Last updated: 14/07/2025
PRIVACY POLICY FOR MOBILE APPLICATIONS (APPS)
Access to and use of the AlertCops application constitutes the status of User and interested party, which implies observance and compliance with the provisions contained herein, as well as any other applicable legal provisions.
The Spanish Ministry of the Interior, through the Subdirectorate General of Security Systems and Communications for Security of the State Secretariat for Security, is responsible for the development, operation and maintenance of the AlertCops information system , the main purpose of which is to improve and facilitate access to certain public citizen security services, so that any person, regardless of their language, origin or their hearing or vocal disabilities, can communicate to the State Security Forces and Corps (Police and Civil Guard) an alert, information, data or news about a criminal act or security incident of which they are a victim or witness.
This Privacy Policy explains the practices regarding the collection, use, disclosure, and protection of information collected through the AlertCops App , as well as the choices you can make regarding the collection and use of that information and the personal data it contains.
The Service is available in the European Economic Area, Switzerland or the United Kingdom.
Before accessing or using the application, the user must ensure that they have read and understood how it collects, stores, uses, transfers, or transfers their personal information.
1. PROCESSING OF PERSONAL DATA.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR) and repealing Directive 95/46/EC, Organic Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights, and Organic Law 7/2021 of 26 May on the protection of personal data processed for the purposes of prevention, detection, investigation and prosecution of criminal offenses and the execution of criminal penalties, the Subdirectorate General of Information and Communications Systems for Security of the State Secretariat for Security informs users of the AlertCops application (hereinafter, the Application) about the processing of personal data that they have voluntarily provided during the process of Registration, access, and use of the service. Furthermore, please note that the Spanish Ministry of the Interior maintains an inventory/registry of processing activities that specifies, according to their purposes, the processing activities carried out, and the other circumstances established in the GDPR. For more information, the contents of the file included in this registry can be consulted on the following website:
2. IDENTIFICATION OF THE DATA CONTROLLER.
The Subdirectorate General of Information Systems and Communications for Security of the State Secretariat for Security , with registered office for notification purposes at: Calle Amador de los Ríos, 2, 28010, Madrid (hereinafter, the Data Controller), is the entity responsible for processing the data provided by the clients of the Application (hereinafter, the User(s), whose origin is found in the following functionalities of the AlertCops application :
a) “Share location with trusted people” service, including geo-fencing
b) Join me: unattended service for safety in sports activities
The responsibility for the processing of personal data originating from any functionality of the AlertCops application other than those indicated in the preceding paragraphs shall fall on the corresponding authority of the General Directorates of the Police and the Civil Guard.
Depending on the user's geographic location, alerts will be forwarded to the appropriate law enforcement agency, either the National Police or the Civil Guard, following current regulations and established procedures. Thus, the rights that apply under applicable law may be exercised before the respective authorities.
If the National Police is responsible for receiving the alert, the Data Controller will be:
General Directorate of Police
Technical Office (DIR3 EA0009685)
C/Rafael Calvo 33 Madrid 28010
In this case, the rights recognized in current legislation may be exercised before your Data Protection Officer:
Data Protection Officer of the General Directorate of Police (DIR3 EA0009685)
C/ Rafael Calvo 33, Madrid 28010.
Email: policianacional.dpd@policia.es
If the Civil Guard is responsible for receiving the alert, the Data Controller will be:
General Directorate of the Civil Guard
Head of the Staff Operations Section (DIR3 311680402)
Guzmán el Bueno Street, 110
28003 Madrid (Madrid)
Email: em-secope@guardiacivil.org
Electronic headquarters: https://sede.guardiacivil.gob.es/
In this case, the rights recognized in current legislation may be exercised before your Data Protection Officer:
Data Protection Officer of the General Directorate of the Civil Guard (DIR3 EA0039587)
C/ Guzmán el Bueno, 110 28003 Madrid
Email: dggc-dpd@guardiacivil.org
Electronic headquarters: https://sede.guardiacivil.gob.es/
In relation to the information collected during the use of the functionalities indicated in letters a and b of the first paragraph of this section, the data controller will be:
State Secretariat for Security
Subdirectorate General of Information and Communications Systems for Security (DIR3 E04646304)
c/ Cabo López Martínez, s/n 28048 El Pardo Madrid.
Telephone : 918398004
Email: secretaria.sgsics@interior.es
In this case, the rights recognized in current legislation may be exercised before your Data Protection Officer:
Data Protection Officer for the State Secretariat for Security (DIR3 E04625302)
C/ Amador de los Ríos 2, 28071 Madrid.
Email: ses.dpd@interior.es
Phone : 91.537.19.24/25
Fax: 91.537.19.44
3. PURPOSE OF DATA PROCESSING.
Personal data is collected, managed, safeguarded and stored by the AlertCops application in order to facilitate, expedite and fulfill the commitments established between the Data Controller, the data controllers of the General Directorates of the Police and the Civil Guard and the user or the maintenance of the relationship established in the forms that the latter fills out or to respond to a request or query.
Among the purposes of personal data processing is the storage of the user's access data to the application, in accordance with the established retention period. This is done to facilitate the recovery of your data by the application in the event of its uninstallation.
Users over 14 years of age, by checking the box , expressly, freely and unequivocally accept that their personal data may be processed by the State Secretariat for Security for the following purposes:
- Reception and forwarding to the Emergency Management Centers of the State Security Forces and Corps (091 or 062) of communications made by the registered user, in the event of an insecurity or emergency situation included in the situations predefined in the system, automatically sending the information of the alerting person, which will be the one defined during their registration, along with their position and the emergency situation.
- Conduct statistical studies
- Send security alerts and notices, based on your personal data and location data provided by the user.
- Sending communications of interest to citizen security via email, fax, SMS, MMS, social media, or any other electronic or physical means, present or future, that makes such communication possible. These communications will be related to services offered by the provider, as well as by other agencies of the General State Administration, Autonomous Communities, or Local Authorities with jurisdiction over citizen security matters, with which the service provider has reached an agreement. In this case, third parties will never have access to personal data. In all cases, communications will be made by the provider and will relate to services related to the citizen security sector. At the time the personal data is obtained, the specific purpose or purposes for which the personal data will be processed will be reported; that is, the use or uses to which the information collected will be put.
4. LEGITIMATION.
Legal basis for the processing of personal data
The legal bases for the processing of personal data are consent, acting under a legal obligation, and carrying out actions in the public interest, based on Article 6.1, sections a), b), and e) of the GDPR. Specifically, processing is necessary for the exercise of public powers conferred on the data controller within the scope of Organic Law 4/2015, of March 30, on the protection of citizen security. Insofar as it is an additional service provided to the user when they accept the terms of service, processing is necessary for the execution of a service provision relationship in which the data subject is a party as a user of the application. In the case of processing based on consent (identity data of the data subjects), the data controller undertakes to obtain the express and verifiable consent of the user for the processing of their personal data for one or more specific purposes. In these cases, the user has the right to withdraw their consent at any time. Withdrawing consent is as easy as giving it.
On occasions when the User must or may provide their data through forms to make inquiries, request information or for reasons related to the content of AlertCops , they will be informed if the completion of any of them is mandatory because they are essential for the correct development of the operation carried out.
If the processing is carried out for the purposes of preventing, detecting, or investigating crimes, the legal basis is Article 11 of Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDP).
Laws that this privacy policy incorporates
This privacy policy complies with current Spanish and European regulations regarding the protection of personal data online. Specifically, it complies with the following standards:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).
- Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPD-GDD).
- Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation, and prosecution of criminal offenses and the enforcement of criminal penalties.
- Organic Law 4/2015, of March 30, on the protection of citizen security.
- Law 39/2015, of October 1, on the Common Administrative Procedure of Public Administrations, articles 16.4 and 2.1 regarding records (LPAC).
- Royal Decree 311/2022, of May 3, regulating the National Security Scheme.
- Directive (EU) 2022/2555 is a legislation adopted by the European Parliament and the Council of the European Union in December 2022 (NIS2), in its Articles 21.2 h and 21.2 i.
5. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA.
All data requested during the user registration process through the AlertCops mobility app is provided voluntarily by the user or, in the case of minors, with the consent of their parent, guardian, or legal representative. This information is necessary to ensure the best possible service.
If not all data is provided, the provider does not guarantee that the service provided will be fully tailored to your needs. The user undertakes to ensure the accuracy of the data they provide, except in cases related to age verification and consent for minors under 14 years of age. The data controller makes reasonable efforts to verify in such cases that consent was given or authorized by the holder of parental authority or guardianship over the child, taking into account available technology.
The processing of the User's personal data will be subject to the following principles set out in Article 5 of the GDPR:
- Principle of legality, loyalty, and transparency: the User's consent will always be required after fully transparent information about the purposes for which personal data is collected.
- Principle of purpose limitation: personal data will be collected for specific, explicit, and legitimate purposes.
- Data minimization principle: the personal data collected will be only those strictly necessary in relation to the purposes for which they are processed.
- Principle of accuracy: Personal data must be accurate and always up to date.
- Principle of limitation of retention period: Personal data will only be kept in a form that allows the identification of the User for the time necessary for the purposes of its processing.
- Principle of integrity and confidentiality: Personal data will be treated in a manner that guarantees its security and confidentiality.
- Principle of proactive accountability: The Data Controller shall be responsible for ensuring that the above principles are met.
Personal information collected
AlertCops application collects personal information that the data subject voluntarily and directly submits when using the service. This may include information the user provides when registering for the service by creating a user profile, creating or editing their user profile, updating their preferences, checking in at a particular location, communicating by phone, SMS, email, or otherwise, or using features linked to contact records, as well as other features offered.
The Application indicates where you are required to provide personal information necessary to offer certain features of the Service. If you choose not to provide such personal information, you may not be able to receive the Service or respond to other requests.
AlertCops also automatically collects indirect personal information from you about how you access and use the Service and information about the device you use to access the Service.
Similarly, you can link or combine the personal information you collect from the user with the information you collect automatically. This allows you to provide personalized services regardless of how the user interacts with the service.
The App may anonymize the personal information it collects (so that it is no longer possible to directly identify you) and use it for purposes including testing its own IT systems, research, data analysis, improving the Service, and developing new features.
We may also collect performance data related to button taps and web requests generated during the user's journey through the application, in order to analyze application usage, improve its performance, and troubleshoot issues that may arise during application use. This includes collecting crash reports, including stack traces and error messages.
Category of personal data
The categories of data processed in AlertCops are identifying data except in the cases expressed in the application, in which special categories of personal data will be processed within the meaning of article 9 of the GDPR, for the reasons set out in section 2 letters a) and c), being necessary the explicit consent of the interested party for the processing of said personal data with the specific purpose of protecting vital interests of the interested party or of another natural person. In the case of transmission to the managers of the General Directorates of the Police and the Civil Guard, they will also act in accordance with article 13 of the LOPDP, if the processing is for the purpose of preventing, detecting or investigating a crime.
Personal data of minors
In compliance with Articles 8 of the GDPR and 7 of the LOPDP, only individuals over 14 years of age may give their consent for the lawful processing of their personal data by the AlertCops application. If the individual is under 14 years of age, the consent of their parents or guardians will be required for processing, and such consent will only be considered lawful to the extent authorized by them.
Geolocation Data
Location Services. To provide location services, the AlertCops app may collect, use, and share precise location data, including the real-time geographic location of your device. Unless you clearly provide your consent, this location data will not be collected. If you do not provide your consent, you may not be able to receive the service provided by the app.
AlertCops collects information about the location of the user's device in order to provide the functionality of its geolocation services. All personal data collected by AlertCops complies with the security requirements set forth in Organic Law 7/2021, of May 26, on the protection of personal data processed for the purposes of prevention, detection, investigation, and prosecution of criminal offenses and the enforcement of criminal penalties, and the powers set forth in Organic Law 2/1986, of March 13, on Law Enforcement Agencies.
The data subject may disable location sharing at any time with any of the persons or organizations designated by the user as their "Guardians." Doing so may result in the inability to receive the service provided by the application.
You can also stop sharing your location with the AlertCops app at any time by updating your mobile device settings to limit the app's access to your location information. In this case, disabling access to location data may prevent the app from providing all the functionality of its services.
AlertCops application will prevent their location from being collected.
6. RECIPIENTS.
The user's personal information will be shared by the AlertCops application with the following parties:
- Emergency Management Centers of the State Security Forces and Corps (091 or 062).
- Agencies of the General State Administration, Autonomous Communities, or Local Authorities with jurisdiction over citizen security matters, with which the service provider has reached an agreement.
Personal data will not be transferred to third parties other than State Security Forces or the aforementioned authorities without first obtaining the express, informed, and unequivocal consent of the data subjects, except where required by applicable law.
If the Data Controller intends to transfer personal data to a third country or international organization, except in the reported cases of Switzerland and the United Kingdom, at the time the personal data is obtained, the User will be informed of the third country or international organization to which the data is intended to be transferred, as well as of the existence or absence of an adequacy decision by the European Commission.
7. DATA RETENTION.
The General Subdirectorate of Security Systems and Communications for Security of the State Secretariat for Security informs the User that personal data will only be retained for the minimum period necessary for the purposes of its processing and in accordance with legal obligations, or until the User requests its deletion.
The provisions of the archives and documentation regulations will apply. The time periods for the various processing activities for which the Ministry of the Interior is responsible are detailed in the Ministry of the Interior's Inventory/Registry of Processing Activities (RAT).
8. PROTECTION OF HOSTED INFORMATION.
The data controller undertakes to adopt the necessary technical and organisational measures, according to the level of security appropriate to the risk of the data collected, in order to guarantee the security of personal data, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and to prevent accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorised communication or access to such data, as well as to ensure that the age of the minor and the authenticity of the consent given, where applicable, by the parents, guardians or legal representatives have been effectively verified.
Because the integrity of the internet and the total absence of malicious actors or others fraudulently accessing personal data cannot be guaranteed, the Data Controller undertakes to notify the user without undue delay whenever a personal data breach occurs that is likely to entail a high risk to the rights and freedoms of natural persons. Pursuant to Article 4 of the GDPR, a personal data breach is defined as any security breach leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to personal data transmitted, stored, or otherwise processed.
Personal data will be treated as confidential by the Data Controller, who undertakes to inform and guarantee, through a legal or contractual obligation, that such confidentiality is respected by its employees and any person to whom the information is made accessible.
The Data Controller shall implement appropriate technical and organizational protection measures, and these measures shall apply to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption.
Although the Controller makes backup copies of the content hosted on its servers, it is not responsible for the loss or accidental deletion of data by Users. Likewise, it does not guarantee the complete restoration of data deleted by Users, as such data may have been deleted and/or modified during the period since the last backup.
9. EXERCISE OF RIGHTS.
Data subjects may exercise the following rights recognized in the GDPR and the LOPDP against the Data Controller:
- Right of access : This is the User's right to obtain confirmation as to whether or not the Data Controller is processing their personal data and, if so, to obtain information about their specific personal data and the processing that has been or is being carried out, as well as, among other things, information available on the origin of said data and the recipients of any communications made or planned for them.
- Right to rectification : This is the user's right to have their personal data modified if it is inaccurate or, taking into account the purposes of the processing, incomplete (GDPR and LOPDP).
- Right to erasure : This is the user's right, unless otherwise provided by current legislation, to obtain the deletion of their personal data when they are no longer necessary for the purposes for which they were collected or processed; the user has withdrawn their consent to the processing and there is no other legal basis for this; the user objects to the processing and there is no other legitimate reason to continue with it; the personal data have been processed unlawfully; the personal data must be deleted in compliance with a legal obligation; or the personal data have been obtained as a result of a direct offer of information society services to a child under 14 years of age. In addition to deleting the data, the Data Controller, taking into account the available technology and the cost of its implementation, must adopt reasonable measures to inform the controllers who are processing the personal data of the interested party's request to delete any links to those personal data (GDPR and LOPDP).
- Right to restriction of processing : This is the user's right to restrict the processing of their personal data. Users have the right to obtain restriction of processing when they contest the accuracy of their personal data; the processing is unlawful; the data controller no longer needs the personal data, but the user needs it to make a claim; and when the user has objected to the processing (GDPR and LOPDP).
- Right to object : This is the user's right to prevent the processing of their personal data or to stop the processing of their data by the Data Controller (GDPR).
- Right not to be subject to a decision based solely on automated processing , including profiling: This is the user's right not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, unless otherwise provided by current legislation (GDPR and LOPDP).
- Right to portability : The user will have the right to receive the personal data concerning him/her, which he/she has provided to the Data Controller, in a structured, commonly used and machine-readable format, and to transmit them to another data controller without being prevented by the controller to whom he/she has provided them (not applicable to public administrations).
Therefore, users may exercise their rights before the Data Controller in the following manner:
First, you must download the General Form for exercising personal data protection rights (not valid for police records or gender-based violence), which is available on the following website:
Please complete the appropriate form, specifying the processing over which you wish to exercise your rights (Data Controller and Data Processor Name) and which right(s) you wish to exercise. The information necessary to identify the specific processing on the form (Data Processor Name and Data Controller) can be obtained from the Ministry of the Interior's Record of Processing Activities, which lists the Ministry's various processing activities, grouped by Management Center.
Incomplete forms that do not properly identify the Data Controller, the name of the processing, and the rights you wish to exercise will not be accepted.
Once the form has been duly completed, it can be sent to the Data Controller in two different ways:
Through the Electronic Registry, submitting the form using the existing procedure at the Ministry of the Interior's electronic headquarters (requires having a Digital Certificate and being able to perform an electronic signature using a Java applet or Autofirma application ).
Or in person through the network of registration assistance offices, submitting the paper form.
Applications submitted by other means (such as postal mail or email) will not be accepted.
More information about exercising your rights can be found on the following website:
Likewise, the User has the right to revoke the consent initially given, and to file claims regarding rights before the Spanish Data Protection Agency (AEPD).
10. COMPLAINTS TO THE CONTROL AUTHORITY.
If the data subject considers that there is a problem or a violation of current regulations in the way their personal data is being processed, they shall have the right to effective judicial protection and to lodge a complaint with a supervisory authority, in particular, in the State in which they have their habitual residence, place of work, or place of the alleged violation. In the case of Spain, without prejudice to any other recourse or claim they deem appropriate, they have the right to lodge a complaint with the Spanish Data Protection Agency .
Before filing a complaint with the Spanish Data Protection Agency, if you believe that the Data Controller has not properly respected your rights, you may request an assessment from the Data Protection Officer indicated in this information.
11. ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY.
Use of the AlertCops application implies acceptance of this Privacy Policy. Users must have read and agreed to the terms and conditions regarding the protection of personal data contained in this Privacy Policy, and must also accept the processing of their personal data so that the Data Controller can process it in the manner, during the timeframe, and for the purposes indicated.
The data controller reserves the right to modify its Privacy Policy, at its own discretion, or due to legislative, jurisprudential, or doctrinal changes from the Spanish Data Protection Agency. Data subjects will be explicitly notified of any changes or updates to this Privacy Policy.