Find out what we're finding out from you
Banco Santander, S.A. (hereinafter, “the Bank” or “Santander“, interchangeably) fully complies with the current data protection legislation and, in particular, with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and the repealing Directive 95/46/EC (hereinafter, “GDPR“) and the Federal Law on Protection of Personal Data held by Private Parties (“FLPPDPP”) and its Regulations.
By means of this privacy notice, we wants to inform you in a clear, concise, simple and transparent manner about how your personal data is managed and processed by the Bank taking into consideration that your information may have been obtained either directly from you, or indirectly through third parties.
The personal data requested and processed are necessary for the provision of the services rendered by the Bank. In the event of failure to duly and correctly provide the necessary data, it will not be possible to provide the services.
Who is responsible for processing your personal data and what is its Data Protection Officer (DPO) contact information?
anco Santander, S.A., a financial institution registered with the Bank of Spain (Banco de España) under number 0049, registered office:
Paseo de Pereda 9-12 Santander, CIF A-39000013 and registered in the Santander Mercantile Registry, Sheet 286, Page 64, 5th Book of Companies, 1st Inscription.
In order to contact our DPO, you may send an email to the following address: firstname.lastname@example.org
What type of personal data do we process and what is its source?
What type of personal data do we process?
The following personal data will be collected from the Users:
- Data identifying a User: name, surname.
- Contact information: email, phone number.
- Financial and economic information: Masked PAN number, card issuer, transaction information, card balance.
- Information on your use of the Services and navigation preferences.
For what purposes is your personal data used and what are the legal basis for the processing?
- Service provision: The data collected and accessed by Santander on behalf of the user shall will be processed for the provision of the information service on their credit cards, for which purpose it may access information relating to transactions and balance of the aggregated cards. In this way, the user will have up-to-date and orderly financial information on their expenses and may receive customized alerts and notifications. The legitimate basis is the execution of the agreement.
- Statistics: Information analysis in an aggregate form for statistical reporting. The lawful basis for this processing is legitimate interest in analysing and improving the rendering of the service.
- Compliance with legal obligations and requirements from competent authorities: the personal information may be processed to fulfil the legal obligations of customer identification, notification of suspicious transactions or control of transactions due to Anti Money Laundering regulation and other legal obligations and requirements from competent authorities. The legitimate basis of this processing is compliance with legal obligations.
How long will we retain your personal data?
To whom will we communicate your data?
With regard to the communication of user data, the personal information of the user will not be disclosed to third parties (except for services providers that the Bank may engage to help them provide the service such as Vipera PLC, hosting services providers, IT support providers, etc.).
International data transfers
As a company operating at global level, Santander may transfer User’s personal data to Canada. Please note that the European Commission has issued an adequacy decision that enables the lawful transfer of personal data to Canada (please find here said adequacy decision).
What are your rights in terms of your personal data?
Users are legally entitled to exercise the following rights:
- Right to obtain confirmation as to whether or not his/her personal data is being processed.
- Right to access the personal data.
- Right to rectify inaccurate personal data concerning him/her.
- Right to obtain from Santander the erasure of personal data concerning him or her
- Right to obtain from Santander restriction of processing (including limiting the use and disclosure of the data) when any of the requirements foreseen in the applicable regulations apply.
- Right to data portability in the cases foreseen in the applicable regulations.
- Right to object to certain processing activities carried out by the Bank.
- Right to revoke the consent you have given us for the processing of your personal data, where applicable.
Said rights may be exercised by sending an email to email@example.com. The communication must be accompanied with a copy of an identification document. You can contact us at such email to know more about the applicable requirements and procedure.
Additionally, Users may lodge a complaint regarding their data protection with the Spanish Data Protection Agency (www.aepd.es) or any competent local Data Protection Agency if they consider that Santander has violated their rights recognised by the applicable data protection regulations.