In accordance with Spain’s Organic Personal Data Protection Law (LO 15/1999 of 13 December), personal data are defined as “any information concerning identified or identifiable individuals”.
The only personal data to which Santander CACEIS will have access will be the data furnished voluntarily by users. In this regard users must be aware that, for the purposes of registering certain products/services offered via the Website, they will be asked to supply personal data. If data that specifically stipulate the user/customer are not supplied, users may not access or use these services and contents. By way of example, they may be asked to supply data concerning their identification or solvency – when the nature of the operation so requires – and any other data whenever these are required by law or are necessary to provide the information requested or for provision of a service. Voluntary data are collected by Santander CACEIS for the purposes stipulated in the Data Protection clause set out below. The privacy policies of each of the subsidiaries of Santander CACEIS are set out in the Legal Notices on their own websites.
In compliance with prevailing regulations, Santander CACEIS has adopted the technical and organisational means to maintain the required level of security concerning the personal data processed. It also has the specific mechanisms to prevent, as far as possible, unauthorised access, theft and unlawful amendment and loss of data.
However, if you post personal information online that is publicly accessible, you may request unsolicited messages from third parties and your data may therefore be made known to third parties.
In view of the above, you are advised to exercise the greatest possible caution in this regard and to use all the security tools available to you, and Santander CACEIS takes no responsibility for the unlawful theft, amendment or loss of data.
The law grants users the right to access, rectify, cancel and challenge their personal data, and they may exercise this right in a letter sent to the address shown in the Data Protection Clause below. They may also at any time revoke authorisation for the utilisation or transfer of their data, notwithstanding the right of Santander CACEIS to terminate the contract or the operation concerned, when these data are essential for carrying these out properly. Users may also amend any data that they have supplied to Santander CACEIS via web pages, in the manner stipulated on the pages.
DATA PROTECTION INFORMATION
Who is responsible for processing your personal data?
Santander CACEIS, S.A.U. (hereinafter “the Bank” or “Santander CACEIS”).
Postal address: Pº Club Deportivo S/N, building 4, Fl. 2. 28223 Pozuelo de Alarcón. Madrid
Data Protection Officer Contact: firstname.lastname@example.org
What is the purpose of the processing?
The different purposes for which Banco Santander processes the information are detailed below:
Treatments performed as a result of the agreement. They are necessary for the signing of the contract or the provision of the service you request from us.
We will process your data to inform you about the signing up of products and services of the Bank, for your contracting, as well as to maintain and comply with the agreement, evaluating your creditworthiness and risk when necessary.
In order to fulfil the agreement, we may use external sources of information, such as official journals and gazettes, public registers, public authority resolutions, telephone directories, persons registered with professional associations, guides to implementing fraud prevention, social networks and the Internet.
- Treatment carried out based on legitimate interest
- We will treat and/or communicate your data to third parties, whether or not they are Grupo Santander companies, to prevent, investigate and/or discover fraud. The legitimate interest of the Bank is to know and identify participants in fraudulent activities to enable all necessary actions to be taken.
- We will record your voice and/or your image and keep the telephone and/or video conversation, when expressly indicated. The Bank’s legitimate interest is to maintain the quality of the service and to use the recordings as evidence in court and outside of court, if necessary.
- We will carry out anonymisation procedures, after which the Bank will no longer be able to identify you. The purpose of such procedures is none other than to use anonymised information for statistical purposes and for the development of behavioral models.
You may request opposition to any of the above procedures on grounds of legitimate interest and, where appropriate, exercise your right not to be subjected to a decision based solely on automated processing. To do so, you shall contact the Data Protection Officer/Privacy Officer and explain why you object.
For further information on the established procedure with respect for the exercise of the data subject’s rights, you will find a document containing the procedure defined by Santander CACEIS, S.A.U. below (only available in Spanish):
Treatments performed to ensure a legal obligation
We will process your data to comply with applicable legal and tax obligations, such as the prevention of money laundering and terrorist financing.
This obligation shall exist even after the termination of the contractual relationship, if necessary.
What types of interventions are covered by this document?
This document applies by categories of data subjects: part of the agreement, guarantors, authorised persons, and/or representatives.
How do we collect your personal data?
The Bank obtains your data from the following sources:
- The information you provide when you contract and maintain products and/or services with us, both directly and indirectly. Some examples are: through queries, transactions, operations or contract requests.
- External sources of information, such as official journals and gazettes, public registers, resolutions of public authorities, telephone directories, lists of persons registered with professional associations, guides to implementing fraud prevention, social networks and the Internet, as well as third parties to which you have given your consent for the transfer of your data to credit, financial and insurance institutions.In particular, the data we will process include the following categories: identifying data, data concerning your personal characteristics and social circumstances, academic and professional data.
- Companies that provide information on solvency, delinquency and, in general, on financial or credit risk indicators.In particular, the data we will process include the following categories: identifying data, economic, financial and solvency data, and data relating to transactions in goods and services.
If you would like to know more about the Data Protection Policy established by Santander CACEIS, S.A.U., you will find below a document with more detail on different areas of data protection (only available in Spanish):
How long do we keep your personal data?
We will treat your personal data as long as it is necessary for the purpose for which it was collected.
Who has access to your information and to whom is it disclosed?
We communicate your personal data to:
- Santander Group companies in order to comply with legal obligations.
- Public bodies, tax offices, judges and courts and, in general, competent authorities, when the Bank has a legal obligation to provide them.
- In addition to the foregoing, the Bank has the support of third-party service providers who have access to your personal data and who process such data in the name and on behalf of the Bank as a result of the provision of their services.
The Bank follows strict criteria for the selection of service providers in order to comply with its data protection obligations and undertakes to enter into a data processing agreement with them, which will include the following obligations: to implement appropriate technical and organisational measures; to process personal data for the purposes agreed and in accordance with the Bank’s documented instructions only; and to delete or return the data to the Bank once the services have been provided.
In particular, the Bank will engage third-party service providers to provide services, including but not limited to, in the following sectors: logistics services, legal advice, private valuation services, certification of suppliers, multidisciplinary professional services companies, maintenance-related companies, technology service providers, IT service providers, security companies, instant messaging service providers and infrastructure management and maintenance companies.
What are your rights when you provide us with your data?
You may exercise your rights of access, portability, rectification, deletion, limitation, opposition, and not be subjected to a decision based solely on automated processing. You may also revoke your consent at any time.
You may request to exercise any of these rights by sending an e-mail to email@example.com or by writing to the postal address Calle Princesa, 25 – Edificio Hexágono, 2ª planta – 28002 Madrid (Customer Service Office) and providing a copy of your ID card or any other official document that identifies you.
How can you manage your data protection claims?
You can always contact the Data Protection Officer.
You may also file a complaint with the Spanish Data Protection Agency if you disagree with the response you have received from the Bank. You can find the necessary information on its website: www.agpd.es