1
|
User/Customer registration management
|
Manage customer interaction in accordance with the terms and conditions of the Service, including registration and communication of relevant information.
|
Contact and identification data.
Economic, financial and insurance data.
Data on goods and services transactions.
|
Adequate execution and performance of the Services, as per Article 6.1(b) GDPR.
|
When your relationship with Openbank terminates.
|
2
|
Conducting a risk analysis on fraud prevention
See Section 5 for further information.
|
Analysis of potentially fraudulent activities as part of your request for our Buy Now, Pay Later service (or similar) and your relationship with us in order to prevent registration requests that could be fraudulent (automated decisions).
|
Contact and identification data.
Data related to your personal characteristics.
External sources:
Profile information and other data from social platforms and publicly available sources.
|
Legitimate interest of Openbank in preventing fraudulent activities and protecting existing customers and its business, as per Article 6.1(f) GDPR.
|
When the fraud assessment is performed.
|
3
|
Disclosure of data to third parties for fraud prevention purposes
|
We will transfer your data to Emailage Ltd., to detect and prevent potential fraud attempts and to comply with the procedures, rights and guarantees that the current legislation establishes and recognises at all times. Emailage also acts as a data controller when processing your personal data and will use it for the purposes established in its privacy policy. You can exercise your rights regarding data protection against Emailage at DPO@lexisnexisrisk.com.
|
Contact and identification data.
Economic, financial and insurance data.
|
Legitimate interest of Openbank in preventing fraudulent activities and protecting existing customers and its business, as per Article 6.1(f) GDPR.
|
When data is transferred to the third party.
|
4
|
Disclosure of data to other entities within Banco Santander’s Group of Companies for marketing purposes
See Section 7 for further information.
|
Transfer Customer data to other companies within Banco Santander’s Group of Companies (as per the definition of Group of Companies set forth in Article 42 of the Spanish Code of Commerce, which can be consulted here), so that these companies can send you marketing about their products and services through various means (including electronic means).
|
Contact and identification data.
Economic, financial and insurance data.
Data on goods and services transactions.
|
Prior informed consent obtained from you, as per Article 6.1(a) GDPR.
|
When You withdraw your consent.
|
5
|
Exercising data protection rights and related inquiries
|
Handle, manage and resolve requests relating to customers, interested parties and other data controllers exercising their GDPR rights, as well as complaints submitted directly by the data subject to Openbank or through the corresponding supervisory authorities.
|
Contact and identification data.
Economic, financial and insurance data.
Data relating to goods and services transactions.
Commercial data.
|
As per Article 6.1(c) of GDPR, legal obligation of Openbank, as data controller, to comply with obligations set forth in Article 15-22 of GDPR.
|
When the request to exercise rights has been duly processed.
|
6
|
Debt collection
|
Managing the collection of Customer’s debts with Openbank.
|
Contact and identification data.
Economic, financial and insurance data.
|
Adequate execution and performance of the Services, as per Article 6.1(b) GDPR.
|
When you pay the debt you have with Openbank.
|
7
|
Selling debt portfolio
See Section 9 for further information.
|
Selling the debt portfolio of Openbank Customers to third-party companies in order to obtain a benefit from debt defaults.
|
Contact and identification data.
Economic, financial and insurance data.
Data relating to goods and services transactions.
|
Legitimate interest of Openbank in managing the debt portfolio of Customers and selling it to third parties in order to obtain a financial benefit as per Article 6.1(f) GDPR.
|
When we transfer the outstanding debt to third-party companies.
|
8
|
Financial data processing
|
Maintain accounting and administrative procedures as required by accounting laws and to comply with the applicable law. Creation of reports and/or communication of personal data to the different supervisory bodies (Bank of Spain). Filing and accounting in accordance with accounting legislation.
|
Contact and identification data.
Economic, financial and insurance data.
|
As per Article 6.1(c) of GDPR, legal obligation of Openbank to keep accounting and administrative records and to comply with reporting obligations with the corresponding financial and anti-money laundering supervisory authorities, as per Spanish Law 44/2002 of the Financial System and Spanish Law 10/2010 on the prevention of money laundering and terrorism financing.
|
When your relationship with Openbank terminates.
|
9
|
Transfer of data from the business where you purchase products to Openbank
See Section 6 for further information.
|
The business’s right to charge you for your purchase is transferred to Openbank (sale of the invoice).
|
Contact and identification data.
Economic, financial and insurance data.
Data relating to goods and services transactions.
|
Adequate execution and performance of the Services, as per Article 6.1(b) GDPR.
|
When the purchase takes place.
|
10
|
Email validation
|
Data processing to confirm the email address provided by the Customer, check the data provided are correct and to ensure the quality of said data.
|
Contact and identification data.
|
Adequate execution and performance of the Services, as per Article 6.1(b) GDPR.
|
When the validation is concluded.
|
11
|
Sending of communications for fraud prevention purposes
|
During the contract formalisation process and after you have completed the process and have become an Openbank Customer, we will send you communications in order to verify your identity or to prevent fraudulent attempts or detected fraudulent activities.
|
Contact and identification data.
Data relating to personal characteristics.
Economic, financial and insurance data.
|
Legitimate interest of Openbank in preventing fraudulent activities and protecting existing Customers and its business, as per Article 6.1(f) GDPR.
|
When your relationship with Openbank terminates.
|
12
|
Sending of marketing
See Section 7 for further information.
|
Sending of marketing based on customer segmentation.
|
Contact and identification data.
Economic, financial and insurance data.
Data relating to goods and services transactions.
|
Prior informed consent obtained from you, as per Article 6.1(a) GDPR.
|
When you withdraw your consent.
|
13
|
Customers satisfaction surveys and market research
|
Calls to Customers to conduct satisfaction and other surveys, market research and internal statistics to prepare commercial reports to better understand the consumption habits of our Customers; thereby allowing us to internally assess the design, creation and improvement of new products that may be of interest to our Customers or to reach commercial agreements with third parties.
|
Contact and identification data.
Economic, financial and insurance data.
Unique ID.
|
Prior informed consent obtained from you, as per Article 6.1(a) GDPR.
|
When you withdraw your consent.
|
14
|
Ensure network and service information security
|
Ensure the security of Openbank’s network and information. The processing is necessary to achieve the specific purpose. The legitimate interest takes precedence over a Customer’s right to oppose it.
|
Contact and identification data.
Economic, financial and insurance data.
Unique ID.
|
Legitimate interest of Openbank in protecting its network and information security system in order to safeguard its business and services, as per Article 6.1(f) GDPR.
|
When your relationship with Openbank terminates.
|
15
|
Processing of vulnerable Customer data
|
Only if you have asked us to do so and based on your prior informed consent, we will process data relating to your disability or situation of vulnerability in order to provide you with the Service adapted to your personal needs and circumstances. For example, if you have a hearing or visual impairment, we can arrange for special assistance if so required.
|
Contact and identification data.
Special categories of personal data.
Economic, financial and insurance data.
|
Prior informed consent obtained from you, as per Article 6.1(a) GDPR.
|
When your relationship with Openbank terminates or when you withdraw your consent.
|
16
|
Personal data anonymisation
|
Anonymisation of your personal data in order to enhance our services and products and to analyse consumer behaviour, create statistics and reports for market analysis or the analysis of payment tendencies or volumes in certain regions or industries and for the development and testing of products. The purpose of the foregoing is to enhance our risk and credit models and to design our Services (if possible, we will first anonymise the data prior to carrying out such activities to ensure that no personal data will be subsequently processed).
|
Contact and identification data.
Economic, financial and insurance data.
Commercial data.
Data on the goods and services purchased.
Data relating to your personal characteristics.
Data relating to employment.
Unique ID.
|
Legitimate interest of Openbank in using Customers’ anonymised data to improve our products and the provision of Services to Customers, as per Article 6.1(f) GDPR.
|
When your relationship with Openbank terminates.
|
17
|
Profiling activities with internal data to understand which Openbank products and services could be of interest to you in order to, at a later stage, offer you such products and send you marketing about them.
See Section 7 for further information.
|
Analysis and profiling related to your economic and personal characteristics, based solely on the consultation of information from internal sources, in order to determine which of our own products and services best suit you and/or your interests.
|
Contact and identification data.
Economic, financial and insurance data.
Commercial data.
Data on the goods and services purchased.
Data relating to your personal characteristics.
Data relating to employment.
Unique ID.
|
Prior informed consent obtained from you, as per Article 6.1(a) GDPR.
|
When your relationship with Openbank terminates or when you withdraw your consent.
|
18
|
Profiling with internal data to decide which type of marketing of third-party products we offer
See Section 7 for further information.
|
Analysis and profiling related to your economic and personal characteristics, based on the consultation of information from internal sources, in order to determine which third-party products and services best suit you.
|
Contact and identification data.
Economic, financial and insurance data.
Commercial data.
Data on the goods and services purchased.
Data relating to your personal characteristics.
Data relating to employment.
Unique ID.
|
Prior informed consent obtained from you, as per Article 6.1(a) GDPR.
|
When your relationship with Openbank terminates or when you withdraw your consent.
|
19
|
Profiling with internal and external data for admission-related scoring on Openbank's own initiative.
|
On Openbank’s own initiative, profiling interested people with information obtained from both internal and external sources to analyse the Customer’s admission.
|
Contact and identification data.
Economic, financial and insurance data.
Commercial data.
Data on the goods and services purchased.
Data related to your personal characteristics.
Data relating to employment.
Unique ID.
External sources:
CRIF’s databases
SCHUFA’s databases
|
Prior informed consent obtained from you, as per Article 6.1(a) GDPR.
|
When your relationship with Openbank terminates or when you withdraw your consent.
|
20
|
Profiling with internal and external data for creditworthiness analysis and fraud scoring
See Section 5 for further information.
|
Profiling interested people with information obtained from both internal and external sources in order to conduct a creditworthiness analysis of the Customer and to prevent possible fraud.
|
Contact and identification data.
Data relative to the personal characteristics.
Economic, financial and insurance data.
Commercial data.
Data relating to employment.
Data relating to goods and services transactions.
Unique ID.
External sources:
CRIF’s databases
SCHUFA’s databases
|
Prior informed consent obtained from you, as per Article 6.1(a) GDPR.
|
When your relationship with Openbank terminates or when you withdraw your consent.
|
21
|
Legal, administrative and judicial complaints
|
To handle the complaints of different parties according to the Service provided.
|
Contact and identification data.
Economic, financial and insurance data.
|
Legal obligation, as per 6.1(c) of GDPR.
|
When the complaint has been handled.
|
22
|
Customer phone service
|
Answer calls made to customer services, managing and resolving all inquiries made.
|
Contact and identification data.
Economic, financial and insurance data.
Unique ID.
Commercial data.
|
Legal obligation as per Article 6.1 (c) of GDPR in connection with legal obligations set forth in Spanish Law 44/2002 of the Financial System and Order ECO/734/2004 of 11 March, regulating customer services in financial institutions.
|
When the call has been handled.
|
23
|
Legal/contractual communications
|
Sending communications to Customers in order to provide accurate and updated information regarding their relationship, such as amendments to the Terms and Conditions or the Privacy Policy, account closing, refund, payment letters.
|
Contact and identification data.
Economic, financial and insurance data.
|
Adequate execution and performance of the Services, as per article 6.1(b) GDPR. Legal obligation to keep our Customers updated on any changes in the T&Cs governing the Services relating to this Privacy Policy, as per Article 6.1 (c) GDPR.
|
When your relationship with Openbank terminates.
|
24
|
Customer registration approval through creditworthiness analysis (automated decision)
See Section 6 and 9 for further information.
|
Analysis of the creditworthiness of the potential customer based on fully automated decisions in order to approve the purchase of the invoice.
|
Contact and identification data.
Economic, financial and insurance data.
|