Banco de Crédito Social Cooperativo (hereinafter, THE ENTITY) will have access to and will process the personal data of any users, registered or otherwise, who access this Website, in accordance with the provisions set out in this Data Protection Policy (hereinafter, the Policy).

The aim of the Policy is to make users aware of the way in which personal data gathered through the Website are obtained, processed and protected, so that Users can determine freely and voluntarily whether they wish to provide their personal data through said Website.

Any personal data gathered by THE ENTITY through the Website or through any of the different communications it maintains with you shall be treated with absolute confidentiality. THE ENTITY pledges to ensure that said data remain secret, guaranteeing its duty to store them in accordance with all the measures required to prevent their alteration, loss, or unauthorised processing or access, in accordance with the provisions set out in the applicable legislation.

For this reason, please read this Policy document very carefully. So that you can have as much information as possible about how we process your personal details: (i) when and how we will ask you for them and you will provide us with them, (ii) for what purpose and with what legal justification we will use them, as well as (iii) the different rights you have and how you can exercise them.

The Website may contain links to other webpages. This present data protection policy will only be valid for personal data obtained through the ENTITY's website and is not applicable to any information compiled by third parties through other webpages. We advise you read the policies of other webpages linked to our Website or which you visit through any other route.

Who is responsible for processing your data?

The financial entity «Banco de Crédito Social Cooperativo» (hereinafter THE ENTITY) with registered address for these purposes in Paseo de la Castellana 87, 28046 Madrid, will be responsible for processing your personal data.

Contact the Data Protection Delegate: delegadoprotecciondatos@grupocooperativocajamar.com

What kind of personal data might we process?

The personal data we might process include not only contact details (name, postal and/or email address, and telephone number) but also identification details, financial details, location, personal, professional and commercial profile, image and voice. We might gather these Personal Data directly from you as a user or customer, if applicable, or indirectly, depending on how you use our services, in accordance with the legally established terms for each service or product.

Your data must be kept constantly up to date. For this reason, we need you to ensure that any data you provide are correct, accurate and up to date, accepting any responsibility in the event that you provide us with incomplete, incorrect or inaccurate details.

Following the default privacy principle, we will only ask you to provide us with the details we need to carry out the operation or activity for which we have requested them. Hence, the data we will ask you for will be proportional and not excessive. Please bear in mind that should you refuse to provide us with certain personal data, THE ENTITY might not be able to provide you with the services, features and/or information you request.

In the event that you would like to take out any of our products or services, we will inform you individually in each case of the legal conditions applicable with regard to privacy.

What do we use your data for?

Your personal data will be processed in order to manage any products and services you have requested from us, to guarantee the correct functioning of this Website, and in order to offer you personalised customer care in line with your expectations.

Furthermore, with your consent, your personal data may be processed in order to conduct studies or analyses that allow us to customise the promotion of products and/or service we commercialise, either our own or from our partners.

What is our legitimacy in processing your personal data?

Depending on the way in which we process your data, below is an explanation of the legal basis that allows us to process them. For example, sometimes we have to process data in order to provide you with the service or manage the product you have requested from us; at other times because we are required to do so by law, etc. Below we explain each of the cases in which we might obtain and use your personal data:

• a)To provide you with the different services we offer through the Website and which you might request from us. For example, in order to offer you assistance through our contact centre or if you wish to request any information about our products and services. In the event that you call us, in order to deal with your call, we might even record conversations for internal quality assurance purposes, prevent possible fraud and carry out internal statistical studies.
  In these situations, we understand that we have a legitimate interest in using the information you provide us with in order to serve you every time you request our assistance or services.
• b)In order to sign up for and subsequently manage any products and services we offer you and which you might be interested in taking out, we need to process your data.
  In this case, we will need to process your data, considering that this information is essential in order to formalise and execute the contractual relationship, as well as provide you with the services you have requested.
• c)In order to fulfil certain legal obligations derived from managing and maintaining the contractual relationship surrounding the products and services you request from us.
  In this case, we will process your data exclusively for the purpose of complying with legal obligations and, if applicable, following the directives and requirements set out by law.
• d) For all other situations in which it is not necessary to process your personal data in order to fulfil the contractual relationship, to comply with legal obligations, or based on a legitimate interest of THE ENTITY, we will ask you for your prior consent to process them.
  Notwithstanding the above, in each specific case when we will process your data, we will inform you adequately of (i) when and why we need your consent to obtain and process your data, (ii) when and why we are asking you for information that we are legally obliged to ask you for, (iii) when the information we ask you for is essential in order to fulfil the contractual relationship you wish to enter into with us. Furthermore, on occasions when we consider there to be a legitimate interest, (iv) when and why we want to obtain and process your data because we think that the interest we have in doing so does not harm your privacy or damage your expectations of privacy.

How do we use Cookies?

You can find information about the use of cookies and the data we gather when you browse our website (which information we gather, how we will use it, and what you can do in this regard) in our Cookies Policy.

Who else could access your personal data?

The information you provide us with through the Website will be processed exclusively by THE ENTITY in its responsibility for said processing and, therefore, as the entity that is legally responsible for obtaining, utilising, conserving and subsequently cancelling or destroying said data, whenever required by law or when you ask us to do so.

We will only pass your data onto third parties if required to do so by law (for example, public administrations, State Security Forces and Corps, or Courts and Tribunals), or when you have given us your express consent to do so. Otherwise, we will not pass the information you provide us through the Website onto any third party.

Here at THE ENTITY, we work with third-party service providers that might occasionally have access to your personal data. We are referring, for example, to technology or IT service providers, security companies or customer service companies that provide us with services in relation to processing.

In order to guarantee your rights and freedoms, and the adequate protection of your data, please be advised that we will sign the corresponding contract with these providers through which we will impose, among others, the obligation to apply appropriate technical and organisational measures, to process the data to which they have access solely for the purposes of fulfilling the task we have charged them with, and to suppress and return these data once they have completed their services.

How long could we keep your data for?

We will keep the information you provide us with only for as long as is necessary in order to deal with and manage any requests or applications you make with us. Once we have responded to your request or application, we will only keep your data (duly blocked, if appropriate) to be made available to the Courts and Tribunals in the event of a complaint or claim. If you carry out a simulation (e.g. for a loan or mortgage), we will keep the information we receive for 2 months in order to facilitate and speed up the process if you eventually decide to go ahead with the operation. After this period, we will delete your data.

If you eventually decide to sign up for any of our products or financial services, in each specific case, we will inform you regarding the period of time during which we will keep and use your personal details, in accordance with applicable legislation.

What are your rights according to data protection legislation?

Current legislation recognises a series of rights, described below, which you may exercise whenever you wish through the channels established for this purpose.

You may exercise the following rights with us:

• i.Confirm whether we are processing your personal data or not, and if we are you may (i) access them, (ii) request a rectification if you believe they are inaccurate, or (iii) request their suppression when, among other reasons, you believe that they are no longer necessary, bearing in mind the purpose for which you provided us with them.
• ii.Request the portability of any data you have provided us with, asking us to send them directly to you or a third party of your choosing, in a structured, common format that can be read mechanically.
• iii.Under certain circumstances, you may also ask us to limit the use we make of your data, and even object to our continued use of them. In this case, we will stop using them, unless there are overriding legitimate reasons or we are required to use them during the course or the defence of possible complaints or claims.
• iv.If we use your personal information to create behavioural profiles (for example, to get a better idea of your interests and needs through the way you browse our Website), and if we do so in a fully automated way, you will have the right to be informed of this, to request the personal intervention of any of our agents, to contest any decision based on those profiles, or simply to express your point of view.
• v.Withdraw the express consent you may have given us previously to process your personal data.
• vi.Present any complaints or claims to us and/or the Spanish Data Protection Agency (as the competent Supervisory Body in this regard), especially when you have exercised a right and we have not responded in accordance with the legally established terms.

We have set up the following channels for you to exercise your rights:

• Email:
  protecciondedatos@grupocooperativocajamar.com
• Postal address:
  Grupo Cooperativo Cajamar
  - Protección de Datos -
  Apartado de Correos 250-04080