caja rural de navarra
Website User Data Protection Policy
Website User Data Protection Policy
1. Data Controller. Who is responsible for processing your data?
1.1. Name: Caja Rural de Navarra, Sociedad Cooperativa de Crédito (hereafter Controller), with Tax ID F31021611 and head offices at Plaza de los Fueros 1, Pamplona (Navarra, SPAIN). Contact us by emailing our customer service at email@example.com, phoning +948 168 100 or dropping in at any of our branch offices.
1.2. The Data Protection Officer (hereafter DPO) is in charge of safeguarding your privacy within the Bank. If you need to contact him/her, write to firstname.lastname@example.org or to the address of the Bank, including the reference “Data Protection Officer”.
2. Scope. Who does this information apply to?
2.1. This Additional Website User Data Protection Information only applies to the processing of data collected through the forms provided on the data controller’s website.
3. Data origin and category. Where does the data we process come from and what categories do they belong to?
3.1. The only personal data managed through this website are those you supply on the forms provided. No personal data are obtained from other sources.
3.2. The data categories processed in the data processing set out in paragraph 4 of this Information are identification and contact details: name and surname/s, National ID document number/Foreign Resident ID, postcode, telephone and email.
4. Purpose. For what purpose do we process your personal data?
4.1. The Controller will process your identification and contact details in order to contact you and respond to any enquiries and requests for information that you send us through the forms provided on our website.
4.2. If you expressly authorise us to do so and provided that you are not a customer of the Bank, we will use your contact information to send you commercial communications about products and services marketed by the Bank.
4.3. If expressly requested to do so, the data related to the email will be processed in order to send you periodic newsletters prepared by the Bank.
There is no provision for the international transfer of data, profiling or automated decisions based on the processing identified.
5. Lawfulness. Why is the processing of your personal data legitimate?
5.1. The lawful basis for the processing of your personal data for the purposes listed in paragraph 4.1 is the consent given by sending the enquiry and information request forms via the website.
5.2. The lawful [J1] basis for the processing of your personal data for the purposes listed in paragraph 4.1 is the consent freely given by checking the box provided for the purpose.
6. Retention. How long do we keep your data?
6.1. The data collected through the forms on our website shall be kept for a period of one year. After this period of time, the data will be deleted.
6.2. This retention period only applies to data collected through the web forms provided and only if you are not a customer of the Bank, in which case the data retention periods are governed by the provisions of our Additional Customer Data Protection Information set out in “Data Protection” on our website.
7. Recipients. Who will receive your data?
7.1. The data will be processed by the data controller and those agents and suppliers which the Bank contracts to provide services. This is always done with contracts and guarantees subject to the data protection models approved by the authorities.
7.2. The main supplier of hosting services is Rural Servicios Informáticos.
8. Rights. What are your rights?
8.1. Right of access: The right to know what kind of data we process and the characteristics of the processing we carry out, in accordance with the provisions of Article 15 of the Spanish General Data Protection Regulation (hereafter GDPR).
8.2. Right to rectification: The right to request the modification of your personal data because they are inaccurate, untrue or out of date.
8.3. Right to object: The right to request that your personal data not be processed for certain purposes. Similarly, when processing is based on your consent, you have the right to withdraw such consent at any time. You can also object to the processing of your data. All the foregoing in accordance with article 21 of the GDPR.
8.4. Right to erasure: The right to request the deletion of your personal data when processing is no longer necessary.
8.5. Right to restrict processing: The right to request that the processing of your personal data be limited, in which case they shall only be retained for the exercise or defence of legal claims and in order to comply with court injunctions or legal requirements.
8.6. Data portability. The right to request the portability of the data you have provided us with, to receive them in a structured, commonly used and machine readable format, and to have them transmitted to another controller, in accordance with the provisions of Article 20 of the GDPR.
8.7. Withdrawal of consent. You may, at any time, withdraw the consent you have given without any kind of damage or detriment.
8.8. Filing complaints. You may, at any time, file a complaint with the competent supervisory authority, this, in Spain, being the Spanish Data Protection Agency, without prejudice to the powers, where appropriate, of other regional or supranational entities, in accordance with the provisions of the Data Protection Regulation and national legislation.
You can also contact our Data Protection Officer by email at email@example.com
In order to exercise any of the rights set forth, you can send your request in writing to Caja Rural de Navarra, Sociedad Cooperativa de Crédito at its address or firstname.lastname@example.org, attaching a copy of your national ID document or other official ID document.