Privacy Policy and Cookies Openbank
Eliminar Filtros

Privacy and Cookies Policy

 

Open Bank, S.A. (hereinafter, “OPENBANK”) with registered office in Paseo de la Castellana 24, 28046, Madrid, Spain, and with contact e-mail address ayuda@openbank.es uses cookies on its website www.openbank.es/en (hereinafter, the “Portal” or “Website”) for the purposes of improving the browsing experience of its users (“Users”).

1. What are Cookies?

Cookies are files that are stored on the computer of the User who accesses the Website and browses through it and, in particular, there is a number that uniquely identifies the User's computer, even if the user changes location or IP address.

Thus, cookies collect information that may allow us to identify you or your approximate location, as well as save information about your browsing preferences in order to provide you with a more personal experience on future visits to the Website. The use of cookies also allows us to collect the usage patterns of the Website in order to make improvements to our services.

Cookies are installed while browsing through the Website, either by OPENBANK or by third parties with which the Website is related, and allow us to know your activity on this website or on other related ones, for example: the place from which you access, the connection time, the device from which you access (fixed or mobile), the operating system and browser used, the most visited pages, the number of clicks made and data regarding the behaviour of the user on the Internet.

The Website is accessible without the need for the cookies to be activated, although their deactivation may prevent the proper functioning thereof.

2. Authorisation for the use of cookies

In accordance with the cookies notice that appears in the footer of the Website, the User accepts that, when browsing through it, they expressly agree to OPENBANK's use of cookies in accordance with the description detailed below.

The User may revoke their previously given consent at any time, as well as configure the cookies and even reject their use through the cookie settings options offered to them by their Internet browser, and whose details are provided at the end of the policy.

3. Types of Cookies that are used on the Web

The User who browses the Website can find cookies inserted directly by OPENBANK (the "Owner"), or cookies inserted by entities other than the latter, as detailed in the following sections:

3.1. Strictly necessary cookies inserted by the Owner

The Owner of the Website uses cookies that are strictly necessary and serve to facilitate the correct navigation of the Website, as well as to ensure that its content loads effectively. These cookies are session cookies that are temporary. They expire and are   deleted automatically when the User closes their browser.

3.2. Third-party cookies

Below are the entities other than the Owner that use cookies on the Website, as well as the purposes thereof:

  • Cookies for measuring traffic on Portals: the Owner uses cookies of Google Analitycs, to collect statistical data from the activity of Users on the Website and therefore improve the services provided to Users. These cookies enable you to analyse user traffic generating an anonymous user ID that is used to measure how many times a user visits the site. They also record when was the first and last time they visited the Website, when a session is completed and the origin of the User.

     

      Cookie Owner Function Duration
    Own Identification Openbank Identify Customers/non-Customers 60 days
    Own Google Analytics Openbank Own Measurement 60 days
    • Cookies for advertising purposes: cookies to users of the Web to display advertising content related to them, based on previous user interactions, visits to the advertiser's website, origin IP, etc. In this way, with the data that is collected from the cookies, the ads displayed on the website are published and managed more efficiently.
      Cookie Owner Function Duration
    Own DoubleClick Floodlight DoubleClick Tag container of the Adserver for all Indefinite campaign metrics Undefined
    Own Cookie Segment Openbank Navigation data will be analysed with the aim of customising the commercial offers of banking or non-banking products offered by Grupo Santander 60 days
    3rd Google Adwords Conversion Google Pixel for conversion in SEM 30 days
    3rd DBM Google Pixel for RTG Display 540 days
    3rd Hotjar  Hotjar  Pixel for measurement 365 days
    3rd Unidad Editorial Unidad Editorial Pixel for measurement

    365 days
    3rd Facebook Facebook
    • Pixel for measuring contracts and managing financial product advertising on this social network based on affinity
    		 365 days
    3rd Hubspot Hubspot Pixel for managing advertising based on affinity 365 days
    3rd Iahorro Comparador Iahorro Pixel for measuring contracts and managing financial product advertising on this social network based on affinity 365 days
    3rd Kelisto Comparador Kelisto Pixel for measuring contracts and managing financial product advertising on this social network based on affinity 365 days
    3rd Helpmycash comparador helpmycash Pixel for measuring contracts and managing financial product advertising on this social network based on affinity

    365 days
    3rd creditmarket comparador Creditmarket Pixel for measuring contracts and managing financial product advertising on this social network based on affinity 365 days
    3rd Amazon Amazon Pixel for managing advertising based on affinity 365 days
    3rd Web Financial Group Web Financial Group Pixel for managing advertising based on affinity 365 days
    3rd Smart4Ads Smart4Ads Pixel for managing advertising based on affinity 365 days
    3rd  Rankia Comparador Rankia Pixel for measuring contracts and managing financial product advertising on this social network based on affinity 365 days
    3rd  WebTreckk    WebTreckk    Pixel for managing advertising based on affinity 365 days
    3rd  ClickTale  ClickTale  Pixel for measurement 30 days
    3rd Outbrain Outbrain Pixel to measuring contracts for financial products and managing advertising for products and services based on affinity 540 days
    3rd Kunmedia Kunmedia Pixel to measuring contracts for financial products and managing advertising for products and services based on affinity 540 days

     

    4. Browser settings

    The Owner reminds its Users that the use of cookies is subject to their acceptance during the installation or updating of the browser used by the User.

    This acceptance may be subsequently revoked through the content and privacy settings available on the browser. The Owner recommends that its users consult their browser help pages or access the help pages of the main browsers:

    Firefox
    Internet Explorer
    Safari
    Chrome

    If the user has questions about the Cookies Policy of the website, they can contact the owner through the following address: Ciudad Grupo Santander. Avenida de Cantabria S/N 28660 Boadilla del Monte. Madrid. Indicating on the subject line: "Cookies Policy".

    If you wish you can download this information.

Purpose

At Openbank S.A. we want to be transparent with all users of our website and mobile app, regardless of whether or not they have registered with us. We are therefore notifying you that your personal data will be used in conformity with the contents of this Data Protection Policy:

  • Information we can collect about you, and how we can do this.

  • Purposes for which we will use your information.

  • How you can view and manage the data we have collected about you.

  • Who you can contact for any queries related to your privacy.

What information may we collect from you, and how can we do this?

The personal information (hereinafter the “Personal Data”) that we may process includes not only contact information (name, postal address, email address, phone number) but other types of information as well (data on identity, finances, localisation, personal profile, professional and commercial information, image, and voice).

We may obtain personal data about you in the following ways:

  1. Because you have provided it to us, for example when you apply to open a current account.

  2. When you make use of our services, always in compliance with the law. For example, we may collect information when you make purchases using your credit cards or when you send transfers to other people, or information from the devices you use to connect using the various channels available (website and app), or information about the area you live in based on your postcode or the ATMs you use, or other information we may obtain by consulting other sources, such as when we query file systems on financial solvency and add this personal information to your user profile.

You are committed to ensuring that the data you provide to us is correct, accurate, and up-to-date, and you assume any liability or responsibility that may arise from providing data that is incomplete, erroneous, or inaccurate.

For what purposes do we use your Personal Data?

At Openbank we will process your Personal Data for a variety of purposes. For example, to manage the products and services you have requested from us or applied for, to ensure proper functioning of our website and mobile app, to be able to offer you a personalised service, to comply with our legal obligations, and in general, to offer our users a better service.

Your Personal Data may also be processed in order to carry out studies and/or analyses for the promotion of products and/or services marketed directly by Openbank or else by our third-party partners, specifically those related to banking, finance, insurance, and pensions and savings products, but also consumer products and services and/or personal products and services.

In addition, every time you request or apply for a product or service, we will inform you about the uses we are making of your Personal Data, with further details also being found in the legal terms and conditions of privacy.

Please note that if you decide not to provide us with certain types of personal data, we may be unable to offer you certain services, functionalities and/or to provide you with the information you have requested.

Why do we use your personal data?

We use your personal data as necessary in relation to the following purposes and situations:

  1. To provide you with the various services we offer via our available channels and that you can request; for example, our telephone help service or your requests for any type of information. Also, we use your data in order to respond to your phone calls, which includes recording them for purposes of internal quality control, to prevent possible situations of fraud, and to carry out internal statistical studies. In these cases, Openbank processes your Personal Data because it has a legitimate interest in using the information you provide to us.
     

  2. To formalise and comply with our contractual relationships and perform other processes linked to the various financial products and services that Openbank offers to you, which you have contracted or may be interested in contracting.
     

  3. To comply with certain legal obligations so that we can manage the products and services you may request from us or apply for.
     

  4. Because you expressly authorise us to process your Personal Data.

Whenever necessary, we will notify you about the reasons and situations behind our use of your data, or in other words, because we have a legitimate interest in processing it, because it is necessary in order to perform a contract, because you have authorised it, or because the law requires it.

Who may access the data we are collecting?

Open Bank S.A. is the data controller for the website or mobile app you are using, and for the processing of Personal Data that may be linked to such use. Openbank is the party that collects, uses, stores, and when necessary, deletes the Personal Data.

Openbank will never transfer to any third parties the Personal Data it has access to, unless we are required to do so by law (for example, with national Law Enforcement Entities or Courts and Tribunals). Our objective is to detect and prevent possible fraud attempts, or to carry out the types of processing for which you have expressly provided your authorisation.

We would also like to inform you that at Openbank we collaborate with third-party service providers that may occasionally be given access to your Personal Data. We are referring, for example, to technological service providers, IT service providers, security companies, or providers of telephone customer services.

Openbank follows strict selection criteria for the service providers it collaborates with, and they will only be providing the services we assign to them by following our instructions. Furthermore, they are contractually obligated to have the appropriate technical and organisational measures in place, and to erase or return any data to which they may have access once they no longer need it in order to provide their services.

How long will we store the information to which we gain access?

At Openbank we store the Personal Data to which we gain access only for the amount of time strictly necessary. Once we no longer have any reason to process it, we keep it stored securely so that it can be made available to the appropriate Courts and Tribunals or to other authorities in the event of a claim.

In cases where you perform a simulation (for example, in relation to a loan or mortgage), we will store any information we have received for 2 months, so that if you ultimately decide to contract a loan product with us, the application process will be quicker and easier for you. Once that time period has expired, we will automatically delete your data.

In cases where you contract any of our financial products or services, we will duly inform you about the period of time during which we will store and use your personal data. We are informing you about this because we may be subject to additional legal obligations (for example, those related to taxation or prevention of money laundering) that require us to store your data for a longer period of time.

What rights do you have in relation to protecting your Personal Data?

You can exercise the rights you hold over your own Personal Data in the following manner:

  1. You can confirm whether or not we are processing your Personal Data, and if we are, you can (i) gain access to it; (ii) request its modification if you believe it is inaccurate; or in cases where applicable, (iii) request its erasure when you believe it is no longer needed in view of the purpose for which you provided it, among other reasons.
     

  2. In certain circumstances you can also request restriction of the ways in which we use your data, or even object to our continuing use of it. In such cases we will stop using it, except for legitimate purposes or to exercise or defend against any possible claims.
     

  3. If we use your personal information to produce behavioural profiles (for example, to use your navigation at our website or use of our app to better understand your needs and interests) and we do this in a fully automated manner, you will have the right to be notified about this, so that you can request the personal involvement of one of our analysts, or challenge any decision based on such profiles, or simply express your point of view.

  4. You will also have the right to request data portability for the information you have provided to us. This means you can ask us to send your information directly to you or to a third party you indicate to us, and this will then be done in a commonly used format suitable for digital reading.
     

  5. And of course, you have the right at any time to withdraw the specific authorisations you have given us to make use of your Personal Data.

How can you do this?

If you are interested in exercising the rights you possess in relation to your Personal Data, we provide a variety of alternatives that will allow you to contact us:

  • You can send an email to us at privacy@openbank.es

  • Or you can send a written request by post to “Open Bank S.A.”, Paseo de la Castellana 24, 28046, Madrid (Spain).

  • You can also visit our branch at Paseo de la Castellana 134, 28046, Madrid (Spain).

  • You can call our customer service centre on 900 22 32 42.
    Or if calling from a foreign country, on (+34) 91 276 21 54.

  • If you are already an Openbank customer, you can submit your request at our website from the “Personal Details” section of your customer profile.

Finally, you can submit any claim you may wish to make to Openbank and/or to the Spanish Data Protection Agency (the AEPD in Spanish, which is Spain’s competent Supervisory Authority on the subject of Data Protection), especially if you have exercised any of your rights and have not received a response in accordance with the legally established terms.

How does Openbank use Cookies?

All information related to our use of cookies and the data we collect regarding your navigation at our website by using them (such as what types of information we collect, how we use it, and what rights you can exercise in relation to it) are explained for you in a detailed manner in our “Cookies Policy”: www.openbank.es/en/privacy-cookies.

What should I do if I have additional concerns? Is there a contact person at Openbank responsible for protecting my data?

If you want to learn more about how we process your Personal Data, you can find further details in “Additional Information about Data Protection”. You can also contact Openbank’s Data Protection Officer, who is the person responsible for protecting your privacy and for guaranteeing compliance with the various legal obligations contained in the Spanish and EU legislation in force on the subject of personal data protection, by using the following email address:  privacy@openbank.es

1. Who is the Data Controller for processing my data?

"Open Bank S.A." (hereinafter "Openbank").

Paseo de la Castellana 24, 28046, Madrid (Spain).

Contact Information for the Data Protection Officer: privacy@openbank.es

2. What data do we collect about you?

The personal data we make use of when providing our services to you may include: data related to your identity and contact information, financial information, geolocalisation data, your personal and commercial profile, your image and voice, calls we have made to or received from you, your IP address, your navigation at our websites or use of our mobile apps, data we obtain through your use of terminals such as portable devices, POS terminals, or ATMs, or data collected via other legitimate channels.

We may also make use of any other personal data that may be required in order to manage the products and services that we will describe for you below, and that you have either provided to us directly or that we have gained access to as a result of your queries, requests, or applications, or through your contracting of any operation or transaction.

3. For what purpose does Openbank process my personal data, and what is the legal basis for this?

Openbank may process your data for the following purposes, and according to the following legal bases::

a) For your registration as a customer and for development, management, and maintenance of our contractual relationship.

If your request or application is accepted, we will process your data in order to register you as an Openbank customer and to carry out the appropriate development, management, and maintenance of any contractual relationship we establish with you. We will also use your data to send you the various communications that may be required while you are our customer.

Throughout the contractual relationship you maintain with Openbank, situations may arise where we record your voice and/or image. In such situations –which we will inform you of, expressly and in advance, when they occur– recordings of our phone calls and/or video conversations with you will be stored for two purposes: for internal auditing of our service quality, and in order to use the recordings as evidence –in a court of law or under other circumstances–, if required.

We will also store your identification document (including your image) and view it when necessary using any means, format, or medium, for the exclusive purpose of verifying your identity when this is required in order to comply with the terms of the contract signed with you.

All the data indicated on our form as “required” are necessary for purposes of maintaining your contractual relationship with Openbank. This means that if you do not provide this information, it may not be possible to process your request or application.

We may also perform additional processing depending on which product you contract, as we will explain to you below:

If you contract an Asset Product, for example a MORTGAGE / LOAN / CREDIT CARD / OVERDRAFT PROTECTION:

At Openbank we will process (i) the information you provide to us; (ii) the information we obtain from querying the internal and external filing systems described further below; and (iii) the data we have obtained from your interaction with our website. This is done in order to manage and analyse your request or application, by verifying and assessing your creditworthiness and credit risk. This allows us to assess your request or application and approve it or deny it, based upon the risk criteria established at this institution, and to comply with the regulations applicable to our industry.

In order to manage and analyse your request or application, we will consult internal and external filing systems related to creditworthiness, credit history, and fraud, such as ASNEF (Spain’s National Association of Financial Credit Institutions), CIRBE (the Bank of Spain’s Risk Information Centre), and CONFIRMA (a Spanish information services company), or those maintained by other international entities that perform an equivalent function.

Openbank will not be able to process your request or application without first performing this analysis. This processing will be carried out in compliance with the legislation in force on consumer credit and mortgage financing, or any other applicable regulations.

Likewise, if your request or application is denied based upon such queries, you will be immediately informed about this and you will be able to submit any claims you consider appropriate.

The risk study. Ratings applied and their consequences:

Openbank has established an automated risk assessment system. This system uses point score ratings that take personal and economic information into account, including:

  1. information taken from the documentation you have provided to us;

  2. information appearing in Openbank’s filing systems related to your behaviour during other operations contracted with us (both those still in effect and those that have ended); and

  3. information appearing in the filing systems to which we have access and that contain information on creditworthiness, credit history, or fraud, such as ASNEF, CIRBE, and CONFIRMA, or those maintained by other international entities that perform an equivalent function.

The results from our study of such information may cause your request or application to be approved or denied, and it may lead to sending of commercial offers and opportunities to you, including those related to pre-approval of loans or credit facilities. All of this is based on the conclusion we reach regarding your ability to comply with the repayment obligations you take on in relation to the amounts you borrow.

More specifically, Openbank may classify you internally based upon those queries and upon the number of other products you have contracted and/or the activities you perform. It may also produce credit risk reports and models as necessary for analysing and assessing the risk derived from your operations in progress and products contracted, in order to update our information. This may even produce, as a result, denial of your request or application to contract the product, or otherwise, it may cause you to be required to establish a payment guarantee, with all of this based upon the risk that may be detected by Openbank and the credit rating resulting from the analysis of such information.

In relation to this, we must also clarify that Openbank performs periodic reviews of that system to ensure that no errors, inaccuracies, or incorrect conclusions occur in relation to those assessments. Without prejudice to the above, if you disagree with the results of the assessment, you may contest it by providing any information you believe may refute the decision adopted, and you may also request the personal intervention of one of our analysts.

If you contract a Liability Product, such as a SALARY DEPOSIT ACCOUNT / CURRENT ACCOUNT / SAVINGS ACCOUNT / TERM DEPOSIT:

At Openbank we will process the information you provide to us, or as applicable, the information we obtain from your interaction with our website, in order to manage your request or application.

These pre-contractual measures are necessary in order to process the request you have submitted and take a decision on it, and for this reason you must provide all of the data indicated on the form as “required”. Otherwise, it will not be possible for you to contract the product you have requested or applied for.

If you contract a Means of Payment product, such as a DEBIT CARD / PREPAID CARD / BIZUM (INSTANT PAYMENTS) / MOBILE PAYMENT APPS:

At Openbank we will process the information you provide to us, or as applicable, the information we obtain from your interaction with our website, in order to manage your request or application.

Additionally, certain mobile apps used to make payments may require you to accept Openbank’s terms and conditions and/or those of the corresponding service provider before you are able to start using them.

These pre-contractual measures are necessary in order to process the request you have submitted and take a decision on it. If you do not provide the required information, it will not be possible for you to contract the product or service you are requesting or applying for.

If you contract an Investment Product, such as STOCKS / INVESTMENT FUNDS / WARRANTS / PENSION PLANS / SECURITIES ACCOUNTS / INVESTMENT PORTFOLIOS:

At Openbank we will process the information you provide to us or the information we obtain from your interaction with our website, in order to manage and analyse your request or application. Depending on the investment service you have requested and the product involved, we may approve or deny your request for contracting these in compliance with the current regulations.

If you want to subscribe to an investment fund or contract a pension plan, you will need to provide your consent for Openbank, as the marketing entity for the fund or plan, to disclose your data to the corresponding manager or management firm, in order to allow your subscription or contracting and/or the associated management to take place. Furthermore, if you submit a request for a transfer from Openbank to another institution, your data may be sent to the recipient institution for the purpose of transferring your balance and the economic rights you have accrued.

These measures are necessary in order to process the request you have submitted and take a decision on it, and for this reason you must provide all of the data required. Otherwise, it will not be possible for you to contract the product you have requested or applied for.

If you contract an INSURANCE Product:

At Openbank we will process the information you provide to us or the information we obtain from your interaction with our website, in order to manage and analyse your request or application. Depending on which insurance product you request or apply for, we will notify you in each case, and in an individualised manner, regarding all legal aspects related to the associated data processing. These include, for example, the uses we make of your data and any third parties that may be involved in the contracting process.

These pre-contractual measures are necessary in order to process the request you have submitted and take a decision on it, and for this reason you must provide all of the data indicated on the form as “required”. Otherwise, it will not be possible for you to contract the product you have requested or applied for.

b) Based upon Openbank’s legitimate interest

In order to meet your expectations, improve our products and services, and increase your degree of satisfaction with your customer experience, Openbank will process the personal data associated with your use of our products and services in order to carry out surveys or market studies, or to compile internal statistics, produce sales reports, or notify you about loyalty programmes, promotions, and prize draws.

We may also perform pseudonymisation of your data, which means that the data resulting from that process cannot be attributed to you. In other words, we will not be able to associate the information we are processing with you as an individual unless we use additional information and processes to do so. The purpose of these procedures is simply to use the pseudonymised information for statistical purposes and for behavioural modelling. Furthermore, in cases where you are acting in representation of a commercial enterprise interested in collaborating with us, Openbank will process your contact data exclusively for purposes of maintaining the communications that may be necessary for managing the collaboration request, and for normal development of such collaboration if it does become formalised.

At Openbank, and based upon a legitimate interest, we may perform the processing described above while respecting your privacy and rights at all times. In any case, remember that you may always exercise your right to object, as described in section 8 of this document.

c) Prevention of money laundering and other legal obligations

There are certain legal obligations that Openbank must comply with in order to manage your existing products/services or those that you may apply for and contract, such as those required under Spanish Act 10/2010 on Prevention of Money Laundering and Financing of Terrorism (Ley 10/2010 de Prevención del Blanqueo de Capitales y Financiación del Terrorismo), Spanish Act 44/2002 on Financial System Reform (Ley 44/2002, de Reforma del Sistema Financiero), and Spanish Act 10/2014 on the Organisation, Supervision and Solvency of Credit Institutions (Ley 10/2014, de Ordenación, Supervisión y Solvencia de Entidades de Crédito). In order to do this, we will disclose your data, especially in relation to possible non-payment, to banking control and supervision entities such as the Bank of Spain’s Risk Information Centre (CIRBE), or to any other international entities that carry out an equivalent function.

Additionally, Openbank may disclose certain information regarding your tax residency and your accounts to Spain’s Taxation Agency (AEAT), which in turn may be required to submit it to the competent taxation authorities in other countries in compliance with legislation on automatic exchanges of tax information (Foreign Account Tax Compliance Act (FATCA) established by the United States of America and the Common Reporting Standard (CRS) established by the OECD).

These legal obligations will exist and will be fulfilled by Openbank even after the termination of the contractual relationship with you, as long as we are legally bound to do so.

d) Detection of possible fraud attempts

  1. At Openbank we may consult your data in our own internal sources, for the purpose of detecting and preventing situations of possible fraud (such as unauthorised access to the personal data of customers, possible attempts at identity theft, or any other situation that may be interpreted as a fraudulent or unauthorised use of the account), all for the purpose of protecting the interests of our customers and users.

    If we detect any attempt at fraud, and unless there are any concurrent circumstances related to the public interest, we will notify you about this, review the information available, and if applicable, request additional information from you. Also, as a precautionary measure and until we have been able to carry out the appropriate confirmations, any pending automated or non-automated decision-making will be suspended.

    In addition, if possible fraud attempts occur that could affect the contractual relationship you maintain with Openbank, fraud detection and management entities will be notified about these, while at all times complying with and respecting all of the procedures, rights, and guarantees that exist for your protection under the legislation in force.

    All of the above will take place based upon Openbank’s legitimate interest, its duty to comply with requirements on adequate risk control, and the need to prevent possible fraud attempts.
     

  2. Furthermore, and also for the purpose of detecting and preventing possible fraud attempts, Openbank is a subscriber to the CONFIRMA File System, and as such we are obligated to notify you of the following:

    “Applicants are hereby informed that data from the present application may be communicated to the CONFIRMA File System, for the purpose of fraud prevention. The legal basis for processing of this personal data is the legitimate interest of the Data Controller in preventing fraud (Recital 47 of the GDPR). The data will be stored for a maximum period of two years.

    The data controllers are the Entities Subscribing to the Regulations of the CONFIRMA File System, and the data processor is Confirma Sistemas de Información, S.L., which has its registered office at Avda. de la Industria 18, Tres Cantos 28760, Madrid (Spain). Applicants may view the list of entities currently subscribing to the Regulations of the CONFIRMA File System at the website www.confirmasistemas.es.

    The entities allowed to participate in the CONFIRMA File System are those that adhere to its Regulations and may be potentially subject to contracting fraud based on their field of activity.

    The data communicated to the CONFIRMA File System may be transferred to entities that subscribe to the Regulations of the CONFIRMA File System. It is not expected that any data will be transferred to any foreign countries or international organisations.

    In accordance with the legislation in force on the subject of data protection, the parties signing may exercise their rights to access, rectify, request the erasure of, restrict the processing of, or object to the use of their data by writing to the registered office of the data processor, CONFIRMA SISTEMAS DE INFORMACIÓN, S.L., at the address indicated above. Likewise, those signing may also exercise their right to submit a claim to the Supervisory Authority.

    Confirma Sistemas de Información, S.L. has designated a Data Protection Officer, with the relevant contact email address being dpo@confirmasistemas.es.

e) Possible non-payment

If any circumstances of non-payment occur, this may be notified to these to credit information file systems such as ASNEF (Spain’s National Association of Financial Credit Institutions) and CIRBE (the Bank of Spain’s Risk Information Centre), since it is legally required, or to international entities that carry out an equivalent function. Such notifications will at all times comply with the procedures, rights, and guarantees established and recognised by the legislation in force.

All of the above will take place based upon the legitimate interest of Openbank, who must prevent circumstances of non-payment and maintain an adequate system for monitoring these, and also based on the legitimate interest of third-party financial institutions in knowing about the existence of non-payment situations when receiving new applications for financing.

Personalised commercial actions by Openbank

  1. Based on a legitimate interest:

    Openbank may send you commercial communications about its own products and services that are similar to the ones you have contracted, and adapted to your profile, interests, and needs (sent via postal mail, telephone, fax, SMS, instant messaging apps, social networks, email, push notifications, or any other electronic or digital means available at any given time), or it may produce sales reports, statistics, surveys, and market studies, including you in and informing you about loyalty programmes and prize draws, all for the time period during which you remain a customer.

    Please note that in such cases we do not need to obtain your consent before sending these communications to you, since according to the legislation in force, Openbank is authorised to deliver these provided that they are related to products and services that are similar to those you have already contracted. However, at any time you may exercise your rights as described below in section 8.

    In order to personalise the commercial communications described, and based upon the legitimate interest recognised by the European Union’s General Data Protection Regulation, Openbank will process the information appearing in its own sources for the purpose of creating profiles that are generated based upon common patterns of behaviour.

  2. With your express consent in advance:

    a) If you authorise us to do so, Openbank may send you commercial communications about our own products and services adapted to your profile, interests, and needs (via postal mail, telephone, fax, SMS, instant messaging apps, social networks, email, push notifications, or any other electronic or digital means available at any given time), and that are personalised based upon a profile of your behaviour and risk that we may produce using both our own internal sources and those of third parties  (such as ASNEF, CIRBE or other international entities that perform an equivalent function), as well as using data about your navigation and/or use of the Internet.

    Please note that the social networks through which we send you commercial communications may be located outside of the European Union, such as in the United States of America, and their level of privacy protection may not be equivalent to that required by the local legislation in force. However, their use will allow Openbank to provide you with a more dynamic and efficient service from a technological perspective.

    In order to send you commercial communications and offers adjusted to your creditworthiness and risk profile, Openbank will consult your credit history as produced during the various operations you have carried out with us, and it will also analyse your behaviour during your operations currently in effect and those finalised during a period covering the last six years.

    b) At Openbank, based upon the type of authorisation you have granted, we may send you, by any means (postal mail, telephone, fax, SMS, instant messaging apps, social networks, email, push notifications, or any other electronic or digital media available at any given time), commercial communications related to the products or services of other companies that we have signed collaborative agreements with, adapted to your interests and needs, or personalised based upon the profile created for you by taking into account both our own internal sources and those of third parties  (such as ASNEF, CIRBE, or any international entities that perform an equivalent function), or using data related to your navigation and/or use of the Internet.

    Please note that the social networks through which we send you commercial communications may be located outside of the European Union, such as in the United States of America, and their level of privacy protection may not be equivalent to that required by the local legislation in force. However, their use will allow Openbank to provide you with a more dynamic and efficient service from a technological perspective.

    Openbank may sign agreements with enterprises operating in the following fields, with the possibility of new fields being added in the future: banking products, financial products, insurance products, pension and savings products, consumer products and services, and personal products and services.

    The provisions in sections a) and b) depend upon whether you have given us your authorisation, which in all cases you will be able to modify or withdraw at any time.

4. How long will Openbank store my data?

At Openbank we will process your data during the entire time you maintain a contractual relationship with us. Once that relationship has ended, we will store your personal data securely during the time periods established in each case by the applicable regulations: as a general rule, for 10 years once the obligations arising from your contract have ended, as we are required to do by the regulations on prevention of money laundering and financing of terrorism, and for up to 20 years based upon the regulations on mortgages. Once these legally required time periods have expired we will destroy your data.

All of this is done without prejudice to our obligation to comply with the legal limitation periods that may be derived from each of the contracts you have signed with Openbank.

Data from any applications or simulations that you begin to complete but that do not lead to contracting will be stored during a maximum period of 6 months, in order to avoid duplications in your procedures and in case any claims arise in relation to the use we have made of your data. We will then proceed to delete the data.

5. What recipients may Openbank disclose your data to?

Openbank will not share your personal data with any other entity without obtaining your express consent, unless we are legally required to do so.

However, at Openbank we collaborate with third-party service providers that may have access to your personal data, but they will be processing such data on our behalf, and at all times when doing so they will be following our instructions and using your data only to provide us with the services we have contracted with them.

Specifically, at Openbank we contract for provision of services with third-party service providers that carry out their activities in fields that include, without limitation, logistical services, legal consulting, private appraisal services, supplier authorisation services, multidisciplinary professional services companies, hosting companies, companies related to maintenance, technology services companies, IT services companies, physical security companies, instant messaging service providers, infrastructure management and maintenance companies, and call centre services companies.

In all cases, at Openbank we follow strict criteria for selection of our third-party service providers, in order to comply with our obligations on the subject of data protection, and we are committed to signing the corresponding data processing contracts with them. These contracts are used to impose upon them the following obligations, among others: to apply appropriate technical and organisational measures, to process personal data only for the agreed-upon purposes and only in response to our documented instructions, and to erase or return the data once the provision of services is completed. 

6. Do I need to keep my data up-to-date?

In order to allow us to communicate with you properly, we request that you should make sure that all data you provide for our databases is correct, complete, accurate, and fully up-to-date.

Thus, if any of the personal data you have provided to us changes, especially your postal address, email address, and contact phone numbers (landline and mobile), we ask you to notify us about this as soon as possible via one of the channels indicated in section 8.

In the event that you do not notify us about such changes, you acknowledge and agree that any communications sent by us to the postal address or email address, or to the contact telephone numbers appearing in our file systems are valid, binding, and fully effective.

7. Where can I find the legal terms and conditions for use of my data?

You can find the legal terms and conditions that apply to our use of your personal data both in this document and in the Data Protection Policy posted at our website www.openbank.es/privacy-cookies. We will notify you immediately about any possible modifications we need to make to these terms and conditions, at least by means of the website itself but also by means of a personalised message we will send to you within the private area after you login to access your customer profile.

8. What rights do I have after I provide my data?

Please note that you have and may exercise the following rights:

  • Right to access: you have the right to obtain confirmation about whether or not Openbank is processing personal data related to you, and if so, to gain access to such data.

  • Right to data portability: you have the right to receive a copy of the personal data you have provided to us, in a legible, structured, commonly used format, and also to request its transfer to another institution.

  • Right to rectification: you have the right to request rectification of any inaccurate data.

  • Right to erasure: you have the right to request erasure of your data when, among other reasons, they are no longer needed for the purposes for which you provided them to us.

  • Right to object​​​​​​​: under certain circumstances, you may object to the processing of your personal data. If you object, Openbank will stop processing the data, except for compelling legitimate reasons, or the exercise or defence of possible claims.

  • Right to restriction of processing​​​​​​​: under certain circumstances established in the data protection legislation in force, you may request restriction of the processing of your data.

  • Right not to be subject to solely automated decisions: in the event that you have authorised profiling and this is taking place through a solely automated process, you may request the intervention of one of our analysts, express your point of view, and contest any decisions made based on such profiling.

 You may exercise the rights described above via the following channels:

  • Website: from the “Personal Details” section of your customer profile.

  • Email: privacy@openbank.es.

  • Postal mail: "Open Bank S.A." Paseo de la Castellana 24, 28046, Madrid (Spain).

  • Branch: Paseo de la Castellana 134, 28046, Madrid (Spain).

  • Contact Centre: 900 22 32 42. Or when calling from abroad, on (+34) 91 276 21 54.

Finally, you may submit a claim to Openbank and/or to the Spanish Data Protection Agency (the Supervisory Authority competent on the subject of Data Protection), especially if you have not obtained satisfaction in the exercise of your rights, by writing to the address indicated above or through the website https://www.aepd.es.