Processing required to comply with regulatory obligations

The legal basis of this processing is the requirement to comply with a legal obligation that is required of us, as laid out in Article 6.1.c) of the General Data Protection Regulation (GDPR).

Therefore, it is necessary for you to establish and maintain Contractual Relations with us. If you object to it, we will need to end these relations, or we cannot establish them if they have not yet started.

The types of processing required to satisfy the regulatory requirements are listed below, arranged from (A) to (D). We will indicate for each of them: a description of the purpose (Purpose), whether or not the processing is carried out jointly with other CaixaBank Group companies (Data Controller/Joint Data Controllers) and data categories processed (Data categories)

A. Processing to comply with anti-money laundering and terrorist financing regulations

Purpose

The purpose of this processing is to adopt the measures imposed on our activity by Law 10/2010, on the Prevention of Money Laundering and Terrorist Financing.

The processing operations that are carried out to comply with anti-money laundering and terrorist financing regulations are:

  • Collect information and documentation that allows customers to comply with due diligence and knowledge measures
  • Check if you hold or have held a position of public trust
  • To check the information you provide us, comparing it with external sources or public databases, official gazettes or companies which provide information services.
  • Check your relationship with companies and, if necessary, your controlling position within their ownership structure
  • Report and update your information monthly in the Financial Ownership File, managed by the Executive Service of the Commission to Prevent Money Laundering and Financial Crimes (SEPBLAC)

Data categories

The categories of data we will process for this purpose, the content of which is detailed under heading 5 of our Privacy Policy, ( www.caixabank.com/privacypolicy), are:

  • Data provided by you
  • Data observed as part of maintaining our products and services, with the exception of sensitive data
  • Data inferred or deduced by CaixaBank
  • Data that you have not provided us directly

Joint data controllers

The following CaixaBank Group companies are joint data controllers in the processing operations that are carried out to satisfy their obligation to prevent money laundering and the financing of terrorism. These companies will be able to share data and use it for the indicated purpose.

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • VidaCaixa, S.A. de seguros y reaseguros
  • BPI Vida e Pensões – Companhia de Seguros, S.A.
  • Nuevo Micro Bank, S.A.U.
  • CaixaBank Asset Management SGIIC, S.A.U
  • Telefónica Consumer Finance, E.F.C., S.A.
  • Buildingcenter, S.A.U.
  • Unión de Crédito para la Financiación Mobiliaria e Inmobiliaria, CREDIFIMO, E.F.C., S.A.U.
  • Corporación Hipotecaria Mutual, S.A.U., Establecimiento Financiero de Crédito
  • CaixaBank Wealth Management Luxembourg, S.A.
  • CaixaBank Asset Management Luxembourg, S.A.
  • BPI Gestão de Ativos, SGOIC, S.A.
  • Banco BPI, S.A.
  • CaixaBank Titulización, S.G.F.T., S.A.U.

B. Processing to comply with tax regulations

Purpose

The purpose of this processing is to adopt the measures imposed on our activity by Law 58/2003 of 17 December, the General Tax Law, and other applicable tax laws.

The processing operations carried out to comply with tax regulations are:

  • Collection of information and documentation regarding your tax situation as required by tax laws
  • Reporting to government agencies details relating to your tax situation when required by law or by the authority

Data categories

The categories of data we will process for this purpose, the content of which is detailed under heading 5 of our Privacy Policy, ( www.caixabank.com/privacypolicy), are:

  • Data provided by you
  • Data observed as part of maintaining our products and services, with the exception of sensitive data

Data controllers

The following CaixaBank Group companies are joint data controllers in the processing operations that are carried out to comply with tax laws. These companies will be able to share data and use it for the indicated purpose.

  • CaixaBank, S.A.
  • VidaCaixa, S.A. de seguros y reaseguros
  • Nuevo Micro Bank, S.A.U.
  • CaixaBank Asset Management SGIIC, S.A.U
  • CaixaBank Titulización, S.G.F.T., S.A.U.
  • CaixaBank Notas Minoristas, S.A.U.

C. Processing to comply with obligations arising from sanctions policies and international financial countermeasures

Purpose

The purpose of this processing is to adopt the measures imposed on our activity by the international financial sanctions and countermeasures programmes adopted by the European Union and the Kingdom of Spain.

The processing operations that are carried out to comply with international sanctions and financial countermeasures programmes are:

  • To check if you are found on lists of people or entities included in laws, regulations, guidelines, resolutions, programmes or restrictive measures regarding international economic and financial sanctions, imposed by the United Nations, European Union, Spain, the United Kingdom and/or the US Department of the Treasury’s Office of Foreign Assets Control (OFAC).

Data categories

The categories of data we will process for this purpose, the content of which is detailed under heading 5 of our Privacy Policy, ( www.caixabank.com/privacypolicy), are:

  • Data provided by you
  • Data that you have not provided us directly.

Data controllers

The following CaixaBank Group companies are joint data controllers in the processing operations that are carried out to satisfy their obligations arising from international sanctions policies and financial countermeasures. These companies will be able to share data and use it for the indicated purpose.

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • VidaCaixa, S.A. de seguros y reaseguros
  • Nuevo Micro Bank, S.A.U.
  • CaixaBank Electronic Money EDE, S.L. (MoneyToPay)
  • CaixaBank Asset Management SGIIC, S.A.U
  • Telefónica Consumer Finance, E.F.C., S.A.
  • Buildingcenter, S.A.U.
  • Unión de Crédito para la Financiación Mobiliaria e Inmobiliaria, CREDIFIMO, E.F.C., S.A.U.
  • Corporación Hipotecaria Mutual, S.A.U., Establecimiento Financiero de Crédito
  • Banco BPI, S.A.
  • CaixaBank Wealth Management Luxembourg, S.A.

D. Processing to comply with obligations for granting and managing credit transactions and for consulting and reporting risks with the Bank of Spain's Risk Information Centre (CIRBE).

Purpose

The purpose of this processing is to comply with the measures established for our activity by Law 44/2002, on Financial System Reform Measures; Law 10/2014, of 26 June, on the Regulation, Supervision and Solvency of Credit Institutions, and other regulatory principles and obligations on responsible lending.

The processing operations that are carried out to comply with our obligations involving credit operations are:

  • To analyse your repayment capacity during the application process and for the duration of the lending operations you have with us, for internal risk management and to prevent non-payment of the loan or credit.
  • To check the risks associated with the applicants and holders of loan transactions with the Bank of Spain's Risk Information Centre (CIRBE)
  • To provide the Bank of Spain's Risk Information Centre (CIRBE) with the details necessary to identify the people with whom they have credit risks

Data categories

The categories of data we will process for this purpose, the content of which is detailed under heading 5 of our Privacy Policy, ( www.caixabank.com/privacypolicy), are:

  • Data provided by you
  • Data observed as part of maintaining our products and services, with the exception of sensitive data
  • Data inferred or deduced by CaixaBank
  • Data that you have not provided us directly

Data controllers

The following CaixaBank Group companies are joint data controllers in the processing operations that are carried out to satisfy their obligations for the granting and management of credit transactions and the consultation and disclosure of risks to the Bank of Spain's Risk Information Centre (CIRBE). These companies will be able to share data and use it for the indicated purpose.

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • Nuevo Micro Bank, S.A.U.
  • Telefónica Consumer Finance, E.F.C., S.A.
  • CaixaBank Equipment Finance, S.A.U.
  • Unión de Crédito para la Financiación Mobiliaria e Inmobiliaria, CREDIFIMO, E.F.C., S.A.U.
  • Corporación Hipotecaria Mutual, S.A.U., Establecimiento Financiero de Crédito
  • Hipotecaixa 2, S.L.U,
  • Banco BPI, S.A.

You will find the list of companies that process your data, as well as the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.

Understood