Find out what we're finding out from you
Santander Digital Assets, S.L. (hereinafter,“SDA”) fully complies with the current data protection legislation and, in particular, with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repealing Directive 95/46/EC (hereinafter, “GDPR“) and the Federal Law on Protection of Personal Data held by Private Parties (“FLPPDPP”) and its Regulations.
By means of this privacy notice, we want to inform you in a clear, concise, simple and transparent manner about how your personal data is managed and processed by SDA taking into consideration that your information may have been obtained either directly from you, or indirectly through third parties.
The personal data requested and processed are necessary for the provision of the services rendered by SDA. In the event of failure to duly and correctly provide the necessary data, it will not be possible to provide the services.
Who is responsible for processing your personal data and what is its Data Protection Officer (DPO) contact information?
Santander Digital Assets, S.L. (“SDA”) is a Spanish company, affiliated of Banco Santander, S.A., with Tax ID. No. B88359757, and registered offices at Madrid, Avenida de Cantabria, s/n, CP: 28660, Boadilla del Monte, Spain.
In order to contact our DPO, you may send an email to the following address: privacySDA@gruposantander.com
What type of personal data do we process and what is its source?
- Data identifying a User: name, surname.
- Contact information: email, phone number.
- Financial and economic information: Masked PAN number, card issuer, transaction information, card balance, ABA code with a masked bank account number, bank account depository entity, transaction information and bank account balance.
- Information on your use of the Services and navigation preferences.
For what purposes is your personal data used and what are the legal basis for the processing?
- Service provision: The data collected and accessed by SDA on behalf of the user shall will be processed for the provision of the information service on their credit cards, for which purpose it may access information relating to transactions and balance of the aggregated cards. In this way, the user will have up-to-date and orderly financial information on their expenses and may receive customized alerts and notifications. The legitimate basis is the execution of the agreement.
- Statistics: Information analysis in an aggregate form for statistical reporting. The lawful basis for this processing is legitimate interest in analysing and improving the rendering of the service.
- Compliance with legal obligations and requirements from competent authorities: the personal information may be processed to fulfil the legal obligations of customer identification, notification of suspicious transactions or control of transactions due to Anti Money Laundering regulation and other legal obligations and requirements from competent authorities. The legitimate basis of this processing is compliance with legal obligations.
How long will we retain your personal data?
Personal data concerning the User will be kept for the term that the user keeps this status. Once the Users requests the termination of the service and as long as the personal data is no longer necessary for any purpose, the personal data will be blocked and will remain blocked (with no other processing but the retention) for the term necessary for managing any deriving legal responsibilities. Then, the personal data will be deleted.
If you wish to obtain detailed information on how long we keep your personal data please contact firstname.lastname@example.org.
To whom will we communicate your data?
With regard to the communication of user data, the personal information of the user will not be disclosed to third parties (except for services providers that SDA may engage to help them provide the service such as Vipera PLC, hosting services providers, IT support providers, etc.).
International data transfers
As a company operating at global level, SDA may transfer User’s personal data to Canada. Please note that the European Commission has issued an adequacy decision that enables the lawful transfer of personal data to Canada (please find here said adequacy decision).
What are your rights in terms of your personal data?
Users are legally entitled to exercise the following rights:
- Right to obtain confirmation as to whether or not his/her personal data is being processed.
- Right to access the personal data.
- Right to rectify inaccurate personal data concerning him/her.
- Right to obtain from SDA the erasure of personal data concerning him or her
- Right to obtain from SDA restriction of processing (including limiting the use and disclosure of the data) when any of the requirements foreseen in the applicable regulations apply.
- Right to data portability in the cases foreseen in the applicable regulations.
- Right to object to certain processing activities carried out by SDA.
- Right to revoke the consent you have given us for the processing of your personal data, where applicable.
Said rights may be exercised by sending an email to email@example.com. The communication must be accompanied with a copy of an identification document. You can contact us at such email to know more about the applicable requirements and procedure.
Additionally, Users may lodge a complaint regarding their data protection with the Spanish Data Protection Agency (www.aepd.es) or any competent local Data Protection Agency if they consider that SDA has violated their rights recognised by the applicable data protection regulations.