Privacy Policy and Cookies Openbank
Clear Filters

Privacy and Cookie Policy

 

Last updated: 9 April 2021

At Open Bank, S.A. ("Openbank"), we use cookies on our website www.openbank.es/en and we want to tell you all about them.

1. What are cookies?

Cookies are files for storing and retrieving data that are downloaded onto the user’s devices when accessing our website and/or browsing it. They even contain a number that uniquely identifies your computer or mobile device, even if you change location or IP address.

2. What are cookies used for?

Cookies allow us to collect data that could identify you or your approximate location, the connection time, the device from which you access our website (fixed or mobile), the operating system and browser used, the most visited pages, the number of clicks, as well as data about your online behaviour.

In addition, in some cases, they store information about your browsing habits and preferences that will allow us to provide you with a better, more personal experience, and even show you advertising related to your preferences each time you visit our website.

They also allow us to collect data on usage patterns for our website in order to identify issues and make improvements, develop new products or services, and compile usage measurements or statistics

3. How are cookies enabled?

Cookies can be enabled in different ways, depending on their functionality. In some cases, when they are necessary for our website to work properly, they are installed during browsing and, in others, when your authorisation is required, they will be enabled when you give us your permission. You can modify this consent at any time through the various settings options described further on in this Cookie Policy.

Please note that you can access our website without all cookies being enabled (apart from technical cookies), but disabling them may prevent the website from working properly.

4. What types of cookies do we use?

Below, we explain the cookies you can find when browsing our website and what they are used for:

4.1. Technical Cookies

These cookies are necessary to facilitate proper browsing on our website and ensure that the content is effectively uploaded, in turn enabling the proper use of the various options or services that exist. In the Customer Area of the Openbank website, some of the technical cookies are also used to meet legal requirements, verify any products or services you take out or engage, and resolve technical errors during the contractual process. Our website cannot work properly without these cookies.

What are they and what do we use them for? You can see below:

Type

Cookie

Owner

Purpose

Duration

Own

__bgfpcchcc

Openbank

Security

Session

Own

__mousemovesnosession

Openbank

Fraud

Session

Own

_abck(Openbank)

Openbank

Security

Session

3rd

_gat

Google

Used to limit the percentage of requests.

1 minute

Own

bm_sz (Akamai CDN)

Akamai CDN

Improves performance by improving content delivery.

1 hour

Own

Bmuid (Akamai CDN)

Akamai CDN

Performance. Required for user browsing.

1 hour

Own

cdContextld (Openbank)

Openbank

Performance. Required for user browsing.

Session

Own

cdSNum

Openbank

Internal

1 year

Own

CONSENTMGR

Openbank

Required to know whether the user consents to cookies in the different categories in which they are classified.

90 days

Own

Ctm (Openbank)

Openbank

Performance. Required for user browsing.

1 year

Own

et_token (Openbank)

Openbank

Performance. Required for user browsing.

1 hour

3rd

JSESSIONID

New Relic

Session ID.

Session

Own

Ndcd (Openbank)

Openbank

Security

Session

Own

Ndsid (Openbank)

Openbank

Security

Session

Own

offlogToken (Openbank)

Openbank

Performance. Required for user browsing.

1 hour

Own

ok-cookiebite (Openbank)

Openbank

Performance. Required for user browsing.

1 year

Own tokenCredential (Openbank) Openbank Access to Customer Area. 1 hour
3rd ga (Google Analytics) Google Analytics This type of cookie is used for technical purposes in the Customer Area of the Openbank website in order to comply with legal requirements, verify the products and services you take out or engage, and resolve technical errors during the contractual process. In its technical role, this cookie will not be used for advertising or analytics purposes. 2 years
3rd Gid (Google Analytics) Google Analytics This type of cookie is used for technical purposes in the Customer Area of the Openbank website in order to comply with legal requirements, verify the products and services you take out or engage, and resolve technical errors during the contractual process. This cookie will not be used for advertising or analytics purposes. 1 day

4.2. Analytics Cookies
These cookies provide us with statistical information about the way you use our website, which allows us to make improvements. For example, if you have encountered technical problems when accessing certain pages, we can detect and improve this issue.

What are they and what do we use them for? You can see below:

Type

Cookie

Owner

Purpose

Duration

3rd

_fbp

Facebook

Used by Facebook to measure the candidate record and optimise this recruitment source.

3 months

3rd

_ga

Google

Used to identify users.

2 years

3rd

_ga (Google Analytics)

Google Analytics

To measure user browsing: pages visited, main interactions, etc.

2 years

3rd

_gaexp (Google Optimize)

Google Optimize

To generate A/B test to compare user behaviour between two versions of the same page.

4 months

3rd

_gat_tealium_0 (Taelium)

Tealium

Survey. This is a Google Analytics cookie used to limit the percentage of requests.

Session

3rd

_gid

Google

Used to differentiate between users.

2 years

3rd

_gid (Google Analytics)

Google Analytics

To measure user browsing: pages visited, main interactions, etc.

1 day

Own

cookie_policy (Openbank)

Openbank

To determine if the user accepts pop-up cookies.

6 months

Own

fpc_idPreaprob(Tealium)

Tealium

Survey. Source cookie to assist with analysis.

Session

Own

fpc_tipoUsuario(Tealium)

Tealium

Survey. Source cookie to assist with analysis.

Session

Own

fpc_org(Tealium)

Tealium

Survey. Source cookie to assist with analysis.

Session

3rd

gtm_auth(Google Optimize)

Google Optimize

To generate A/B test to compare user behaviour between two versions of the same page.

Session

3rd

gtm_debug(Google Optimize)

Google Optimize

To generate A/B test to compare user behaviour between two versions of the same page.

Session

3rd

gtm_experiment(Google Optimize)

Google Optimize

To generate A/B test to compare user behaviour between two versions of the same page.

Session

3rd

gtm_preview(Google Optimize)

Google Optimize

To generate A/B test to compare user behaviour between two versions of the same page.

Session
Own nameProduct Persistence Google Optimize Survey. Source cookie to assist with analysis. 1 year
Own utag_main(Tealium) Tealium Survey. Website administration via Tealium to serve analytics cookies. 1 year

4.3. Preference Cookies
Preference cookies allow us to record information that changes the way in which our website is shared, with the aim of offering you predetermined characteristics depending on the data gathered from your terminal, such as: language, browser type, locale through which you access.

What are they and what do we use them for? You can see below:

Type

Cookie

Owner

Purpose

Duration

Own

Language (Openbank)

Openbank

To know the language selected by the user.

Session

3rd

TLTSID

IBM

Active only during the duration of a browser session, used to group visits in a session. The end user can decide whether to allow this cookie.

Session

4.4. Behavioural advertising cookies

Behavioural advertising cookies collect information about your behaviour based on your browsing habits and allow us to more effectively manage advertising spaces by matching the content to your specific profile.

What are they and what do we use them for? You can see below:

Type

Cookie

Owner

Purpose

Duration

3rd

_fbp (Facebook)

Facebook

Subdomain index, timestamp, random number. Identifies browsers in order to provide site and advertising analysis services..

90 days

3rd

gcl_au (Google Analytics)

Google

Used by Google AdSense to test the efficiency of ads on websites that use their services.

2 months

3rd

pxhd (Idealista)

JAR

Security cookie used by one of the tools that prevents attacks on Idealista’s website (perimeterX).

247 days

3rd

DDMMUI-PROFILE (Google)

Google

Helps personalise advertisements in accordance with user preferences.

2 years

3rd

1P_JAR (Google)

JAR

It helps to personalise ads in Google’s properties, such as Google Search.

540 days

3rd

Act (Facebook)

Facebook

Analysis through user identification. .

1 year

3rd

ad-id (Amazon)

Amazon

Cookie ID that is stored for targeting. An internal binary format..

1 year

3rd

Ad-privacy (Amazon)

Amazon

Related to the opposition of cookies..

1 year

3rd

Aid (Google Ads)

Google

The ads displayed on the user's devices are coordinated and measured.

30 days

3rd

C_user (Facebook)

Facebook

Used in conjunction with the Xs cookie to authenticate the user’s identity on Facebook.

90 days

3rd

CONSENT (Google)

Google

JavaScript Plugin to notify the user about the use of cookies on the website.

1 year

3rd

Datr (Facebook)

Facebook

Browser identifier and timestamp. Identifies browsers for site and security purposes, including account recovery and account identification that may be at risk.

2 years

3rd

DSID (Google/DoubleClick)

Google

Display ad identity cookie.

1 year

3rd

Fr (Facebook)

Facebook

User and browser ID; timestamp; other data. This is Facebook's main advertising cookie. Used to offer, analyse and improve the relevance of ads.

90 days

3rd

HIPID (Idealista)

Idealista

Used by Idealista to direct part of the www.idealista.com traffic to specific machines.

3rd

IDE (DoubleClick)

Google

One of the main advertising cookies on non-Google sites, stored in browsers under the doubleclick.net domain.

2 years

3rd

NID (Google)

Google

Helps to personalise ads on Google’s properties, such as Google Search.

1 year

3rd

mo(Idealista)

Idealista

Used by Idealista to set the pixel.

Session

3rd

MORTSESSION (Idealista)

Idealista

Used by Idealista to set the pixel.

Session

3rd

OGPC (Google)

Google

Google uses these cookies to store your preferences and user information when viewing pages that contain Google Maps

2 years

3rd

Presence (Facebook)

Facebook

Functions and services of the site..

365 days

3rd

SAPISID (Google)

Google

Google API session cookies..

365 days

3rd

Sb (Facebook)

Facebook

Browser identifier and timestamp..

2 years

3rd

SID (Google)

Google

Helps to personalise ads on Google’s properties, such as Google Search.

1 year

3rd

Pl (Facebook)

Facebook

Used to record a device or browser logging in via the Facebook platform.

90 days

3rd

Presence (Facebook)

Facebook

Site Features and Services.

1 year

3rd

SAPISID (Google)

Google

Google API session cookies

1 year

3rd

Sb (Facebook)

Facebook

Browser ID and timestamp.

2 years

3rd

SID (Google)

Google

It helps to personalise ads in Google’s properties, such as Google Search.

1 year

3rd

Spin (Facebook)

Facebook

Contains session information.

1 year

3rd

SSID (Google)

Google

Analysis through user identification.

1 year

3rd

SSIDA (Google)

Google

Google uses these cookies to store user preferences and information when viewing pages containing Google Maps.

1 year

3rd

Test_cookie (Double_Click)

Google

Check if the user’s browser supports cookies.

Session

3rd

Wd (Facebook)

 

Facebook

Dimensions of the screen or windows. Allows you to offer the user an optimal display experience.

7 days

3rd

Xs (Facebook)

Facebook

Session ID, creation date, authentication value, secure session status, caching group ID. Used in conjunction with the c_user cookie to authenticate your identity on Facebook.

90 days

3rd

s_vi (Unidad Editorial)

Unidad Editorial

Inter-session identifier

2 years

3rd

MUID (Bing)

Bing

Inter-session identifier

1 year

5. How long are cookies enabled for?

Depending on the type of cookies, and what we tell you about each of them, cookies may remain active for a longer or shorter time.

For example, session cookies are designed to collect and store data while the user accesses a website. When the browser is closed or the session expires, these cookies disappear.

Persistent cookies, however, are still active when you leave the website and then revisit it. They will remain stored for the time indicated in each case, and you can delete them at any time.

6. Who processes or manages cookies?

Data collected by cookies may be managed by both Openbank and third parties. The explanation of each of the cookies found above indicates whether the cookies are our own (1st), or whether they are third-party (3rd).

As an example, you will see that the third-party cookies we use are those of Google Analytics, Google Inc., which allow Google to monitor on our behalf how visitors use our website, collect reports and help improve the website. For further information on how Google collects and processes data, visit www.policies.google.com/privacy?hl=en.

7. I have accepted cookies, but now I want to disable them. How can I do this?

You can easily and at any time reconsider your cookie preferences and even disable all categories of cookies except those technically necessary for the website to run properly, by clicking here.

 

Additionally, you may also accept, block, and delete cookies, and delete your browsing data, including cookies, at any time from your browser. To do this, you will need to access your browser settings options via the links below:

Firefox

Internet Explorer

Microsoft Edge

Safari

Chrome

You can also disable cookies in your browser by installing a plug-in or an opt-out system provided by some third parties who install cookies on our website:

Google Analytics

DoubleClick

Google (behavioural advertising) (requires Google log-in)

Please note that some features of our website content are only available if certain cookies can be installed in your browser. If you choose not to accept, or to block certain cookies, depending on their purpose, this may, in whole or in part, affect the normal operation of the website or prevent access to some of the services it offers.

8. Processing of personal data

We will use cookies to process personal data relating to you, for example when you are identified by a name, email or IP address.

Please find basic information on data processing below. More detailed information can be found at www.openbank.es/en/privacy-cookies.

8.1. Data Controller

Open Bank, S.A. Paseo de la Castellana 24, 28046, Madrid.

Contact the Data Protection Officer: privacy@openbank.es.

8.2. Purposes of processing and lawful basis

The purposes for which we process the personal data we obtain through cookies are indicated in section “4. What types of cookies do we use?”.

The use of technical cookies by Openbank is necessary to enable your browsing on our website. The legal basis for the use of other cookies is your consent, which you can manage by clicking here or as indicated in section “7. I have accepted cookies but I now want to deactivate them. How do I do this?”.

 

8.3. Recipients

• At Openbank we collaborate with third-party providers who may have access to your data to provide us with services which are always under contract, who will process the data in our name and on our behalf, following our instructions at all times, such as for example, Google and Tealium.

• We make international transfers of your data, only under some of the above-mentioned service provisions, both to countries that provide an adequate level of protection, comparable to that of the European Union, as well as to countries that do not benefit from this level of protection. In the latter case, you do not have to worry. Openbank uses mechanisms established by regulations to comply with all guarantees, such as standard contractual clauses or certification mechanisms. You will be able to view the international transfers of data we carry out here, or by writing to privacy@openbank.es.

Furthermore, in relation to third-party cookies, we remind you that they are either sent from a domain not managed by Openbank, by the relevant third party, or from our domain, but the information collected is handled by that third party. You will be able to learn about any communications that third parties make, including international data transfers, if applicable, in their respective cookie policies.

8.4. Retention periods

Your data will be processed for the periods indicated in section “4. What types of cookies do we use?”, while your usage authorisations remain in effect.

We will subsequently retain the data, duly blocked, for the legally established prescriptive periods for the actions arising from such authorisation, for any claim concerning our use of your data. After these periods, we will proceed to destroy the data.

8.5. Data protection rights

We inform you that you have and may exercise the following rights: access, portability, rectification, erasure, opposition, restriction of processing, the right not to be subject to a decision based solely on automated processing. You can access more information about your rights at https://www.openbank.es/en/privacy-cookies.

9. Changes to the Cookie Policy

Openbank is committed to maintaining this Cookie Policy updated in order to collect any new information available in connection with the cookies we use. For this reason, it is important that you regularly spend time reading and making sure you understand it. For any relevant modification that we need to make, we will notify you in advance, at least through our website so that you have the opportunity to be properly informed at all times.

10. Do you have any questions?

If you have any questions about the Cookie Policy on our website, you may contact us by writing to Paseo de la Castellana 24, 28046, Madrid, or by emailing privacy@openbank.es.

Last updated: 29 October 2020

At Open Bank, S.A., the privacy of our customers, potential customers, former customers and others whose data we process as a result of the relationship we have with our customers is an issue that we take very seriously. This Privacy Policy provides in-depth and easy-to-understand information about the personal data we process, as well as their origin, how we will use them and the lawful basis applicable to each of the reported uses. We also provide in-depth information about your rights and explain how you can exercise them. Please take a few minutes to fully read and understand its contents. If you have any questions, please contact our Data Protection Officer, whose contact details you will find below.

1. Who is responsible for processing my data?

«Open Bank, S.A.» (hereinafter, «Openbank»). Paseo de la Castellana 24, 28046, Madrid.
Contact the Data Protection Officer: privacy@openbank.es.

2. What personal data does Openbank process?

Your personal data that we collect and process to provide our services include: identification and contact data; financial and socioeconomic data; place of residence; data relating to your geolocation; personal, professional and commercial profile; image, voice and recordings of calls, video calls or electronic conversations we have with you; biometric data; IP address; data generated while browsing our website or mobile applications; and data we obtain from the use of terminals such as mobile devices, POS terminals or ATMs.

When you register as a customer with us, we also collect and incorporate into our database additional information about your creditworthiness, income level and consumption habits, either because you have provided it yourself or because it has been generated within the framework of the contractual relationship you have with us.

Please note that we sometimes obtain data about you from external sources in order to prevent fraud, to comply with the legal obligations to which we are subject, and to improve and personalise your customer experience.

Sometimes, we also process inferred data specifically about you, which we deduce and/or obtain from data you have previously provided (e.g., when we create profiles).

3. For what purpose does Openbank process my personal data and what is the legitimate basis for this?

Openbank processes your data for the following purposes and based on the following legitimate basis:

a) For the proper performance of the contract:

Managing my registration as a customer and providing Openbank services

If your application is accepted, we will use your data to process your registration as an Openbank customer and for the timely development and management of the contractual relationship we have with you, as well as to contact you with regard to the management of your registration or in relation to the compliance and performance of the contractual relationship with you once you are a customer.

In addition, we will store your identification document (including your image) and, if necessary, display it by any means, formats and media, for the sole purpose of verifying your identity when necessary to comply with the contract signed with you and to meet legal requirements.

During your registration process we can also consult the credit information databases managed by Asnef-Equifax Servicios de Información sobre Solvencia y Crédito, S.L. (ASNEF file) and Experian Bureau de Crédito, S.A. (BADEXCUG file), complying with the procedures, rights and guarantees established at all times by current legislation. On the basis of this analysis, we will assess your ability to meet the obligations associated with the opening of your bank account and avoid situations that could be detrimental to us, such as a possible overdraft. Please note that, as a result of this inquiry, we may approve or deny your registration. In the event that we deny your registration, you will be immediately informed.

The data that we indicate in the registration form as "required" are necessary for the proper performance of the contractual relationship with Openbank. As such, failure to provide them will prevent us from being able to accept your application to register as a customer and, in turn, provide you with our services.

Maintaining the relationship

We will process your personal data to issue and manage the operations you perform and to send you all the information you request.

In addition, throughout your contractual relationship with Openbank, there may be situations in which we record your voice and/or image and electronic conversations we have with you. In such situations — which we will inform you of previously and expressly when they occur — we will keep the telephone and/or electronic conversation for a dual purpose: both to audit the quality of the service internally and to use the recording as evidence — in court or in out-of-court proceedings — if necessary.

Categorising transactions

We may categorise your bank account transactions or the information we access through the Financial Aggregator into representative spending categories (e.g., education, restaurants, supermarkets, entertainment). We will process these data as part of the management of our contractual relationship with you in order to provide you with information that will allow you to manage and monitor your finances more easily.

Furthermore, depending on the product you apply for, Openbank must process additional information for the proper performance of the relationship:

If you apply for an Asset Product, such as a MORTGAGE / LOAN / CREDIT CARD / OVERDRAFT PROTECTION:

Openbank will process (i) information you provide us with, (ii) information we obtain by consulting the internal and external files detailed above, (iii) or information we obtain from your interactions with our website/app to manage and analyse your application, verifying and evaluating for this purpose your solvency and credit risk, which we explain in more detail at the end of this section. This will allow us to evaluate your application and approve or reject it, according to the risk criteria we have established at all times, in order to comply with and and perform the contractual relationship arising from the new Asset Product that you take out and in accordance with our sectoral regulations. We will not be able to process your application without conducting this analysis. This processing will be carried out in compliance with current regulations on consumer credit, mortgage financing or other applicable regulations, as well as our internal risk criteria established at all times.

On the other hand, if the product you are applying for is a mortgage, Openbank will send your data to the appraisal firm, the corresponding Notary and the Property Registry.

We may have obtained your data through a real estate credit intermediary, if in fact you had resorted to the services offered by this type of organisation to receive advice on the mortgages that best suit your circumstances and begin the procedures prior to applying for a mortgage with us. In any case, we will make sure that you are informed by the aforementioned organisation regarding the transfer of your data to Openbank. The financial intermediary itself will inform you through its website about the data processing it performs.

Likewise, if you are simply assessing the possibility of taking out a mortgage with us and you run a simulation for this purpose on our website/app, we will use the data you provide to calculate your repayment and send it to you by e-mail if you wish, so that you can retrieve the simulation at a later date on our website/app. We will keep the data exclusively to identify you in case you need some time to think about it and contact us again after a few days. This will allow us to assist you faster and avoid the duplication of processes.

Likewise, if you apply for a credit card, in some cases it may include insurance, in which case your data may be transferred to the corresponding insurance company.

Analysis of creditwortiness and credit risk when applying for an Asset Product:

Openbank has established an automated risk assessment system that creates and analyses customer profiles. This means that when you request the Asset Product and enter your data into the system, we perform — based on the information we have about you — an automatic analysis to assess whether or not we can grant you the Product.

Specifically, for the proper performance of the contractual relationship, when you apply for an Asset Product, such as a credit card, certain types of loans or overdraft protection, and for the evaluation of your risk level and your capacity to pay the amounts you may agree to, we will verify and profile your data against the behaviour and risk models we have designed at Openbank.

On the one hand, we will perform this evaluation based on the information we have about you from internal sources, such as:

       (i) The information you provide us with directly, either at the time of your registration as a customer or throughout
       de your contractual relationship with Openbank.
       (ii) Information arising from our contractual relationship with you.
       (iii) The information we obtain from your interactions on our website/app.

We may also consult external sources, complying with the procedures, rights and guarantees established at all times by current legislation, such as:

       (i) Credit information databases managed by Asnef-Equifax Servicios de Información sobre Solvencia y Crédito, S.L. (ASNEF
       Database) and Experian Bureau de Crédito, S.A. BADEXCUG Database).
       (ii) Central de Información de Riesgos del Banco de España (Central Risk Database of the Bank of Spain, "CIRBE").
       (iii) Public administration bodies such as the Ministry of Finance.
       (iv) Public registries such as the National Institute of Statistics, the Trade Registry, the Property Registry and the Cadastre.
       (v) Information obtained from utility companies.
       (vi) Sources accessible to the public, such as the electoral register, lists of people belonging to professional groups, newspapers and
       official gazettes, open social networks or the Internet.

This analysis of your creditworthiness, through which we will assess your ability to take on the debts that you are requesting or possible debts, will be performed by making automated decisions according to our behaviour models. Please note that as a result of this risk study, we may approve, modify or refuse your application for the product or, failing that, condition its effective term on the provision of a payment guarantee, all based on the risk we detect and the credit rating resulting from the analysis of such information. In the event that we deny your application because of the result of such inquiries and/or analysis, you will be immediately informed of this decision and will be able to make any arguments you deem appropriate.

Please note that Openbank performs periodic revisions of this system to avoid any possible mismatch, error or inaccuracy in the evaluation. Notwithstanding the above, if you are not satisfied with the result of the evaluation, you may challenge it by providing the information you consider appropriate to refute the decision taken and request the personal intervention of one of our analysts.

If I apply for a Liability Product, such as a PAYROLL ACCOUNT / CURRENT ACCOUNT / SAVINGS ACCOUNT / DEPOSIT:

Openbank will process the information you provide to us or, if applicable, that which we obtain from your interactions on our website/app to process your application, in order to comply with and perform the contractual relationship arising from the new Liability Product that you take out in accordance with our sectoral regulations.

These pre-contractual measures are necessary to manage and make decisions regarding the request you have made, and for this reason you must provide us with all the data indicated on the form as "required". Otherwise, it will not be possible to take out the product you have applied for./span>

If I apply to use a Payment Method, such as a DEBIT CARD / PREPAID CARD / BIZUM (INSTANT PAYMENT) / MOBILE PAYMENT APPS / FINANCIAL AGGREGATOR / PASSWORD MANAGER DATABANK:

Openbank will process the information you provide or, if applicable, that which we obtain from your interactions on our website/app, in order to manage your request and comply with the contractual relationship arising from the new Payment Method that you apply for in accordance with our sectoral regulations. We will also process any information you have given us on previous occasions that we have on file.

Additionally, certain mobile applications available for payments may require you to accept the terms and conditions of Openbank and/or the corresponding service provider before you begin using them. In these terms, we will inform you about how your personal data will be processed in each of these services.

These pre-contractual measures are necessary in order to manage and make decisions regarding the request you have made. If you do not provide the necessary information, it will not be possible to take out the product or arrange the service you have applied for.

If I apply for a PRODUCT ON BEHALF OF A MINOR, such as a prepaid card, a savings account, or registration in the "Open Young" application:

Openbank will process the information you provide to manage your application and comply with the contractual relationship. Please note that when processing the data of a minor, we will need to ensure that you are his/her parent or legal representative for the application and maintenance of such products (prepaid card, savings account or registration in the "Open Young" application).

You can obtain more information in Protection of Minors' Personal Data and their Rights here.

These pre-contractual measures are necessary in order to manage and make decisions regarding the request you have made. If you do not provide the necessary information, it will not be possible to take out the product or arrange the service you have applied for.

If I apply for an Investment Product, such as SHARES / INVESTMENT FUND / WARRANTS / PENSION PLANS / ETFS / SECURITIES ACCOUNT / MODEL PORTFOLIO / AUTOMATED INVESTMENT SERVICE:

Openbank will process the information you provide or that which we obtain from your interactions on our website/app to process your application, in order to comply with and perform the contractual relationship arising from the new Investment Product that you take out in accordance with our sectoral regulations.

Depending on the product and investment service you have applied for, we may approve or deny the application in accordance with current regulations.

If you wish to subscribe to a mutual fund or sign up to a pension plan, as distributors of the fund or plan, where appropriate, we will need to send your details to the corresponding asset manager and depository, where applicable, in order to be able to subscribe, purchase and/or manage it. Likewise, if you request a transfer from Openbank to another bank, your data must be transferred to the destination bank in order to mobilise your balance and vested rights.

Likewise, in order to determine the appropriateness or suitability in your application for investment services or products, we will process the information you provide to define your investor profile, taking into account your knowledge and experience in financial instruments, investment goals and financial situation.

These measures are necessary to manage and make decisions regarding your request, and for this reason you will need to provide us with all required information. Otherwise, it will not be possible to take out the product.

If I apply for an INSURANCE Product:

Openbank will process the information you provide or that which we obtain from your interactions on our website/app to process your application, in order to comply with and perform the contractual relationship arising from the new Insurance Product that you take out in accordance with our sectoral regulations.

Depending on the insurance product you apply for, we will inform you, in each case and individually, about all the legal aspects of the processing, for example, how your data will be used and what third parties might be involved in the application process. Specifically, as Openbank acts as an insurance broker, in order to comply with the aforementioned purposes, we will have to disclose certain data to the insurance companies with which you take out the products, which will be responsible for processing the data.

These pre-contractual measures are necessary to manage and make decisions regarding the request you have made, and for this reason you must provide us with all the data indicated on the form as "required". Otherwise, it will not be possible to take out the product you have applied for.

If I make a CHARITY DONATION:

Openbank provides two methods for you to make charity donations: solidarity transfers and our solidarity debit card.

Whenever you make use of these services, we will process the data you provide in order to comply with and perform the contractual relationship, as indicated above, respectively, in the sections relating to the application for Liability Products (in relation to solidarity transfers) and Payment Methods (in relation to solidarity debit cards).

In addition, when you apply for a solidarity card, we will provide some of your personal data to the NGOs/Foundations so that we manage your donations and so that they can issue the annual donation certificate, if possible.

b) Based on Openbank’s legitimate interest:

At Openbank, and based on our legitimate interest, we can carry out the processing described below, respecting your privacy and your rights at all times. In any case, you can always exercise your right to oppose such processing as described below in this document.

Sending marketing about Openbank products and services or benefits associated with such products and services, adapted to my profile based on information obtained from internal sources

As an Openbank customer, we want to keep you updated on our products and services, but we do not want to bother you with messages or information that are not of interest to you. For this reason, we will send you the information that may of interest to you based on your customer profile and consumption habits.

Specifically, in order to make the most of your financial situation, we may send you marketing about Openbank products and services similar to those you have taken out and about benefits associated with such products and services (for example, the application of a discount for being a credit card holder and making certain purchases), adapted to your profile, interests and needs (by post, phone, SMS, instant messaging applications, email, web push, pop-up or any other electronic or telematic means available at any time), and inform you about loyalty programmes and prize draws, all while you are a customer.

Bear in mind that in this case we do not require your consent to send you this type of marketing, since we are entitled to send it to you as long as they relate to Openbank products and services similar to those you have taken out, or to benefits associated with such products and services, while you are an Openbank customer. However, you can exercise your rights at any time, as indicated in the section "What are my rights when I provide my data?".

For the personalisation of the aforementioned marketing, and based on the legitimate interest recognised by the European General Data Protection Regulation, we will process the information in our own sources in order to create profiles generated on the basis of common patterns of behaviour.

To avoid bothering you and to comply at all times with the provisions of the law, prior to the processing of your data for marketing purposes, we will consult the advertising exclusion databases (Robinson Lists) included in the list published by the Spanish Data Protection Agency to verify that you are not included on one of them in cases where such inquiry is legally required.

Personalised advertising on Openbank’s private website

When you log in to your Customer Area on our website, we will show you advertising about features, products and services that may be of interest to you. You can opt of this type of personalised advertising, following the instructions in the section "What are my rights when I provide my data", though bear in mind that you will continue to receive generic ads that will not be based on your interests or preferences.

Sending information about relevant products and services through social media

If you are registered on any social network, we can use it to show you ads directed to you specifically regarding Openbank products or services that are similar to those you have already taken out with us and that may be of interest to you. Of course, we will not bother you with information about the products and services you have already taken out.

In order to carry out these actions, we will use tools that social networks have developed specifically for this purpose (such as, for example, Facebook Custom Audiences) and which allow them to check whether, in addition to being our customer, you have an open profile with them. To do this, we will need to share your contact details with social networks (mainly your telephone number and your e-mail address). The social networks themselves will provide you, in their privacy policies, with information on how they process your data using these tools.

We also advertise on social networks or online tools according to users' interests; therefore, if you are a user of a social network and are classified as being in the audience we select, you could receive advertising from Openbank. Bear in mind that, in these cases, to stop receiving this advertising, you must contact the social network in question.

Creditworthiness and credit risk analysis to offer me an Asset Product, based on information obtained from internal sources

As indicated above, we have an automated system for risk assessment and the creation and analysis of customer profiles.

We may also use this system to assess the level of risk and creditworthiness with regard to customers who have not applied for any Asset Product, precisely in order to make these Products available to them, such as a loan.

To this end, we will profile our customers' data against the behaviour and risk models previously designed by Openbank, and make automated decisions on this basis.

We will carry out this assessment based only on the information we have about you from internal sources, such as:

       (i) The information you provide us with directly, either at the time of your registration as a customer or throughout your
       contractual relationship with Openbank.
       (ii) Information arising from our contractual relationship with you.
       (iii) The information we obtain from your interactions on our website/app.

Design and training of risk models

At Openbank, we want to offer the best possible customer experience. In order to do so, it is important that we have a solid understanding of the needs of financial and banking products and services, the creditworthiness and consumption habits of our customers. To this end, and based on our legitimate interest in designing, creating and offering innovative and efficient financial and banking products and services, we process our customers' personal data to design and train algorithms that allow us to create different behaviour and risk models. To design and train our behaviour and risk models, we use pseudonymised personal and financial information from our own and external sources such as:

       (i) Information we have about you derived from the documentation you have provided;
       (ii) Information appearing in Openbank’s files related to your behaviour during operations contracted with us;
       (iii) Information held in files related to creditworthiness, credit information or fraud to which we have access, such as the
       ASNEF Database, the BADEXCUG Database, CONFIRMA or CIRBE.

Although your personal data will be used to design and train our behaviour and risk models, this will not have any individual legal consequences for you.

We will be able to use these behaviour and risk models to subsequently compare our customer database against them, to profile our customers, both for marketing purposes (sending advertising) and to analyse and assess their level of risk and creditworthiness. We provide further information about such processing and its corresponding legitimisation in other sections of this document.

Reporting non-payment to credit information databases

In the event of any non-payment on your part during your contractual relationship with Openbank, this may be notified to credit information databases, specifically to:

       (i) Asnef-Equifax Servicios de Información sobre Solvencia y Crédito, S.L., responsible for the management of the ASNEF database. You can access additional information on data processing by this company by visiting their website.
       (ii) Experian Bureau de Crédito, S.A., responsible for managing the BADEXCUG filing system. You can access additional information on data processing by this company by visiting their
website.

Such disclosures shall comply with the procedures, rights and guarantees established and recognised at all times by the legislation in force.

All of the above will be carried out in Openbank's legitimate interest, as we must prevent and adequately control situations of non-payment and in the legitimate right of third party financial institutions to be informed of any non-payment when processing new financing applications.

Detection of potential attempted fraud

At Openbank, we have an obligation to prevent fraud and protect you and the rest of our customers against possible fraudulent and criminal behaviour, such as identity theft, the counterfeting of cards, or password theft.

We will process your data for these purposes, including data you have provided directly to us and data relating to your location, patterns of behaviour, or data we obtain from specialised external sources, such as fraud prevention agencies.

Specifically:

       (i) We may consult your data in our own internal sources, with the aim of preventing and detecting possible fraud situations (such as improper access to customers' personal information, possible identity theft or any situation that could be interpreted as fraudulent or undesired use of the account) in order to protect our customers' interests. If any attempt at fraud is detected, except where there is public interest, we will inform you, review the available information and, if necessary, request additional information. Likewise, as a precautionary measure, and until we perform the appropriate checks, any decision, whether automated or otherwise, will be put on hold.

       (ii) In Openbank's legitimate interest, and in keeping with our duty to ensure adequate risk control and avoid possible fraud attempts, we share some of your personal data with third parties who help us detect and prevent possible fraud attempts, complying with and respecting the procedures, rights and guarantees established and recognised at all times by the legislation in force. Information we share with these third parties includes some of the information you provide when you register as a customer, such as your email address, as well as information related to your browsing, such as the IP address of your device. One of the third parties we use to help us detect and prevent fraudulent transactions is Emailage Limited, which is based in the UK. Emailage is also responsible for the processing of your personal data and will use it for the purposes set out in its privacy policy https://emailage.com/en/privacy-policy/. You can exercise your data protection rights in relation to Emailage at privacy@emailage.com.

       (iii) (iii) Furthermore, and also with the aim of detecting and preventing possible fraud attempts, Openbank contributes to the CONFIRMA Database, according to which we are required to inform you of the following: “Applicants are informed that their data included in this application will be submitted to the CONFIRMA database, which is designed to prevent fraud. The legal basis for the processing of personal data is the legitimate interest of the controller in preventing fraud (Recital 47 GDPR). The maximum period for retaining data is two years.
The parties responsible for such processing are the signatories of the CONFIRMA Database Regulations, and the data processor is Confirma Sistemas de Información, S.L., with address at Avda. de la Industria 18, Tres Cantos, 28760, Madrid. Applicants may consult the list of signatories of the CONFIRMA Database Regulations on the website www.confirmasistemas.es. The CONFIRMA database is open to signatories of its regulations that in their field of activity may be subject to fraud.
The data reported to the CONFIRMA Database may be transferred to signatories of the corresponding Regulations. No transfer of data to a third-party country or international organisation is envisaged.
In accordance with current data protection regulations, the signatories may exercise their rights of access, rectification, erasure, limitation of processing or opposition by contacting the data processor, CONFIRMA SISTEMAS DE INFORMACIÓN, S.L., at the above address. Signatories may also exercise their right to lodge a complaint with the Supervisory Authority.
Confirma Sistemas de Información, S.L. has appointed a Data Protection Officer, whose email address is dpo@confirmasistemas.es.

Pseudonymisation of my personal data

We will also perform pseudonymisation techniques on your data, which will mean that the data resulting from this process cannot be attributed to you, i.e. we will not be able to identify you with the information we process, unless we use additional information and procedures to do so. The purpose of these procedures is simply to use pseudonymised information, based on Openbank's legitimate interest, for statistical purposes and behavioural modelling.

Surveys and market studies

In order to meet your expectations and increase your degree of satisfaction and experience as a customer, and based on our interest in improving our products and services, Openbank will process the personal data associated with the use of the products and services you have taken out to carry out surveys, market studies or internal statistics and to prepare commercial reports.

Management and improvement of the social media experience

When you use our social networking channels, such as Facebook, Twitter or Instagram, we may process your data using specialised tools, in order to speed up the response to your queries and improve your experience.

Sending notifications via the Openbank website and app

Through the notification feature of our app and our website, we will be able to notify you about certain circumstances that occur with the products and services you have taken out with Openbank, based on our legitimate interest and in order to improve the services we provide. For example, if you hold one of our cards, we may send you notifications every time you use it for security purposes and so that you can check your spending and be alerted when a purchase is rejected.

You can activate/deactivate and even configure some of the notifications to your liking by adjusting the settings in the "Notifications" section of the app's main menu, or in the "Notifications" section of your Customer Area on our website.

Resuming applications or contracts that I have initiated and that are pending

If you have not completed your application to register as a customer or the process to take out or arrange any of our products or services, we will be able to contact you for a reasonable period of time using the information you have provided, in order to remind you that you have not completed the process and to inform you of the steps you must follow if you wish to complete it, as well as to detect any technical incidents that may be occurring.

Communication with the company I represent or in my capacity as a self-employed person

If you represent a legal entity (such as a company or association) which is a customer of Openbank or is interested in taking out or arranging any of our products or services, we will process your contact details as well as those relating to the position you hold and, in general, the details necessary for your professional location, on the basis of our legitimate interest. We need to use this data to be able to communicate and maintain the contractual relationship with the legal entity you represent.

If you are self-employed or a self-employed professional and work on a freelance basis, we will also process your data to manage your registration as a customer, provide you with our services and maintain the relationship with you as a professional. Under no circumstances will we use your information to establish a relationship with you at an individual level.

c) In compliance with Openbank's legal obligations:

At Openbank, we must comply with certain legal obligations in order to manage your products/services or those you apply for and take out, such as:

Prevention of money laundering and financing of terrorism

In accordance with Law 10/2010 on the Prevention of Money Laundering and the Financing of Terrorism, we will process your data, among others, for the following purposes:

       (i) Declaring monthly, to the Financial Holdings Database, the identification data of our customers and authorised holders regarding the date of opening or cancellation of current accounts, savings accounts, securities accounts and term deposits. The above data will therefore form part of this database, which is managed by the Secretariat of State for the Economy and Business Support.
       (ii) Providing information on payment transactions to the authorities or official bodies of other countries, both inside and outside the European Union, in the context of the fight against the financing of terrorism and serious organised crime and prevention of money laundering. Financial institutions are also generally required to adopt appropriate measures for the prevention, investigation and detection of fraud.
       (iii) Verifying the accuracy of the information and documents you provide us with in order to be informed about the nature of your professional or business activity and providing this information to the authorities or official bodies of other countries, located both inside and outside the European Union, in the framework of the fight against the financing of terrorism and serious forms of organised crime and the prevention of money laundering.

Information to CIRBE [Bank of Spain Central Credit Register]

In accordance with Law 44/2002 on the Reform of the Financial System, Openbank must inform CIRBE of the risks involved in your operations, their recoverability and, where applicable, any breach of contract on your part.

Reporting of information to AEAT

We must report certain information about your tax residence and accounts to the State Tax Administration Agency (hereinafter, the "AEAT"), which we may in turn have to send to the competent tax authorities of other countries in compliance with the regulations on automatic exchange of tax information (Foreign Account Tax Compliance Act - FATCA - passed by the United States of America, and Common Reporting Standard - CRS - passed by the OECD).

Reporting of information to other Group companies for the prevention of financial crime

Openbank will send customer data to other companies of the Santander Group, of which we are a subsidiary, together with any relevant information on operations that enable these companies to comply with (i) the Group's internal regulations on the prevention of financial crime, (ii) their legal obligations to prevent money laundering and the financing of terrorism and (iii) regulatory reporting to the supervisory authorities.

The processing of data derived from legal obligations to which we are subject at Openbank will continue to be carried out even after the contractual relationship with you has ended, for as long as we are legally required to do so.

d) Upon obtaining my consent:

At Openbank, we can carry out the following processing as long as you have given us your consent which, in any case, you can modify or withdraw at any time.

Video call ID and retention of the recording

At Openbank, we are required, under anti-money laundering and anti-terrorist financing regulations, to identify you reliably with a valid identity document and to retain certain information contained in that document.

In order to identify you in a more convenient and simple way, we provide you with a procedure that allows us to identify you using a video call assisted by an agent. You will also have the option of making an unassisted, agent-free call, in which case we will use facial recognition techniques involving biometric data processing on your image. If you opt for video call identification (either assisted or unassisted), we will need your prior consent in order to carry it out, record it and keep the recording. This information may be accessed by various bodies when legally required.

Alternatively, if you prefer, you can confirm your identity through other available means, such as providing us with your account number at another bank.

Sending of marketing messages

       (i) Marketing messages on Openbank products and services adapted to my profile and based on external sources

If you authorise us to do so, Openbank may send you marketing messages about our own products and services adapted to your interests and needs (by post, telephone, SMS, instant messaging applications, social networks, e-mail, web push, pop-up or any other electronic or telematic means available at any time), personalised on the basis of your behaviour and risk profile, which we may prepare using information obtained both from our own internal sources and from third parties (such as ASNEF, EXPERIAN) and browsing and/or Internet data.
In order to send you marketing and commercial offers in line with your creditworthiness and risk profile, we will consult your credit history in the different operations you have carried out with us, in addition to analysing your behaviour in the operations currently in force and those completed in the last six (6) years.

       (ii) Marketing messages on products and services from partners adapted to my profile and based on external sources

At Openbank, depending on the type of authorisation you have accepted, we may send you, by any means (post, telephone, SMS, instant messaging applications, social networks, e-mail, web push, pop up or any other electronic or telematic means available at any time) commercial communications on products or services of other companies with which we may sign collaboration agreements, adapted to your interests and needs, or personalised based on your profile prepared with information obtained both from our internal sources, and from third parties (such as ASNEF, EXPERIAN, or CIRBE) and browsing data and/or from the Internet.
We indicate the different sectors of the companies with which we can sign agreements, without this limiting the inclusion of new sectors in the future: insurance, travel agencies, passenger transport, telephone and Internet communications, health services, beauty treatments, newspapers and magazines, toys, food, catering, textiles, shoes, perfumes, jewellery, books and records, education, sports articles, household goods, cars and accessories, motorbikes and accessories, petrol stations, furniture, household appliances, electronics, computers, hotels, department stores, leisure parks, zoos, museums, entertainment, electricity, gas, travel articles, subscription television, security services, opticians, DIY, musical instruments, photography, air conditioning, sanitation, gardening, swimming pools and general home improvement.

Dealing with me through the website/app if I am not yet an Openbank customer

On our website/app there are different forms that users who are not yet Openbank customers can fill out voluntarily if they are interested in our products or services, want to send us any specific question they may have about Openbank or our operations or even carry out simulations of our products.

Users have the possibility of receiving the requested information by e-mail, but they can also ask us to contact them by telephone by filling in the form specifically provided for this purpose.

We will process users' data, as the case may be, in order to provide them with the requested information, answer their queries and requests by the means they have indicated to us, acknowledge receipt of the requests and follow up on them.

In these cases, by filling in and sending the corresponding form, users give us their consent to carry out the data processing described in this document.

4. Which stakeholders are affected by this Policy?

Through this Policy we regulate the processing by Openbank of the personal data of various categories of stakeholders. Specifically, the Policy covers the processing of the data of (i) current customers, (ii) pre-customers, (iii) potential customers, (iv) former customers, and (v) other third parties whose data we may process at Openbank as a result of the relationship we have with our customers, such as guarantors, proxies, legal representatives and contact persons of customers who are legal entities.

5. How long will Openbank keep my data for?

At Openbank, we will process your data as long as they are necessary for the purpose for which they were collected and, subsequently, we will keep them blocked during the legally established retention periods or statutory limitation periods. After these periods, we will proceed to destroy the data.

In particular, if you are a customer, we will process your data for as long as you maintain the contractual relationship with us. Once this relationship has ended, as a general rule we will keep your personal data blocked for 10 years, until the obligations deriving from the contract have expired, as required by the regulations for the prevention of money laundering. Where applicable, we will also abide by statutory limitation periods depending on the specific contracts you enter into with Openbank (e.g. up to 21 years under the mortgage regulations, or even indefinitely with regard to actions that are not time-barred under the terms and conditions of the contract). Once the above-mentioned legal deadlines have passed, we will proceed to destroy your data if necessary.

For applications or simulations that you carry out that do not end in a contract, we will keep your data for as long as we deem reasonable, to avoid duplicating your steps and in case we have to face any claim for any use of your data. We will then proceed to destroy the data.

6. Who could Openbank share my information with?

       (i) We will send your personal data to public authorities, official bodies or banking oversight and supervisory entities and competent tax authorities that require it, in order to comply with the regulations that are applicable at any time in the banking and financial sector, regulations for the prevention of money laundering and financing of terrorism and legislation on consumer protection.
       (ii) In the event of non-payment, we will send the data to creditworthiness databases (ASNEF database and BADEXCUG database), complying with the procedures and guarantees established at all times and recognised by current legislation.
       (iii) We will share your data companies belonging to the Santander Group, in order to comply with their internal regulations on the prevention of financial crime, their legal obligations to prevent money laundering and regulatory reporting to the supervisory authorities.
       (iv) When you take out or arrange certain products or services (e.g. funds, pension plans, insurance) we will send your data to third-party partners for the correct provision of service (e.g. asset managers, product depositories, insurance companies).
       (v) We will report your data to Notaries when their intervention is necessary, in case the service you have requested has to be formalised with their participation.
       (vi) Your data will also be passed on to appraisal companies, when their intervention is necessary, in order to manage the appraisal request and draw up the corresponding appraisal report.
       (vii) We will forward your data to public registries (e.g. the Property Registry) when the corresponding guarantees are to be registered.
       (viii) Similarly, at Openbank we have the collaboration of third-party service providers who may have access to your personal data, but who will process them in our name and on our behalf, following our instructions at all times, and always in order to provide us with the services that we may have engaged from them in each case.
Specifically, Openbank engages services from third-party providers who carry out their activity in, amongst others, the following sectors: logistics services, legal advice, private valuation/appraisal services, supplier approval, multidisciplinary professional services companies, hosting companies, maintenance-related companies, technology service providers, IT service providers, physical security companies, instant messaging service providers, infrastructure management and maintenance companies and call centre services companies.
In any case, Openbank follows strict criteria for the selection of third-party service providers in order to comply with our data protection obligations, and we undertake to enter into the corresponding data processing contract with them, imposing, inter alia, the following obligations: to implement appropriate technical and organisational measures, to process personal data for the agreed purposes and in accordance with our documented instructions only, and to delete or return the data to us upon completion of the services.
       (ix) We transfer your data internationally only within the framework of some of the above-mentioned services by third-party providers. The purpose of these will always be the maintenance and management of the contractual relationship you have with us. These transfers are made both to countries that offer an adequate level of protection, comparable to that of the European Union and to countries without such a level. In the latter case, you do not have to worry. Openbank uses various mechanisms established by regulations to comply with all guarantees when dealing with your personal data, such as standard contractual clauses or certification mechanisms. You can consult any international data transfers that we perform either directly or by subcontracting some of our suppliers here, or by contacting privacy@openbank.es.

7. How does Openbank obtain my personal data?

To process the abovementioned data, we use data about you that we obtain through the internal and/or external sources listed below, complying with the procedures, rights and guarantees established at all times by current legislation:

       (i) Information you provide when you take out and hold products and/or services with us, either directly or indirectly.
       (ii) Information we infer from data you have previously provided.
       (iii) Public Administration bodies, such as the Ministry of Finance, the General Treasury of Social Security and the State Tax Administration Agency.
       (iv) Public registries, such as the National Institute of Statistics, the Trade Registry, the Property Registry and the Cadastre.
       (v) Common creditworthiness file (ASNEF database and BADEXCUG database) and CIRBE.
       (vi) Databases on fraudulent data detection (e.g. CONFIRMA).
       (vii) Sources accessible to the public, such as official journals and gazettes, public records, government resolutions, telephone directories, lists of people belonging to professional associations, open social networks and the Internet.
       (viii) Third-party companies to which you have given your consent for the transfer of your data to Openbank or which otherwise legitimately transfer your data to Openbank in accordance with current legislation.

8. Should I keep my details up to date?

In order to be able to communicate with you properly, as well as be able to correctly provide you with the services you have engaged, you undertake to ensure that all the information you provide us with is correct, complete, exact and duly updated, assuming any responsibility that may arise from having provided us with incorrect, erroneous or inaccurate information.

Therefore, if you change any of the personal details you have given us, especially your postal address, e-mail and contact telephone numbers (landline and mobile), please inform us as soon as possible by calling the Contact Centre: 900 22 32 42 (or +34 91 276 21 54 for calls from abroad), updating your information directly in your "Personal details" section of your Openbank profile or emailing us at privacy@openbank.com. In some cases, we may need to ask you for some additional documentation or proof.

In the event that you do not inform us of these possible changes, you assume that the correspondence we have sent to your postal or e-mail address, as well as to the contact telephone numbers in our files, must be considered valid, binding and fully effective.

Given the nature of the services we provide, and the means used, as we have informed you above, for the performance of the contractual relationship with you, we will record the calls and electronic correspondence you have with us, as well as the use of the computer and telematic records of access to our services as sufficient and definitive proof of the instructions received and the operations carried out.

9. Changes to this Privacy Policy

At Openbank, we are committed to keeping this Privacy Policy up to date in order to collect any new information that may arise in relation to the scope of the processing that we carry out on your personal data. For this reason, it is important that you regularly spend time reading and making sure you understand it. For any possible modification that we need to make, we will notify you in advance, at least through our website/app and through a personalised message that we will send to you in the Customer Area of your profile and to your personal e-mail so that you have the opportunity to be properly informed at all times.

10. Use of cookies

In order to improve your browsing experience, Openbank uses cookies to, for example, remember who you are when you log in to your Customer Area and customise content that is of interest to you.

When you visit the Openbank website, we will inform you about the cookies we use and you will be able to configure the analysis, advertising and personalisation cookies you use when browsing Openbank.

You can refer to our Cookie Policy for more information.

11. What are my rights when I provide my data?

We inform you that you have and can exercise the following rights:

  • • Right of access: you have the right to obtain confirmation about whether or not we are processing personal data that concerns you and, if so, access them.
  • • Right to portability: you have the right to receive the personal data you have provided to us in a commonly used and readable, structured format and to transfer them to another entity.
  • • Right to rectification: you have the right to request data rectification when inaccuracies are detected.
  • • Right to erasure: you may request the erasure of data when, amongst other reasons, it is no longer necessary for the purposes for which you provided them.
  • • Right to object: in certain circumstances, you may object to the processing of your personal data. In that case, Openbank will stop processing your data, except for compelling legitimate reasons or the exercise of possible claims.
  • • Right to restriction of processing: in certain circumstances established by current data protection regulations, you may request a restriction of processing of your data.
  • • Right not to be subject to fully automated decisions: if you have authorised profiling and it is carried out entirely by an automated procedure, you may request the personal intervention of one of our analysts, express your point of view and challenge decisions based on such profiles.

You can exercise the above-mentioned rights through the following channels:

  • • Website: from the “Personal details” section of your customer profile.
  • • E-mail: privacy@openbank.es.
  • • Post: «Open Bank, S.A. » Paseo de la Castellana 24, 28046, Madrid.
  • • Branch: Paseo de la Castellana 134, 28046, Madrid.
  • • Contact Center: 900 22 32 42. If calling from abroad: (+34) 91 276 21 54.

Finally, you may file a complaint to Openbank and/or to the Spanish Data Protection Agency (as the Control Authority responsible for data protection), especially when you are not satisfied with the exercise of your rights, by writing to the address above, if writing to Openbank, or to C/ Jorge Juan, 6. 28001 – Madrid, if writing to the Spanish Data Protection Agency; or through the website www.aepd.es.

 

You can download our Privacy Policy here.

You can also download the previous version of our Privacy Policy here (25 May 2018)