Personal Data
Protection Policy
In accordance with EU Regulation
2016/679 of the European Parliament and the Council of April 27, 2016. (RGPD),
Kutxabank informs you that by accepting this Privacy Policy, you are giving
your informed, express, free and explicit consent for the data you provide to
Kutxabank to be processed by the information systems for which Kutxabank is
responsible for processing, and to which the security, technical and
organisational measures provided for in current legislation are applied.
Identification of the data controller
The data controller of this website is Kutxabank, S.A. with tax identification number A95653077 and registered office at Gran Via 30-32, 48009, Bilbao. Its e-mail address is info@kutxabank.es and that of the corporate data protection officer is dpo@grupokutxabank.com
Origin of processing, processed data categories and provision for
transfers
Personal data are obtained on
this website directly from the user, their legal representative or legal proxy.
Likewise, the user’s data will
only be communicated in the event of legal authorisation or if the user has
consented thereto, to group companies and authorities or official bodies of
other countries located both inside and outside the European Union in the
context of the fight against fraud, the prevention of money laundering and
monetary offences of a similar nature or the management of risks and
information on matters of capital and credit solvency, as well as to the
courts, tribunals and state security forces in the event of an injunction and
to any other entities acting as necessary collaborators in certain
transactions.
Moreover, Kutxabank hereby
informs you that it does not transfer data to other companies located or whose
servers are located outside the European Economic Area. However, in those
exceptional cases where such international transfers occur, Kutxabank will take
the necessary measures to ensure that they are made to a country or
organisation that has offered adequate guarantees or that they can be based on
the legitimate principles established by law.
Purpose and legitimacy of data processing
The user is hereby advised that,
depending on the channels and services consumed by the user, data may be
processed for the following purposes:
1. Regarding the processing of user data through this website
In order for Kutxabank to be able to study a possible contract application from an interested party, Kutxabank will carry out admission management, reporting and capital calculation, as well as verifying the feasibility of contracting a product, among other activities, so as to be able to analyse the feasibility of the contract. In this case, the processing of data is necessary for the application of pre-contractual measures and, where appropriate, the formalisation of the contract requested by the interested party.
Kutxabank will carry out risk assessments on credit or contractual matters for the same purpose, and can create the creditworthiness profiles required for the feasibility analysis of executing the contract requested. In compliance with its legal obligation to analyse the solvency and operational risks inherent in the interested party's application, in these cases, where appropriate, Kutxabank may process the data obtained from different entities that issue information on financial solvency and creditworthiness, including the Bank of Spain's Risk Information Centre.
Likewise, the maintenance of the
contractual relationship with Kutxabank, where applicable, legitimises the
adaptation of said services to the preferences and tastes of the user, the
study of the use of the services by the user and the design of new services
related to the same for the management, administration, provision, extension
and improvement of the services which the user decides to request
2. Regarding the fulfilment of obligations of various kinds.
Please be advised that, in order
to meet the various accounting, tax or administrative regulatory compliance
requirements, it may be necessary to process or transfer data of different
types to different bodies with competence in the field, to consult common
information files on financial solvency and creditworthiness, to obtain
information that makes it possible to comply with additional requirements in
relation to the prevention of money laundering and prevent possible fraudulent
conduct.
3. Regarding the management of possible requests for information or
complaints made through the web.
Kutxabank is authorised to
process the data of the interested parties (whether or not they are customers
of the institution) in order to guarantee the correct handling of the requests
made.
4. Regarding the sending of commercial communications.
The entity will send promotional
communications (by post, fax, SMS, e-mail and any other means) of a general
nature or adapted to personal characteristics, as well as to offer the user
and/or contract products and services marketed by the bank or other Kutxabank
Group companies and third party collaborators dedicated to the banking,
financial, insurance, real estate and service sectors, which may be of
interest.
These communications will be sent
in the legitimate interest of Kutxabank to promote its activity or, when
applicable, after obtaining the consent of the interested parties. In any
event, this consent may be revoked and the customer may also object at any time
to such processing.
For the purposes of this Policy, the Kutxabank Group consists of, among others,
the following companies: Kutxabank, S.A., Cajasur
Banco, S.A.U., Kutxabank Gestión S.G.I.I.C., S.A.U., Kutxabank Vida y
Pensiones, S.A.U., Kutxabank Aseguradora, S.A.U., Bilbao Bizkaia Kutxa
Fundación Bancaria-Bilbao Bizkaia Kutxa Banku Fundazioa, Fundación Bancaria Kutxa-Kutxa Banku Fundazioa and Caja Vital
Kutxa Fundación Bancaria. You can obtain detailed, up-to-date information about
the Kutxabank Group at any Kutxabank branch.
5. Regarding the organisation of promotions and prize draws.
Kutxabank sometimes organises
promotions and prize draws that may be of interest to users. In these cases,
Kutxabank will put in place the appropriate procedures to ensure compliance
with the provisions of the applicable data protection legislation.
6. Regarding the recording of calls of customers, potential customers
and other stakeholders.
Please be advised that, due to
regulatory compliance requirements, Kutxabank may record calls or electronic communications
it has with the user and keep
computer and telematic records of access
to services, based on a legitimate interest,
for the purposes of control quality and security, or as a consequence of
compliance with legal obligations. If necessary, Kutxabank may also use such
recordings as evidence in judicial, administrative, arbitration or any other
proceedings that may arise. In this regard, Kutxabank will provide information
on all calls and/or communications that are to be recorded and a record of such
a circumstance.
7.
Regarding the processing of data that are received physically or electronically
from applicants.
In order to take part
in Kutxabank’s current selection processes or those that
may be required in the future, these data will be
processed in internal information systems and will be kept unless otherwise
specified, provided that such personal data are valid for selection processes
based on the professional profile of the applicants. This processing will
always be carried out with the consent of or affirmation by the various
candidates (either in person or online), and express acceptance may be required
to continue with the processing before the personal profile becomes part of the
internal databases of applicants. No transfers will be made without the express
consent of the interested party.
8.
Regarding the processing of third party data.
Kutxabank may process third party data
provided by the user. In this regard, the user guarantees that they have
informed and obtained the consent of such third parties for the processing of
their personal data by Kutxabank. The user also guarantees that they have
informed these third parties of their rights in terms of data protection and
that they may contact the registered office of Kutxabank to exercise their
rights, attaching a photocopy of their ID document.
In those cases where personal data are
provided by persons who have parental authority or by legal representatives of
persons with disabilities, these people will authorise the collection of data,
as well as their use and processing by Kutxabank for the purposes described in
this website Privacy Policy.
Security and users' rights on the website
For the security of
the telematic services provided, Kutxabank informs you of
the existence and use of computer mechanisms that do
not have to identify the user but which can collect browsing, technical and
usage data or data on the use of pages and content and whose purpose may be to
obtain statistics on use and operation, the resolution of incidents or the
proposal or development of new services or products, and the user may configure
their browser at any time in such a way as to prevent the obtaining of such
information.
Kutxabank is firmly committed to the
protection of personal data and the confidentiality of user information.
Kutxabank guarantees compliance with the
security, organisational and technical measures that are appropriate for
ensuring a level of security that is adequate for the risk that may arise from
processing data, in order to ensure the security and integrity of personal data
nature and prevent their alteration, loss or unauthorised processing or access,
taking into account the state of the technology, the costs of application, the
nature of the data stored, the scope of the processing, as well as the risks to
which they are exposed and the impact that this may have on the rights and
freedoms of natural persons, whether they come from human action or the
physical or natural environment, thus complying with the requirements of the
current legislation.
However, the user has been informed and
accepts that Internet security measures are not impregnable.
In the event of disputes relating to the
processing of personal data, users may contact the Kutxabank data protection
officer at any time at dpo@grupokutxabank.com, submit a complaint to the
competent supervisory authority and exercise their rights of access, rectification,
deletion, opposition, limitation of processing, portability and not to be the
subject of individual automated decisions regarding their personal data, and
may exercise these rights by writing to the registered office of Kutxabank
indicated above, attaching a photocopy of their ID document.
In relation to the processing horizon,
data will be processed and stored for as long as necessary for the relationship
established with the user. Data will also be retained to comply with the
requirements of the applicable legislation, to prevent illegal actions, resolve
disputes or settle controversies of various kinds. Once the processing of data
is not required, Kutxabank shall delete and/or block them in accordance with
the corporate data retention and deletion policy and the legally established
statutes of limitation.
Any changes made to this Privacy Policy will be notified on this website, without retroactive changes that reduce the rights to privacy, unless legally required, involving the user in these cases to obtain the corresponding consent for the processing carried out, where appropriate.