CaixaBank and the CaixaBank Group companies listed below are joint data controllers (hereinafter, "Joint Controllers") for the analysis of the solvency and ability to repay of applicants and/or holders of products involving financing.

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • Nuevo Micro Bank, S.A.U.
  • CaixaBank Equipment Finance, S.A.U.
  • Unión de Crédito para la Financiación Mobiliaria e Inmobiliaria, CREDIFIMO, E.F.C., S.A.U.
  • Banco BPI, S.A.
  • Facilitea Selectplace, S.A., Sociedad Unipersonal CaixaBank Wealth Management Luxembourg.

In accordance with the applicable regulations, the Joint Controllers have signed a joint controller agreement for certain processing activities. The essential elements of this agreement are as follows:

(i) For certain processing activities identified in the Privacy Policy, the Joint Controllers will act in a coordinated or joint manner.

(ii) All suitable technical and organisational measures have been determined to ensure a level of security that corresponds with the risk inherent to processing the personal data subject to joint processing.

(iii) A one-stop shop mechanism is in place for the exercise of data subjects’ rights. This means that requests relating to rights that are received are handled centrally, from a single point of entry. The Controllers agree to collaborate and assist each other.

(iv) The Controllers comply with the duty of secrecy and the requirement to keep the personal data they process confidential.

(v) Regardless of the terms of the joint controller agreement, the data subjects can exercise their data protection rights by contacting any of the joint controllers.

This processing is necessary to manage the contracts you request from us or to which you are a party. It is also necessary to apply, if you request it, pre-contractual measures. We will do so based on Art. 6.1.b of the General Data Protection Regulation (GDPR).

This processing is necessary so that you can enter into and maintain your contracts with us. If you do not want us to carry out this processing, we will have to end this relationship, or you will not be able to enter into the relationship if it is not already in place.

Below you will find details on the purpose, the types of data processed, information on the use of profiling, and other relevant information about the processing.

Purpose: The purpose of this data processing is to determine whether applicants or holders of products or services involving deferred payment of instalments are able to pay the agreed instalments.

Another purpose of this processing is to determine whether the holders of products or services that involve repaying money we have advanced can do so.

We will inform you of the details of this processing when you request one of the aforementioned products or services or in the corresponding contract for such product or service.

The processing activities we carry out for internal risk management and to prevent non-payment are as follows:

  • Analysis of applicants' ability to pay at the time of granting the aforementioned products and services.
  • Analysis of the payment capacity of the holders of the aforementioned products and services, while they are in force.

Types of processed data:>/p>

  • Personal and contact details
  • Information about your professional or work activity, and socioeconomic data
  • Contracting data
  • Basic financial data
  • Third-party data observed on demand and payment account statements and receipts
  • Data obtained from running statistical models
  • Data on credit information systems
  • Equifax RISK SCORE information
  • CIRBE data:
  • Demographic and socioeconomic data
  • Data on properties and vehicles associated with the person
  • Information obtained from sources accessible to the public, and public registers

Use of profiling: We will create a risk profile that we will use exclusively to determine whether you can repay the agreed instalments or the money we have given you in advance.

  • Purpose of the profile: This profile is used for:
    • determine the probability of default at the time of granting you a product.
    • increase or reduce the amount granted in your current transactions.
    • calculate the provisions and capital requirements applicable to CaixaBank.
  • Consequences: risk profiles help us decide whether or not to grant you the requested transaction. They also help us assess whether to increase or reduce the amount granted for your current transactions.
    When you request one of these products or services through electronic channels, this profile involves making automated decisions to either provide you with the product you are requesting or not.
    You can find full details in the section "Other relevant information".
  • Logic: the information provided in the previous section "Types of data processed" will be used.
    Using this basic information, a specific value is attributed to each of these data. The sum of these values will give a score relative to the probability of default.
    The importance of each variable and its influence on the end result is calculated in advance through mathematical models and is included in our internal risk policies.

Other relevant information:

  • Automated decisions: FTo analyse your ability to pay in applications made through electronic channels, we will use automated processing to verify whether or not we can grant you the financing you are requesting.
    If the above calculation results in us not granting you financing, you will not be able to contract the requested product through this channel. You can request that a human review this decision.
    You can contact CaixaBank directly through the channels listed in this policy and you can request the transaction again at any of our branches, where the analysis does not involve automated decisions.
  • Regulatory obligations: these data processing activities are necessary to manage our contractual relationship. They are also necessary to comply with Law 44/2002 on Financial System Reform Measures, Law 10/2014 of 26 June on the Regulation, Supervision and Solvency of Credit Institutions, and other obligations and principles of responsible lending regulations, which apply to us as a credit institution.
  • Enquiries to credit information systems: we will make the necessary enquiries to credit information systems to assess your payment capacity. We will make these enquiries based on our legitimate interest, as detailed in section 6.4.D.
  • Enquiry and communication to the CIRBE: enquiries to the CIRBE necessary for creditworthiness analysis are performed pursuant to the provisions of Law 44/2002, of 22 November, on Financial System Reform Measures. The data required to identify persons with whom credit exposures are held will also be communicated, based on the same rule.
  • Preparation of the management reports and mathematical models: we will use the data from this processing to produce management reports and mathematical models in accordance with section 6.4.F of this Policy