Your privacy is important to us
imaginersGen S.A. uses proprietary and third-party cookies to analyse your browsing habits in order to create data and to be able to show you advertisements which are tailored to the profile created based on your browsing habits (for example, clicks on web content). Click for MORE INFORMATION or to CONFIGURE OR OPT OUT OF COOKIES. Or, you can accept all cookies by clicking on "Accept and continue browsing".
We are fully aware of your concern about how your personal data is processed.
That is why imaginersGen S.A. are fully committed to safeguarding your privacy, guaranteeing that your personal data is processed in a loyal, transparent, responsible way, under the principles laid out in EU Regulation 2016/679 issued by the European Parliament and Council, dated 27 April 2016, (hereinafter, the "General Data Protection Regulation"), and Organic Law 3/2018, dated December 5, on Protection of Personal Data and guarantee of digital rights (hereinafter, “LOPDGDD”).
To manage your relationship with us, Imaginersgen S.A. (hereinafter "IMAGIN") will process your personal data for various purposes, always in accordance with the applicable laws, respecting your rights and with complete transparency.
How we process your data may vary depending on how much you identify yourself in your relationship with us, which is why:
This Privacy Policy, which you can access at any time from Settings>Legal information>Privacy policy and at www.imagin.com/politicaprivacidad, provides full details on how we will use your data in our interactions with you.
The main regulations that govern how we process your personal data are:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the GDPR).
- Organic Law 3/2018 of 5 December on the Protection of Personal Data and guarantee of digital rights (hereinafter the LOPD).
Data controller: The controller of your personal data in your interactions with us ("Contractual Relationship") is IMAGIN (ImaginersGen, S.A.), with Tax ID number (NIF) A-61363339 and registered address at Carrer de l'Estany 1-11, Barcelona.
Joint data controllers: Furthermore, for certain processing, detailed information for which is provided in this policy, IMAGIN will jointly process your data with other companies, jointly deciding on the purposes ("what the data are used for") and the resources used ("how the data are used"), which thus makes them the joint data controllers.
The purposes for which IMAGIN will jointly process your data with other companies are described in detail in Section 6 "Types of data processing".
You can also find the list of companies that process your data, as well as the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.
IMAGIN and the CaixaBank Group companies have appointed a Data Protection Officer, who will deal with any matters related to the processing of your personal data and the exercising of your rights.
You can contact the Data Protection Officer to send your suggestions, queries or claims by going to: www.caixabank.com/delegadoprotecciondedatos.
You can exercise your rights to access, rectification, object to processing, erasure, restriction, data portability, withdraw consent and not be subject to automated decision-making in accordance with the law.
You can exercise these rights through any of the following channels:
- eat our CaixaBank branches open to the public;
- by using the options available in the SETTINGS area of the Imagin app;
- by visiting www.imagin.com/ejerciciodederechos; and
- by sending a letter to Apartado de Correos nº 209, Valencia 46080.
Additionally, if you have any complaints related to the processing of your data, you can send them to the Spanish Data Protection Authority (www.agpd.es).
The types of information used in the different processing operations described in this Privacy Policy are specifically detailed in each of the processes explained in Section 6.
We process your data for various different purposes and on different legal grounds.
Of the above processes, some will be carried out only for Imaginer Infinity users and others for Imaginer Lead/Reload users. The remaining processes will be carried out for all IMAGIN users (Imaginer Infinity and Imaginer Lead/Reload users).
The detailed information for each process detailed herein specifically explains whether the process is applied to Imaginer Infinity users, to Imaginer Lead/Reload users or to all IMAGIN users.
In addition to the processes described, we may carry out specific processing operations not mentioned in this policy in response to your requests for products or services. Detailed information on these processing operations will be provided to you at the time of processing the specific request.
PROCESSES CARRIED OUT FOR IMAGINER INFINITY USERS
The legal basis for these processes, which only apply to Imaginer Infinity users, is your consent, as laid out in Article 6.1.a) of the General Data Protection Regulation (GDPR).
We may have requested this consent through different channels; for example, when you registered as a customer with CaixaBank at a branch, through digital channels or mobile apps, or through any of the companies of the CaixaBank Group that is jointly responsible for the treatment, or through any Bankia, S.A. channel prior to its merger with CaixaBank.
If you gave Bankia your consent to process your data for commercial purposes, prior to its merger with CaixaBank, processes A, B and C, as indicated below, will be carried out as per the preferences you indicated to Bankia at that time.
Specifically, the processing described in items A and B below will only be carried out by CaixaBank Group companies as joint controllers if you consented to the disclosure of data between Bankia group companies (now CaixaBank).
If, for any reason, we never asked you for your consent, this processing will not apply to you.
You can view the consent you have given or denied, and change your decision at any time at no cost in the IMAGIN app (SETTINGS) or at a CaixaBank branch.
Processing based on your consent is indicated below from (A) to (C). For each item, we will indicate: a description of the purpose (Purpose), the details of the processed data (Processed data), if applicable, information on the use of profiles (Use of profiles), other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).
Purpose: If we have your consent, we will use the data specified below to create a commercial profile for you, which will allow us to define your preferences or needs and offer you products and services from joint data processors that we believe may interest you based on those preferences and needs.
By processing your data, we can make customised offers that may be of more interest to you than generic offers.
Data processed: We will not process data that contains information that reveals your ethnicity or race, your political opinions, religious or philosophical convictions, union membership, the processing of genetic data, biometric data intended to uniquely identify you, health data or data relating to your sex life or orientation.
The data we will process for this purpose are:
Use of profiling: For this processing, we will create a business profile that we will use exclusively to customise our products and services for you;
Other relevant information: The following section includes other relevant data processing information:
Joint data controllers: The following CaixaBank Group companies are joint data controllers of this data processing.
You will find the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.
B. Communication of the commercial offer through other channels
Purpose: We will make our commercial offer available to you only through the channels that you authorise.
Data processed: The data we will process for this purpose are:
Other relevant information: The following section includes other relevant data processing information:
Joint data controllers: The following CaixaBank Group companies are joint controllers for this data processing:
You will find the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.
C. Disclosure of data to other companies
Purpose: If we have your consent, we will transfer the data specified below to other companies with which we have agreements, so that they may send you offers on their products and services.
If you do not consent to this processing, we will not transfer your data. If you consent, the data we transfer to other companies will vary depending on whether you have authorised us to customise our product offerings by analysing your data:
These third-party companies to which we might transfer your data are dedicated to the following activities:
Data processed: We will not process data that contains information that reveals your ethnicity or race, your political opinions, religious or philosophical convictions, union membership, the processing of genetic data, biometric data intended to uniquely identify you, health data or data relating to your sex life or orientation.
These are the data that we will use if you consent to the transfer of your data to third parties, but we do not have your consent to customise the commercial products and services we offer you (process A above):
We will also use the following data if you have given us your consent to personalise the commercial products and services we can offer you (process A above):
Other relevant information: The following section includes other relevant data processing information:
Joint data controllers: The following CaixaBank Group companies are joint controllers for this data processing:
You will find the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.
PROCESSES CARRIED OUT FOR IMAGINER LEAD/RELOAD USERS
6.2 PROCESSING BASED ON IMAGIN'S LEGITIMATE INTEREST
This processing only applies to Imaginer Lead/Reload users, and the legal basis is the legitimate interests pursued by IMAGIN or a third party, provided that these interests do not take precedence over your interests, or your fundamental rights and freedoms, as per Art. 6.1.f of the General Data Protection Regulation (GDPR).
This process will imply that we have considered your rights and our legitimate interests and we have concluded that the latter prevail. Otherwise, we would not process the data. You can ask about the analysis that is done to weigh the legitimate interest of a processing operation at any time by emailing your enquiry to delegado.proteccion.datos@caixabank.com.
We also remind you that you have the right to object to processing based on a legitimate interest. You can do this simply and free of charge through the channels indicated in Section 4.
A. Products and services offered.
IMAGIN's legitimate interest: It is in IMAGIN's legitimate interest to provide information on the products and services that it markets to users who have shown an interest in them, or who have requested or signed up for similar products or services previously.
Purpose: The purpose of the processing is to select the target audience for the products and services offered by means of commercial communications through electronic means.
The data we will process for this purpose are:
Other relevant information:
Data Controller: The data controller in this case is IMAGIN. This processing is not carried out as joint controllers.
PROCESSES CARRIED OUT FOR ALL IMAGIN USERS
6.3 PROCESSING REQUIRED FOR CONTRACTUAL RELATIONSHIPS
We will carry out these processes for all IMAGIN users (Imaginer Infinity and Imaginer Lead/Reload). The legal basis for this processing is that it is required to manage the products or services that you request or that you are party to, or to apply, if you so request, pre-contractual measures ("Contractual Relationships"), pursuant to Article 6.1.b of the General Data Protection Regulation (GDPR).
Therefore, this processing is necessary for you to enter into and maintain a Contractual Relationship with us. If you object to it, we will end this relationship, or will not be able to establish it if not done already.
The types of processing required to establish contractual relations are listed below, arranged from (A) to (C). For each item, we will indicate: a description of the purpose (Purpose), the data processed (Data processed), if applicable, information on the use of profiles (Use of profiles), if applicable, other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).
A. Signing, maintenance and performance of Contractual Relations.
Purpose: The purpose of this data processing is to formalise and maintain the Contractual Relationships established between you and us, including the processing of your requests or orders, the steps prior to entering into a contract (pre-contractual relationships) or your purchase of a product or service.
This data processing involves collecting the information necessary to establish or to manage the application and to process the information needed to properly maintain and execute the contracts and/or purchases made by you.
The processing activities involved in signing, maintaining and performing the Contractual Relations are::
Data processed: The data we will process for this purpose are:
Other relevant information: Once you have contracted any products or services (leisure, mobility, travel, financing, insurance...) from third party companies, your data will be processed by said company, as agreed upon.
So, for example, when you take out a prepaid MoneyToPay card, the processor will be MoneyToPay (Global Payments MoneyToPay, EDE, S.L.).
When you benefit from our special offers or discounts, your data will also be processed by the companies that offer them (for example, when you benefit from Booking discounts from the application).
Finally, when you are an ImaginBank customer and access your banking information to manage your financial products and services using our application, remember that the entity responsible for processing your data is ImaginBank (CaixaBank, S.A.).
Data Controller: The data controller in this case is IMAGIN. This processing is not carried out as joint controllers.
6.4 PROCESSING REQUIRED TO COMPLY WITH REGULATORY OBLIGATIONS
The legal basis of this processing, which applies to all IMAGIN users (Imaginer Infinity and Imaginer Lead/Reload users), is the requirement to comply with a legal obligation that is required of us, as laid out in Article 6.1.c) of the General Data Protection Regulation (GDPR).
Therefore, it is necessary for you to establish and maintain Contractual Relations with us. If you object to it, we will need to end this relationship, or will not be able to establish it if not done already.
The types of processing required to satisfy the regulatory requirements are listed below, arranged from (A) to (B). For each item, we will indicate: a description of the purpose (Purpose), the data processed (Data processed), if applicable, information on the use of profiles (Use of profiles), if applicable, other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).
A. Processing for handling complaints and claims.
Purpose: The purpose of this processing is to handle queries, complaints and claims submitted to IMAGIN.
Furthermore, Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights requires the data controller (in this case IMAGIN) to handle any complaints submitted to its Data Protection Officer and respond to any data protection rights exercised by data subjects.
The following processing operations are carried out to comply with regulations on the processing of complaints and claims:
Data processed: The data we will process for this purpose are:
Data Controller: The data controller in this case is IMAGIN. This processing is not carried out as joint controllers.
6.5 PROCESSING BASED ON IMAGIN'S LEGITIMATE INTEREST
This processing applies to all IMAGIN (Imaginer Infinity and Imaginer Lead/Reload) users, and the legal basis is the legitimate interests pursued by IMAGIN or a third party, provided that these interests do not take precedence over your interests, or your fundamental rights and freedoms, as per Art. 6.1.f of the General Data Protection Regulation (GDPR).
This processing will imply that we have considered your rights and our legitimate interest and we have concluded that the latter prevails. Otherwise, we would not process the data. You can ask about the analysis that is done to weigh the legitimate interest of a processing operation at any time by emailing your enquiry to delegado.proteccion.datos@caixabank.com.
We also remind you that you have the right to object to processing based on a legitimate interest. You can do this simply and free of charge through the channels indicated in Section 4.
This processing is indicated below, arranged from (A) to (C). For each item, we will indicate: IMAGIN's Legitimate Interest (IMAGIN's legitimate interest), a description of the purpose (Purpose), the data processed (Data processed), if applicable, information on the use of profiles (Use of profiles), other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).
A. Fraud prevention.
IMAGIN's legitimate interest: IMAGIN's legitimate interest in processing the data is to prevent fraud that results in economic or reputational losses for IMAGIN or its users.
Purpose: The purpose of this processing is to adopt the necessary measures to prevent malicious transactions or conduct before they occur or to mitigate their impact if they do occur by identifying suspicious transactions or conduct that could involve an attempt to defraud IMAGIN or its customers.
The processing operations carried out to prevent fraud are:
Data processed: The data we will process for this purpose are:
Data Controller: The data controller in this case is IMAGIN. This processing is not carried out as joint controllers.
B. Preparation of management reports and mathematical models.
IMAGIN's legitimate interest: IMAGIN's legitimate interest in carrying out this process is to design, organise and optimise its corporate and commercial activity as efficiently as possible, which requires having reports on the management and activity of the company and the market, as well as advanced information analysis mathematical algorithms.
Purpose: The purpose of this processing is to prepare reports on the company's activity and its relationship with the market, on the composition and evolution of its customer base and on the convenience and effectiveness of its products and services. These reports are used to manage said products/services and to create and maintain statistical and mathematical models that allow for the processing detailed in this policy to be carried out and that require advanced calculations and analysis of the information.
Data processed: The data we will process for this purpose is that which has been identified previously for each processing type. We will apply, whenever possible, anonymisation or pseudonymisation techniques to ensure that this processing does not have an impact on the rights of the data subjects, and that the result of the processing is reports with statistical or aggregated information, or mathematical or algorithmic formulas.
Other relevant information: The following section includes other relevant data processing information:
Data Controller: The data controller in this case is IMAGIN. This processing is not carried out as joint controllers.
IMAGINKIDS (KIDS' VERSION)
ImaginKids (the kids' version) is an app intended for children under the age of 12, with content created (and checked by specialists in children's content) specifically for them, relating to good financial habits and education.
The child's legal guardian must validate their registration for the kids' version.
No data relating to the child will be requested or processed on ImaginKids (kids' version).
Details on data processing for ImaginKids can be found in the ImaginKids Privacy Policy published on Google Play and iTunes, in the app's Terms and Conditions, and in the My Profile section (if and when the ImaginKids app has been downloaded).
ImaginKids (kids' version) does not use any resources such as geolocation, nor does it process browsing data for user analysis or personalised advertising purposes.
IMAGINTEENS
ImaginTeens is an app designed for people over the age of 14 to introduce them to money management through their mobile.
The app obtains the following identifying details of minors: full name, date of birth, mobile phone number and email address.
If the child's legal guardian gives their authorisation, the minor can view all the products they own in the app (ImaginBank accounts and/or cards, and/or prepaid MoneyToPay cards) and carry out certain transactions from their mobile phone.
Details on data processing for ImaginTeens can be found in the ImaginKids Privacy Policy published on Google Play and iTunes, in the app's Terms and Conditions, and in the My Profile section (if and when the ImaginTeens app has been downloaded).
ImaginTeens does not use any resources such as geolocation, nor does it process browsing data for user analysis or personalised advertising purposes.
Data controller and joint data controllers
The data of yours that we process as an IMAGIN user we do so from IMAGIN. If data is processed by joint data controllers, it will be processed by CaixaBank Group companies in accordance with the previous processing sections.
Authorities or official bodies
IMAGIN may be legally required to provide information on transactions we carry out to authorities or official bodies in other countries located both within and outside the European Union.
Disclosure of data to outsourced service providers
Sometimes we use service providers with potential access to personal data.
Such providers grant an adequate, sufficient safeguarding service when it comes to processing your data, since we carefully screen service providers by including specific demands in the event that their services involve the need to process personal data.
The type of services we can assign to service providers is:
Financial back-office services
Administrative support services
Audit and consulting services
Marketing and advertising services
Survey services
Logistical services
Physical security services
Computer services (system and information security, cybersecurity, information systems, architecture, hosting, data processing)
Telecommunications services (voice and data)
Printing, enveloping, postal and courier services
Data storage and destruction services (digital and physical)
Storage for maintaining Contractual Relations
We will process your data as long as the Contractual Relations we have established remain in force.
Storage of authorisations for processing your data based on your consent (Imaginer Infinity user)
We will process the data based on your consent, until you revoke it.
If you cancel all your product and service contracts with the CaixaBank Group companies but do not withdraw the consent you have given us, we will automatically void said consent until you stop being our customer.
Storage to comply with legal obligations and to formulate, exercise and defend claims
Once the authorisation to use your data is revoked due to your withdrawal of your consent, or the contractual or business relationship established with us is over, we will only store your data to comply with legal obligations and to allow us to formulate, exercise or defend claims during the limitation period for actions resulting from this contractual relationship.
We will process this data by applying the technical and organisational measures required to guarantee that it is only used for these purposes.
Data destruction
We will destroy your data when the storage periods imposed by the regulations governing IMAGIN's activity have expired and the limitation periods for administrative or judicial actions arising from the relations established between you and us have elapsed.
EAt IMAGIN, we process your data within the European Economic Area and generally we have service providers located within the European Economic Area or in countries deemed to have an adequate level of data protection.
If we need to use service providers that carry out processing outside the European Economic Area or in countries not determined to have an adequate level of data protection, we will ensure that your data is processed in a secure and legitimate manner.
For this purpose, we require these service providers to apply suitable guarantees in accordance with the GDPR, such as binding corporate standards guaranteeing information protection in a similar way to European standards or to subscribe to the standard clauses of the European Union.
Section 6 of this Policy contains information on the type of processing that incorporates automated decision-making.
If during the Contractual Relationships you maintain with us, we adopt decisions that could establish legal effects for you or could significantly affect you (for example, to not allow you to take out a certain product) based solely and exclusively on automated processing (i.e., without the participation of a person), we will inform you of this, as well as of the logic through which we adopted it, in the contractual documentation of the product or service you have requested.
Moreover, at that time, we will also adopt measures to safeguard your rights and interests by giving you the right to human involvement, to express your views and to challenge the decision.
We will revise this Privacy Policy whenever necessary to keep you duly informed, for example, when publishing new standards or criteria or when we engage in new processing activities.
We will notify you through the usual communication channels whenever there are substantial or important changes to this privacy policy.
