Privacy Policy and Cookies Openbank
Clear Filters

Privacy and Cookies Policy

 

Last updated: 11 July 2019

At Open Bank, S.A. ("OPENBANK"), we use cookies on our website www.openbank.es and we want to tell you all about them.

1. What are Cookies?

Cookies are files for storing and retrieving data that are downloaded onto the user’s devices when accessing our website and/or browsing it. They even contain a number capable of uniquely identifying the user’s computer or mobile device, even if it changes location or IP address.

2. What are they for?

Cookies allow us to collect data that can identify you or identify your approximate location, connection time, the device from which you are accessing the website (fixed or mobile), the operating system and browser used, the most visited pages, the number of clicks, and data about your online behaviour.

In addition, in some cases, they store information about your browsing habits and preferences that will allow us to provide you with a better, more personal experience, and even show you advertising related to your preferences each time you visit our website.

They also allow us to collect data on usage patterns for our website in order to identify issues and make improvements, develop new products or services, and compile usage measurements or statistics

3. How are cookies activated?

Cookies can be activated in different ways, depending on their functionality. In some cases, when they are necessary to enable our website to work properly, they are installed during browsing, and in others, when your authorisation is required, they will be enabled when you give us your permission. You can modify this consent at any time through the various settings options described further on in this Cookies Policy.

Remember, you can access our website without the need for the cookies to be enabled, although disabling them may prevent the website from working properly.

4. What types of cookies do we use?

When you browse our website, you can find the following types of cookies, and this section explains what they are and how they work.

4.1. Technical Cookies

These cookies are necessary to facilitate the correct browsing of our webpage and ensure that content is loaded effectively, allowing you to use the different options or services provided properly. In the customer area of the Openbank website, some technical cookies are used to meet legal requirements, verify the contracts in force and resolve technical errors during the contractual process.

What are they and what do we use them for? You can see below:

Type

Cookie

Owner

Function

Duration

1st

abck (Openbank)

Openbank

Seguridad.

Session

1st

bm_sz (Akamai CDN)

Akamai CDN

Improve performance by improving content delivery.

1 hour

1st

Bmuid (Akamai CDN)

Akamai CDN

Performance. Required for user browsing.

1 hour

1st

cdContextld (Openbank)

Openbank

Performance. Required for user browsing.

Sesión

1st

Ctm (Openbank)

Openbank

Performance. Required for user browsing.

1 año

1st

et token (Openbank)

Openbank

Performance. Required for user browsing.

1 hour

1st

Ndcd (Openbank)

Openbank

Seguridad.

Session

1st

Ndsid (Openbank)

Openbank

Seguridad.

Session

1st

Offlog Token(Openbank)

Openbank

Performance. Required for user browsing.

1 hour

1st

ok-cookiebite (Openbank)

Openbank

Performance. Required for user browsing..

1 year

1st

tokenCredential (Openbank)

Openbank

Access to the private area.

1 hour

1st

__bgfpcchcc

Openbank

Seguridad.

Session

1st

CONSENTMGR

Openbank

Required to know whether the user gives their consent or not to cookies in the different categories into which are classified

90 days

1st

cdSNum

Openbank

Interna

1 year

1st

JSESSIONID

New Relic

Id de sesión

Session

1st

_mousemovesnosession

Openbank

Fraude

Session

3rd _gat Google Used to limit the percentage of applications 1 minute
3rd ga Google This type of cookie is used for technical purposes in the customer area of the Openbank website in order to comply with legal requirements, verify the contracts in force and resolve technical errors during the contractual process. This cookie will not be used for advertising or analytical purposes. 2 years
3rd Gid Google This type of cookie is used for technical purposes in the customer area of the Openbank website in order to comply with legal requirements, verify the contracts in force and resolve technical errors during the contractual process. This cookie will not be used for advertising or analytical purposes. 1 day

4.2. Analytics Cookies
These cookies provide us with statistical information on the way you use our webpage that allows us to make improvements. For example, if you have encountered technical problems when accessing certain pages, we can detect them and improve that feature.

Tipo

Cookie

Owner

Function

Duration

1st

cookie policy (Openbank)

Openbank

Know whether the user accepts pop-up cookies..

6 months

3rd

ga (Google Analytics)

Google Analytics

Measure user browsing: pages visited, main interactions, etc.

2 years

3rd

gaexp (Google optimize)

Google optimize

Generate A/B test to compare user behaviour between two versions of the same page

4 months

3rd

gat Tealium 0 (Taelium)td>

TAelium

Survey. Google Analytics cookie used to limit the percentage of requests.

Session

3rd

gid (Google Analytics)

Google Analytics

Measure user browsing: pages visited, main interactions, etc.

1 day

1st

fpc_idPreaprob (Tealium)

Tealium

Survey. Origin cookie to assist analysis.

Session

1st

fpc_TipoUsuario (Tealium)

Tealium

Survey. Origin cookie to assist analysis

Session

1st

fpc_org (Tealium)

Tealium

Survey. Origin cookie to assist analysis

Session

3rd

gtm_auth (Google optimize)

Google optimize

Generate A/B test to compare user behaviour between two versions of the same page.

Session

3rd

gtm_debug (Google optimize)

Google optimize

Generate A/B test to compare user behaviour between two versions of the same page.

Sesión

3rd

gtm_experiment (Google optimize)

Google optimize

Generate A/B test to compare user behaviour between two versions of the same page.

Session

3rd

gtm_preview (Google optimize)

Google optimize

Generate A/B test to compare user behaviour between two versions of the same page.

Session

1st

nombreproductopersistencia

 

Survey. Origin cookie to assist analysis

1 year

1st

utag_main (Tealium)

Tealium

Survey. Web administration through Tealium to serve analytics cookies.

1 año

3rd

 _fbp

Facebook

Used by Facebook to measure candidate registration and optimize this recruitment source

3 meses
3rd _gid Google Used to differentiate users 2 years
3rd _ga Google Used to differentiate users 2 years
3rd TAPID Tealium Intersessional identifier (same value as utag_main) 1 year

4.3. Customisation Cookies
Customisation Cookies allow us to offer you certain general predetermined characteristics based on the data obtained from the user's terminal, for example: language, browser type,  regional settings through which you access the site, etc.

Behavioural advertising cookies collect information about your behaviour according to your browsing habits and allow us to manage the advertising space more effectively by adapting the content to your specific profile.

Type

Cookie

Owner

Function

Duration

1st

language (Openbank)

Openbank

Know the language selected by the user..

Session

3rd

TLTSIDtd>

IBM

Active only during a browser session; used to group views in a session. The end user can decide whether or not to allow this cookie.

Session

4.4. Behavioural Advertising Cookies
Depending on the type of cookies and what we inform you about through each of them, cookies can remain enabled for different amounts of time.

Tipo

Cookie

Owner

Function

Duration

3rd

_fbp (Facebook)

Facebook

Subdomain index, timestamp, random number. Identifies browsers in order to provide site and advertising analysis services..

90 days

3rd

.DDMMUI-PROFILE (Google)

Google

Helps customise ads according to user preferences..

2 years

3rd

1P_JAR

JAR

Helps customise ads on Google-owned sites such as Google Search

540 days

3rd

Act (Facebook)

Facebook

Analysis and research

365 days

3rd

ad-id (Amazon)

Amazon

Cookie ID that is stored for specific guidance. It is an internal binary format..

365 days

3rd

ad-privacy (Amazon)

Amazon

It is related with opposition to cookies. .

365 days

3rd

Aid (Google Ads)

Google

Coordinates and measures which ads are shown on the user's devices .

30 days

3rd

APISID (Youtube)

Youtube

Google´s API Session Cookies—“sesión aware” cookies.

30 days

3rd

C_user (Facebook)

Facebook

Used in conjunction with Xs cookie to authenticate Facebook user identity..

90 days

3rd

CONSENT (Youtube)

Youtube

JavaScript plug-in to alert the webpage user to the use of cookies.

365 days

3rd

DSID (Google / Doubleclick)

Facebook

Cookie ID that is stored for specific guidance. It is an internal binary format.

365 days

3rd

Fr (Facebook)

Facebook

User and browser ID; timestamp; other miscellaneous data.This is the main advertising cookie on Facebook. Used to provide, analyse and improve the relevance of ads.

90 days

3rd

HSID (Youtube)

Youtube

Contains the encrypted ID of the user's Google account and last login.

365 days

3rd

HSID (Youtube)

Youtube

Contains the encrypted ID of the user's Google account and last login

365 days

3rd

ID (Double Click)

Google

It is one of the main advertising cookies on sites that are not owned by Google and is stored in browsers under the domain doubleclick.net.

2 years

3rd

LOGIN_INFO (Youtube)

Youtube

Tagging/Advertising..

365 days

3rd

NID (Google)

Google

Used to register the fact that a device or a browser has logged on through the Facebook platform..

365 days

3rd

OGPC (Google)

Google

Google uses these cookies to store your preferences and user information when viewing pages that contain Google Maps..

365 days

3rd

PI (Facebook)

Facebook

Used to register the fact that a device or a browser has logged on through the Facebook platform..

90 days

3rd

PREF (Youtube)

Youtube

Google uses these cookies to store your preferences and user information when viewing pages that contain Google Maps

2 years

3rd

Prensece (Facebook)

Facebook

Functions and services of the site..

365 days

3rd

SAPISID (Google)

Google

Google API session cookies..

365 days

3rd

Sb (Facebook)

Facebook

Browser identifier and timestamp..

2 years

3rd

SID (Google)

Google

Google uses these cookies to store your preferences and user information when viewing pages that contain Google Maps

365 days

3rd

Spin (Facebook)

Facebook

Publicidad.

365 days

3rd

SSID (Google)

Google

Secure SID (Gaia cookie) (universal sign in).

365 days

3rd

SSIDA (Google)

Google

Google uses these cookies to store your preferences and user information when viewing pages that contain Google Maps

365 days

3rd

Test Cookie (Double click)

Google

Verify that the user's browser supports cookies

Session

3rd

VISITOR_INFO_LIVE (Youtube)

Youtube

Able to track the videos viewed embedded in this web site.

365 days

3rd

Wd (Facebook)

Facebook

Dimensions of the screen or windows. Able to offer the user an optimal screen experience..

7 days

3rd

Xs (Facebook)

Facebook

Session identifier, creation date, authentication value, secure session status, cache storage group identifier. Used in conjunction with the c_user cookie to authenticate your identity on Facebook..

90 days

3rd

YSC (Youtube)

Youtube

Able to track the videos viewed embedded in this web site

365 days

3rd

_gcl_au (esta cookie es de marketing) (Google Analytics)

Google

Used by Google AdSense to experiment with the efficiency of ads on websites that use their services.

2 months

3rd

Datr Facebook

 

Facebook

Facebook identifies browsers for reasons of security and site integrity, including the recovery and identification of accounts

2 years

3rd

s_vi (El Mundo)

El Mundo

Intersessional identifier

2 years

3rd

MUID (Bing)

Bing

Intersessional indetifier

1 year

5. How long are cookies enabled for?

In the case of session cookies, these are designed to collect and store data while the user is accessing a webpage; when you close your browser or your session expires, these cookies disappear.

In the case of persistent cookies, meaning cookies that remain enabled even when the user leaves a website and then reconnects, they will be stored for the length of time indicated in each case, although you will be able to delete them at any time.

6. Who processes or manages cookies?

The data collected in cookies may be managed by Openbank or by third parties. In the explanation of each of the cookies given above, we inform you which cookies are our own proprietary cookies and which belong to third parties.

7. I have accepted cookies but now I want to disable them. How can I do that?

If you want to disable cookies, you can do so very simply and at any time. To do this, click here.

If you want to disable cookies, you can do so very simply and at any time. To do this, you will have to access your browser settings via the following links:

You can also disable cookies in your browser by installing a plug-in or through an opt-out system provided by some third parties that install cookies on our website:

Google (behavioural advertising) (Requires Google log-in)

Please note that some features of our website content are only available if you allow certain cookies to be installed in your browser. If you choose not to accept or to block certain cookies, depending on their purpose, this may prevent some or all of the website from working properly, or you may be unable to access some of the services offered.

8. Any questions?

If you have any questions about the our website’s Cookies Policy, you can contact us either by sending a letter to Paseo de la Castellana, 24, 28046 Madrid or emailing us at privacy@openbank.es.

 

9. Finally, we would like to recommend that you

  • Check the cookies policy frequently, for information about possible changes.
  • Read this cookies policy in conjunction with our data protection policy, also available on our website, where we explain how we process your personal data.
  • If you wish, you can download ourCookies Policy.


 

Last updated: 25 May 2018

Purpose

At Openbank S.A. we want to be transparent with all users of our website and mobile app, regardless of whether or not they have registered with us. We are therefore notifying you that your personal data will be used in conformity with the contents of this Data Protection Policy:

  • Information we can collect about you, and how we can do this.

  • Purposes for which we will use your information.

  • How you can view and manage the data we have collected about you.

  • Who you can contact for any queries related to your privacy.

What information may we collect from you, and how can we do this?

The personal information (hereinafter the “Personal Data”) that we may process includes not only contact information (name, postal address, email address, phone number) but other types of information as well (data on identity, finances, localisation, personal profile, professional and commercial information, image, and voice).

We may obtain personal data about you in the following ways:

  1. Because you have provided it to us, for example when you apply to open a current account.

  2. When you make use of our services, always in compliance with the law. For example, we may collect information when you make purchases using your credit cards or when you send transfers to other people, or information from the devices you use to connect using the various channels available (website and app), or information about the area you live in based on your postcode or the ATMs you use, or other information we may obtain by consulting other sources, such as when we query file systems on financial solvency and add this personal information to your user profile.

You are committed to ensuring that the data you provide to us is correct, accurate, and up-to-date, and you assume any liability or responsibility that may arise from providing data that is incomplete, erroneous, or inaccurate.

For what purposes do we use your Personal Data?

At Openbank we will process your Personal Data for a variety of purposes. For example, to manage the products and services you have requested from us or applied for, to ensure proper functioning of our website and mobile app, to be able to offer you a personalised service, to comply with our legal obligations, and in general, to offer our users a better service.

Your Personal Data may also be processed in order to carry out studies and/or analyses for the promotion of products and/or services marketed directly by Openbank or else by our third-party partners, specifically those related to banking, finance, insurance, and pensions and savings products, but also consumer products and services and/or personal products and services.

In addition, every time you request or apply for a product or service, we will inform you about the uses we are making of your Personal Data, with further details also being found in the legal terms and conditions of privacy.

Please note that if you decide not to provide us with certain types of personal data, we may be unable to offer you certain services, functionalities and/or to provide you with the information you have requested.

Why do we use your personal data?

We use your personal data as necessary in relation to the following purposes and situations:

  1. To provide you with the various services we offer via our available channels and that you can request; for example, our telephone help service or your requests for any type of information. Also, we use your data in order to respond to your phone calls, which includes recording them for purposes of internal quality control, to prevent possible situations of fraud, and to carry out internal statistical studies. In these cases, Openbank processes your Personal Data because it has a legitimate interest in using the information you provide to us.
     

  2. To formalise and comply with our contractual relationships and perform other processes linked to the various financial products and services that Openbank offers to you, which you have contracted or may be interested in contracting.
     

  3. To comply with certain legal obligations so that we can manage the products and services you may request from us or apply for.
     

  4. Because you expressly authorise us to process your Personal Data.

Whenever necessary, we will notify you about the reasons and situations behind our use of your data, or in other words, because we have a legitimate interest in processing it, because it is necessary in order to perform a contract, because you have authorised it, or because the law requires it.

Who may access the data we are collecting?

Open Bank S.A. is the data controller for the website or mobile app you are using, and for the processing of Personal Data that may be linked to such use. Openbank is the party that collects, uses, stores, and when necessary, deletes the Personal Data.

Openbank will never transfer to any third parties the Personal Data it has access to, unless we are required to do so by law (for example, with national Law Enforcement Entities or Courts and Tribunals). Our objective is to detect and prevent possible fraud attempts, or to carry out the types of processing for which you have expressly provided your authorisation.

We would also like to inform you that at Openbank we collaborate with third-party service providers that may occasionally be given access to your Personal Data. We are referring, for example, to technological service providers, IT service providers, security companies, or providers of telephone customer services.

Openbank follows strict selection criteria for the service providers it collaborates with, and they will only be providing the services we assign to them by following our instructions. Furthermore, they are contractually obligated to have the appropriate technical and organisational measures in place, and to erase or return any data to which they may have access once they no longer need it in order to provide their services.

How long will we store the information to which we gain access?

At Openbank we store the Personal Data to which we gain access only for the amount of time strictly necessary. Once we no longer have any reason to process it, we keep it stored securely so that it can be made available to the appropriate Courts and Tribunals or to other authorities in the event of a claim.

In cases where you perform a simulation (for example, in relation to a loan or mortgage), we will store any information we have received for 2 months, so that if you ultimately decide to contract a loan product with us, the application process will be quicker and easier for you. Once that time period has expired, we will automatically delete your data.

In cases where you contract any of our financial products or services, we will duly inform you about the period of time during which we will store and use your personal data. We are informing you about this because we may be subject to additional legal obligations (for example, those related to taxation or prevention of money laundering) that require us to store your data for a longer period of time.

What rights do you have in relation to protecting your Personal Data?

You can exercise the rights you hold over your own Personal Data in the following manner:

  1. You can confirm whether or not we are processing your Personal Data, and if we are, you can (i) gain access to it; (ii) request its modification if you believe it is inaccurate; or in cases where applicable, (iii) request its erasure when you believe it is no longer needed in view of the purpose for which you provided it, among other reasons.
     

  2. In certain circumstances you can also request restriction of the ways in which we use your data, or even object to our continuing use of it. In such cases we will stop using it, except for legitimate purposes or to exercise or defend against any possible claims.
     

  3. If we use your personal information to produce behavioural profiles (for example, to use your navigation at our website or use of our app to better understand your needs and interests) and we do this in a fully automated manner, you will have the right to be notified about this, so that you can request the personal involvement of one of our analysts, or challenge any decision based on such profiles, or simply express your point of view.

  4. You will also have the right to request data portability for the information you have provided to us. This means you can ask us to send your information directly to you or to a third party you indicate to us, and this will then be done in a commonly used format suitable for digital reading.
     

  5. And of course, you have the right at any time to withdraw the specific authorisations you have given us to make use of your Personal Data.

How can you do this?

If you are interested in exercising the rights you possess in relation to your Personal Data, we provide a variety of alternatives that will allow you to contact us:

  • You can send an email to us at privacy@openbank.es

  • Or you can send a written request by post to “Open Bank S.A.”, Paseo de la Castellana 24, 28046, Madrid (Spain).

  • You can also visit our branch at Paseo de la Castellana 134, 28046, Madrid (Spain).

  • You can call our customer service centre on 900 22 32 42.
    Or if calling from a foreign country, on (+34) 91 276 21 54.

  • If you are already an Openbank customer, you can submit your request at our website from the “Personal Details” section of your customer profile.

Finally, you can submit any claim you may wish to make to Openbank and/or to the Spanish Data Protection Agency (the AEPD in Spanish, which is Spain’s competent Supervisory Authority on the subject of Data Protection), especially if you have exercised any of your rights and have not received a response in accordance with the legally established terms.

How does Openbank use Cookies?

All information related to our use of cookies and the data we collect regarding your navigation at our website by using them (such as what types of information we collect, how we use it, and what rights you can exercise in relation to it) are explained for you in a detailed manner in our “Cookies Policy”: www.openbank.es/en/privacy-cookies.

What should I do if I have additional concerns? Is there a contact person at Openbank responsible for protecting my data?

If you want to learn more about how we process your Personal Data, you can find further details in “Additional Information about Data Protection”. You can also contact Openbank’s Data Protection Officer, who is the person responsible for protecting your privacy and for guaranteeing compliance with the various legal obligations contained in the Spanish and EU legislation in force on the subject of personal data protection, by using the following email address:  privacy@openbank.es

Last updated: 25 May 2018

If you wish, you can download our data protection policy.

Last updated: 25 May 2018

1. Who is the Data Controller for processing my data?

"Open Bank S.A." (hereinafter "Openbank").

Paseo de la Castellana 24, 28046, Madrid (Spain).

Contact Information for the Data Protection Officer: privacy@openbank.es

2. What data do we collect about you?

The personal data we make use of when providing our services to you may include: data related to your identity and contact information, financial information, geolocalisation data, your personal and commercial profile, your image and voice, calls we have made to or received from you, your IP address, your navigation at our websites or use of our mobile apps, data we obtain through your use of terminals such as portable devices, POS terminals, or ATMs, or data collected via other legitimate channels.

We may also make use of any other personal data that may be required in order to manage the products and services that we will describe for you below, and that you have either provided to us directly or that we have gained access to as a result of your queries, requests, or applications, or through your contracting of any operation or transaction.

3. For what purpose does Openbank process my personal data, and what is the legal basis for this?

Openbank may process your data for the following purposes, and according to the following legal bases::

a) For your registration as a customer and for development, management, and maintenance of our contractual relationship.

If your request or application is accepted, we will process your data in order to register you as an Openbank customer and to carry out the appropriate development, management, and maintenance of any contractual relationship we establish with you. We will also use your data to send you the various communications that may be required while you are our customer.

Throughout the contractual relationship you maintain with Openbank, situations may arise where we record your voice and/or image. In such situations –which we will inform you of, expressly and in advance, when they occur– recordings of our phone calls and/or video conversations with you will be stored for two purposes: for internal auditing of our service quality, and in order to use the recordings as evidence –in a court of law or under other circumstances–, if required.

We will also store your identification document (including your image) and view it when necessary using any means, format, or medium, for the exclusive purpose of verifying your identity when this is required in order to comply with the terms of the contract signed with you.

All the data indicated on our form as “required” are necessary for purposes of maintaining your contractual relationship with Openbank. This means that if you do not provide this information, it may not be possible to process your request or application.

We may also perform additional processing depending on which product you contract, as we will explain to you below:

If you contract an Asset Product, for example a MORTGAGE / LOAN / CREDIT CARD / OVERDRAFT PROTECTION:

At Openbank we will process (i) the information you provide to us; (ii) the information we obtain from querying the internal and external filing systems described further below; and (iii) the data we have obtained from your interaction with our website. This is done in order to manage and analyse your request or application, by verifying and assessing your creditworthiness and credit risk. This allows us to assess your request or application and approve it or deny it, based upon the risk criteria established at this institution, and to comply with the regulations applicable to our industry.

In order to manage and analyse your request or application, we will consult internal and external filing systems related to creditworthiness, credit history, and fraud, such as ASNEF (Spain’s National Association of Financial Credit Institutions), CIRBE (the Bank of Spain’s Risk Information Centre), and CONFIRMA (a Spanish information services company), or those maintained by other international entities that perform an equivalent function.

Openbank will not be able to process your request or application without first performing this analysis. This processing will be carried out in compliance with the legislation in force on consumer credit and mortgage financing, or any other applicable regulations.

Likewise, if your request or application is denied based upon such queries, you will be immediately informed about this and you will be able to submit any claims you consider appropriate.

The risk study. Ratings applied and their consequences:

Openbank has established an automated risk assessment system. This system uses point score ratings that take personal and economic information into account, including:

  1. information taken from the documentation you have provided to us;

  2. information appearing in Openbank’s filing systems related to your behaviour during other operations contracted with us (both those still in effect and those that have ended); and

  3. information appearing in the filing systems to which we have access and that contain information on creditworthiness, credit history, or fraud, such as ASNEF, CIRBE, and CONFIRMA, or those maintained by other international entities that perform an equivalent function.

The results from our study of such information may cause your request or application to be approved or denied, and it may lead to sending of commercial offers and opportunities to you, including those related to pre-approval of loans or credit facilities. All of this is based on the conclusion we reach regarding your ability to comply with the repayment obligations you take on in relation to the amounts you borrow.

More specifically, Openbank may classify you internally based upon those queries and upon the number of other products you have contracted and/or the activities you perform. It may also produce credit risk reports and models as necessary for analysing and assessing the risk derived from your operations in progress and products contracted, in order to update our information. This may even produce, as a result, denial of your request or application to contract the product, or otherwise, it may cause you to be required to establish a payment guarantee, with all of this based upon the risk that may be detected by Openbank and the credit rating resulting from the analysis of such information.

In relation to this, we must also clarify that Openbank performs periodic reviews of that system to ensure that no errors, inaccuracies, or incorrect conclusions occur in relation to those assessments. Without prejudice to the above, if you disagree with the results of the assessment, you may contest it by providing any information you believe may refute the decision adopted, and you may also request the personal intervention of one of our analysts.

If you contract a Liability Product, such as a SALARY DEPOSIT ACCOUNT / CURRENT ACCOUNT / SAVINGS ACCOUNT / TERM DEPOSIT:

At Openbank we will process the information you provide to us, or as applicable, the information we obtain from your interaction with our website, in order to manage your request or application.

These pre-contractual measures are necessary in order to process the request you have submitted and take a decision on it, and for this reason you must provide all of the data indicated on the form as “required”. Otherwise, it will not be possible for you to contract the product you have requested or applied for.

If you contract a Means of Payment product, such as a DEBIT CARD / PREPAID CARD / BIZUM (INSTANT PAYMENTS) / MOBILE PAYMENT APPS:

At Openbank we will process the information you provide to us, or as applicable, the information we obtain from your interaction with our website, in order to manage your request or application.

Additionally, certain mobile apps used to make payments may require you to accept Openbank’s terms and conditions and/or those of the corresponding service provider before you are able to start using them.

These pre-contractual measures are necessary in order to process the request you have submitted and take a decision on it. If you do not provide the required information, it will not be possible for you to contract the product or service you are requesting or applying for.

If you contract an Investment Product, such as STOCKS / INVESTMENT FUNDS / WARRANTS / PENSION PLANS / SECURITIES ACCOUNTS / INVESTMENT PORTFOLIOS:

At Openbank we will process the information you provide to us or the information we obtain from your interaction with our website, in order to manage and analyse your request or application. Depending on the investment service you have requested and the product involved, we may approve or deny your request for contracting these in compliance with the current regulations.

If you want to subscribe to an investment fund or contract a pension plan, you will need to provide your consent for Openbank, as the marketing entity for the fund or plan, to disclose your data to the corresponding manager or management firm, in order to allow your subscription or contracting and/or the associated management to take place. Furthermore, if you submit a request for a transfer from Openbank to another institution, your data may be sent to the recipient institution for the purpose of transferring your balance and the economic rights you have accrued.

These measures are necessary in order to process the request you have submitted and take a decision on it, and for this reason you must provide all of the data required. Otherwise, it will not be possible for you to contract the product you have requested or applied for.

If you contract an INSURANCE Product:

At Openbank we will process the information you provide to us or the information we obtain from your interaction with our website, in order to manage and analyse your request or application. Depending on which insurance product you request or apply for, we will notify you in each case, and in an individualised manner, regarding all legal aspects related to the associated data processing. These include, for example, the uses we make of your data and any third parties that may be involved in the contracting process.

These pre-contractual measures are necessary in order to process the request you have submitted and take a decision on it, and for this reason you must provide all of the data indicated on the form as “required”. Otherwise, it will not be possible for you to contract the product you have requested or applied for.

b) Based upon Openbank’s legitimate interest

In order to meet your expectations, improve our products and services, and increase your degree of satisfaction with your customer experience, Openbank will process the personal data associated with your use of our products and services in order to carry out surveys or market studies, or to compile internal statistics, produce sales reports, or notify you about loyalty programmes, promotions, and prize draws.

We may also perform pseudonymisation of your data, which means that the data resulting from that process cannot be attributed to you. In other words, we will not be able to associate the information we are processing with you as an individual unless we use additional information and processes to do so. The purpose of these procedures is simply to use the pseudonymised information for statistical purposes and for behavioural modelling. Furthermore, in cases where you are acting in representation of a commercial enterprise interested in collaborating with us, Openbank will process your contact data exclusively for purposes of maintaining the communications that may be necessary for managing the collaboration request, and for normal development of such collaboration if it does become formalised.

At Openbank, and based upon a legitimate interest, we may perform the processing described above while respecting your privacy and rights at all times. In any case, remember that you may always exercise your right to object, as described in section 8 of this document.

c) Prevention of money laundering and other legal obligations

There are certain legal obligations that Openbank must comply with in order to manage your existing products/services or those that you may apply for and contract, such as those required under Spanish Act 10/2010 on Prevention of Money Laundering and Financing of Terrorism (Ley 10/2010 de Prevención del Blanqueo de Capitales y Financiación del Terrorismo), Spanish Act 44/2002 on Financial System Reform (Ley 44/2002, de Reforma del Sistema Financiero), and Spanish Act 10/2014 on the Organisation, Supervision and Solvency of Credit Institutions (Ley 10/2014, de Ordenación, Supervisión y Solvencia de Entidades de Crédito). In order to do this, we will disclose your data, especially in relation to possible non-payment, to banking control and supervision entities such as the Bank of Spain’s Risk Information Centre (CIRBE), or to any other international entities that carry out an equivalent function.

Additionally, Openbank may disclose certain information regarding your tax residency and your accounts to Spain’s Taxation Agency (AEAT), which in turn may be required to submit it to the competent taxation authorities in other countries in compliance with legislation on automatic exchanges of tax information (Foreign Account Tax Compliance Act (FATCA) established by the United States of America and the Common Reporting Standard (CRS) established by the OECD).

These legal obligations will exist and will be fulfilled by Openbank even after the termination of the contractual relationship with you, as long as we are legally bound to do so.

d) Detection of possible fraud attempts

  1. At Openbank we may consult your data in our own internal sources, for the purpose of detecting and preventing situations of possible fraud (such as unauthorised access to the personal data of customers, possible attempts at identity theft, or any other situation that may be interpreted as a fraudulent or unauthorised use of the account), all for the purpose of protecting the interests of our customers and users.

    If we detect any attempt at fraud, and unless there are any concurrent circumstances related to the public interest, we will notify you about this, review the information available, and if applicable, request additional information from you. Also, as a precautionary measure and until we have been able to carry out the appropriate confirmations, any pending automated or non-automated decision-making will be suspended.

    In addition, if possible fraud attempts occur that could affect the contractual relationship you maintain with Openbank, fraud detection and management entities will be notified about these, while at all times complying with and respecting all of the procedures, rights, and guarantees that exist for your protection under the legislation in force.

    All of the above will take place based upon Openbank’s legitimate interest, its duty to comply with requirements on adequate risk control, and the need to prevent possible fraud attempts.
     

  2. Furthermore, and also for the purpose of detecting and preventing possible fraud attempts, Openbank is a subscriber to the CONFIRMA File System, and as such we are obligated to notify you of the following:

    “Applicants are hereby informed that data from the present application may be communicated to the CONFIRMA File System, for the purpose of fraud prevention. The legal basis for processing of this personal data is the legitimate interest of the Data Controller in preventing fraud (Recital 47 of the GDPR). The data will be stored for a maximum period of two years.

    The data controllers are the Entities Subscribing to the Regulations of the CONFIRMA File System, and the data processor is Confirma Sistemas de Información, S.L., which has its registered office at Avda. de la Industria 18, Tres Cantos 28760, Madrid (Spain). Applicants may view the list of entities currently subscribing to the Regulations of the CONFIRMA File System at the website www.confirmasistemas.es.

    The entities allowed to participate in the CONFIRMA File System are those that adhere to its Regulations and may be potentially subject to contracting fraud based on their field of activity.

    The data communicated to the CONFIRMA File System may be transferred to entities that subscribe to the Regulations of the CONFIRMA File System. It is not expected that any data will be transferred to any foreign countries or international organisations.

    In accordance with the legislation in force on the subject of data protection, the parties signing may exercise their rights to access, rectify, request the erasure of, restrict the processing of, or object to the use of their data by writing to the registered office of the data processor, CONFIRMA SISTEMAS DE INFORMACIÓN, S.L., at the address indicated above. Likewise, those signing may also exercise their right to submit a claim to the Supervisory Authority.

    Confirma Sistemas de Información, S.L. has designated a Data Protection Officer, with the relevant contact email address being dpo@confirmasistemas.es.

e) Possible non-payment

If any circumstances of non-payment occur, this may be notified to these to credit information file systems such as ASNEF (Spain’s National Association of Financial Credit Institutions) and CIRBE (the Bank of Spain’s Risk Information Centre), since it is legally required, or to international entities that carry out an equivalent function. Such notifications will at all times comply with the procedures, rights, and guarantees established and recognised by the legislation in force.

All of the above will take place based upon the legitimate interest of Openbank, who must prevent circumstances of non-payment and maintain an adequate system for monitoring these, and also based on the legitimate interest of third-party financial institutions in knowing about the existence of non-payment situations when receiving new applications for financing.

Personalised commercial actions by Openbank

  1. Based on a legitimate interest:

    Openbank may send you commercial communications about its own products and services that are similar to the ones you have contracted, and adapted to your profile, interests, and needs (sent via postal mail, telephone, fax, SMS, instant messaging apps, social networks, email, push notifications, or any other electronic or digital means available at any given time), or it may produce sales reports, statistics, surveys, and market studies, including you in and informing you about loyalty programmes and prize draws, all for the time period during which you remain a customer.

    Please note that in such cases we do not need to obtain your consent before sending these communications to you, since according to the legislation in force, Openbank is authorised to deliver these provided that they are related to products and services that are similar to those you have already contracted. However, at any time you may exercise your rights as described below in section 8.

    In order to personalise the commercial communications described, and based upon the legitimate interest recognised by the European Union’s General Data Protection Regulation, Openbank will process the information appearing in its own sources for the purpose of creating profiles that are generated based upon common patterns of behaviour.

  2. With your express consent in advance:

    a) If you authorise us to do so, Openbank may send you commercial communications about our own products and services adapted to your profile, interests, and needs (via postal mail, telephone, fax, SMS, instant messaging apps, social networks, email, push notifications, or any other electronic or digital means available at any given time), and that are personalised based upon a profile of your behaviour and risk that we may produce using both our own internal sources and those of third parties  (such as ASNEF, CIRBE or other international entities that perform an equivalent function), as well as using data about your navigation and/or use of the Internet.

    Please note that the social networks through which we send you commercial communications may be located outside of the European Union, such as in the United States of America, and their level of privacy protection may not be equivalent to that required by the local legislation in force. However, their use will allow Openbank to provide you with a more dynamic and efficient service from a technological perspective.

    In order to send you commercial communications and offers adjusted to your creditworthiness and risk profile, Openbank will consult your credit history as produced during the various operations you have carried out with us, and it will also analyse your behaviour during your operations currently in effect and those finalised during a period covering the last six years.

    b) At Openbank, based upon the type of authorisation you have granted, we may send you, by any means (postal mail, telephone, fax, SMS, instant messaging apps, social networks, email, push notifications, or any other electronic or digital media available at any given time), commercial communications related to the products or services of other companies that we have signed collaborative agreements with, adapted to your interests and needs, or personalised based upon the profile created for you by taking into account both our own internal sources and those of third parties  (such as ASNEF, CIRBE, or any international entities that perform an equivalent function), or using data related to your navigation and/or use of the Internet.

    Please note that the social networks through which we send you commercial communications may be located outside of the European Union, such as in the United States of America, and their level of privacy protection may not be equivalent to that required by the local legislation in force. However, their use will allow Openbank to provide you with a more dynamic and efficient service from a technological perspective.

    Openbank may sign agreements with enterprises operating in the following fields, with the possibility of new fields being added in the future: banking products, financial products, insurance products, pension and savings products, consumer products and services, and personal products and services.

    The provisions in sections a) and b) depend upon whether you have given us your authorisation, which in all cases you will be able to modify or withdraw at any time.

4. How long will Openbank store my data?

At Openbank we will process your data during the entire time you maintain a contractual relationship with us. Once that relationship has ended, we will store your personal data securely during the time periods established in each case by the applicable regulations: as a general rule, for 10 years once the obligations arising from your contract have ended, as we are required to do by the regulations on prevention of money laundering and financing of terrorism, and for up to 20 years based upon the regulations on mortgages. Once these legally required time periods have expired we will destroy your data.

All of this is done without prejudice to our obligation to comply with the legal limitation periods that may be derived from each of the contracts you have signed with Openbank.

Data from any applications or simulations that you begin to complete but that do not lead to contracting will be stored during a maximum period of 6 months, in order to avoid duplications in your procedures and in case any claims arise in relation to the use we have made of your data. We will then proceed to delete the data.

5. What recipients may Openbank disclose your data to?

Openbank will not share your personal data with any other entity without obtaining your express consent, unless we are legally required to do so.

However, at Openbank we collaborate with third-party service providers that may have access to your personal data, but they will be processing such data on our behalf, and at all times when doing so they will be following our instructions and using your data only to provide us with the services we have contracted with them.

Specifically, at Openbank we contract for provision of services with third-party service providers that carry out their activities in fields that include, without limitation, logistical services, legal consulting, private appraisal services, supplier authorisation services, multidisciplinary professional services companies, hosting companies, companies related to maintenance, technology services companies, IT services companies, physical security companies, instant messaging service providers, infrastructure management and maintenance companies, and call centre services companies.

In all cases, at Openbank we follow strict criteria for selection of our third-party service providers, in order to comply with our obligations on the subject of data protection, and we are committed to signing the corresponding data processing contracts with them. These contracts are used to impose upon them the following obligations, among others: to apply appropriate technical and organisational measures, to process personal data only for the agreed-upon purposes and only in response to our documented instructions, and to erase or return the data once the provision of services is completed. 

6. Do I need to keep my data up-to-date?

In order to allow us to communicate with you properly, we request that you should make sure that all data you provide for our databases is correct, complete, accurate, and fully up-to-date.

Thus, if any of the personal data you have provided to us changes, especially your postal address, email address, and contact phone numbers (landline and mobile), we ask you to notify us about this as soon as possible via one of the channels indicated in section 8.

In the event that you do not notify us about such changes, you acknowledge and agree that any communications sent by us to the postal address or email address, or to the contact telephone numbers appearing in our file systems are valid, binding, and fully effective.

7. Where can I find the legal terms and conditions for use of my data?

You can find the legal terms and conditions that apply to our use of your personal data both in this document and in the Data Protection Policy posted at our website www.openbank.es/privacy-cookies. We will notify you immediately about any possible modifications we need to make to these terms and conditions, at least by means of the website itself but also by means of a personalised message we will send to you within the private area after you login to access your customer profile.

8. What rights do I have after I provide my data?

Please note that you have and may exercise the following rights:

  • Right to access: you have the right to obtain confirmation about whether or not Openbank is processing personal data related to you, and if so, to gain access to such data.

  • Right to data portability: you have the right to receive a copy of the personal data you have provided to us, in a legible, structured, commonly used format, and also to request its transfer to another institution.

  • Right to rectification: you have the right to request rectification of any inaccurate data.

  • Right to erasure: you have the right to request erasure of your data when, among other reasons, they are no longer needed for the purposes for which you provided them to us.

  • Right to object: under certain circumstances, you may object to the processing of your personal data. If you object, Openbank will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.

  • Right to restriction of processing: under certain circumstances established in the data protection legislation in force, you may request restriction of the processing of your data.

  • Right not to be subject to solely automated decisions: in the event that you have authorised profiling and this is taking place through a solely automated process, you may request the intervention of one of our analysts, express your point of view, and contest any decisions made based on such profiling.

 You may exercise the rights described above via the following channels:

  • Website: from the “Personal Details” section of your customer profile.

  • Email: privacy@openbank.es.

  • Postal mail: "Open Bank S.A." Paseo de la Castellana 24, 28046, Madrid (Spain).

  • Branch: Paseo de la Castellana 134, 28046, Madrid (Spain).

  • Contact Centre: 900 22 32 42. Or when calling from abroad, on (+34) 91 276 21 54.

Finally, you may submit a claim to Openbank and/or to the Spanish Data Protection Agency (the Supervisory Authority competent on the subject of Data Protection), especially if you have not obtained satisfaction in the exercise of your rights, by writing to the address indicated above or through the website https://www.aepd.es.

If you wish, you can download our data protection policy.