Data Protection Officer of CaixaBank Group

To carry out the processing indicated below, CaixaBank and the CaixaBank Group companies will jointly process your data, jointly deciding on the purposes ("Why data is used") and the resources used ("how data is used"), and therefore they are joint data controllers (Joint Controllers).

The processing for which CaixaBank and the CaixaBank Group companies will jointly process your data are the following (you can see details of CaixaBank Group companies which are included within the scope of joint processing by clicking on each of the following links):

  • To carry out the following commercial activities: (i) analysis of your personal data to draw up profiles that help us to offer you products that we think might interest you; (ii) commercial offer of products and services through selected channels, and (iii) transferring data to companies that are not part of the CaixaBank Group;
  • To comply with the following regulations applicable to CaixaBank Group companies: (i) anti-money laundering and terrorist financing regulations; (ii) tax regulations; (iii) obligations arising from sanction policies and international financial countermeasures, as well as (iv) obligations for the granting and management of credit transactions and the consultation and disclosure of risks to the Bank of Spain's Risk Information Centre (CIRBE).
  • Analysis of the solvency and ability to repay of applicants for products that involve financing.

In accordance with the provisions of the applicable regulations, the Joint Controllers have signed a joint controller agreement for certain processing activities, the essential elements of which are as follows:

(i) For certain processing activities identified in the Privacy Policy, the Joint Controllers will act in a coordinated or joint manner.

(ii) All suitable technical and organisational measures have been determined to ensure a level of security that corresponds with the risk inherent to processing the personal data subject to joint processing.

(iii) There is a single point of contact for data subjects to exercise their rights, assuming the duty of cooperation and assistance where appropriate.

(iv) They comply with the duty of secrecy and the requirement to keep confidential personal data which is processed through informed data processing activities.

(v) Regardless of the terms of the joint controller agreement, the data subjects can exercise their data protection rights by contacting any of the joint controllers.