Page unavailable in version Beta

Terms and Conditions

Ubiwhere complies with all applicable legal regulations regarding data protection, privacy and information security.

Last updated: February 2024


«Personal data»

«Personal data» means information relating to an identified or identifiable single person ("data owner"); an identifiable person can be identified, directly or indirectly, in particular by reference to an identifier. Personal identifiers are, for example, a name, an identification number, location data, electronic identifiers or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

«Processing of Personal Data»

«Processing» means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


«Cookies» are small text files containing information considered to be relevant that the devices used for access (computers, mobile phones or portable mobile devices) load, via the internet browser, when an online site is visited by the Citizen or User.

Entity Responsible for Treatment

Ubiwhere, a Public Legal Entity with the VAT 508245567, is the entity responsible for the website.

The use by any User, Service Recipient or Citizen may imply the carrying out of personal data processing operations, the protection, privacy and security of which is ensured by Ubiwhere, as the entity responsible for the respective processing, in accordance with the terms of this Data Protection Policy.

Contacts of the Entity Responsible for Treatment

To contact the Ubwihere Data Protection Resposible, please send an e-mail to, describing the subject of the request and providing an e-mail address, a telephone contact address or a correspondence address.

Collection and Processing of Personal Data

Ubiwhere processes the personal data strictly necessary for the provision of information and the operation of its channels, in accordance with the uses made by Users, Service Recipients or Citizens, either those provided for the purpose of registering requests or obtaining information, or those provided for the purpose of joining the channel, or those resulting from the use of the services provided by Ubiwhere through it, such as accesses, queries, instructions, transactions and other records relating to their use.

In particular, the use or activation of certain features of the channel may involve the processing of various direct or indirect personal identifiers, such as name, home address, contact details, device addresses or geographical location, provided that the User, Service Recipient or Citizen has expressly consented to this.

In all cases, Users, Service Recipients or Citizens will always be informed of the need to access such data in order to use the functionalities of the channels in question.

The personal data collected by Ubiwhere is processed electronically, in certain cases in an automated way, including the processing of files or the definition of profiles and within the scope of the management of the pre-contractual, contractual or post-contractual relationship with Users, Service Recipients or Citizens, under the terms of the national and community regulations in force.

Categories of Personal Data Processed and Data Subjects

The categories or types of personal data that are processed are generally as follows:

- identification data;

- contact details;

- professional data;

- traffic and access control data.

In the various establishments of the Data Responsible, biometric data may also be processed, processed through the video surveillance systems that are installed.

The detailed list of categories of personal data and categories of data subjects can be found in the Data Processing Information Sheets.

Foundations of Legitimacy

All data processing operations carried out by Ubiwhere have a legitimate basis, namely, either because the data subject has given their consent to the processing of their personal data for one or more specific purposes, or because the processing is considered necessary for the performance of a contract to which the data subject is a party or for pre-contractual steps at the request of the data subject, processing is necessary for compliance with a legal obligation to which the controller is subject, or in the public interest, or processing is considered necessary for the purposes of the legitimate interests pursued by Ubiwhere or by a third party.

Purpose of Data Treatment

All personal data processed within the scope of Ubiwhere channels is intended exclusively for the provision of information to Users, the management of personal information of Service Recipients deemed necessary for the purposes of relationship management or communication, as well as the provision of services to Citizens and, in general, the management of pre-contractual, contractual or post-contractual relationships with Users, Service Recipients or Citizens.

The personal data collected may also be processed for statistical purposes, for information dissemination or promotional actions and for communication actions, namely to promote actions to publicise new features or new services, through direct communication, whether by correspondence, e-mail, messages or telephone calls or any other electronic communications service.

While prior information and the collection of express authorisation for the latter purposes are always ensured, Users, Service Recipients or Citizens may, at any time, exercise their right to withdraw consent or their right to object to the use of their personal data for other purposes that go beyond the management of the relationship with the Data Controller, namely for the pursuit of legitimate interests, for the sending of informative communications or for inclusion in lists or information services, by sending a written request to Ubiwhere's Data Protection Officer in accordance with the procedures set out below.

Data Processing Information Sheets

Under the terms of the principle of loyalty and transparency, and to ensure compliance with the duty to inform, Ubiwhere delivers directly or makes publicly available to all data subjects, depending on how their personal data is collected, information sheets on the data processing operations carried out, which are available for consultation at any public service centre or at the Data Protection Officer.

Data Retention Period

Personal data will only be stored for the period necessary for the purposes for which it was collected or subsequently processed, ensuring compliance with all applicable legal rules on archiving and specifying the specific storage period in each of the Data Processing Information Sheets.

Use of Cookies

Ubiwhere may use two main categories of cookies: "cookies" within the scope of its online sites and "cookies" within the scope of its direct electronic communication channels, with Users or Citizens always being guaranteed the right to deactivate them in either category.

Ubiwhere uses cookies on its online sites in order to improve the performance and browsing experience of Users and Citizens, increasing, on the one hand, the speed and efficiency of response and, on the other, eliminating the need to repeatedly enter the same information.

The use of cookies helps online sites to recognise Users' and Citizens' devices the next time they visit, and in some cases is essential for their operation.

The cookies used by Ubiwhere, on all its channels, do not collect personal information that allows Users or Citizens to be identified, but only store generic information, such as the form or geographical location of access and how they use the channels, among others. Cookies only retain information related to the preferences of Users and Citizens, and no personal identifiers are recorded.

Users, Service Recipients and Citizens may, at any time, via the computer application they use to browse the internet ("browser"), decide to be notified of the receipt of cookies, as well as to block their entry into their system.

With regard to the type of purposes intended, Ubiwhere may, where appropriate, use three different types of cookies, in accordance with the following specifications:

(i) essential cookies - some cookies are essential to access specific areas of the online channels, allowing navigation and use of their applications, as well as access to secure areas of the sites, through user registration - without these cookies, services that require them cannot be provided;

(ii) Functionality cookies - Functionality cookies make it possible to remember the user's preferences with regard to browsing the online sites, thus not needing to reconfigure and personalise them each time they visit;

(iii) analytical cookies - these cookies are used to analyse how users use online sites, highlighting articles or services that may be of interest to users, monitoring site performance, as well as knowing which pages are most popular, which method of linking pages is most effective or to determine why some pages are receiving error messages - these cookies are used only for the purposes of statistical creation and analysis, without ever collecting personal information.

For these purposes, Ubiwhere can provide a high quality experience for Users, Service Recipients or Citizens, personalising information and offers and identifying or correcting any problems that may arise during their use.

With regard to the type of validity, there are two types of cookies:

(i) permanent cookies - these are cookies that are stored on the devices used to access the channels (computers, mobile phones, etc.), at the level of the computer application used to browse the internet ("browser"), and are used whenever Users or Citizens visit any channel again - in general, they are used to direct browsing according to the interests of the User or Citizen, allowing Ubiwhere to provide a more personalised service;

(ii) session cookies - these are temporary cookies that are generated and are only available until the session ends, since the next time the Citizen/User accesses their browser the cookies will no longer be stored - the information obtained allows sessions to be managed, problems to be identified and a better browsing experience to be provided.

Users, recipients of the service or citizens may deactivate some or all of the cookies at any time - to do so, they must follow the instructions available in each of the computer applications used to browse the internet ("browser"); however, by deactivating, they may lose access to some features of the sites.

Ubiwhere, within the scope of direct electronic communication channels, may also use cookies when opening the different electronic communications sent, such as newsletters and e-mails, for statistical purposes - allowing us to know if these communications are opened and to check clicks on links or adverts within these communications.

Also in this category of cookies, Users, Recipients of the Service or Citizens always have the possibility to deactivate the sending of electronic communications through the specific option in the footer of the same.

Communication of Data to Other Entities

The provision of information or services by Ubiwhere to its Users, Service Recipients or Citizens through the channels may involve the use of third party subcontractors, including entities based outside the European Union, for the provision of certain services, which may imply access by these entities to such personal data.

In these circumstances, and whenever necessary, Ubiwhere will only use subcontractors that provide sufficient guarantees that appropriate technical and organisational measures have been taken so that the processing meets the requirements of the applicable rules, and such guarantees will be formalised in a contract signed between Ubiwhere and each of these third parties.

Data Recipients

Except in the fulfilment of legal obligations, the execution of contracts or the pursuit of legitimate interests, under no circumstances will the personal data of Users, Recipients of the Service or Citizens be communicated to third parties other than subcontractors or legitimate recipients, nor will any other communication be made for purposes other than those mentioned above.

International Data Transfers

Any transfer of personal data to a third country or an international organisation will only be carried out within the framework of compliance with legal obligations or to ensure compliance with the applicable EU and national legal rules.

Security Measures

Taking into account the most advanced techniques, the costs of application and the nature, scope, context and purposes of the processing, as well as the risks, of varying probability and severity, to Users, Service Recipients or Citizens, Ubiwhere and all its subcontractors apply the appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

To this end, various security measures are adopted in order to protect personal data against its dissemination, loss, misuse, alteration, unauthorised processing or access, as well as against any other form of unlawful processing.

It is the sole responsibility of Users, Recipients of the Service or Citizens to keep their access codes secret and not share them with third parties and, in the particular case of the computer applications used to access the channels, to keep and maintain the access devices in a secure condition and to follow the security practices advised by the manufacturers and/or operators, particularly as regards the installation and updating of the necessary security applications, including, among others, antivirus applications.

If there is a need to subcontract services to third parties that may have access to the personal data of Users, Service Recipients or Citizens, Ubiwhere's subcontractors will be obliged to adopt the security measures and protocols at organisational level and the technical measures necessary to protect the confidentiality and security of personal data, as well as to prevent unauthorised access, loss or destruction of personal data.

Exercising the Rights of Data Subjects

Users, Service Recipients or Ubiwhere Citizens may, as holders of personal data, at any time exercise their data protection and privacy rights, namely the rights of access, rectification, erasure, portability, limitation or opposition to processing, under the terms and with the limitations provided for in the applicable rules.

Any request to exercise data protection and privacy rights must be addressed in writing by the respective data subject to the Data Protection Officer, in accordance with the procedure and contact details described below.

Complaints or suggestions

Users, Recipients of the Service or Citizens have the right to lodge a complaint, either by registering the complaint in the Complaints Book or by submitting a complaint to the regulatory authorities - in the latter case, they can submit a petition or complaint directly to the National Data Protection Commission via the contacts available at .

Users, recipients of the service or citizens can also make suggestions by emailing the Data Protection Officer at

Incident reporting

Ubiwhere has implemented an incident management system for data protection, privacy and information security.

If any User, Service Recipient or Citizen wishes to report the occurrence of any personal data breach, which accidentally or unlawfully results in the unauthorised destruction, loss, alteration, disclosure of or access to personal data transmitted, stored or otherwise processed, they can contact the Data Protection Officer or use Ubiwhere's general contact details.

Changes to the Data Protection Policy

In order to ensure its updating, development and continuous improvement, Ubiwhere may, at any time, make any changes deemed appropriate or necessary to this Data Protection Policy, and its publication in the different channels is ensured to guarantee transparency and information to Users, Service Recipients and Citizens.

Special Data Protection Policies

With a commitment to transparency and information and to ensure that the Data Protection Policy is appropriate to the different data processing operations carried out and, above all, to the different categories of data subjects, Ubiwhere may develop special Data Protection Policies, such as:

- the Data Protection Policy in the Labour Context;

- the Application Management Data Protection Policy; and

- the Supplier Employee Data Protection Policy.

These special policies are made available directly to the respective categories of data subjects and are available for consultation on request from the Data Protection Responsible.

Data Protection Responsible

For the exercise of any type of data protection and privacy rights or for any matter relating to data protection, privacy and information security issues, Users, Service Recipients and Citizens who interact with Ubiwhere may contact the Data Protection Officer by e-mail at, describing the subject of the request and indicating an e-mail address, a telephone contact address or a correspondence address for reply.