KNOW THE GDPR

What is GDPR? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

The General Data Protection Regulation (GDPR) is a new European regulation that adapts the management of personal data to new digital environments, such as the internet and mobile apps. Its objective is to guarantee that natural persons own their data and have control over what entities do with them.

When does the new regulation apply? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

The European Union approved the Regulation in 2016. Member States must apply it from 25 May 2018.

What is the Right of Portability? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Right of the data owners to ask the Bank to give their data to another entity, or to them, if requested, in a structured, commonly used and machine-readable format. Such request can only be made in relation data whose processing is based on consent or a contract, and provided that the processing is carried out by automated means.

What is the processing of personal data? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Data processing is considered any use of the data that implies the collection, recording, conservation, preparation, modification, consultation, use, blocking, modification or cancellation, as well as the data transfers resulting from communications, consultations, interconnections and transfers.

What companies does GDPR affect? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

All companies that have personal data must comply with the Regulations.

What are the accesses for the modification of consents? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

If you are a Banco Santander customer, you can make changes to your consents both from the Private Area, as well as from the mobile APP, the Call Centre or at the Branch.

What consents do customers have to complete? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

We will need the customer's consent to carry out certain kinds of processing:

  • Sending general marketing, or marketing adapted to the profile of the data owner, about products and services other than those that they have taken out.
  • Sending marketing for Insurance products.
  • Transfer of personal data to other entities.
  • Consultation of negative files for pre-granting.

Does the customer have to agree to all the consents? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Consenting to all processing allows the bank to offer a service that is most adapted to their needs, but they do not have to agree to all consents. Even so, if the customer opts for the latter, the Bank must process their personal data for the maintenance of the product or service that they have taken out and/or legal compliance.

Does the customer have to agree to all the consents? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Consenting to all processing allows the bank to offer a service that is most adapted to their needs, but they do not have to agree to all consents. Even so, if the customer opts for the latter, the Bank must process their personal data for the maintenance of the product or service that they have taken out and/or legal compliance.

What happens if a customer has not filled in the consents Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

We will continue to send them marketing, but it will not be personalised, so they will not be adapted to their needs.

Is not giving consent and not filling in the form the same? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

In practice, yes. Customers who do not fill in the consents will be understood as having rejected them all, so they will not receive any marketing that can only be personalised by consent.

How will current customers be informed of what is done with their data? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

All customers will receive a communication before 25 May (through the Supernet mailbox, email or letter) in which they will be informed of the processing carried out with their data.

How is data portability done? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Through Supernet: in the personal area, the customer accesses data portability and chooses what data they want to include. The recipient (themselves or a third party) receives an email with the information and an SMS with a unique password required to request the download of the data. Branches can: either direct the customer to Supernet to carry out this operation or send an email/letter to SRAC in the first instance.

Is the Robinson pre-GDPR list maintained? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Customers who are registered in Robinson will be marked as opposed to certain kinds of processing.
In any case, a data owner may oppose to the processing of certain data or revoke the consent given..

How can customers stop receiving ALL communications? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

The customer must send a request to the Privacy Office via post or letter.

What rights do customers have over their data? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

The customer has: Right of Access, Right of Rectification, Right of Opposition, Right of Portability, Right of Limitation of Processing, Right of Suppression and Right to not be the subject of a decision based solely on the automated processing of your data. You can also revoke the consent that you have given.

What is the Right of Access? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Right that the data owners have in order to obtain information about whether their data is being processed, the purpose of the processing, the origin of the data and the communications/assignments made or planned.

What is the Right of Rectification? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Right that the data owners have to request that any inaccurate or incomplete data be modified.

What is the Right of Opposition? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Right of the data owner to request that a certain personal data processing is not carried out. Data owners may only oppose data processing that is carried out for legitimate interest.

What is the Right of Limitation of Processing? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

The data owners' right to request that the processing operations that correspond in each case are not applied to their personal data. This right can only be exercised in certain restrictive cases.

What is the Right of Suppression? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Right that allows people to contact the Bank to delete their personal data when they are no longer necessary, when consent is withdrawn, they have been processed illegally, etc. In this case, the entities of the Santander Group must be able to block the data and, subsequently, delete any copy, link and replica of the data. This is all provided that it is not hindering by a legal obligation, or is necessary for the exercise or defence of claims.

What is the right not to be subject to a decision based solely on the automated processing of your data? Icon / PlusCreated with Sketch.Icon / minusCreated with Sketch.

Right that allows data owners to request that personal data processing that implies that the Group entities make decisions that significantly affect them automatically and without human intervention is not carried out.

Shall we start?

Manage your consent so that we can continue to offer you all of our products and services.

KNOW THE GDPR

    What is GDPR? When does the new regulation apply?
${loading}
×