PRIVACY POLICY

PRIVACY POLICY

GETREFUND, S.L. (WOONIVERS hereafter) informs the Users of WOONIVERS’ Website and mobile App about its policy regarding the processing and protection of their personal data that may be collected by the company through its website and services.

WOONIVERS’ policies complies with the current regulations on personal data and especially with the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR), and the Spanish Organic Law 3/2018, of December 5, Protection of Personal Data and Guarantee of Digital Rights (Ley Orgánica 3/2018, de 5 de diciembre, de protección de datos personales y garantía de los derechos digitales or LOPDGDD)

COMPANY INFORMATION

Controller: GETREFUND, S.L. 

ID number: B 87922522

Address: Registered office at Plaza Pablo Ruiz Picasso, 1, 28020, Madrid, Spain.

Contact: data@woonivers.com 

DATA COLLECTION, PURPOSES AND PROCESSING

WOONIVERS informs the Users of its website and App that the collection of personal data that can be carried out, either by using WOONIVERS’ services, by sending email or by filling in the forms included on the website or App. 

WOONIVERS will be considered as the Controller of the data collected through the means described above.

WOONIVERS informs the Users that their personal data may be used for the following purposes:

  • To answer the requests made by the Users
  • The provision of Woonivers’ services 
  • To manage commercial relationships.

All personal data collected through the website or the Woonivers’ App, will be incorporated into a personal data file owned by WOONIVERS.

Specifically, Woonivers will collect the following personal data for the development and execution of its services (Tax refund process through the App):

Information that we obtain from the User during the registration process:

  1. Email address: to validate the User’s registration in the App.
  2. Billing address: to verify the residence of the User.
  3. ID or Passport and Selfie: to verify the identity of the User and his/her residence.
  4. Invoices scanned by the User: to generate the electronic DIVA Tax Free forms (DER).
  5. Payment methods (credit card, bank account, etc.): to be able to refund the taxes accumulated by the User in his/her purchases.
  6. Boarding Pass: To verify that the User has left the territory of the European Union.

Information we obtain from the User’s mobile device:

  1. Geolocation via GPS, and IP Address. To verify when the User has left the EU territory, so we can reimburse him/her the taxes. Also, optionally, to be able to offer to the Users personalized services.
  2. Access to notifications: to be able to support and help the User throughout the different steps of the Tax Refund process.

RIGHTS OF THE USERS

The General Data Protection Regulation grants the data owners the possibility to exercise certain rights related to their personal data:

Access: The User, as data owner, has the right to obtain from Woonivers the confirmation as to whether or not personal data concerning him/her are being processed, and, where that is the case, access to his/her personal data and other information as the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; etc.

Rectification: The User has the right to obtain from Woonivers the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the User has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Erasure (right to be forgotten): the User has the right to obtain from Woonivers the erasure of personal data concerning him or her without where one of the following grounds applies:

  1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. the User withdraws the consent on which the treatment is based;
  3. the User objects to the processing and the are no overriding legitimate grounds for the processing;
  4. the personal data have been unlawfully processed;
  5. the personal data have to be erased for compliance with a legal obligation under EU or national law to which Woonivers is subject;
  6. the personal data have been collected in connection with the offer of services of information society on “conditions applicable to child’s consent”.

Restriction of processing: the User has the right to obtain from Woonivers restriction of processing where one of the following applies:

  1. the accuracy of the personal data is contested by the User, for a period enabling Woonivers to verify the accuracy of the personal data.
  2. the processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
  3. the personal data is no longer necessary for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims.
  4. the User has objected to the processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.

Objection: the User has the right to object on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her, within the limits fixed by the Law.

Portability: the User has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

To exercise any of these rights, the User can contact WOONIVERS by email to the following address: data@woonivers.com, proving his or her identity with a copy or his o her ID or passport. 

The User can also contact WOONIVERS through a letter duly signed (accompanied by the ID proof) that can be sent to the following address: Plaza Pablo Ruiz Picasso, 1, 28020, Madrid.

The User’s communication must contain the following information: name and surname of the User, his or her address, the right or rights that the User intends to exercise and the supporting data.

The exercise of these rights must be performed by the User or by a person authorized as legal representative by the User. In this case, the documentation proving this representation must be provided.

The exercise of the User’s rights will be completely free unless the request is manifestly unfounded or excessive, in particular because of their repetitive character. In such cases, the User may be charged with a reasonable fee that compensates the costs of attending the request, or WOONIVERS can refuse to act on the request following article 12 GDPR.

The deadline to meet the User’s request will be ONE MONTH from the day of receipt of the request. This deadline may be extended by two further months where necessary, taking into account the complexity and number of the requests. WOONIVERS will inform the User of such extension within one month of the receipt of the request, together with the reason for the delay.

If WOONIVERS considers that it cannot take any action on the request, the User will be informed about this decision and the reasons for not taking any action within one month of the receipt of the request.

If the User believes that his/her rights have not been adequately addressed, the User may submit a claim to the Spanish Data Protection Agency. C / Jorge Juan, 6. 28001 – Madrid. www.agpd.es.

PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

In the processing of personal data, the following principles will be applied:

Lawfulness, fairness and transparency: the personal data will always be processed lawfully, fairly and in a transparent manner.

Limitation: the personal data will always be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Minimisation of data: the personal data requested will always be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Accuracy: the personal data shall always be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

Storage limitation: the personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Integrity and confidentiality: the personal data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

LEGITIMACY OF PROCESSING

The processing of the personal data will be based on at least one of the following grounds:

  1. The User has given consent to the processing of his or her personal data for one or more specific purposes;
  2. The processing is necessary for the provision of the services requested by the User;
  3. The processing is necessary for compliance with a legal obligation to which WOONIVERS is subject;
  4. The processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  5. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in WOONIVERS;
  6. The processing is necessary for the purposes of the legitimate interests pursued by WOONIVERS or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the User, as data owner, in particular when the data owner is a child.

DATA CATEGORIES

WOONIVERS processes the following categories of personal data:

  1. Identification data: including passport and photo or video selfie.
  2. Email address.
  3. Data related to billing: billing address and invoices uploaded by the User.
  4. Payment methods.
  5. Boarding pass.
  6. Geolocation: GPS and IP address.

STORAGE OF PERSONAL DATA

The personal data will be kept during the provision of services and once finished, during the time requested by the Law. 

SHARE OF PERSONAL DATA

Depending on the services and purposes for which the personal data have been collected, WOONIVERS may share the User’s personal data with service providers and suppliers. These services provided by third parties are necessary for the development of WOONIVERS’ activity and the provision of the services requested by the User. In order to protect the User’s personal data, WOONIVERS signs a special data protection clause with all its service providers and suppliers.

WOONIVERS forbids third parties to whom WOONIVERS has provided the User’s personal data to use the information for purposes other than those for which the personal data have been specifically communicated, being obliged any third party to process your data in accordance with the guidelines provided by WOONIVERS.

WOONIVERS, in its commitment to privacy and the protection of the Users’ personal data, will choose only service providers that offer sufficient guarantees to apply appropriate technical and organizational measures to protect the Users’ personal data.

SECURITY OF THE PERSONAL DATA

WOONIVERS has taken all the necessary organizational and technical measures to protect the Users’ personal data, avoiding any alteration, loss or unauthorized access.

WOONIVERS guarantees a sufficient security level regarding the risk involved in the processing of the data. The measures implemented by WOONVIERS include:

  • The encryption of personal data.
  • Measures to ensure the confidentiality, integrity, availability and resilience of the data.
  • The ability to restore the personal data in the event of a physical or technical incident.
  • A process of regular verification, evaluation and assessment of the effectiveness of the technical and organizational measures.

CHANGES IN THE PRIVACY POLICY

WOONIVERS reserves the right to modify this policy in order to adapt it to new regulations or jurisprudence, as well as industry practices. In these cases, the changes introduced will be announced on this page with reasonable notice before they are put into practice.

COMMERCIAL MAILS

In accordance with the Spanish Law on Information Society Services and Electronic Commerce (Ley de Servicios de la Sociedad de la Información y del Comercio Electrónico or LSSICE) WOONIVERS does not perform SPAM practices, so it does not send commercial emails that have not been previously requested or authorized by the User. Consequently, in each of the forms on the web and the App, the User has the possibility of giving his express consent to receive the newsletter, regardless of the commercial information requested.

Following the provisions of the LSSICE, WOONIVERS undertakes not to send communications of a commercial nature without properly identifying them.