caja rural de navarra
Clients Data Protection Policy

caja rural de navarra
Article 26 of the GDPR determines that when two or more managers decide together on the processing objectives and methods, they will be considered joint controllers of the processing. In this respect, our Entity acts as a joint controller of the processing along with the following entities:
As we will explain below, other forms of data processing might be necessary for the contracted or requested service, and other voluntary or addition types, that are considered to be compatible with the former, as they are only intended to improve our products and services, and to send out the most suitable advertising. Depending on the case, these additional voluntary purposes require either that we have received your consent, or that you have not objected, as there is a “legitimate interest” in the processing. The definition of legitimate interest is given below.
All the financial entities added to this common file are responsible for this file, henceforth the “joint processing managers”. You can request additional information on the essential aspects of the joint responsibility agreement between the Entities by writing to the DPD email address. Furthermore, you can consult the updated list of the entities that joined the common file through this link https://www.iberpay.es/es/servicios/servicios/prevenci%C3%B3n-del-fraude/#tab-4..
The legitimising base for the processing is legitimate interest, both from holders of the accounts that might be affected by the fraud committed by third parties, and this Entity to detect and prevent fraud in the banking operations to and from your account.
To do this, we will be able to:
The data that might be included in this file by this Entity will be related to the IBAN number, account holder and when appropriate, it might also include the IP connection data, geopositioning, identification of the device where the suspicious or unauthorised operation was detected.
The file can only be accessed, and the information used, by the jointly responsible member entities, exclusively for the purposed described relating to detecting, preventing and controlling fraud.
Furthermore, we might inform you that IBERPAY, as administrator of the common file, is considered to be the Data Processing Supervisor, so that it can only use this data for merely managing this common file. For this purpose, a contract has been signed between IBERPAY and the joint-managers, with the necessary guarantees and security measures.
Report unauthorised or suspicious fraud operations to the common file for fraud prevent.
You should be aware that your personal information might be included by the Entity in a common file for prevention of fraud in banking operations, managed by the Spanish Payment Systems Society (Iberpay) to detect, investigate, control and possibly report unauthorised or suspicious operations committed in your current or savings account.
Consult unauthorised or suspicious fraud operations to the common file for fraud prevention.
Your personal data might be consulted by the Entity in the common file for fraud prevention in banking operations, managed by the Sociedad Española de Sistemas de Pago (Iberpay) to detect, investigate, control and possibly report unauthorised or suspicious operations that took place in your current or savings account.
Profiling consists of using your personal data to evaluate certain aspects of a physical person, particularly for us to analyse or predict aspects relating to your economic situation that involve processing economic, financial and insurance data (such as to be able to meet the solvency legislation that obliges us to make provisions, and also to grant, or refuse, operations with a risk of non-payment), personal preferences and interests that involve processing personal characteristics, social circumstances, employment details, commercial information, economic, financial and insurance data, transactions of goods, geographic data and digital data (to be able to adapt the sales offers to your specific profile, such as informing you about pension plans according to your age or, investments according to your investor profile), reliability, behaviour (as in cases where the legislation obliges us to evaluate your training and experience to check that you understand the risks of certain investments), location or movements (such as when you have activated geopositioning services on a device to benefit from a service or locate us, etc.)
Occasionally, these profiles mean that completely automated decisions are taken, in other words, without human intervention, as this means that decisions are uniform, the same for everyone, that take into account objective data and tendencies depending on age, place of residence, economic capacity, inclusion or not in solvency or insolvency files, training, profession, economic activity, etc. This happens when an automatic reply is given through the website to some loan requests, as one example. In this way, decisions are fairer as they are the same for everyone. In any case, in these situations, you always have the right to ask to speak to a person, to express your point of view and contest the decision, as we wish to always provide you with the most efficient service possible. If this happens, please go to our DPO or to customer services.
To sum up, this processing allows us to particularly meet the obligations to provide statistical forecasts (generic) in the light of possible non-payments, given that this makes it possible to meet the obligation to predict possible losses that affect activity sectors, demographics or other sectors analysed statistically, such as those which affect a profession or economic activity in the event of a general economic crisis. Evaluate the operations with a non-payment risk, taking data from the person to be able to analyse their economic capacity to be able to return what was entrusted. In addition, the legislation obliges us to analyse your experience, training and capacity to be able to perform certain investment or contractual operations, by means of a suitability and appropriateness test.
Finally, just by evaluating your specific profile, it can send you advertising that might really interest you depending on your particular circumstances.
Notice that, in the data collection forms, the fields marked with an asterisk (*) are compulsory to be able to maintain and execute the contract, pre-contract or the request for it, and to meet the laws and other rules. Consequently, this data will be necessary for these purposes and without it, the operating procedure cannot continue.
All other data and purposes are optional, require consent or are based on legitimate interest, so that it is always possible to object to them in compliance with what has been indicated, without withdrawal of consent or that this objection conditions the execution of the contract, or the request for it, or generating any damage.
In the case of decisions based entirely on automated decisions that have legal effects on you, or that significantly affect you in a similar way to these legal effects, you have the right to obtain human intervention on this decision, and express your point of view, and you can challenge this decision if you wish.
You can also contact our Data Protection Delegate using the email address protecciondedatos@crnavarra.com.
To exercise any of the rights stated above, you can send your application in writing to Caja Rural de Navarra – Departamento de Protección de Datos at Plaza de los Fueros, nº1, CP 31003, Pamplona or to the email address protecciondedatos@crnavarra.com attaching a copy of your ID document.
1 “Pseudonymization”: processing personal data so that it can no longer be attributed to an interested party without using additional information, as long as this additional information appears separately, and it is subject to technical and organisational measures intended to guarantee that the personal data is not attributed to an identified or identifiable physical person.