CaixaBank and the CaixaBank Group companies listed below are jointly responsible for the processing of your data in order to prevent fraud involving economic or reputational losses to the entity or its customers.
- CaixaBank, S.A.
- CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
- Nuevo Micro Bank, S.A.U.
- Global Payments Moneytopay, EDE, S.L.
In accordance with the provisions of the applicable regulations, the Joint Controllers have signed a joint controller agreement for certain processing activities, the essential elements on the following principles:
(i) For certain processing activities identified in the Privacy Policy, the Joint Controllers will act in a coordinated or joint manner.
(ii) All suitable technical and organisational measures have been determined to ensure a level of security that corresponds with the risk inherent to processing the personal data subject to joint processing.
(iii) There is a single point of contact for data subjects to exercise their rights, assuming the duty of cooperation and assistance where appropriate.
(iv) They comply with the duty of secrecy and the requirement to keep confidential personal data which is processed through informed data processing activities.
(v) Regardless of the terms of the joint controller agreement, the data subjects can exercise their data protection rights by contacting any of the joint controllers.
The legal basis of this processing is the legitimate interest pursued by CaixaBank or a third party, provided that these interests do not take precedence over your interests, or your fundamental rights and freedoms, as per art. 6.1. f) of the General Data Protection Regulation (GDPR).
This processing will imply that we have considered your rights and our legitimate interest and we have concluded that the latter prevails. Otherwise, we would not process the data. You can ask about the analysis that is done to weigh the legitimate interest of a processing operation at any time by emailing your enquiry to [email protected]
We also remind you that you have the right to object to processing based on a legitimate interest. You can do this simply and free of charge through the channels indicated in section 4.
Below we provide a description of CaixaBank's legitimate interest (CaixaBank's Legitimate Interest), the purpose (Purpose), the type of processed data (Type of processed data), if applicable, information on the use of profiles (Use of profiles), other relevant processing information (Other relevant information).
Legitimate Interest of CaixaBank: The legitimate interest of CaixaBank and the joint data controller companies listed in this section for carrying out this processing is to prevent fraud that could lead to financial or reputational damage to the institution or its customers.
Purpose: The purpose of this processing is to adopt the necessary measures to prevent malicious transactions or conduct before they occur or to mitigate their impact if they do occur by identifying suspicious transactions or conduct that could involve an attempt to defraud the institution or its customers.
The processing operations carried out to prevent fraud are:
- Verifying the identity of customers that interact with the bank to prevent fraudulent access to information or operations.
- Reviewing and analysing the contracts and operations carried out in our systems to protect our customers from fraud through any channel and prevent cyberattacks.
- Verifying your identity and the validity of the identification documents provided with national and international databases managed by law enforcement and similar agencies, such as INTERPOL (International Criminal Police Organization), to confirm that you are the holder of the identification document you provide us and to protect you from identity theft (when another person pretends to be you).
- Consulting the information included in the PAYGUARD Fraud Prevention Service to detect fraudulent accounts and report, where appropriate, fraudulent transactions.
Types of data processed: The types of data we will process for this purpose (the content of which is detailed in heading 5) are:
- Identification and contact details
- Details of your professional or work activity and socio-economic information
- Contract details
- Basic financial data
- Third-party data from statements and receipts of instant accounts and payment accounts
- Data on communications maintained with you
- Own browsing data
- Geographical details
- Data obtained from the execution of statistical models
- Risk assessment data or scoring
Use of profiling: This processing involves creating a profile of your usual operations and activities, which we use exclusively to detect irregular situations that may indicate an attempt to commit fraud.
- Purpose: The purpose of the profile is to identify operations or interactions that are unusual or not in line with your behaviour profile that could be an attempt to commit fraud or gain fraudulent access to information.
- Consequences: Profiles are tools that help to identify fraudulent transactions. The use of these profiles requires the implementation of measures, including reviewing transactions in detail, blocking transactions and rejecting their automatic execution.
Other relevant information: The following section includes other relevant data processing information:
- Automated decisions: For the purpose of fraud prevention, we will use automated processing to try to detect fraudulent transactions.
In the case of transactions that cannot be reversed once executed, such as immediate payments or transfers, the automated processes will block any suspicious transactions and prevent them from being executed.
You may resubmit an application for the transaction at one of our branches, where the analysis does not include automated decisions, challenge the automated decision or exercise your right not to be subject to a decision based solely on automated processing by contacting CaixaBank directly through the channels set out in section 4 of this policy. - Right to object to processing: Please note that you have the right to object to processing based on a legitimate interest. You can do this simply and free of charge through the channels indicated in section 4.
- PAYGUARD Fraud Prevention Service: CaixaBank is a member of the PAYGUARD Fraud Prevention Service, which covers the country's leading financial institutions and is managed by Sociedad Española de Sistemas de Pago, S.A. (Spanish Payment Systems Company) (Iberpay).
This service aims to minimise the levels of fraud related to movements between accounts by detecting, investigating, monitoring and reporting, where applicable, suspicious and fraudulent transactions involving customers' current or savings accounts. The legal basis for the processing is the legitimate interest in preventing the type of fraudulent activity that could affect these transactions.
CaixaBank may include in the PAYGUARD Fraud Prevention Service data related to the IBAN number and identifying details of the holder of the account where the suspicious or fraudulent transaction has been detected. You can view the updated list of participating institutions at: https://www.iberpay.es/es/servicios/sectoriales/prevencion-del-fraude/.
The data will be kept for a maximum of thirty days for suspicious transactions and one year for confirmed fraudulent transactions.
The institutions participating in the PAYGUARD Fraud Prevention Service are the joint controllers of your data. You can request the main aspects of the joint data controller agreement by sending an email to www.caixabank.com/delegadoprotecciondedatos and also exercise your rights regarding the processing of your data through any of the channels indicated in section 4. Exercising rights and filing complaints through the Spanish Data Protection Authority (AEPD).