Need help?

Privacy Policy – PatrolTech

Last updated: February 5, 2026

This translation is provided for informational purposes only. In the event of any discrepancy between this translation and the original Spanish version, the Spanish version shall prevail for all legal purposes.

This Privacy Policy governs the processing of personal data carried out through the PatrolTech website and platform (hereinafter, the Service), in accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018 (LOPDGDD) and applicable European regulations, including the European Artificial Intelligence Regulation (AI Act).

1. Identity of the Data Processor

For all data processing carried out through the PatrolTech Service, the Data Processor is:

Company name: Ingenieros Web SL

Tax ID: ESB86699436

Address: Calle General Arrando 9, Madrid, Spain

GDPR email: rgpd@ingenierosweb.co

Ingenieros Web SL acts as Data Processor, in accordance with Article 28 of the GDPR.

2. Data Protection Roles

2.1. Clients (companies or organizations)

  • The Data Controller is the company or organization that contracts the Service.
  • Ingenieros Web SL acts as Processor, processing data exclusively according to the Client's instructions.

2.2. Patrollers (designated users)

  • They are employees or collaborators of the Client.
  • The Data Controller is the Client employer.
  • Ingenieros Web SL acts solely as Processor.
  • Patrollers do not maintain a direct data protection relationship with Ingenieros Web SL.

2.3. Public website users

When a person contacts Ingenieros Web SL directly (web forms, emails, commercial inquiries), Ingenieros Web SL acts as Data Controller for that specific data.

3. Categories of Data Processed

3.1. Identification and contact data

Name, surname, email, phone (if provided), company, position.

3.2. Account data

Username, encrypted credentials, roles and permissions.

3.3. Operational data

  • Rounds, checkpoints, verifications
  • Incidents, reports, forms
  • Evidence (text, images, files)
  • Timestamps
  • QR, NFC and GPS identifiers

3.4. Location data

Mandatory GPS location associated with scanning and verification events.

3.5. Technical data

IP, device, browser, operating system, security and audit logs.

3.6. Billing data

Required tax and accounting data.

4. Purposes and Legal Bases

4.1. Service Provision

Legal basis: Contract performance (Art. 6.1.b GDPR)

4.2. Mandatory GPS Location

Purpose: Traceability, activity verification and operational control.

Legal basis:

  • Contract performance (Art. 6.1.b GDPR)
  • Client's legitimate interest (Art. 6.1.f GDPR)

4.3. Security, Audit and Fraud Prevention

Legal basis: Legitimate interest and contract performance.

4.4. Technical Support

Legal basis: Contract performance.

4.5. Legal Obligations

Legal basis: Legal compliance (Art. 6.1.c GDPR).

4.6. B2B Commercial Communications

Legal basis: Legitimate interest or consent, as applicable.

5. Use of Artificial Intelligence

5.1. AI Features

The Service incorporates artificial intelligence systems, both proprietary and third-party, for the following purposes:

  • Suggest operational actions or improvements
  • Summarize information and records
  • Classify incidents and operational data
  • Detect patterns and anomalies
  • Help draft operational content
  • Prioritize incidents and tasks

5.2. Nature of Processing

  • AI acts as a support tool.
  • No automated decisions with legal or employment effects are made.
  • Final decisions always correspond to the Client or their human representatives.

5.3. Model Training

  • Anonymized data may be used for training and improving models.
  • This processing will only be carried out when there is Client consent or express contractual authorization.
  • Non-anonymized data is not used for external training without a valid legal basis.

5.4. Legal Basis

  • Contract performance (Art. 6.1.b GDPR)
  • Client's legitimate interest (Art. 6.1.f GDPR)
  • Consent when required

5.5. AI Act Compliance

PatrolTech is considered a limited-risk AI system, complying with the transparency obligations required by the European Artificial Intelligence Regulation.

6. Data Retention

6.1. Clients

  • Data deletion 30 days after Service termination.
  • Retention of legally required data.

6.2. Patrollers

  • Retention while the Client's account is active.
  • Deletion only by instruction of the Controller.

6.3. Logs and Backups

  • Logs: 12 months
  • Backups: 30 / 60 / 90 days (rotating)

7. Exercise of Rights

7.1. Rights

Access, rectification, erasure, objection, restriction, portability and withdrawal of consent.

7.2. Patrollers

Rights must be exercised through the Client employer.

7.3. Contact Channel

rgpd@ingenierosweb.co

8. Sub-processors

  • OVH (EU) – Hosting
  • Amazon Web Services – EU – Infrastructure
  • Amazon SES – EU – Transactional email

All under contracts in accordance with Art. 28 GDPR.

9. International Transfers

No transfers are made outside the EEA.

10. Security

Appropriate technical and organizational measures to ensure confidentiality, integrity and availability.

11. Automated Decisions

There are no automated decisions with legal effects (Art. 22 GDPR).

12. Minors

The Service is not intended for minors.

13. Modifications

The policy may be updated to reflect regulatory or functional changes.

14. Contact

rgpd@ingenierosweb.co