Login

Privacy Policy

Our privacy policy: Foreword

Whether you are a customer, prospective customer or visitor to our website: we respect and protect your privacy. What does that mean in plain language when it comes to your personal data? In the following you can quickly and easily get an overview of which personal data we collect from you and what we do with it.

We will also inform you about your rights under applicable data protection law and, of course, tell you who you can contact if you have any questions.

Who does this privacy policy apply to?

At Bankosol, we are aware of how important your personal data is to you. This privacy policy explains in a simple and transparent way what personal data we collect, capture, store, use and process and how we do it. Our approach can be summarized as follows: The right people use the right data for the right purpose.

This data protection declaration applies to:

  • All past, present and potential clients of Bankosol who are natural persons (“you” or “your”)
  • Non-Bankosol customers who are in contact with our bank, such as agents, guardians, beneficiaries or payees, guarantors, beneficial owners, legal representatives, shareholders, debtors or tenants of our customers, visitors to our Bankosol website or others Persons involved in a transaction:

We receive your personal data in the following ways:

  • By yourself when you become an Bankosol customer, when you register for our online services, fill in an online form, sign a contract, use our products and services or contact us through one of our contact channels
  • From other available sources such as debtor registers, land registers, commercial registers, registers of associations, online or traditional media or other publicly available sources or other entities within Bankosol or third parties such as payment or transaction processors, credit bureaus, other financial institutions, trading companies or public authorities

What personal data do we collect from you?

Personal data is any information that tells us something about you or that we can associate with you. This includes, among other things, your name, address, date of birth, account number, IP address or information about payments made from a bank account. By "processing" we mean collecting, recording, organizing, arranging, storing, adapting or modifying, reading, querying, using, disclosing by transmission, distribution or any other form of provision, matching or linking, restricting, deleting or destroying. The personal information we collect includes, but is not limited to:

  • Identification data such as first and last name, date and place of birth, ID number, nationality(s), signature, social security number, address, e-mail address and telephone number.
  • Transaction data such as your account number, any deposits and withdrawals as well as withdrawals and transfers and their timing.
  • Financial data such as invoices, credit notes, payslips, payment history, the value of your property or other assets, as well as information that may affect the value, your credit history, your creditworthiness, financial products you have with ING, whether you are listed with a credit reporting agency , arrears and information about your income.
  • Sociodemographic information, e.g. marital status and family situation, e.g. whether you have children.
  • Data about your online behavior and your online preferences, e.g. IP addresses, unique identifiers of mobile devices, data on your visits to our websites and apps, devices with which you visited our website or app (this helps us to recognize whether you are browsing our website or using our applications for mobile devices).
  • Information about your interests and wishes that you communicate to us, e.g. via our customer service or when you take part in an online survey.
  • Know-Your-Customer (KYC) data: The know-your-customer (KYC) principle (English for "Know your customer") means checking the personal data and business data of new customers of a bank to prevent Money laundering and terrorist financing based on the Money Laundering Act. We process personal data as part of the so-called Customer Due Diligence (CDD). In the case of natural persons, the type of professional activity and the purpose of the business relationship must be recorded. The details of the planned customer relationship, such as scope or types of payment transactions, must also be recorded.
  • Tax information such as personal tax identification number and tax residency.
  • Your interactions with Bankosol on social media such as Facebook, Twitter, Instagram and YouTube. We track public news, posts, likes and reactions to and about Bankosol on the web.

How do we treat your sensitive data?

Special categories of personal data, known as "Sensitive Data", are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as the processing of genetic data, biometric data to uniquely identify a natural Personal, health data or data relating to a natural person's sex life or sexual orientation.

We only process your sensitive data:

  • when we have your express consent;
  • if we are legally obliged or entitled to do so;
  • for example, when you instruct us to make a payment to a political party or religious organization;

We process your sensitive data, for example in connection with:

  • KYC regulations: We are required by law to keep a copy of your ID card or passport. In individual cases - depending on the country of issue - these may contain sensitive data about your ethnic origin or your religious or political beliefs. If you identify yourself by video chat, you agree that the entire conversation will be video recorded and that a portrait photo will be taken. ING-DiBa AG stores the collected data, photos and the video and deletes the data no earlier than 5 years after the end of the business relationship.
  • Money Laundering or Terrorist Financing Monitoring: We monitor your activities and may report them to the relevant regulatory authorities.

Do we need information from children?

We only process data from children if you open an account for minors or if you provide us with information about your own children in relation to a product you have purchased. If we process data from children for other purposes, we will obtain the consent of the legal guardian.

How do we protect your personal data?

We take appropriate technical and organizational measures (policies and procedures, IT security, etc.) to ensure the confidentiality and integrity of your personal data and its processing. We apply an internal framework of policies and minimum standards company-wide to protect your personal information. These policies and standards are regularly updated to reflect current legislation and market developments. In addition, Bankosol employees are bound by a duty of confidentiality and must not disclose your personal data unlawfully or unnecessarily. If you suspect that your personal data has fallen into the wrong hands, you should always contact Bankosol.

Use of cookies

This site uses cookies. Cookies are small units of information that are stored on your end device. This serves to make it easier for visitors to navigate through the website and to use certain functions and, above all, to be able to use this information again at a later point in time. In addition to these technically and functionally required cookies, cookies can also be used for other purposes, such as targeted advertising. Please refer to the notes below for more detailed explanations.

If you do not want cookies to be stored on your end device, you can prevent this by setting your browser software accordingly. Cookies that have already been saved can also be deleted there. If technically necessary cookies are deactivated, however, full use of this website is no longer possible.

Necessary cookies:

Your Bankosol uses cookies, which are necessary for the operation and the performance of functions in order to make the use of this website safe and user-friendly. This is the only way users can navigate on the websites and operate the modules or functions of the website. Without these cookies, it may not be possible or only possible to a limited extent to use the website. Some functions require the browser to be recognized even after a page change.

The data collected with the help of these necessary cookies are not used to create user profiles. The following data is stored and transmitted in the cookies:

  • Current session ID
  • Articles in the shopping cart or products in the application process
  • Use of certain website content, for example frequency or extent of use
  • Acknowledgment of certain website content, such as product notices
  • Settings regarding your regional savings bank
  • Settings regarding search functions on the website

Because websites have no memory, cookies tell the server which pages to show the visitor. This has the advantage that the visitor does not have to remember everything or navigate through the entire page again. For example, cookies can store order information so that shopping carts work and the visitor is not forced to remember everything they have put in their shopping cart when they check out. Almost all of the technically and functionally necessary cookies used are session cookies, so-called "session cookies". The data stored there will be automatically deleted at the end of your visit.

Cookies that start with the prefix "BKS" and then contain a variable length of other random letters and numbers are technically necessary cookies. They are used for load balancing in order to distribute the load of requests as evenly as possible over several web servers. For some functions such as B. Product completion, transfer, etc., it is important that a process that has just started is continued on the same web server after further input from the end customer.

The cookies set to maintain shopping carts have a validity period of 10 days.

The DeviceID cookie required for device identification has a validity period of 180 days.

The cookie BKS_COOKIE, which directs savings bank customers from the central site sparkasse.de to the site of their home institution and “remembers” the bank code for this purpose, expires after 6 months.

Who receives your data?

It will only be passed on to third parties if you have given your consent or if there is a legal obligation to do so.

Under these conditions, recipients of personal data can be in particular:

  • law enforcement agencies
  • other companies of the Bankosol

Commissioned service providers can also receive such data if they meet the special confidentiality requirements of your Bankosol. In particular, these can be companies in the categories of IT services, consulting as well as sales and marketing. Appropriate data protection agreements are then made with the service providers.

When will your data be deleted?

If the data mentioned in this declaration is no longer required for the original purpose, it will be deleted. Something else only applies if their - temporary - further processing is required for other purposes.

If a different storage period is defined for certain services, you will find this in the description of the respective service.

Which individual right of objection do you have?

You have the right to object to the processing of your personal data for reasons arising from your particular situation. The prerequisite for this is that the data processing takes place in the public interest or on the basis of a balance of interests. This also applies to profiling.

In the event of an objection, we will no longer process your personal data. Unless,

  • we can demonstrate compelling legitimate grounds for processing this data that outweigh your interests, rights and freedoms.
  • Your personal data is used to assert, exercise or defend legal claims.

The objection can be made in any form and should be addressed to: accionista@bankosol.es

What happens if the data protection declaration changes?

This privacy policy may be amended to update the information provided or if necessary to comply with new legal obligations or instructions issued by the Spanish Data Protection Agency. Users are therefore advised to visit it regularly.

This version was created in May 2020.

i