Privacy Policy and data Protection

1. Data Controller.

The personal data collected will be processed by "UTE FERROLBUS", with registered offices in Plaza de San Cayetano, S/N, 24009, León, the Data Controller for personal data collected through this website/app.

Users can provide personal information voluntarily either through the forms included in the website/app or by means of the e-mail address made available for this purpose. By providing your personal information through any of the forms and e-mail addresses on this website/app, you accept and consent to the processing of said information under the terms indicated in this privacy policy.

2. Purpose of personal data processing.

In general, your personal details are collected and processed for the purposes set forth below:

i) To be able to contact users;

ii) To field and properly manage any queries, comments, incidents or suggestions submitted;

iii) To field and properly manage the requests for transport passes sent;

iv) To manage basic administration tasks;

v) To provide additional services and to improve our services and the customer's experience when using the website/app;

vi) Statistical analysis of visits to the website/app and the behaviour of its users;

vii) To properly manage navigation of this website/app;

viii) To comply with any legal obligations pertaining to us , and to communicate your personal data to the State Armed and Security Forces as well as any other agencies with competence in this area, if we are required to do so.

ix) To correctly handle any situations of emergency, disaster or force majeure it may be necessary to communicate your personal data to institutions or agencies with competence in this area.

x) Contact the user to inform them, if necessary, with regards to contact traceability in situations of epidemic control and its propagation. The personal data will be kept for 90 days from the date of your trip. During this period it will be available to the health authorities who require it.

3. Legal grounds.

The legal grounds for the aforementioned processing are the user's consent, the company's legitimate interest and the fulfilment of a legal obligation.

4. Recipients of personal data.

The recipients of the data will be UTE. Data will not be transferred to third parties unless this is required by law. UTE undertakes to respect your privacy when processing personal data and to use this information solely for the stated purposes.

5. Rights of data subjects.

Data subjects can exercise their rights to access, rectification, erasure, objection, portability, and restriction by contacting “UTE FERROLBUS”, either by sending an e-mail to or by writing to: Alsa, Dpto. Asesoría Jurídica, Calle Miguel Fleta, 4, 28037, Madrid, Spain. Any such requests must be accompanied by a photocopy of a valid National ID card or equivalent document accrediting the data subject’s identity and must specify the right being exercised.

Data subjects may, at any time and under the terms set out in the applicable data protection regulations, withdraw the authorisation granted to process their personal information.

The data subject has the right to file a complaint with the Spanish Data Protection Agency (

Whatever the case, users must answer for the truth of the data provided. The company reserves the right to ban any user providing false information from using the services, without prejudice to any other legal actions which may be taken. Users are responsible for notifying of any changes to their personal information.

6. Data retention period.

We only store users' personal data to use it for the purpose it was originally collected and in accordance with the legal basis for processing it. We will retain personal data as long as there is a contractual and/or commercial relationship with the user, and as long as the user does not exercise the right to erasure, cancellation, and/or restriction with regard to the processing of such data.

Should this occur, said data will be blocked and not used as long as it may be needed to lodge or defend complaints or when any kind of legal or contractual responsibility may be derived from processing it that must be addressed and for which the data must be retrieved.

The company must comply with current legislation as regards its obligation to cancel the personal information that is no longer needed for the purpose or purposes for which it was collected, blocking the same so as to be able to respond to any possible liabilities arising from the processing of data, and solely for the duration of the limitation periods for any such liabilities. After the aforementioned limitation periods have elapsed the information in question shall be erased by secure methods.

7. Information we collect about visits to the website/app.

We collect and store limited personal information and anonymous statistics of all users that visit our website/app, either because the user actively provides said information or is simply browsing our website/app. The information we collect includes the Internet Protocol (IP) address of the device being used by the user, the browser and operating system being used, the time and date of access, the web address accessed by the user, as well as information on how our website/app is being used.

We use this information to know how long our website/app takes to load, how it is used, the number of visits, and the information that is most consulted by the user. This information helps us know whether the website/app is working correctly, so that if we detect errors or bugs we can fix them and improve our website's performance to be able to offer a better service for all our users.

In view of the above, we collect usage and browsing data for statistical and advertising purposes, to monitor the use of our website/app, and to improve our knowledge of our website users’ interests.

8. Social media.

UTE has set up profiles on some of the main online social media (Facebook, Twitter, etc.), and it is therefore Data Controller for the data of its followers, fans, subscribers and commentators in all these cases. UTE may only carry out such processing as permitted by social media for corporate profiles. UTE may inform its followers by any means permitted by the social media network in connection with its activities, services, etc. Under no circumstances will UTE extract data from social media networks.

9. Minors.

Minors under 14 must not send any personal information without consent from a parent or guardian. UTE assumes no liability for information sent by under 14 minors without due authorisation.

10. Security measures.

UTE has taken the personal data protection safety measures required by current legislation in accordance with the type of information processed and have implemented other media and additional technical measures within their reach to avoid the unauthorised alteration, loss, processing of or access to the data received. The company hereby guarantees that it has adopted the appropriate security measures to ensure the security of the information and the confidentiality of the data that you send us over the Internet. Notwithstanding, users should be conscious of the fact that internet security measures are not fail-safe.

11. Cookies.

Access to the website can mean using cookies. Cookies are small files which are stored on a user’s browser. They allow the server to retrieve certain information for future use. This information makes it possible to identify you as a particular user and enables the saving of your personal preferences, as well as technical information, such as the number of visits or particular pages you visit. Consult our Cookies Policy for further information.