see the policy
1) We respect your privacy and your choices.
2) The privacy and security of your data is incorporated into our policy.
3) We do not send marketing messages unless requested. They can be requested at any time.
4) We never share or pass on your data without your explicit consent.
5) We are committed to transparency concerning the use of your data.
6) We do not use your data without informing you or requesting your consent.
7) We respect your rights as established by law and in accordance with our own legal and operational obligations.
For more information about our privacy policies, below we set out the types of personal data we may collect or hold concerning you, how we may use them, with whom we may share them, how we protect them, and how you can exercise your rights in relation to these data.
1. About us
The Instituto de Crédito Oficial (ICO), with registered office at Paseo del Prado, 4 28014 Madrid, Spain is responsible for the personal data you share with us. The ICO is therefore the data controller in accordance with the applicable data protection legislation.
2. Personal data
Personal Data refers to any information or data that can be used to identify you directly (for example, your name or surname) or indirectly (for example, your national identity card or D.N.I). Personal Data include information such as e-mail address / private postal addresses / mobile phone number, user names, profile pictures, personal preferences, user-generated content, financial information, among others. They may also include unique numerical identifiers, such as your computer’s IP address or your mobile device’s MAC address, as well as information we collect through cookies.
This Policy covers all Personal Data collected and used by the ICO.
3. Collection of personal data and purposes of processing
Please remember that before you start using any of our services or features, you should read this Policy, as well as the Terms and Conditions of Use for the specific section that applies to the service or feature in question. The section will state whether there are any particular conditions for its use, or whether any specific processing of your Personal Data is required. Failure to provide certain mandatory information may make it impossible for you to register as a user or access specific features and services available at www.ico.es.
What data can we collect from you?
We can collect or receive your data through our websites, forms, applications, devices and financial products, among others. In some cases, you provide us with your Personal Data directly (for example, when you contact us); in other cases, we collect them directly (for example, by using cookies to understand how you use our websites/apps) or sometimes indirectly when we receive your data from third parties, including other ICO Group entities.
What is the legal basis for processing your Personal Data?
- Your consent;
- Our legitimate interest, which may be:
- Generating statistics: to help us better understand your needs and expectations and therefore improve our services, websites/applications/devices, etc.
- Enabling the functioning of our website/applications through technical and functional cookies: to keep our tools (websites/applications/devices) safe and secure and to ensure their proper functioning and continuous improvement.
- Offering you our Information Service.
- Sending by electronic means, or any other equivalent means of communication, invitations to attend events or seminars organised by the ICO, or by third parties; in any case, attendance will be voluntary and may require the data subject to register.
- Submitting surveys on the quality of service. The ICO may send out surveys on the quality of the service provided, which the data subject is not obliged to complete.
- In the case of a formalised agreement: to perform the services you request from us
- Compliance with legal obligations involving the processing of personal data
- When we collect your Personal Data, we mark the mandatory fields with asterisks. Some of the information we ask you for is necessary for:
- Fulfilling our commitment to you
- Providing you with the service you requested (for example, to send you a newsletter)
What are the ICO's different types of data processing?
When we send or deliver personalised communications or content, we may employ certain methods that qualify as “profiling” (i.e. any automated processing of personal data that involves the use of such data to evaluate specific personal aspects of an individual, particularly for the analysis or prediction of factors related to personal preferences, interests, financial status, location, trustworthiness, or transactions carried out with the ICO). This means that we may collect personal data concerning you in order to carry out this profiling. We centralise this information and analyse it to assess and predict your personal preferences and/or interests.
Based on our analysis, we send or deliver communications and/or content specific to your interests/needs.
Please note that you have the right to object to the processing of your personal data for profiling purposes in certain circumstances. To this end, please refer to section 10, “Rights of the data subject and exercise of these rights.”
5. Who can access your Personal Data?
5.1. We may share your Personal Data within the ICO Group.
“Who may access your Personal Data?” your data may be shared with other ICO Group companies on the legal basis of legitimate interest of the group for administrative purposes and under the legal obligation of maintaining your information on a cancellation list if you have requested not to receive any additional marketing communications.
5.2. Your personal data may also be processed on our behalf by our trusted third party providers.
We enter into agreements with trusted third parties to perform a variety of services on our behalf. We only provide them with the information they need to perform the service, and we require that they do not use your personal data for any other purpose. We make every effort to ensure that all third parties we work with maintain the security of the personal data we provide to them.
6. How long do we keep your personal data?
We only keep your personal data for as long as we need it for the purpose for which it was collected with your explicit consent, in order to meet your needs or to comply with our legal obligations.
To determine the data retention period of your personal data, we use the following criteria:
- Personal data obtained when contacting us with an query or complaint: for the time necessary to deal with your query;
- Personal data obtained when giving consent to send communications or because they are necessary according to the regulations: until the purpose for which they were requested has been fulfilled.
We may retain some personal data to comply with our legal or regulatory obligations and to manage our rights (for example, to enforce our claims in court) or for statistical or historical purposes.
When we no longer need to use your personal data, it will be eliminated from our systems and records or made anonymous so that we can no longer identify you.
7. Is your personal data stored securely?
We are committed to protecting your personal data and to taking all reasonable precautions to do so. We contractually require the trusted third parties who handle your personal data to do the same.
We always do our best to protect your Personal Data and once we receive your personal information, we use strict procedures and security features to try to prevent unauthorised access. As the transmission of information via the Internet is not completely secure, we cannot guarantee the security of the data you transmit to our site. Therefore, any transmission is at your own risk.
8. Links to third party sites and social login
Our websites and applications may contain links to and from the websites of our partner networks. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we are not responsible for these policies. Please check these policies before submitting personal data to these websites.
9. Social media and user-generated content
Some of our websites and applications allow users to submit their own content. Please note that any content submitted to any of our social media platforms may be visible to the public, so you must be careful when sharing specific personal data (for example, financial information or details of where you live). We are not responsible for the actions of others connected to personal data posted on our social media platforms and we advise you not to share this kind of information.
10. Rights of the data subject and exercise of these rights
The ICO respects your right to privacy: it is important that you have control over your Personal Data.
In this regard, you have the following rights:
|Right to information
|Right of access
|Right to rectification
|Right to erasure/be forgotten
|Right to object to direct marketing, including profiling
|Right to withdraw consent at any time in cases where the processing of data is based on consent
|Right to object to processing based on the fulfilment of legitimate interests
|Right to lodge a complaint with a supervisory authority
|Right to data portability
|Right to restriction of processing
If you have any questions about how we process and use your Personal Data or wish to exercise any of your rights, you can let us know by sending an email to firstname.lastname@example.org or by writing to us at the following address: Instituto de Crédito Oficial, at Paseo del Prado, 4 -28014 (Madrid) Spain.