CaixaBank and the CaixaBank Group companies listed below are jointly responsible for the processing (hereinafter "Joint Controller Entities") of your data in order to prevent fraud involving economic or reputational losses to the entity or its customers:

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • Nuevo Micro Bank, S.A.U.
  • Global Payments Moneytopay, EDE, S.L.
  • CaixaBank Equipment Finance, S.A.U.

In accordance with the applicable regulations, the Joint Controllers have signed a joint controller agreement for certain processing activities. The essential elements of this agreement are as follows:

(i) For certain processing activities identified in the Privacy Policy, the Joint Controllers will act in a coordinated or joint manner.

(ii) All suitable technical and organisational measures have been determined to ensure a level of security that corresponds with the risk inherent to processing the personal data subject to joint processing.

(iii) A one-stop shop mechanism is in place for the exercise of data subjects’ rights. This means that requests relating to rights that are received are handled centrally, from a single point of entry. The Controllers agree to collaborate and assist each other.

(iv) The Controllers comply with the duty of secrecy and the requirement to keep the personal data they process confidential.

(v) Regardless of the terms of the joint controller agreement, the data subjects can exercise their data protection rights by contacting any of the Joint Controllers.

This processing is carried out for the legitimate interests of CaixaBank or a third party. We do so provided that these interests do not take precedence over your interests, or your fundamental rights and freedoms, as per Art. 6.1.f of the GDPR.

Before carrying out this processing, we will consider your rights against our legitimate interest. We will only carry out the processing in cases where our interest prevails over your rights and freedoms. You can ask about the analysis that is done to consider the legitimate interest of a processing operation at any time by emailing your enquiry to delegado.proteccion.datos@caixabank.com

We remind you that you have the right to object to this processing carried out for legitimate interest. If you believe that CaixaBank should consider any personal situation or reason to stop processing your data, you can request this easily and free of charge through the channels mentioned in section 4 of our Privacy Policy.

Below you will find details on CaixaBank's Legitimate Interest, a description of its purpose, the types of data processed, information on the use of profiling, and other relevant information about the processing.

Legitimate interest: Prevent fraud involving financial or reputational losses to CaixaBank or its customers.

Purpose: TAdopt the necessary steps to avoid malicious transactions or behaviour before they are committed. It also aims to reverse any effects that may arise by identifying transactions or conduct suspected of fraud against CaixaBank or its customers.

We will process your data to:

  • Verify the identity of customers to prevent fraudulent access to information or transactions.
  • Review and analyse the contracting and transactions that are carried out in our systems to protect our customers from fraud on any channel and prevent cyberattacks.
  • Verify your identity and the validity of the identification documents you provide us with. We will confirm that the document you provided is yours. We will do so by comparing it with national and international databases from law enforcement agencies. Also with similar organisations, such as INTERPOL (International Criminal Police Organization). We do this to protect you from identity theft, for example, where someone might impersonate you.
  • Consult the information included in the PAYGUARD Fraud Prevention Service to detect fraudulent accounts, and, if applicable, report your fraudulent transactions.

Types of processed data:

  • Personal and contact details
  • Data on your professional or employment activity and socio-economic information
  • Contracting data
  • Basic financial data
  • Third-party data observed on demand and payment account statements and receipts
  • Data on any communication with you
  • Browsing data
  • Geographical data
  • Data obtained from other processing operations provided for in this policy:
    • Risk assessment or scoring data (processing defined under heading 6.2.C).
  • Data obtained from running statistical models

Use of profiling: We will create a profile based on your usual transactions and activities. We will use this profile to spot unusual situations that may point to attempted fraud

  • Purpose of the profile: the profile used aims to identify activities that are unusual or outside your behavioural profile. These may be attempts at fraud or fraudulent access to information.
  • Consequences: profiles help us to identify fraudulent transactions. Its use involves applying measures ranging from detailed review of the transaction to blocking or denying it.

Other relevant information:Below, you will find other relevant information on this processing:

  • Automated decisions: to prevent fraud, we will carry out automated decision-making processes. This allows us to detect potential fraudulent transactions. For transactions that cannot be reversed once made, such as immediate payments or transfers, the automated decision may prevent you from carrying out the transaction if it detects that it may be fraudulent. Therefore, you will not be able to carry out that transaction. You can request the transaction again at any of our branches, where the analysis does not involve automated decisions.
  • Right to objection to processing: if you believe that CaixaBank should stop using your data for any personal reason, you can request this free of charge and easily through the channels mentioned in section 4.
  • PAYGUARD Fraud Prevention Service: CaixaBank is a member of the PAYGUARD Fraud Prevention Service, which includes the country's leading financial institutions and is managed by Sociedad Española de Sistemas de Pago, S.A. (Iberpay).
    The service aims to minimise the levels of fraud related to movements between accounts by detecting, investigating, monitoring and reporting, where applicable, suspicious and fraudulent transactions involving customers' current or savings accounts. The legal basis for the processing is the legitimate interest in preventing fraud that could affect these transactions.
    CaixaBank may include data related to the IBAN number and identifying details of the holder of the account where the suspicious or fraudulent transaction has been detected in the PAYGUARD Fraud Prevention Service. You may view the updated list of the participating companies at the following link https://www.iberpay.es/es/servicios/servicios/prevenci%C3%B3n-del-fraude/
    The data will be kept for a maximum of thirty days for suspicious transactions and one year for confirmed fraudulent transactions.
    The institutions participating in the PAYGUARD Fraud Prevention Service are jointly responsible for your data. You may request the main aspects of the joint liability agreement by sending an email to www.caixabank.com/delegadoprotecciondedatos and also exercise your rights regarding the processing of your data over any of the channels indicated in section 4. Exercising rights and filing complaints through the Spanish Data Protection Agency (AEPD).
  • FrauDfense Fraud Prevention Service: CaixaBank is a member of the FRAUDFENSE Fraud Prevention Service, which includes some of the country's leading financial institutions and is managed by FrauDfense, S.A.
    This service aims to minimise the levels of fraud related to customers' transactions, by detecting, investigating, monitoring and reporting, where applicable, suspicious and fraudulent transactions involving customers' current or savings accounts in their digital banking transactions. The legal basis for the processing is CaixaBank's legitimate interest in preventing fraud in their transactions.
    CaixaBank may include data related to the IBAN number, data related to the fraudulent transaction identified, details of the device from which the fraudulent transaction was made and identification data of the holder or the account where the suspicious or fraudulent transaction has been detected in the FrauDfense Fraud Prevention Service. You may view the updated list of participating FRAUDFENSE institutions at: https://916087356-1.servicio-online.net/sobre-nosotros1/nuestros-partners.
    The details will be kept in the FrauDfense Fraud Prevention Service for a maximum of 12 months in the case of confirmed fraudulent transactions and may then be kept blocked until the applicable statute of limitation period elapses.
    The institutions participating in the FrauDfense Fraud Prevention Service are jointly responsible for processing your data. You may request the main aspects of the joint liability agreement by sending an email to www.caixabank.com/delegadoprotecciondedatos or protecciondedatos@frauDfense.com.
    You may also exercise your rights regarding the processing of your data via any of the channels indicated in section 4 Exercising Your Rights and Lodging Claims with the Spanish Data Protection Agency (AEPD), and by emailing protecciondedatos@frauDfense.com.