Privacy Policy

Date of last update:
25 January 2022


The controller of this website is Open Bank, S.A. (hereinafter, “Openbank” or the “Bank”), with the Tax Identification Code (CIF): A-28021079 and registered office at Plaza de Santa Bárbara nº 1 and 2, 28004, Madrid. If personal data are requested on a microsite of this website for a specific purpose and/or service, the data subject shall also be informed about all elements required by the applicable data protection regulations when the data are collected. The information provided by this website is run by Zinia (hereinafter, “Zinia”) as registered trademark of Openbank.

Basic Information on Data Protection



Data Controller


Openbank operating through its registered trademark Zinia.




Handling any enquiry made by the data subject through the “Contact Us” section of our website.

Legal Basis

Consent provided by the data subject when making an enquiry through the “Contact Us” section of our website



Data shall not be disclosed to third-party recipients.


Data subjects may exercise their rights of objection, access, portability, rectification, restriction of processing and erasure in respect of their data at any time.


Further information

Further information on the basic framework outlined in this table can be found below.


Further information on Data Protection

Openbank is fully compliant with regulations governing the protection of personal data and, in particular, with the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), in such a way that any personal information supplied by the party concerned (hereinafter the “data subject”) when contacting us to make enquiries  for which he/she provides us with his/her data through any microsite of (hereinafter the “Website”) shall be processed in compliance with the legally enforceable safeguards and obligations.

In accordance with the regulations in force, the Bank has implemented technical and organizational measures to guarantee an adequate level of security and to prevent the data provided by the data subject from being lost, misused, altered, accessed by unauthorized parties or stolen. Similarly, the Bank guarantees that it complies with the duty of secrecy and confidentiality with regard to the personal data provided by the data subject via this Website.

In any case, the data subject shall be required to provide personal data in order to make the enquiry to us.

I.- How to Contact the Data Controller?

As we have mentioned, the Data Controller is Openbank and below we provide you with some contact details to contact us:

Name: Open Bank S.A., with the Tax Identification Code (CIF):  A-28021079

Data controller's contact details

Postal address: Plaza de Santa Barbara, nº 2, 28004, (Madrid)

II-. Who is the Data Protection Officer and how can he/she be contacted?

The Data Protection Officer is entrusted with monitoring and enforcing compliance with the GDPR so as to ensure that the personal data provided by the data subject through the Website are protected

To contact the Data Protection Officer, data subjects may write to the following e-mail address:

II.- What are the purposes of processing your personal data?

We will process your personal data to manage and response an enquiry made by you through the “Contact Us” section of our Website.

III.- What are the legal bases of processing your personal data?

Consent provided by you to use your personal data when making an enquiry to us through “Contact Us” section of this Website so you consent to use your data to properly handle the enquiry.

IV.- Which identification data will be provided to us?

Your e-mail address facilitated to us when you make an enquiry in our “Contact Us” section of this Website.

V.- For how long shall we store the data?

The personal data provided shall be stored for the period necessary to manage the enquiry between you and Openbank, until such enquiry is resolved, and subsequently they shall be blocked and stored for as long as necessary to formulate, exercise and defend any claims that may arise in relation to the enquiry.

VI.- Shall the data be disclosed?

With regard to the disclosure of data, data subjects are expressly informed that their personal data shall not be disclosed to third parties, nor shall their data be transferred to third-party countries or international organizations.

Notwithstanding at Openbank, we collaborate with third-party service providers who may have access to your personal data, but who will process them in our name and on our behalf, following our instructions at all times, and always in order to provide us with the services that we may have engaged from them in each case.

In any case, Openbank follows strict criteria for the selection of third-party service providers in order to comply with our data protection obligations, and we undertake to enter into the corresponding data processing contract with them, imposing, inter alia, the following obligations: to implement appropriate technical and organisational measures, to process personal data for the agreed purposes and in accordance with our documented instructions only, and to delete or return the data to us upon completion of the services, the processing of personal data for the purposes agreed and only in accordance with our documented instructions and the deletion or return of the data to Openbank upon completion of the provision of the services. We have implemented mechanisms of control that guarantee that third-party service providers and sub-contractors that access personal data by virtue of service provisions, comply with the data protection regulations in force.

Specifically, Openbank engages services from third-party providers who carry out their activity in, amongst others, the following sectors: logistics services, legal advisory services, private valuation/appraisal services, supplier approval, multidisciplinary professional services companies, hosting companies, maintenance-related companies, technology service providers, IT service providers, physical security companies, instant messaging service providers, infrastructure management and maintenance companies,  call centre services companies and audit and control companies.

When your data are processed outside the European Economic Area, our aim is to ensure that the level of protection guaranteed by the GDPR is not undermined. To this end, we shall adopt the appropriate guarantees provided for in the European Data Protection Regulation

VII.- What are your rights when you provide us with your data?

We inform you that you have and can exercise the following rights:

•    Right of access: you have the right to obtain confirmation about whether or not we are processing personal data that concerns you and, if so, access such data.

•    Right to data portability: you have the right to receive the personal data you have provided to us in a commonly used and readable, structured format and to transfer these to another bank.

•    Right to rectification: you have the right to request data rectification when inaccuracies are detected.

•    Right to erasure: you may request the erasure of data when, amongst other reasons, it is no longer necessary for the purposes for which you provided such data.

•    Right to object: in certain circumstances, you may object to certain processing of your personal data. In such a case, Openbank will immediately cease such data processing, in accordance with the applicable regulations.

•    Right to restriction of processing: in certain circumstances established by current data protection regulations, you may request a restriction on the processing of your data.

•    Right to withdraw your consent: you can withdraw any consent you have given at any time. Withdrawal of consent will not affect the lawfulness of the processing based on the consent prior to its withdrawal

•   Right not to be subject to a decision based solely on automated processing: if you have authorised profiling and it is carried out entirely by an automated procedure, you may request the personal involvement of one of our analysts, express your point of view and challenge decisions based on such profiles.

You may exercise the above-mentioned rights through the following channels:

  • Email:
  • Post: Open Bank, S.A.”, Plaza de Santa Bárbara, 2, 28004, Madrid.
  • Branch: Paseo de la Castellana 134, 28046, Madrid.

Finally, you may file a claim with Openbank and/or the Spanish Data Protection Agency (as the Supervisory Authority responsible for data protection), especially when you are not satisfied with the exercising of your rights, by writing to the address above, if writing to Openbank, or to C/ Jorge Juan, 6. 28001 – Madrid, if writing to the Spanish Data Protection Agency; or through the Website at

VIII.- Do you need to keep your data up to date?

In order to be able to communicate with you properly, as well as be able to correctly provide you with the services you have engaged, you undertake to ensure that all the information you provide us with is correct, complete, exact and duly updated, assuming any liability that may arise from having provided us with incorrect, erroneous or inaccurate information.

In the event that you do not inform us of these possible changes, you assume that the correspondence we have sent to your postal or email address, as well as to the contact telephone numbers in our files, must be considered valid, binding and fully effective.

IX.- Use of Cookies

At Openbank, we use cookies to, for example, remember who you are when you log in to your Customer Area and customise content that is of interest to you based on your browsing habits.

When you visit the Openbank Website, we will inform you about the cookies we use and you will be able to configure technical, analytics, personalization, product development and enhancement cookies you use when browsing Openbank. You may refer to our Cookie Policy for more information.

X. How we process your data.

We ensure that the processing of personal data is limited to the specific, explicit and legitimate purposes for those that were collected at source, and that will not be further processed in a manner incompatible with said purposes.

Upon data collection, we inform data subjects in a simple and clear manner so that they can easily understand:

- The purpose of the processing activity of their personal data.

- The legal basis of the data processing.

- The recipients or categories of recipients of personal data

- The identity and contact details of the controller and, where applicable, its representative.

- If applicable, the intention of the controller for transferring personal data to a third country or international organization.

- Where appropriate, the existence of automated decisions, including profiling.

- The period during which the personal data will be kept.

- The possibility of exercising the rights over their personal data and how to proceed.

- The right to file a claim with the Local Control Authority.

- When personal data are obtained through third parties, the source from which the personal data come, including publicly accessible sources.

- The contact details of the Data Protection Officer or person in charge of data protection.

XI. How we handle and take care of your data

We make sure we process only those personal data that are adequate, relevant and limited to what is necessary in relation to the specific purposes for which they are collected.

Also as we mentioned in the apartheid V we apply all reasonable measures to suppress or rectify all data that may be non-relevant, inaccurate or incomplete, with respect to the said purposes.

Our standards ensure and guarantee that the data will be processed with the appropriate level of security, including protection against unauthorized or illicit processing activity and against its loss, destruction or accidental damage, through the application of appropriate technical or organizational measures, such as pseudonymization or encryption of personal data. Likewise, we apply the appropriate measures to guarantee the permanent confidentiality, integrity, availability and resilience of the processing activity systems and services.

Our staff has been specifically trained on data protection matters and periodically updated as part of our mandatory training programs. 

XII.- Changes to this Privacy Policy

At Openbank, we are committed to keeping this Privacy Policy up to date in order to collect any new information that may arise in relation to the scope of the processing that we carry out on your personal data. For this reason, it is important that you regularly spend time reading and making sure you understand it. For any possible modification that we need to make, we will notify you in advance, at minimum through our Website and through a personalised message that we will send to your personal email so that you have the opportunity to be properly informed at all times.