Data processing in electronic banking
Controller of personal data processing
The controller of processing your personal data is Unicaja Banco S.A. (hereinafter, “Unicaja”) the registered office of which is at Avenida de Andalucía, números 10-12, Málaga. Should you have any query in relation to the protection of your data, you may address the Oficina de Protección de Datos of Grupo Unicaja, Avenida de Andalucía 10 - 12, 29007 - Málaga or by sending an electronic mail to the address oficina.proteccion.datos@unicaja.es
For what purpose and with what legitimation does Unicaja process personal data?
In accordance with Regulation (EU) 2016/679 of the European Parliament and the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Unicaja informs customers, or legal representatives of customers, who might provide personal data to the bank over the contractual relationship that their data shall be processed by Unicaja for the following purposes:
- Management of registration of new users on the Digital Banking platform. To be able to register a user as new on the Digital Banking platform, certain identifying data have to be obtained, such as name and surnames, identity card number, postal code, date of birth, electronic mail and mobile telephone number. The personal information is essential to manage the request for registration as a new user, wherefore Univía understands that these are data necessary to process the request for the service. Likewise, Unicaja.
- Management of operations transacted on the platform. Unicaja shall undertake any actions necessary to proceed with and execute any transactions, operations or similar requests on the part of users when using Digital Banking. This processing is necessary to execute the contract subscribed, particularly, the operations required by the customer.
- Cyber-control of the use of the platform and the website. Unicaja shall undertake the surveillance actions and control of the use of the platform and the website in order to prevent and detect any fraudulent use. This processing is necessary to comply with the legal requirements laid down by the Ley de Servicios de la Sociedad de la Información y Comercio Electrónico (Spanish Information Society and Electronic Commerce Services Act) for purposes of avoiding, preventing and/or detecting any unauthorised access, alteration or loss of any information in relation to third parties other than the user that might generate civil, criminal and/or administrative liabilities for Unicaja.
- Attention to requests, complaints or claims that might be sent from the platform or the website. Where users might send any request for information, complaint, claim or similar across the Digital Banking platform or the website of Unicaja, said institution shall process any data necessary to be able to address the request sent by the user. Users may request information by completing the pertinent forms or providing their telephone number so that there is an answer from Unicaja, offering the information required by the user in question. As the case may be, Unicaja shall communicate the user’s data to the institutions of Grupo Unicaja or third-party collaborators so that they can address the requests for information that users might require (for example, in cases of consultations in relation to products or services provided by these third parties whose attention requires the notification of the requesting user’s data as well as cases of complaints or claims that might affect said third parties).
Processing of data of the data subject as a customer of Unicaja:
- In this case, Unicaja shall process the data informed in the clause relating to processing of customers’ data accepted by said customers at the time of their first subscription and/or subsequent updates that might have to be made.
- Important questions and answers.
How long do we store your data?
The personal data to which we have access shall be processed while you are registered with the Digital Banking platform. Unicaja shall also retain the user’s personal data, duly blocked, over the time limit for any legal action that might derive from the relationship maintained with the data subject or to address any requirements from public authorities.
Unicaja shall retain the information that financial institutions are required to obtain by the Ley de Prevención de Blanqueo de Capitales y Financiación del Terrorismo (Spanish Prevention of Money Laundering and Terrorism Financing Act) for 10 years from the termination of the business relationship or the execution of the transaction, in accordance with section 25 of said Act, where the user might transact operations as a customer that require the application of said law.
To whom shall we notify your data?
Unicaja shall only communicate the customer’s data to:
- Public bodies and institutions of the Spanish state general administration, the autonomous regional and municipal administrations, including the courts, to which it is bound by law to provide said data.
- Tax Authorities.
- Regulating Bodies of the financial sector, based on the compliance with legal requirements:
- Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offences (SEPBLAC).
- European Banking Authority.
- European Central Bank.
- Banco de España.
- National Securities Market Commission (CNMV).
- Directorate General of Insurance.
- General solvency and credit risk files:
- General database file on cash obligation default.
- Risk Information Centre (CIR from its initials in Spanish) of the Banco de España.
- For purposes of avoiding fraudulent conduct, customer data may be sent to the different companies of Grupo Unicaja and to third-party companies or centralised information systems.
- Where other products from a third-party institution (of Grupo Unicaja or outside) are subscribed, the data shall be sent to said institution according to the user’s request.
- Unicaja has third-party service providers that may access personal data of the customers of Unicaja for purposes of providing their services, such as lawyers, solicitors, consulting service providers, advisors, IT development and maintenance providers, administrative service providers and document destruction providers. Unicaja preselects said service providers based on criteria of compliance with data protection matters, it has subscribed contracts with all providers in this regard and it controls and ensures that they comply with their obligations in relation thereto.
- Where customers have given their consent, Unicaja shall communicate customer data to the companies of Grupo Unicaja so that they can send commercial communications.
Which companies are part of Grupo Unicaja, among others?
- UNIGEST SGIIC S.A. CALLE BOLSA, 4 – PLANTA 5ª. MÁLAGA (CP: 29015).
- UNICORP PATRIMONIO SOCIEDAD DE VALORES S.A. CALLE BOLSA, 4 - 1ª PLANTA. MÁLAGA (CP: 29015).
- UNIMEDIACION S.L. CALLE BOLSA, 4 - PLANTA 2ª. MÁLAGA (CP: 29015).
- ANALISTAS ECONOMICOS DE ANDALUCIA S.L. CALLE SAN JUAN DE DIOS, 1 – 2. MÁLAGA (CP: 29015).
- GESTION DE INMUEBLES ADQUIRIDOS S.L. CALLE MAURICIO MORO PARETO (EDIF. EUROCOM), 6 - PLANTA 6ª. MÁLAGA (CP: 29006).
- BANCO EUROPEO DE FINANZAS, S.A. CALLE BOLSA, 4, MÁLAGA (CP: 29015).
- FINANDUERO SOCIEDAD DE VALORES S.A.U. CALLE TITAN, 8 - PISO 2. MADRID (CP: 28045).
- UNIÓN DEL DUERO CIA DE SEGUROS DE VIDA, S.A. CALLE TITÁN, 8. MADRID (CP: 28045).
How did we obtain your data?
The personal data that Unicaja processes of users of Digital Banking are those that the data subjects have already communicated to Unicaja in their registration as customers, wherefore any information of the customer’s activity generated by said customer may also be processed due to the use of the Digital Banking services.
Likewise and where users are also customers, we will process any information generated from their relationship with Unicaja and the use of its services (for example, accessing your bank accounts or making a transaction).
What are the rights of users in relation to data protection?
Users may exercise, if they so wish, the rights of access, rectification and erasure of data as well as requesting the restriction of processing their personal data, oppose to said processing, request the portability of their data and to not be the subject of automated individual decision-making across the following media:
By notification addressed to our Customer Services Office (Oficina de Atención al Cliente) or by electronic mail sent to the following address: atencion.al.cliente@unicaja.es
To whom may you address your complaints?
The user who understands that their data protection rights have been breached or who has any claim regarding their personal information may contact the Data Protection Office at Unicaja in order for it to be able to settle the complaint at the address Avenida de Andalucía 10-12, Malaga (CP: 29007) or by sending an electronic mail to the address: oficina.proteccion.datos@unicaja.es. In any case, the data subjects may always resort to the Spanish Data Protection Agency, the controlling authority in matters of data protection, http://www.aepd.es.