspicions of fraud, harassment, or other violations of any
law, rule, or regulation, or of the website's policies.
4. Security and Confidentiality
Durcal commits to adopting the necessary technical and organizational measures in accordance
with current regulations to ensure the security of personal data and prevent the accidental or
unlawful destruction, loss, or alteration of transmitted, stored, or otherwise processed
personal data, or unauthorized communication or access to such data. Personal data will be
treated as confidential by the data controller, who undertakes to inform and ensure, through a
legal or contractual obligation, that this confidentiality is respected by its employees,
associates, and anyone to whom the information becomes accessible.
5. Data Protection Rights
The User and the Senior may exercise their rights of access, rectification, erasure, objection,
and, where applicable, restriction of processing and data portability by sending an email to
soporte@durcal.com.
Likewise, the User and the Senior may lodge a complaint with a supervisory authority and, in
particular, with the Spanish Data Protection Agency (www.aepd.es) if they believe that the
rights outlined above in this Privacy Policy have been violated or if they believe that the
processing of their personal data violates applicable regulations
6. Changes to the Privacy Policy
Durcal reserves the right to modify this Privacy Policy at any time. Changes or updates to the
Privacy Policy will be explicitly notified to the User through a notice on the Website, along with
the updated version of the Privacy Policy
Last Version:
30-06-2023
Annex I. Data Transfer Agreement
Within the framework of the provision of services by Durcal, Durcal and the User may share
certain personal data ("Shared Personal Data"), in order to execute the Terms and Conditions
entered into between the parties (hereinafter individually referred to as 'Party' and collectively
as 'Parties')
1. Definitions
For the purposes of this annex, capitalized terms shall have the meanings set out by personal
data protection laws.
2. Data Exchange
The Parties acknowledge and agree that, when a Party shares any Shared Personal Data, each
of them acts as an independent Data Controller in its own right with respect to its respective
processing of the Shared Personal Data.
Each Party represents and warrants:
a. That it has collected and processed the Shared Personal Data in accordance with
applicable data protection laws;
b. That it has the appropriate legal basis to share the Shared Personal Data with the
other Party.
Each Party agrees to:
(i) Not respond to any inquiries, complaints, requests, or claims from a Data Subject
relating to the data practices of the other Party and shall promptly forward any
such request to the other Party;
(ii) Mutually assist each other in case a Data Subject requests access, rectification,
erasure, restriction of processing, portability, or objection;
(iii) Mutually provide mandatory information to Data Subjects when personal data has
not been obtained from the data subject itself, in accordance with Article 14 of the
GDPR;
(iv) Maintain records of processing activities they carry out regarding Personal Data of
Data Subjects received from the other Party, as required by Data Protection Law;
(v) Apply appropriate safeguards, as required by Data Protection Law, if sharing the
Shared Personal Data outside the European Economic Area.
Shared Personal Data: In accordance with the provisions set forth in this document, the User
may share the types of personal data identified in section 2 of the Privacy Policy.
Purpose: The Parties may share the Shared Personal Data with Durcal to enable Durcal to
provide its remote assistance services.
Each of the Parties undertakes to ensure that Data Subjects, from whom the data is being
shared, receive the following information regarding the aforementioned processing:
Data Controller
Alpify Software S.L.
B66162694
Calle Santa Teresa, 6, Barcelona, España 08012 Barcelona (Spain)
Legal Basis
Execution and performance of a contract, legitimate interest, Consent
Data
Identification and contact information, location data, health data,
physical activity data.
Purposes
Providing teleassistance services to the interested parties.
Retention
Duration of the contract and, once concluded, blocked for the necessary
time to fulfill legal obligations of the Data Controller.
Contact
dpo@durcal.com
Phone:900 900 916
Recipients
Users & Alpify Software S.L.
Exercise of Rights
Rights of access, modification, rectification, opposition, and
cancellation, withdrawal of consent, as listed in the following privacy
policy at the address dpo@durcal.com
Privacy Policy
https://static.durcal.com/pd/pd_es.html
ANNEX II. PERSONAL DATA PROCESSING AGREEMENT (DPA)
This Annex II regulates the processing of the User's personal data by Alpify Software S.L.
(hereinafter referred to as 'Durcal' or 'Processor'), with Tax Identification Number B66162694
and registered address at Calle Santa Teresa, 6, Barcelona, Spain 08012 Barcelona (Spain). The
duration of said processing will be for the period during which the Parties fulfill their applicable
obligations under the Contract indicated in the table above
1. Accessed Data and Purpose of Processing
Durcal may access the categories of interested parties and types of data for the purposes
established in Section I of this DPA ('User's Personal Data').
2. Obligations and rights of the data protector:
In accordance with data protection regulations, Durcal, as the Data Processor, commits to:
a. Process the User's Personal Data only following documented instructions from the Data
Controller, without prejudice to compliance with obligations under Union or Member
State law applicable to Durcal.
b. Ensure that individuals authorized to process the User's Personal Data have committed
to confidentiality or are under a confidentiality obligation.
c. Implement all technical and organizational measures required by applicable regulations
to ensure a level of security appropriate to the risk of the processing and to ensure
compliance with the Controller's instructions.
d. Respect the conditions for engaging another Data Processor, as established in data
protection regulations.
e. Assist the Controller, whenever possible, in fulfilling their obligation to respond to
requests aimed at exercising the rights of data subjects.
f. Aid the Controller in ensuring compliance with its obligations, taking into account the
nature of the processing and the information available to Durcal.
g. At the Controller's choice, delete or return all User's Personal Data after the provision
of processing services ends, and delete existing copies unless retention is required
under Union or Member State law.
h. Provide the Controller with information regarding compliance with Data Protection
regulations.
i. Ensure that the Data Protection Officer or, if applicable, the Privacy Officer,
appropriately and timely participates in all matters concerning the protection of the
User's Personal Data.
j. Adhere to the Code of Conduct that may be approved by the relevant Commission or
body, if applicable.
k. Maintain a record of processing activities.
3. Exercise of rights by the data subject.
If an interested party exercises any of the rights established in the Data Protection regulations,
the Controller and/or the Processor must provide them with information about the actions
requested and taken, without delay and, at the latest, within one month from the receipt of
the request. This period may be extended by a maximum of another two months if necessary,
considering the complexity of the request and the number of requests. If the request is not
processed, the Controller and/or Processor will inform, at the latest within one month of
receiving the request, the reasons for not taking action and the possibility of filing a complaint
with a Control Authority and of initiating legal action. The response to the request for the
exercise of rights will be made in the same format used by the interested party, unless they
request it be done otherwise.
4. Subcontractors
The Data Processor cannot provide access to the User's Personal Data to third parties other
than those expressly and in writing authorized by the User in Section II. The Processor ensures
that, in such case, it has signed an agreement with each subcontractor mentioned in Section II,
which is sufficient in accordance with the provisions of this DPA (Data Processing Agreement)
and the Data Protection Regulations.
5. International transfers of Personal Data
The Data Processor cannot make any international transfer of the User's Personal Data without
their express authorization, with the exception of transfers to international subcontractors
mentioned in Section II, provided that an agreement with appropriate contractual guarantees
is signed with each of them, as prescribed by the Data Protection Regulations.
6. Data Security Breaches
As soon as there is an instruction from the supervisory authority, a national legislative
development regulating these communications, or a delegated act, in the event of a breach in
the security of the User's Personal Data, the Data Processor will notify the User of all such data
security breaches without undue delay and, if possible, no later than 24 hours after the breach
has occurred
7. Termination, resolution, and conclusion
The termination, resolution, or conclusion of the service provision contractual relationship
between Durcal and the User will require the latter to delete the User's Personal Data provided
by the Data Controller, retaining such data only and exclusively as long as there is a legal
obligation to keep it. Once the established period to cover legal responsibilities has passed, the
personal data must be destroyed or returned to the Data Controller, as well as any medium or
document containing any personal data of the same.
Section I
Type of data
Legal basis
Purposes
Identification details:
Photograph of the
interested party
Consent of the
interested party
Identify the App users
Section II
Subcontractor's data
Purposes
In the event of an international data
transfer, confirmation that the transfer
provides the corresponding guarantees
(Commission Decision, standard clauses,
authorization from the supervisory
authority, other guarantees...)
Name/Entity: Google
LLC
Address: 1600
Amphitheatre Parkway,
Mountain View
(California), CA 94043,
United States
Data analysis company.
Phone, device, location.
Yes, it provides the corresponding
guarantees
Specify:
https://cloud.google.com/privacy/gdpr
Name/Entity: Amazon
Web Services, Inc.
Address: Calle Ramirez
De Prado, 5. 28045,
Madrid (madrid).
España.
Technological Infrastructure
Phone number + location
(optional, permissions
turned off) + Name
(optional) + IP + Shipping
Address (in case of watch
purchase) + Email (optional)
+ Device.
Yes, it provides the corresponding
guarantees
Specify:
https://aws.amazon.com/es/compliance/g
dpr-center/
Name/Entity:Movistar
Prosegur Alarmas
Address: CALLE
PAJARITOS, 24 - 1
28007 Madrid
Contact details of the
Data Protection
Officer:
dpo@movistarprosegu
ralarmas.com
Alarm Receiving Center
Phone number, location in
case of emergency,
emergency contacts.
N/A, as there is no international data
transfer. Click or tap here to enter text.
Name/Entity:
byrd technologies
GmbH
Wiedner Hauptstraße
24/12a
1040 Vienna, Austria
Contact details of the
Data Protection
Officer.:
Logistics
Phone number, address,
first name, last name.
Yes, it provides the corresponding
guarantees
Specify:
https://www.getbyrd.com/en/privacy
datenschutz@getbyrd.
com