Discover how we protect your personal information with complete security and transparency.
Caja Rural San Roque de Almenara, S. Coop. De Crédito V. (hereinafter, THE FINANCIAL INSTITUTION) will have access to and will process the personal data of any interested parties who (i) access our website, (ii) request information or maintain any kind of relationship with our branch network without becoming customers, or (iii) contact us by telephone (hereinafter, our Contact Channels), in accordance with the provisions of this Data Protection Policy (hereinafter, the Policy).
The purpose of this Policy is to set out the way in which personal data collected through our Contact Channels are obtained, processed and protected, so that interested parties can freely and voluntarily determine whether they wish to provide their personal data in the ways indicated herein.
The personal data collected by THE FINANCIAL INSTITUTION through these channels or the various communications it maintains with the interested party will be treated with absolute confidentiality. THE FINANCIAL INSTITUTION pledges to keep them secret and safeguard them by taking all the necessary measures to prevent their alteration, loss, unauthorised processing or access, in accordance with the provisions of applicable legislation.
We have implemented and continue to maintain the highest levels of security required by law to protect your personal data against accidental loss and unauthorised access, processing or disclosure, taking into account the current state of technology, the nature of the data stored and the risks to which they are exposed. There are some basic safety and security recommendations in the section “For your security”.
However, in line with our data protection obligations, if, as a result of any incident, your personal data become compromised, we will notify you in the terms provided for by current regulations.
For this reason, please read this Policy carefully. It will give you more information about how we process your personal data: (i) when and how we will ask you for your details and how you will provide them to us, (ii) the purpose and legal grounds for processing them, as well as (iii) the different rights that protect you and how you can exercise them.
Please be advised that our website may contain links to other websites. In any case, this Data Protection Policy will only apply to personal data obtained on the website of THE FINANCIAL INSTITUTION and cannot be applicable to information collected by third parties on other websites. We recommend that you read the policies of other websites you visit via links from our website or in any other way.
Caja Rural San Roque de Almenara, S. Coop. De Crédito V. (hereinafter, THE FINANCIAL INSTITUTION), with registered address for these purposes in C/ Dr. Berenguer, 4, 12590 - Almenara - Castellón, will be responsible for processing your personal data.
Contact the Data Protection Officer: dpd@grupocooperativocajamar.com
The personal data we may process will be limited to the data you provide to us via telephone, during your visits to our office, through web forms, or data obtained from your browsing activity on THE ENTITY’s website.
Specifically: first name and surname, postal address and/or email address, tax identification number, telephone number, and, where applicable, browser cookie ID, mobile device ID, time spent on the website, frequency of visits to the website. Also, should you visit our offices, your image.
It is essential that your data is kept constantly up to date; therefore, we require you to undertake that any data you provide to us is correct, accurate and up to date, and to accept any liability that may arise should you provide incomplete, erroneous or inaccurate data.
In accordance with the principle of privacy by default, we will only request the data necessary to fulfil the purpose for which we are requesting it. Therefore, the data we ask you to provide will be proportionate and not excessive. Please note that your refusal to provide certain personal data may prevent THE COMPANY from providing you with the services, features and/or information you request.
Should you wish to purchase any of our products or services, we will inform you of the specific legal privacy conditions applicable to you in each individual case.
Furthermore, if you are a customer of THE COMPANY, you may consult all information relating to the products or services you have contracted at any time by accessing your Online Banking.
Below, we set out in detail how we process your data and explain the legal basis that allows us to do so. For example, some processing is carried out to provide you with the service or manage the product you have requested, whilst other processing is required because we are bound by a legal obligation, etc. Below, we explain each of the circumstances in which we may collect and use your personal data:
If you have filled in your details on the enquiry or suggestion forms on the website, or if you have called us or visited one of our offices to obtain information and/or carry out a procedure, THE COMPANY will ask for your first name, surname, mobile phone number, email address and national identity document number. It will process your personal data in order to respond to and manage your request, resolving any enquiries you may have made.
Furthermore, some of our contact channels allow you to request that: (i) THE COMPANY send you (either by post, telephone, email, SMS, MMS or social media) information from THE COMPANY regarding financial, property, insurance, energy and/or leasing products and services, both its own and those of third parties marketed by THE COMPANY, and (ii) the transfer of your personal data to third-party entities belonging to those same sectors with which THE ENTITY collaborates, so that these third parties may inform you and you may benefit from their product and service promotions, as well as to all credit institutions that form part of the Cajamar Cooperative Group at any given time (the current list of which can be consulted on the website https://www.grupocooperativocajamar.es/es/comun/informacion-corporativa/sobre-grupo-cooperativo-cajamar/ or at our branches).
The legal basis for the processing of personal data is the consent you give us when you actively submit your request.
The data that may be used for data processing for commercial purposes includes identifying data (first name, surname, address, email address), socio-economic data (information on products, payment status, as well as the risk, commercial and financial status of customers) and data relating to internet and social media browsing.
You may withdraw your consent at any time or indicate your refusal to receive information via any of the specified channels (post, telephone, email, SMS, MMS or social media) without needing to provide any justification, and free of charge, by sending an email to protecciondedatos@grupocooperativocajamar.com.
Data will be retained for as long as necessary to fulfil the purpose for which it was collected.
Should you request a loan, credit or financing of any other kind from us, or carry out or intend to carry out any other transaction that may involve credit risk, THE COMPANY will request your first name, surname, mobile phone number, email address and national identity document number, and we will collect information regarding your risk profile and financial situation (data on your creditworthiness and credit risk).
We will process this data on the basis of a pre-contractual relationship arising from your application, which may lead to a future contractual relationship with THE ENTITY. If you would like detailed information on the development of valuation models to measure credit risk, please refer to Information on personal data protection for customers
Based on a legal obligation set out in sector-specific regulations which imposes a duty to gather the information necessary for risk assessment, Law 10/2014 on the Organisation, Supervision and Solvency of Credit Institutions, for the purpose of assessing your creditworthiness and risk, THE INSTITUTION shall be entitled to consult common registers of compliance or non-compliance with financial obligations, such as the ASNEF or EXPERIAN registers, in order to assess your creditworthiness for the purposes of considering the pre-approval, approval or rejection of your application, and this, where applicable, through the use of scoring models, including automated processing, and you may raise any objections you deem relevant in order to defend your interests.
The retention period will be for as long as necessary to fulfil the purpose for which the data was collected.
Registered users may submit their queries via our online chat service available at Online Banking or Digital Banking. In this case, THE BANK will process the personal data you have provided via the chat in order to handle and manage your request, resolving any enquiries you may have made.
The data collected will include your first name, surname, telephone number, identity document number, as well as any other personal data you may provide to enable us to deal with your enquiries.
The legal basis for the processing of personal data is the consent you give us by actively submitting your request to our agents via the online chat service.
You may withdraw your consent at any time without needing to provide any justification by sending an email to: protecciondedatos@grupocooperativocajamar.com.
Data will be retained for as long as necessary to fulfil the purpose for which it was collected.
Users who request to purchase products offered (i) To be able to provide you with the various services we offer via our Website and which you may request from us. For example, to provide you with our customer support service via our contact centre or to respond to any requests for information about our products or services. Should you call us, to handle your calls, including recording them for internal quality control purposes, to prevent potential fraud and to carry out internal statistical analyses.
THE ORGANISATION will ask for your first name, surname, telephone number, national identity number, as well as any other personal data you may provide in order to process your request.
The legal basis for the processing of this personal data is as follows:
(i) THE COMPANY's legitimate interest in assessing the quality of the service
(ii) The contractual relationship to enable the conclusion of the contract and the subsequent management of the products and services we offer and which you may be interested in contracting.
In this case, it will be necessary to process your data as this information is essential for formalising and fulfilling the contractual relationship, as well as for providing you with the services you request.
(iii) On the basis of a legal obligation, in order to comply with certain legal obligations arising from the management and maintenance of the contractual relationship regarding the products and services you request from us.
In this case, we will process your data solely for the purpose of complying with legal obligations and, where applicable, in accordance with the guidelines or requirements imposed by law.
You can find further information on the processing of personal data of THE ENTITY’s customers at Information on Personal Data Protection for customers.
(iv) To contact you in the event that you do not complete the contract process initiated via our website due to an incident. In this case, we will retain your data for a period of two months and will only process it for the purpose of contacting you to reactivate the process and assist you in completing it.
If you do not agree to us contacting you for these purposes, you may object by writing to: protecciondedatos@grupocooperativocajamar.com.
Data will be retained for as long as necessary to fulfil the purpose for which it was collected.
Services that enable THE ORGANISATION’s customers to carry out their banking transactions online or by telephone, the purpose of the processing being the provision of services.
THE ENTITY will process the personal data provided when formalising the contracted service.
The legal basis for the processing of this personal data is the fulfilment of the contractual relationship. The retention period will be for as long as necessary to fulfil the purpose for which the data was collected.
A service that allows THE ENTITY’s customers who do not have online banking to access a document centre and manage various requests for documents from THE ENTITY; this information is essential for fulfilling the contractual relationship and providing the requested services.
The COMPANY will process the personal data provided when the contracted service is formalised.
The legal basis for the processing of this personal data is the fulfilment of the contractual relationship.
The retention period will be for as long as necessary to fulfil the purpose for which the data was collected.
A service offering exclusive discounts and benefits for members of Grupo Cooperativo Cajamar.
THE ORGANISATION will process the personal data provided when formalising the contracted service.
In this case, it will be necessary to process your data as this information is essential for formalising and fulfilling the contractual relationship, as well as for providing you with the services you request.
Via our website, you can access THE COMPANY’s social media, which are:
If you contact us via any of these social media platforms, we will need to process your data in order to respond to and manage your enquiry, and to resolve any requests for information you may have made.
THE ORGANISATION will request your first name, surname, telephone number, identity document number, as well as any other personal data you may provide in order to deal with your request.
The legal basis for the processing of personal data is the consent you give us by actively submitting your request to our agents via any of our social media channels.
You may withdraw your consent at any time without needing to provide any justification by sending an email to: protecciondedatos@grupocooperativocajamar.com.
The retention period will be the time necessary to fulfil the purpose for which the data was collected.
Via our website, you can access our Job Portal, where THE ORGANISATION publishes available job vacancies for which you can apply; the purpose of this is to manage your application for the recruitment processes
THE COMPANY will request your first name, surname, telephone number, ID number, educational background, as well as any other personal data you may provide in order to process your application
The processing of this personal data is based on the consent you give us by actively submitting your application to participate in THE ORGANISATION’s recruitment process.
You may withdraw your consent at any time without needing to provide any justification by sending an email to: protecciondedatos@grupocooperativocajamar.com.
Data will be retained for as long as necessary to fulfil the purpose for which it was collected.
THE COMPANY uses essential cookies that enable you to browse the website. Furthermore, and only if you have given your consent, THE COMPANY may install cookies on users’ browsing devices for the purpose of obtaining analytical and statistical information, as well as third-party cookies for advertising purposes. These cookies are installed on the basis of your consent, and you may at any time adjust your settings or withdraw your consent.
In any case, information regarding the use of cookies and the data we collect from your browsing on our website (what information we collect, how we will use it, and what you can do about it) is available in our Cookie Policy.
If you visit THE ORGANISATION’s branches, our CCTV systems will capture your image. In any case, we will only process this data for the sole purpose of ensuring the safety of people, property and premises. The legal basis for this processing is the performance of a task carried out in the public interest. In accordance with the applicable regulations, these images may be disclosed to courts and tribunals, and to law enforcement agencies, and will be deleted 15 days after they are recorded, unless otherwise ordered by courts and tribunals or law enforcement agencies.
In general, your personal data will be processed for the purpose of managing the products and services you have requested, to ensure the proper functioning of our website, and to provide you with personalised service that meets your expectations.
In all other situations where the processing of your personal data is not necessary for the performance of the contractual relationship, compliance with legal obligations, or on the basis of a legitimate interest of THE COMPANY, we will first ask for your express consent to do so.
Notwithstanding the above, in each specific instance where we are going to process your data, we will inform you appropriately of (i) when and why we require your consent to collect and process your data, (ii) when and for what reason we request information that we are legally obliged to ask you for, (iii) when the information we request is essential for the performance of the contractual relationship you wish to enter into with us. Furthermore, in cases where we consider there to be a legitimate interest, (iv) when and for what purpose we wish to collect and process your data, as we believe that our interest in doing so does not infringe upon your privacy or undermine your expectations of privacy, (v) the periods for which we will retain your personal data.
Any information you provide to us via our Contact Channels will be processed exclusively by THE COMPANY as the data controller and, therefore, as the entity legally responsible for its collection, use, storage and subsequent erasure or destruction, whenever legally required or upon your request.
We will only disclose or transfer data to third parties where this is legally required (for example, to public authorities, law enforcement agencies or the courts), or where you have given your express consent. Otherwise, we will not disclose to any third party the information you provide to us via our Contact Channels.
At THE ENTITY, we work with third-party service providers who may occasionally have access to your personal data. We are referring, for example, to companies providing technological or IT services, security firms or customer service providers that provide services to us as data processors.
In order to guarantee your rights and freedoms and the adequate protection of your data, we inform you that we will enter into the relevant contract with these suppliers, whereby we will impose upon them, amongst other things, the obligation to implement appropriate technical and organisational measures, to process the data to which they have access solely to fulfil our instructions, and to delete or return it once their services have ended.
We will retain the information you provide for the time strictly necessary to deal with and manage the requests you make. Once we have responded to your request, we will only retain your data (duly blocked, where applicable) at the disposal of the courts and tribunals, in the event of any claims. If you carry out a simulation (e.g. for a loan or a mortgage), we will retain the information we have received for two months in order to facilitate and speed up the application process should you ultimately decide to proceed. Once this period has expired, we will proceed to delete it.
If you ultimately take out any of our financial products or services, in each specific case, we will inform you of how long we will retain and use your personal data, in accordance with applicable legislation.
In the case of cookies, data may be processed for as long as you maintain your consent to their installation and for the duration of their installation, with a maximum period of 2 years.
In the case of compliance with legal obligations, THE ENTITY is required to comply with the following retention periods:
| Documentation | Time period | Descripción | Legal reference |
|---|---|---|---|
| DATA PROTECTION | 3 years | Documentation verifying compliance with our data protection obligations, noting that the maximum limitation period for infringements in this area—specifically, serious infringements—is three years. All personal actions of any kind not subject to a special limitation period from when the obligation could be enforced, bearing in mind that for continuous obligations to act or refrain from acting, the limitation period restarts each time there is a breach. | Título IX de la LOPDGDD |
| PERSONAL CIVIL ACTIONS | 5 years | Transitional provisions: (i) Actions arising from legal relationships established between 7 October 2000 and 7 October 2005: limitation period of 15 years. (ii) Actions arising from legal relationships established between 7 October 2005 and 7 October 2015: 5 years from the entry into force of the law, i.e., 7 October 2020. (iii) Actions arising from legal relationships established after 7 October 2015: limitation period of five (5) years. | Article 1.962 of the Civil Code. |
| PERSONAL CIVIL ACTIONS | 5 years | Transitional provisions: (i) Actions arising from legal relationships established between 7 October 2000 and 7 October 2005: limitation period of 15 years. (ii) Actions arising from legal relationships established between 7 October 2005 and 7 October 2015: 5 years from the entry into force of the law, i.e., 7 October 2020. (iii) Actions arising from legal relationships established after 7 October 2015: limitation period of five (5) years. | Article 1.939 of the Civil Code regarding transitional provisions. |
| EMPLOYMENT OR SOCIAL SECURITY-RELATED DOCUMENTATION | 4 years | Documentation, records or digital files containing the transmission of relevant data verifying compliance with obligations related to employment placement, affiliation, registrations, cancellations or variations in these matters, as well as social security contribution documents and receipts for salary payments and delegated benefit payments. This includes all contractual documentation. Royal Decree 1424/2002, of 27 December, which regulates the communication of contract content and basic copies thereof, does not address this matter, so the above provision shall apply by analogy. | Article 21.1 of Royal Legislative Decree 5/2000, of 4 August, approving the consolidated text of the Law on Infringements and Penalties in the Social Order. |
| ACCOUNTING AND TAX DOCUMENTATION | 6 years | For commercial purposes: books, correspondence, documentation and supporting evidence related to your business, properly organised, from the last entry made in the books, unless otherwise specified by general or special provisions. This commercial obligation extends to mandatory books (income, expenses, investment assets and provisions), as well as the documentation and supporting evidence for the entries recorded (invoices issued and received, receipts, credit notes, bank documents, etc.). | Art. 30 of Royal Decree of 22 August 1885, by which the Code of Commerce is published. |
| ACCOUNTING AND TAX DOCUMENTATION | 4 years | For tax purposes: accounting books and other mandatory records under applicable tax regulations (e.g., Personal Income Tax, VAT, Corporate Tax, etc.), along with supporting documentation for the entries made (including software, digital files and any other fiscally relevant records), must be retained for at least the period during which the tax authorities retain the right to verify, investigate and assess tax debt. | Section 3 (Limitation Period), Articles 66 to 70 of Law 58/2003, of 17 December, on the General Taxation System. |
| BUILDING ACCESS CONTROLS | 1 month | Data stored in automated files created to control building access must be deleted one month after collection. | Fifth provision of Instruction 1/1996, of 1 March, issued by the Spanish Data Protection Agency, on automated files established for the purpose of controlling building access. |
| PREVENTION OF MONEY LAUNDERING AND TERRORIST FINANCING | 10 years | Documentation evidencing compliance with obligations under the Law. | In any case, the filing system of all subjects bound by this Law must ensure the proper management and availability of the documentation, both for the purposes of internal control and when required by the relevant authorities. Article 25 of Law 10/2010, of 28 April, on Anti Money Laundering and Combating the Financing of Terrorism. |
| INFORMATION SOCIETY SERVICES AND ELECTRONIC COMMERCE | 3 years | Documentation verifying compliance with our obligations under LSSI legislation (Law 34/2002), noting that the maximum limitation period for infringements in this area—specifically, serious infringements—is three years. | Article 45 of Law 34/2002 of 11 July, on Information Society Services and Electronic Commerce. |
| VIDEO SURVEILLANCE | 1 month | Images and sounds captured by video surveillance systems must be deleted within one month of collection. | Instruction 1/2006 of 8 November, issued by the Spanish Data Protection Agency, on the processing of personal data for surveillance purposes through cameras or video cameras. |
| VIDEO SURVEILLANCE | 1 month | Recordings must be destroyed within one month of capture, unless they relate to serious or very serious criminal or administrative offences concerning public safety, an ongoing police investigation, or ongoing judicial or administrative proceedings. | Article 8 of Organic Law 4/1997 of 4 August, regulating the use of video cameras by law enforcement in public places. See also Articles 18 and 19 of Royal Decree 596/1999 of 16 April. |
| VIDEO SURVEILLANCE (CONT.) | 10 days | Installation in common areas of a school to protect minors: a reduced retention period for stored images would align with the balancing exercise being conducted. Instruction 1/2006 sets a one-month retention period (Article 6), but this could be shortened further. If an incident affecting minors occurs, it should be identified within a much shorter time frame. A 10-day retention period would be appropriate: it is shorter than one month but sufficiently long for the school to identify any specific harm to a minor that could have legal consequences—aligning with the data erasure rights timeline while balancing personal data protection. After this 10-day period, only images showing events of significant relevance to the best interests of the minor may be retained. | AEPD Legal Report 475/2014 |
Current legislation recognises a series of rights described below, which you can exercise whenever you wish through the channels established for this purpose.
You may exercise the following rights with us:
Confirm whether we are processing your personal data or not and, if so
(i) access them,
(ii) request their rectification if you believe they are inaccurate or, where appropriate,
(iii) request their erasure when, among other reasons, you consider that they are no longer necessary, taking into account the purpose for which you provided them initially,
(iv) request the portability of the data you have provided, so that, if you are interested, we can send them directly to you or to a third party indicated by you, in a structured, commonly used format that can be read by mechanical means,
(v) under certain circumstances, you may also request that we limit our use of your data, or even object to our continued use of your data. In this case, we will stop using them, unless there are compelling legitimate reasons or they are required to build a defence against possible legal claims.
If we use your personal information to create behavioural profiles (for example, to better understand your interests and needs based on the way you browse our website), and we do so in a fully automated way, you will have the right to be informed of this, to ask for the personal intervention of any of our agents, to challenge any decision based on those profiles, or to simply express your point of view.
Withdraw any express consent that you may have given to process your personal data.
Submit any claims to us and/or to the Spanish Data Protection Agency (as the competent Supervisory Authority in this matter), especially when you have exercised a right and we have not dealt with it in the legally established terms (www.aepd.es).
If you wish to exercise your rights, please contact us using any of the following channels.
The channels we have set up for you to request that we exercise your rights are as follows:
Email: protecciondedatos@grupocooperativocajamar.com
Post: Grupo Cooperativo Cajamar - Protección de Datos - Apartado de Correos 250-04080
The Spanish Data Protection Agency (AEPD) provides you with the FACILITA tool, designed to simplify the processing of basic data.
