Privacy policy

Privacy Policy ImaginersGen S.A.

1. HOW WE PROCESS YOUR PERSONAL DATA

To manage your relationships with us, at Imaginersgen, S.A. (hereinafter “IMAGIN”) we will process your personal data to fulfill different purposes, always in accordance with the provisions of current regulations, respecting your rights and with total transparency. To do this, in this Privacy Policy, which you can access at any time Settings>Legal information>privacy policy and www.imagin.com/politicaprivacidad, you can consult the complete detail of how we will use your data in the relationships we establish with you.

The processing of your data may vary depending on the type of client you are.

There are three possibilities:

  • Imagin Customer: You will be one when you register in our mobile application (“Imagin App”) with a name, phone number and email address. In this case, this privacy policy will apply to you (processes in section 6).
  • Imagin reload customer: you will be one when you register in the Imagin app and, in addition, contract a prepaid card. In this case, this privacy policy and its processes, as well as the Money To Pay privacy policy, will apply to you. Money to Pay is the company with which you will contract the prepaid card. You can find Money to Pay's privacy policy on its website or at the following link: https://moneytopay.com/web/guest/politica-de-privacidad
  • ImaginBank Infinity Customer: You will be one when you register in the Imagin app and, in addition, sign up for an account. In this case, this privacy policy and its processes, as well as the CaixaBank privacy policy, will also apply to you. Caixabank is the company with which you will contract the account. You can find CaixaBank's privacy policy on its website or at the following link: https://www.caixabank.es/particular/general/politica-privacidad.html

The main regulations that regulate the processing we will do with your personal data are:

- Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (hereinafter the RGPD)

- Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (hereinafter LOPD).
This policy is based on the privacy and data protection principles approved by the CaixaBank Board of Directors, which you can consult on the website https://www.caixabank.com/es/accionistas-inversores/gobierno-corporativo/documentos-corporativos.html

 

2. WHO PROCESSES YOUR DATA

Data controller: The controller of your personal data in your interactions with us ("Contractual Relationship") is IMAGIN (ImaginersGen, S.A.), with Tax ID number (NIF) A-61363339 and registered address at Carrer de l'Estany 1-11, Barcelona.

Joint data controllers: Furthermore, for certain processing, detailed information for which is provided in this policy, IMAGIN will jointly process your data with other companies, jointly deciding on the purposes ("what the data are used for") and the resources used ("how the data are used"), which thus makes them the joint data controllers.

The purposes for which IMAGIN will jointly process your data with other companies are described in detail in section 7 “PROCESSING IN JOINT RESPONSIBILITY THAT WE WILL CARRY OUT IN RELATION TO THE IMAGINBANK INFINITY CUSTOMER."

You can also find the list of companies that process your data, as well as the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.

 

3. DATA PROTECTION OFFICER

IMAGIN and the CaixaBank Group companies have appointed a Data Protection Officer, who will deal with any matters related to the processing of your personal data and the exercising of your rights.

You can contact the Data Protection Officer to send your suggestions, queries or claims by going to: www.caixabank.com/delegadoprotecciondedatos.

 

4. EXERCISING RIGHTS AND FILING COMPLAINTS THROUGH THE SPANISH DATA PROTECTION AUTHORITY (AEPD)

You can exercise your rights to access, rectification, object to processing, erasure, restriction, data portability, withdraw consent and not to be subject to an automated decision-making, in accordance with the law.

You can exercise these rights through any of the following channels:

- by using the options available in the SETTINGS area of the Imagin app;

- in CaixaBank offices open to the public;

- at the email address www.imagin.com/ejerciciodederechos; and

- by writing to Post Office Box No. 209 in Valencia, with postal code 46080.

Furthermore, if you have any claim arising from the processing of your data, you can direct it to the Spanish Data Protection Agency (www.agpd.es). Don't worry if you are an imagin, imagin reload or imagin infinity client. As we are all companies of the Caixabank group, any exercise of rights or claim you send will be answered regardless of the type of customer you are.

 

5. DATA PROCESSED

The types of information used in the different processing operations described in this Privacy Policy are specifically detailed in each of the processes explained in Section 6.

 

6. WHAT PROCESSING OF DATA WE DO TO IMAGIN CLIENTS

We process your data for varius different purposes and legal grounds.

As an imagin client we will perform these processing:

  • Processing required for the Contractual Relationships.
  • Processing required to comply with regulatory obligations.
  • Processing based on IMAGIN's legitimate interest.

In addition to the processes described, we may carry out specific processing operations not mentioned in this policy in response to your requests for products or services. Detailed information on these processing operations will be provided to you at the time of processing the specific request.

6.1 PROCESSING REQUIRED FOR CONTRACTUAL RELATIONSHIPS

These processes have as their legal basis the fact that they are necessary to manage the contracting of the products and services that you request or in which you are a party, or to apply, if you request them, pre-contractual measures ("Contractual Relationships"), As established in art. 6.1.b) of the General Data Protection Regulation (RGPD).

Therefore, this processing is necessary for you to enter into and maintain a Contractual Relationships with us. If you object to it, we will end this relationship, or will not be able to establish it if not done already.

Processing based on your consent is indicated below. For each item, we will indicate: a description of the purpose (Purpose), the details of the processed data (Processed data), if applicable, information on the use of profiles (Use of profiles), other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).

A. Formalization, maintenance and performance of Contractual Relations.

Purpose: The purpose of this data processing is to formalize and maintain the Contractual Relations established between you and us, including the processing of your requests or orders, and the procedures prior to entering into a contract (pre-contractual relations) or the purchase of a product or service.

This data processing involves collecting the information necessary to establish or to manage the application and to process the information needed to properly maintain and execute the contracts and/or purchases made by you.

The processing activities carried out in the formalization, maintenance and performance of Contractual Relations are:

  • Collection and registration of the data and documents necessary for the purchase of the requested products or services.
  • Manage the operations of the products and services that you have contracted with us, which includes responding to your operational queries and managing incidents.

Data processed: These are your data that we will process for this purpose:

  • Identififying and contact data: Identification name, email and telephone number.
  • Contract data: products and services contracted or requested (own or third parties).

Other relevant information: Once you contract some of the products and services (leisure, mobility, travel, financial, insurance...) from third-party companies, your data will be processed by the company with which you have contracted, as you have agreed.

When you benefit from our promotions or discounts, your data will also be processed by the companies that offer them (for example, when you benefit from Booking discounts from the application).

Finally, when you are an ImaginBank customer and access your banking information and manage your financial products and services through our application, remember that the person responsible for processing your data is ImaginBank (CaixaBank, S.A.).

Data Controller: The data controller in this case is Imagin. This processing is not carried out as joint controllers.

6.2 PROCESSING REQUIRED TO COMPLY WITH REGULATORY OBLIGATIONS

The legal basis of this processing is the requirement to comply with a legal obligation that is required of us, as established in art. 6.1.c) of the General Data Protection Regulation (RGPD).

Therefore, it is necessary for you to establish and maintain Contractual Relations with us. If you object to it, we will need to end this relationship, or will not be able to establish it if not done already.

Processing based on your consent is indicated below from (A) to (B). For each item, we will indicate: a description of the purpose (Purpose), the details of the processed data (Processed data), if applicable, information on the use of profiles (Use of profiles), other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).

A. Processing for handling complaints and claims.

Purpose: The purpose of this processing is to handle queries, complaints and claims submitted to IMAGIN.

Furthermore, Law 3/2018 of December 5 on the Protection of Personal Data and guarantee of digital rights, requires the data controller (in this case IMAGIN) to handle any complaints submitted to its Data Protection Officer and respond to any data protection rights exercised by data subjects.

The following processing operations are carried out to comply with regulations on the processing of complaints and claims:

  • Receiving complaints and claims submitted to IMAGIN's Customer Service Department
  • Responding to complaints and claims within the established time frame, and;
  • Managing data protection rights and queries submitted to the CaixaBank Group's Data Protection Officer and the necessary activities to collaborate with the Control Authority (Spanish Data Protection Agency).

Data processed: The data that we will process for this purpose are:

  • Identification and contact data: name and surname, sex, postal, telephone and electronic contact information, residence address, nationality and date of birth, language of communication, identification document.
  • Contract data: products and services signed up or requested.

Data Controller: The data controller in this case is Imagin. This processing is not carried out as joint controllers.

6.3 PROCESSING BASED ON IMAGIN'S LEGITIMATE INTEREST

This processing applies to all IMAGIN (Imaginer Infinity and Imaginer Lead/Reload) users, and the legal basis is the legitimate interests pursued by IMAGIN or a third party, provided that these interests do not take precedence over your interests, or your fundamental rights and freedoms, as per Art. 6.1.f of the General Data Protection Regulation (GDPR).

This processing will imply that we have considered your rights and our legitimate interest and we have concluded that the latter prevails. Otherwise, we would not process the data. You can ask about the analysis that is done to weigh the legitimate interest of a processing operation at any time by emailing your enquiry to delegado.proteccion.datos@caixabank.com.

We also remind you that you have the right to object to processing based on a legitimate interest. You can do this simply and free of charge through the channels indicated in Section 4.

This processing is indicated below, arranged from (A) to (B). For each item, we will indicate: IMAGIN's Legitimate Interest (IMAGIN's legitimate interest), a description of the purpose (Purpose), the data processed (Data processed), if applicable, information on the use of profiles (Use of profiles), other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).

A. Preparation of management reports and mathematical models.

IMAGIN's legitimate interest: IMAGIN's legitimate interest in carrying out this process is to design, organize and optimize its business and commercial activity in the most efficient way possible, for which it is necessary to have reports on the management and activity of the company and the market, as well as mathematical algorithms for advanced information analysis.

Purpose: The purpose of this processing is to prepare reports on the company's activity and its relationship with the market, on the composition and evolution of its customer base and on the convenience and effectiveness of its products and services, which allow its efficient management. and management and create and maintain statistical and mathematical models that allow the processes to be carried out as detailed in this policy that require advanced calculations and analysis of the information.

Data processed: he data we will process for this purpose is that which has been identified previously for each processing type. We will apply, whenever possible, anonymisation or pseudonymisation techniques to ensure that this processing does not have an impact on the rights of the data subjects, and that the result of the processing is reports with statistical or aggregated information, or mathematical or algorithmic formulas.

Other relevant information: The following section includes other relevant data processing information:

  • Right to object to processing: You have the right to oppose processing based on legitimate interest. You can do it easily and for free through the channels that we indicate in section 4.
  • Accessory data processing: Data processing for the creation of statistical reports and mathematical models is not intended to process data in relation to individual users.
    This data processing is necessary, but accessory, to the main purpose, which is to prepare management reports, or algorithmic or mathematical formulas, and therefore they are carried out using anonymization techniques whenever possible or, failing that, pseudonymization and minimization of information. processed information. These processes have no individual impact or consequence on the data owners.

Data Controller: The data controller in this case is Imagin. This processing is not carried out as joint controllers.

B) Offer of products and services.

Legitimate Interest of IMAGIN: The legitimate interest of IMAGIN is to communicate the offer of products and services that it markets to users who have shown interest in them, or who have previously requested or contracted similar products or services.

Purpose: The purpose of the processing is to select the target audience for the offer of products and services through commercial communications by electronic means.

Data processed: The data that we will process for this purpose are:

  • Identification and contact data: name and surname, sex, telephone and electronic information, language of communication, identification document.
  • Contracting data: products and services contracted or requested.
  • Basic financial data: payment history for contracted products and services.
  • Own browsing data: if you have accepted the use of cookies and similar technologies on your browsing devices, the data obtained from your browsing on our web pages or mobile applications and the browsing you do on them: browsing history (pages visited and clicks on content), device ID, advertising ID, IP address and installed version of the application.
  • Browsing data: the data obtained from your browsing on web pages or, where applicable, third-party mobile applications and the browsing you do on them: browsing history (pages visited and clicks on content), device ID, ID advertising, IP address, if you have accepted the use of cookies and similar technologies on your browsing devices.

Other relevant information:

  • Right to object to processing: You have the right to oppose processing based on legitimate interest. You can do it easily and for free through the channels that we indicate in section 4.

Data Controller: The data controller in this case is Imagin. This processing is not carried out as joint controllers.

 

7. PROCESSING IN JOINT RESPONSIBILITY THAT WE WILL CARRY OUT IN RELATION TO THE IMAGINBANK INFINITY CUSTOMER

As we have told you in section 1 of this policy, you can see the processes that will be applied to you as an imaginbank infinity customer on the CaixaBank website: https://www.caixabank.es/particular/general/politica-privacidad.html

Specifically, you can find them all in section 6 of that policy.

Likewise, we explain below the data processing that we carry out in join data controllers. You will also find them in Caixabank's policy.

7.1 PROCESSING BASED ON CONSENT

This processing only applies to imaginbank infinity Client and their legal basis is your consent, as established in art. 6.1.a) of the General Data Protection Regulation (RGPD).

We may have requested this consent through different channels: in the interview in which you registered as a client, through your manager (in-person or remote), through our electronic channels and mobile applications, through any Bankia channel. S.A. before its merger with CaixaBank, or in any of the CaixaBank Group companies that are joint data controllers for the specific processing.

If, for any reason, we never asked you for your consent, this processing will not apply to you.

You can consult the authorizations that you have granted or denied us, and modify your decision at any time and for free in your Imagin App (CONFIGURATION) or in the CaixaBank offices.

Processing based on your consent is indicated below from (A) to (C). For each item, we will indicate: a description of the purpose (Purpose), the details of the processed data (Processed data), if applicable, information on the use of profiles (Use of profiles), other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).

If you gave Bankia your consent to process your data for commercial purposes, prior to its merger with CaixaBank, processes A, B and C, as indicated below, will be carried out as per the preferences you indicated to Bankia at that time.

Specifically, the processing described in items A and B below will only be carried out by CaixaBank Group companies as joint controllers if you consented to the disclosure of data between Bankia group companies (now CaixaBank).

A. Personalization of the offer of products and services according to the analysis of your data

Purpose: If we have your consent, we will use the data that we will indicate below to create a commercial profile that allows us to deduce your preferences or needs to offer you, through your manager (in-person or remote), the products and services marketed. by the joint data controllers companies that we believe may interest you based on the preferences and needs deduced.

Through this processing of your data we will be able to make you personalized offers that we believe may interest you more than generic offers.

Furthermore, if you authorize us to “Communicate the offer of products and services by channels” (Section 6.1.B) we will offer you the products and services marketed by the joint data controllers companies that we believe may interest you based on your preferences and needs. deducted through any other channel that you authorize us to do.

Processed data: We will not use for this processing data that contains information that reveals your ethnic or racial origin, your political opinions, your religious or philosophical convictions, your union membership, the processing of genetic data, biometric data aimed at uniquely identifying you, data relating to health or data relating to your life or sexual orientation.

The data that we will process for this purpose are:

  • Identification and contact data: name and surname, sex, postal telephone and electronic contact information, residence address, nationality and date of birth, language of communication, identification document.
  • Data on your professional or work activity and socioeconomic: professional or work activity, income or remuneration, family unit or circle, level of education, assets, tax data and tax data.
  • Contracting data: products and services contracted or requested (own or third parties), status of owner, authorized or representative of the contracted product and service, categorization according to the regulations on securities markets and financial instruments (MIFID category), information on investments made and their evolution and information and movements of financing operations.
  • Basic financial data: current and historical balances of products and services and payment history of contracted products and services (own or third parties).
  • Data from third parties observed in the statements and receipts of demand accounts and payment accounts: the information on the notes and movements that third-party issuers make in your accounts, including the type of operation, the issuer, the amount and the concept that They appear on receipts and statements for operations with debit, credit and prepaid cards.
  • Data on your status as a CaixaBank shareholder or not: whether or not you have CaixaBank shares.
  • Data from communications maintained with you: data obtained in chats, walls, videoconferences, telephone calls or equivalent means.
  • Own browsing data: if you have accepted the use of cookies and similar technologies on your browsing devices, the data obtained from your browsing on our web pages or mobile applications and the browsing you do on them: browsing history (pages visited and clicks on content), device ID, advertising ID, IP address and installed version of the application.
  • Geographic data: when you have authorized it in the configuration of the own application, the location data of the merchants of your card operations and the geolocation data of your mobile device provided by the installation and/or use of our mobile applications.
  • Data obtained from the execution of other processing provided for in this policy:
    -Risk evaluation or scoring data: in financing or installment payment operations, we will deduce your ability to pay or default, or the risk limits, applying statistical mathematical models that are calculated with your data (processing defined in section 6.2 .C).
    -Customer classification data (processing defined in section 6.4.A).
  • Data obtained from the execution of statistical models: we use the results of the application of mathematical models with customer data to deduce your consumption habits, hiring preferences/propensities or customer classification.
  • Demographic and socioeconomic data: statistical data not associated with specific people but with geographical areas, age sectors or sectors of professional activity, which we will use to relate them to customer information.
  • Data on properties and vehicles associated with you: data obtained from the cadastre and basic vehicle data obtained from the General Directorate of Traffic that we will use to complement the information about your properties and vehicles.
  • Data on administrators, functional positions and corporate ties: data extracted from INFORMA databases that we will use to complement the information about your activity.
  • Data on agricultural subsidies and insurance: data published by the Spanish Agrarian Guarantee Fund (FEGA) and by the State Agrarian Insurance Entity (ENESA).
  • Data from third-party companies to which you have given your consent to share with us: your data processed by other companies with which we have agreements, and to which you have authorized to share your information with us.
  • Browsing data: if you have accepted the use of cookies and similar technologies on your browsing devices, the data obtained from your browsing on third-party web pages or mobile applications and the browsing you perform on them: browsing history (pages visited and clicks on content), device ID, advertising ID, IP address.
  • Data from social networks or the Internet: data from social networks on the Internet that you authorize to consult.

Use of profiles: For this processing we will create a commercial profile that we will use exclusively to personalize our offer of products and services:

  • Purpose of the profile: The purpose of the profile used is to deduce the products and services that we believe may interest you, based on the information we have about you, to offer you a contract instead of sending you generic commercial offers.
  • Consequences: If you authorize the processing, we will use commercial profiles to decide what products or services we offer you commercially. If you do not authorize it, we will not use your information to personalize the commercial offer to you.
    We do not use this profiling, in any case, to deny any product or service, nor to determine credit limits. Non-acceptance of this processing does not prevent, limit or condition your access to our complete catalog of products and services that you always have at your disposal.
    If you request the contracting of any product or service, your request will be evaluated with you in accordance with our ordinary procedures, without the acceptance or not of the analysis of your data for the personalization of the offer of products and services affecting this evaluation.
    Refusal to accept this processing will not prevent us from contacting you for the operational management of the products and services you have contracted.
  • Logic: A client's profile is calculated from the data indicated in the “Data processed” section.
    Mathematical formulas obtained from behaviors observed in the past in clients with similar characteristics are applied to this data in order to infer the client's behavior in the future. These mathematical formulas allow us to determine the importance of each of the data processed in the final result of the applicant's profile.
    This final result is the probability that the customer is interested in a product or service.

Other relevant information: The following section includes other relevant data processing information:

  • Prior verification of your payment capacity: When the offers that we want to transmit to you consist of products or services that involve the payment of installments or financing, we will previously verify your payment capacity.
    We will carry out this prior verification through the detailed processing in section 7.2.C, in order to offer you a credit limit and a repayment period appropriate to the knowledge we have of your financial situation, in accordance with the principles of responsibility in the offer of financing products required by the Bank of Spain, and by the regulations on prudential supervision and solvency of responsible credit and lending institutions.
    Non-acceptance of this processing does not prevent, limit or condition your access to our catalog of financing products and services which, in the event of a request on your part, will be evaluated with you in accordance with our ordinary procedures.
  • Validity of the processing: We will only carry out this processing of your data if you have given us your consent to do so, and your consent will remain valid as long as you do not withdraw it. If you cancel all your products or services with us, but forget to withdraw your consent, we will do so automatically.

Joint controllers: The following CaixaBank Group companies will process your data as joint data controllers for this processing.

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • Nuevo Micro Bank, S.A.U.
  • Wivai Select Place, S.A.U,
  • ImaginersGen, S.A.
  • VidaCaixa, S.A.U. Insurance and Reinsurance

You can also find the list of companies that process your data, as well as the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.

B. Communication of the commercial offer through other channels

Purpose: If we have your consent, we will make our offer of products and services available to you through the following channels that you authorize us to do: mobile applications, digital environments and electronic channels, letter or telephone.

The data that we will use for communication through the channels that you authorize us will vary depending on whether or not you have authorized us to personalize the product offering according to the analysis of your data:

  • -If we do not have your consent to personalize our commercial offer (process A above), we will only use your identification and contact data to send you generic offers.
  • -If you have given us your consent to personalize our commercial offer (process A above), we will also use the information from your commercial profile detailed in process 7.1. A, to send you personalized offers.

Processed data: We will not use for this processing data that contains information that reveals your ethnic or racial origin, your political opinions, your religious or philosophical convictions, your union membership, the processing of genetic data, biometric data aimed at uniquely identifying you, data relating to health or data relating to your life or sexual orientation.

  • Identification and contact data: name and surname, sex, postal, telephone and electronic contact information, residence address, language of communication.
  • Data obtained from the execution of other processing provided for in this policy:
    -Data from the Personalization of the offer of products and services according to the analysis of your data: If you have given us your consent to personalize our commercial offer (process A above), we will also use the information from your commercial profile that is detailed in the process 7.1. A of the Privacy Policy, to send you personalized offers.

Other relevant information: The following section includes other relevant data processing information:

  • Duration of data processing: We will only process your data in this way if you have given us your express consent to do so, and your consent will remain in force until you withdraw it. If you cancel all your products or services with us, but forget to revoke your consent, we will do so automatically.

Joint data controllers: The following CaixaBank Group companies will process your data as joint data controllers for this processing:

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • Nuevo Micro Bank, S.A.U.
  • Wivai Select Place, S.A.U,
  • ImaginersGen, S.A.
  • VidaCaixa, S.A.U. Insurance and Reinsurance

You can also find the list of companies that process your data, as well as the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.

C. Transfer of data to other companies for the sending of commercial offers

Purpose: If we have your consent, we will transfer the data that we will indicate below to other companies with which we have agreements, for the purpose of making you commercial offers for the products and services they market.

If you do not consent to this processing, we will not transfer your data. If you consent, the data that we will communicate to other companies will vary depending on whether or not you have authorized us to personalize the offer of products and services according to the analysis of your data:

  • If we do not have your consent to personalize our commercial offer to you (process A above), we will only provide these companies with your identifying and contact details.
  • If you have given us your consent to personalize our commercial offer to you (process A above), we will also communicate to these companies information from your commercial profile, which consists of information inferred about your preferences and needs, as well as information inferred about your probability of payment or default, or on risk limits.

Those third-party companies to which we could transfer your data are dedicated to the following activities:

  • banking
  • investment services
  • insurance and reinsurance
  • venture capital
  • real estate
  • roads
  • sale and distribution of goods and services,
  • consulting services
  • leisure and
  • charitable-social

Processed data: We will not use for this processing data that contains information that reveals your ethnic or racial origin, your political opinions, your religious or philosophical convictions, your union membership, the processing of genetic data, biometric data aimed at uniquely identifying you, data relating to health or data relating to your life or sexual orientation.

The data that we will process for this purpose are:

  • Identification and contact data: name and surname, sex, postal, telephone and electronic contact information, residence address, nationality, date of birth, language of communication, identification document.
  • Data obtained from the execution of other processes provided for in this policy:
    - Data from the Personalization of the offer of products and services according to the analysis of your data:     If you have given us your consent to personalize our commercial offer (process A above), we will also use the information from your commercial profile that is detailed in the process 7.1. A of the Privacy Policy, so that they can send you personalized offers.

Other relevant information: The following section includes other relevant data processing information:

  • Information about the transfer: If we reach an agreement with a third company to transfer your data, the recipient company will inform you of this circumstance, as well as the data transferred and the details of the processing it intends to carry out.
  • Duration of data processing: We will only process your data in this way if you have given us your express consent to do so, and your consent will remain in force until you withdraw it. If you cancel all your products or services with us, but forget to revoke your consent, we will do so automatically.

Joint data controllers: The following CaixaBank Group companies will process your data as joint data controllers for this processing:

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • >Nuevo Micro Bank, S.A.U.
  • Wivai Select Place, S.A.U,
  • ImaginersGen, S.A.
  • VidaCaixa, S.A.U. Insurance and Reinsurance

You can also find the list of companies that process your data, as well as the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.

 

8. PROCESSING CARRIED OUT IN RELATION TO THE IMAGIN RELOAD CUSTOMER

As we have told you in section 1 of this policy, you can see the processing that will be applied to you as an imaginbank reload customer on the Money To Pay website: https://moneytopay.com/web/guest/politica-de-privacidad

Specifically, you can find them in section 6 of that policy.

Imagin does not carry out any processing under joint responsibility with Money To Pay.

 

9. DATA PROCESSING IN APPS INTENTED FOR MINORS (IMAGINTEENS)

ImaginTeens is an application for people over 14 years old designed to get them started in managing their money through their mobile phone.

The application collects the following identifying data from minors: name and surname, date of birth, mobile number and email address.

In the event that the minor's legal representative so authorizes it, the minor will be able to view in the application the products owned by him (imaginBank accounts and/or cards and/or MoneyToPay prepaid cards) and perform some operations from his mobile phone.

The details of data processing in ImaginTeens can be found in the ImaginTeens Privacy Policy published on Google Play and iTunes, in the Terms and Conditions of the application, and in the My Profile section (in the event that you have the imaginTeens application downloaded).

ImaginTeens does not use resources such as geolocation nor does it process browsing data to analyze the user or show personalized ads.

 

10. RECIPIENTS OF THE DATA

Responsible and joint data controllers for data processing
We process the data as an IMAGIN client (we remind you that you are one by registering in our mobile application) from IMAGIN.

We process the data as an imagin reload customer (we remind you that you are one by registering in the app and contracting a prepaid card) from Money To Pay.

We process the data as an imaginbank infinity customer numbers (we remind you that you are one by registering in the app and signing up for a current account) we process them at Caixabank.

If the processes are joint responsibility, they are carried out by the companies of the CaixaBank Group, in accordance with what we have set out for each of the proccesing.

Official authorities or organizations
At IMAGIN we may be legally obliged to provide information about the transactions we carry out to the authorities or official bodies of other countries located both inside and outside the European Union.

Data communication in service outsourcing
Sometimes, we use service providers with potential access to personal data.

These providers provide adequate and sufficient guarantees in relation to data processing, since we carry out a responsible selection of service providers that incorporates specific requirements in the event that the services involve the processing of personal data.

Additionally, when we formalize our relationships with these suppliers, we provide ourselves with the necessary mechanisms so that they guarantee compliance with the precepts established in the RGPD and the LOPD as well as the corporate principles of CaixaBank and its group companies regarding data protection. approved by the CaixaBank Board of Directors referenced in section 1 of this Policy.

The type of services that we can commission from service providers is:
-Financial backoffice services
-Administrative support services
-Audit and consulting services
-Marketing and advertising services
-Survey Services
-Logistics services
-Physical security services
-IT services (systems and information security, cybersecurity, information systems,
architecture, hosting, data processing)
-Telecommunications services (voice and data)
-Printing, inserting, mailing and courier services
-Information custody and destruction services (digital and physical)

11. DATA CONSERVATION PERIODS

Conservation for the maintenance of Contractual Relationships
We will process your data while the Contractual Relationships we have established remain in force.

Conservation of authorizations for processes based on consent (Imaginer Infinity User)
We will process data based on your consent, until you revoke it.

If you cancel all your product and service contracts with the CaixaBank group companies, but do not revoke the consents you have given us, we will automatically render them void as soon as you stop being a customer.

Conservation for compliance with legal obligations and formulation, exercise and defense of claims
Once the authorizations for the use of your data have been revoked by withdrawing your consent, or the contractual or business relationships that you have established with us have ended, we will retain your data solely to comply with legal obligations and to allow the formulation, exercise or defense of claims during the limitation period of actions derived from contractual relationships.

We will process these data applying the necessary technical and organizational measures to guarantee that they are only used for these purposes.

Data destruction
We will destroy your data when the retention periods imposed by the rules that regulate the activity of IMAGIN and the statute of limitations for administrative or judicial actions derived from the relationships established between you and us have expired.

12. DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA

At IMAGIN we process your data within the European Economic Area and, in general, we hire service providers also located within the European Economic Area or in countries that have been declared with an adequate level of protection.

If we need to use service providers who carry out processing outside the European Economic Area or in countries that have not been declared to have an adequate level of protection, we would ensure the security and legitimacy of the processing of your data.

To do this, we demand appropriate guarantees from these service providers in accordance with the provisions of the GDPR so that they have, for example, binding corporate rules that guarantee the protection of information in a manner similar to that established by European standards or to sign the standard clauses of the European Union.

13. AUTOMATED DECISIONS

In section 7 of this Policy we inform you of the processing that incorporate automated decisions.

Additionally, if during the Contractual Relations that you maintain with us, we were to use mechanisms that could make decisions based solely and exclusively in the automated processing (that is, without the participation of a person) that could produce legal effects, or that could significantly affect you (for example, denying you the contract of a certain product), we will inform you about it in the own contractual documentation of the product or service that you have requested from us, as well as the logic under which the decision is made.

Likewise, at that time, we will take measures to safeguard your rights and interests by providing you with the right to obtain human intervention, to express your point of view and to challenge the decision.

14. REVIEW

We will review this Privacy Policy whenever necessary to keep you duly informed, for example, due to the publication of new rules or criteria or the performance of new processing.

We will notify you through the usual communication channels whenever there are substantial or important changes to this privacy policy.