Privacy and Information Security Policy

Thinking Forward XXI, S.L. (SmartMotors), in its commitment to excellence and the protection of information assets, has designed this policy under the standards of Regulation (EU) 2016/679 (GDPR) and Royal Decree 311/2022 (Spanish National Security Framework - ENS).

1. General Information and Legal Framework

This policy regulates data processing and the security measures applied to SmartMotors' services.

  • Data Controller: Thinking Forward XXI, S.L.
  • Tax ID (CIF): B65234601
  • Address: C/ Torroella de Montgrí, 17. 08027, Barcelona.
  • Legal Reference Framework: GDPR, Organic Law 3/2018 (LOPDGDD), and RD 311/2022 (ENS).

2. Governance and Security Roles (ENS)

Following the principles of proactive responsibility, SmartMotors has a clearly defined security governance structure:

Role Person in charge Contact
Delegado de Protección de Datos (DPO) Ezio Cappellino ezio.cappellino@smartmotors.org
Responsable de Seguridad Victor Sanchez victor.sanchez@smartmotors.org
Responsable del Sistema Carlos Bermudo carlos.bermudo@smartmotors.org
Responsable de Información y Servicio Ezio Cappellino ezio.cappellino@smartmotors.org

 

3. Commitment to the National Security Framework (ENS)

SmartMotors declares its compliance with the ENS, having categorized its systems as INTERMEDIATE Category. This implies a reinforced level of protection to guarantee the five dimensions of security:

  • Availability: Guarantee that systems and data are operational when needed.
  • Authenticity: Ensuring the identity of users and the veracity of data.
  • Integrity: Protection against unauthorized alteration of information.
  • Confidentiality: Access to information strictly limited to authorized personnel.
  • Traceability: Logging and monitoring of all critical actions within the system.

4. Quality and Security Certifications

Our management is backed by international certifications that guarantee continuous improvement and the robustness of our processes:

  1. ISO/IEC 27001: Information Security Management System.
  2. ISO 9001: Quality Management System.
  3. ISO 14001: Environmental Management System.
  4. ENS (In progress): Currently in the final audit phase to obtain the Certificate of Conformity with RD 311/2022.

As you can see in the page Certifications.

5. Personal Data Processing (GDPR)

  • Purpose: Management of monitoring services, technical support, and authorized commercial communications.
  • Lawfulness of Processing: Execution of a contract and consent of the data subject.
  • Rights: You may exercise your rights of access, rectification, erasure, and objection by sending an email to our DPO: ezio.cappellino@smartmotors.org.

6. Incident and Vulnerability Management

In compliance with the ENS, we have an incident management procedure to react to any threat.

Have you detected a vulnerability? 

If you detect any security flaw or potential breach in our systems, please inform our technical team immediately via: 

📧 info@smartmotors.org

SmartMotors commits to analyzing and mitigating any report within the timeframes established by current regulations and, if necessary, notifying the competent authority (AEPD / CCN-CERT).

7. Policy Updates

This policy has been reviewed by the Security Committee and is kept up to date to reflect any changes in infrastructure or legal regulations.

Last updated: April 2026.
Buy With Pack
smart-motors-logo-boosting

Logos footer ESPAÑA

Logos footer enti

 

RSC Policy

Contact us

info@smartmotors.org

(+34) 938 023 379

Headquarters: Barcelona, Spain

Plaça de la Tolerància, 17

08027 Barcelona (SPAIN)

 
LOGOS FOOTER DERECHA-1

Copyright © smartmotors All Right Reserved