Data protection policy

TELEFÓNICA S.A. advises users of the telefonica.com portal that the companies comprising the TELEFÓNICA S.A. Group abide by current Spanish legislation on matters of personal data protection, users' privacy and the secrecy and security of personal data, as provided in Organic Law 15/1999, of 13 December, governing Personal Data Protection and in Royal Decree 1720/2007, of 21 December, which approve the Regulations that develop Organic Law 15/1999, by adopting the necessary technical and organisational measures to avoid the loss, misuse, alteration, unauthorised access or theft of the personal data provided, taking into account the state of the technology used, the nature of the data and the risks to which it is exposed.

Specifically, TELEFÓNICA S.A. informs users of its telefonica.com portal that personal data can only be obtained for processing if they are appropriate, pertinent, and not excessive for the determined area and ends, explicit and legitimate, for which they were obtained. They will be cancelled when they are no longer necessary or pertinent for these ends, or when their owner requests they be cancelled.

When telefonica.com gathers personal data, users shall receive clear and specific prior notification of the following:

• The existence of a file or processing of data of a personal nature, the reasons for gathering such data and the recipients of this information.
• Recording of the file in the Data Protection Agency's Register.
• The obligatory or optional nature of the replies to any questions which may be asked, and the consequences of obtaining data or the refusal to supply them.
• The possibility of exercising the right to access, correct, cancel and oppose this data.
• Name and address of those responsible for data processing.

All responsibility for the completion of forms with false, inaccurate, incomplete or outdated information shall be that of the user.

Any transfer of the personal data of users of this portal to third parties shall be duly communicated to those affected, specifying the identity of the recipients of the data and the uses to which they will be put.