Branches Become a customer Log in You will be redirected to another website

Política de privacidad de aplicaciones móviles

Política de privacidad de aplicaciones móviles

Basic information about personal data protection

1. Who is responsible for processing your data?

ABANCA Corporación Bancaria, S.A. (hereinafter, "the ENTITY" or "ABANCA"), with NIF A-70302039

2. What is the origin of your personal data and what data do we process?

We must distinguish between the sources from which your personal data originate and the categories of personal data we process through our Application:

2.1. Sources from which your personal data originate:

Your personal data processed by the Mobile Banking Application may come from yourself, be generated at ABANCA, or originate from external sources: - i) Data provided by you; - ii) Data generated about you derived from the management, development, and maintenance of the contractual relationships you have with ABANCA; - iii) Companies of the ABANCA Economic Group

2.2. Categories of personal data:

The data we process correspond to the following categories: - i) Identification and contact data; - ii) Data related to your image; - iii) Data related to identification codes or keys; - iv) Economic and asset solvency data; - v) Financial data; - vi) Transactional data; - vii) Insurance data; - viii) Geographical location data; - ix) Data from your mobile device; - x) Browsing and behavior data within the Application; - xi) Special categories of data: in our Mobile Banking Application, as a general rule, we do not collect or use special categories of data, but we may collect and process them only if you register as a client through Mobile Banking, since we will proceed to identify you via video call, always with your prior consent and after having informed you of all aspects of the processing of biometric data associated with your image that will be carried out in this process.

Below we inform you about the different processing of your personal data for which ABANCA is responsible, specifying the purposes and legal bases for each of them.

3.1 Processing strictly necessary for the basic operation of the application:

3.1.1 Processing based on the execution of the remote banking contract. The purpose is the correct formalization, maintenance, and fulfillment of the contractual relationship established with ABANCA through the download of the Application. For this, we will carry out the following processing operations:

  • i) Manage access to the Mobile Banking Application through your remote banking credentials;
  • ii) Execute the operations you carry out through your Mobile Banking;
  • iii) Provide you with information about your balance and movements in ABANCA accounts and cards, your loans and investments with ABANCA, and even your insurance marketed through ABANCA may be displayed;
  • iv) Categorize your transactions;
  • v) Proceed, if applicable, to sign contracts using the ABANCA signature modality;
  • vi) Provide you, if applicable, with a chat service that allows you to communicate directly with your manager;
  • vii) Send you non-commercial communications strictly related to the products and services you have contracted with ABANCA or marketed by ABANCA to your private mailbox in the e-Correspondence service of Remote Banking;
  • viii) Provide you with information about the geographical location of the merchant where you made a purchase or the ABANCA ATM where you withdrew cash (this information is inferred from the location of the merchant or ATM and never from the location of your device);
  • ix) Installation and use of ABANCA Key. ABANCA Key is an additional security tool integrated into Mobile Banking, a system for identity verification based on access key technology, also known as Passkey.

3.1.2 Processing based on ABANCA's legitimate interest in fraud prevention. We process your personal data based on the satisfaction of legitimate interests pursued by ABANCA, and to the extent that your own interests or fundamental rights and freedoms do not prevail over those legitimate interests; in this case, ABANCA's legitimate interest is to prevent fraud situations, both in the provision of Mobile Banking and during its use, which could result in identity theft. For this, we will carry out the following processing operations:

  • i) After provisioning Mobile Banking, associate certain device or connection data to your user;
  • ii) Share the phone number provided to ABANCA with your mobile operator so they can verify if it matches the one associated with the SIM of the device you are operating from;
  • iii) Detect malicious code (malware) installed on the device where you have provisioned your Mobile Banking;
  • iv) Review user behavior in interaction with the Application to determine if irregularities in usage are detected;
  • v) Collect information about whether you are making a call during the use of the application.

3.2 Optional processing to improve the services offered by the application with prior user authorization.

These processing operations are linked to your device permissions, and you can review and modify your permissions at any time in your device settings.

3.2.1. Processing associated with the "Notifications" permission: If you grant this permission on your device, you can receive alerts regarding your operations in ABANCA. Additionally, in your Mobile Banking, you can configure what type of notifications you want to receive.

3.2.2 Processing associated with the "Contacts" permission:

If you grant us this permission to access your device's contact list, you can, from Mobile Banking:

  • i) Directly select a contact from your list to notify a transfer
  • ii) Directly select a contact from your list to make a Halcash.
  • iii) Directly select a contact from your list to make a Bizum.

To streamline the process of sending or receiving payments through the Bizum service, you can authorize the permission to access your contact list on your device, in which case the application will share your contact data with Bizum so you can identify which of them are Bizum service users.

If you have not authorized this permission on your device, you can use these application features by manually entering the phone number to notify the transfer or request/send a payment via Bizum or Halcash.

  • iv) Increase your security in the use of your Mobile Banking.

3.2.3. Processing associated with the "Camera" permission: If you grant us this permission to access your device's camera, you can, from Mobile Banking:

  • i) Manage your registration as a client and authenticate yourself online. In this case, we may process biometric data associated with your image, always with your prior consent and after having been informed of all aspects of the processing of biometric data that will be carried out in this process.
  • ii) Personalize your Mobile Banking profile by including a photo taken directly with your device's camera.
  • iii) Manage the payment of non-direct debit bills by capturing the barcode. If you do not grant us permission, you can use this application feature by manually entering the digits of your bill's barcode.
  • iv) Upload documentation through your Mobile Banking: you can provide your Branch with the documentation required by the Entity.
  • v) Increase your security in the use of your Mobile Banking.

3.2.4. Processing associated with the "Phone" permission: The application may request this permission to increase your security in the use of Mobile Banking, allowing us to collect information about whether you are making a call during the use of the application, as well as collect data from the SIM installed in your device; all with the aim of increasing your protection against social engineering attacks.

3.2.5. Processing associated with the "Mobile Data" permission: We may request this permission to allow access to your Mobile Banking Application using your device's mobile data. This permission (unlike the rest of the permissions reported) is authorized by default by the device itself; however, if your device version allows it, you can withdraw it at any time so that access to the Mobile Banking Application is only possible via Wi-Fi.

3.2.6. Processing associated with the "Location" permission. If you grant us this permission to access your device's location, we can:

  • i) Offer you the Office locator service integrated into our Mobile Banking Application.
  • ii) Increase your security in the use of your Mobile Banking by implementing additional controls both in the use and download of our Application to prevent fraud. We will only process your location data when downloading the application and accessing it, so we will only access your location if you are using Mobile Banking and never in the background.

3.2.7. Processing associated with the "Biometric Identification" permission: To increase your security in accessing Mobile Banking, if the device or application version allows it, we give you the possibility to authenticate using your biometric pattern associated with your device. You must have previously activated biometric identification on your mobile device, and as informed in the conditions accepted on your device, your biometric data (Face ID, fingerprint) remain on your device and the Mobile Banking Application can never access this information. Thus, the only information we receive from your device is that authentication was successful.

4. With whom do we share your data?

The application may share data with Bizum S.L. only if you voluntarily activate the Immediate Transfer Service provided by Bizum S.L. in Mobile Banking.

By activating this service, you can, through Mobile Banking, send or request funds from other Users of the service immediately, using the beneficiary's (or, if applicable, sender's) mobile phone number as identification data, and under the terms and conditions of the Bizum service, which you must accept to activate this feature.

Thus, to manage the Bizum Immediate Transfer service, the application may share the following data with Bizum S.L.:

  • Identification and contact data: name, surname, and mobile phone number

  • Financial data: only the IBAN of the account you select as the debit or, if applicable, beneficiary account for payment orders, as well as the amount and concept of each operation you carry out using the service.

Additionally, as detailed in section 3.2.2.c), and if you grant permission to access your contact list, we may share your contact data with Bizum so you can identify which of them are Bizum service users. Otherwise, we will provide Bizum with the phone number you manually enter as the beneficiary (or, if applicable, sender) of a payment order.

  • With your mobile operator through specialized technology providers for fraud prevention and under the terms informed in section 3.1.2.

5. What are your rights?

You can exercise your rights of access, rectification, erasure, restriction, objection, and portability of your personal data by contacting ABANCA's Customer Service through the channels referred to in the additional and detailed information on Data Protection found in the privacy policy accessible on our website (https://www.abanca.com/), within the "Legal and security aspects" section, located at the bottom of the website.

6. Where can you consult detailed Data Protection information?

Below you can consult the additional and detailed information about the Mobile Banking Privacy Policy.

ADDITIONAL INFORMATION ABOUT PERSONAL DATA PROTECTION

1. Who is responsible for processing your data?

The entity responsible for processing your personal data is ABANCA Corporación Bancaria, S.A. (hereinafter, "ABANCA"), with NIF A-70302039 and registered office in Betanzos (A Coruña - Spain), c/ Cantón Claudino Pita, nº 2, 15300. At ABANCA, we have a Data Protection Officer (hereinafter also "DPO"), whom you can contact, if needed, to obtain more information about any of the points included in our Privacy Policy and to send your questions, inquiries, or complaints related to the processing of your personal data, via the email address privacidad@abanca.com. Below, we provide you with detailed information about the processing of your personal data carried out by ABANCA as the data controller, through our Mobile Banking Application.

2. What is the origin of your personal data and what data do we process?

We must distinguish between the sources from which your personal data originate and the categories of personal data we process through our Application:

2.1. Sources from which your personal data originate

Your personal data processed by the Mobile Banking Application may come from yourself (when you provide or supply them within the scope of your relationship with us), be generated at ABANCA (due to the management of those relationships), or originate from external sources (that is, from third parties who are not part of the relationships you maintain with us and from whom we obtain data about you under the consent you may have granted us for this purpose, or under another legally provided legal basis that allows it). Below, we provide detailed information regarding the mentioned internal and external sources from which your personal data may originate:

  • Data provided by you within the scope of the formalization and development of your contractual relationships with ABANCA (e.g., identification data, contact data)

  • Data generated about you derived from the management, development, and maintenance of the contractual relationships you have with ABANCA (e.g., your account data and account movements, data of cards contracted with the Entity).

  • Companies of the ABANCA Economic Group, whose activity sectors include finance, social, insurance, real estate, securities investment, training, marketing, and consulting and advisory services.

    You can access the complete list of companies that are part of the ABANCA Economic Group at any given time by clicking here.

    If you have contracted insurance mediated by ABANCA Mediación Operador de Banca-Seguros Vinculados, S.L or a pension plan contracted with ABANCA VIDA y PENSIONES, S.A, you will have available the information about your insurance or pension plan originating from these Group Entities in your Mobile Banking Application.

    Likewise, if you have contracted an investment fund marketed by ABANCA, information about your investment fund will be displayed in your Mobile Banking Application.

2.2. Categories of Personal Data

In the Mobile Banking Application, we process different types of personal data to manage the application's operation, as well as for the other purposes indicated in section 3.“For what purposes and on what legal grounds do we process your personal data?” of this Privacy Policy.

To provide you with clear and detailed information, we have grouped the personal data we process into the following categories:

  • Identification and contact data: name, surname, identity document (DNI, passport, or NIE), postal and email address, and landline or mobile phone number.

  • Data related to your image (e.g., in the case you personalize your Mobile Banking profile by including a photograph)

  • Data related to identification codes or keys for access and operations in the application.

  • Economic and asset solvency data: income and expenses; investments and loans.

  • Financial data: data about your accounts, cards, and loans contracted with ABANCA.

  • Transactional data: data related to account entries and movements, such as data from direct debits, transfers, and charges; information about payments made with ABANCA cards or other payment methods, or using our POS terminals; or information about payments made against credit lines or loans granted by ABANCA.

  • Insurance data: data about insurance policies marketed by ABANCA that you have contracted (data including insurer entity, insurance branch, fee or premium, expiration date, policyholder and beneficiary/insured, insured amounts, and vehicle registration, in the case of car insurance).

  • Special categories of data: we refer to those data that, due to their nature, are particularly sensitive in relation to fundamental rights and freedoms and therefore deserve special protection, as their processing could imply a greater risk for the individual; that is, we refer to data revealing your ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, health-related data (e.g., information about illnesses, disabilities, or physiological or biomedical status), or your sex life or sexual orientation, data of vulnerable groups –if you belong to any–, as well as biometric data aimed at uniquely identifying you.

    In our Mobile Banking Application, as a general rule, we do not collect or use this type of personal data, but we may collect and process them if you register as a client through Mobile Banking, since we will proceed to identify you via video call, always with your prior consent and after informing you of all aspects of the processing of biometric data associated with your image that will be carried out in this process.

  • Geographical location data. We distinguish here between:

    • Geographical location data obtained from your IP address.
    • Geographical location data obtained by using your device's location, for which you must have previously authorized the location permission.

  • Mobile device data: such as device ID, manufacturer, model, and operating system.

  • App navigation and behavior data: IP address and behavioral habits in our Mobile Banking (e.g., how you navigate through the different sections of our app), and information about the installation and technical operation of third-party applications you download on the same device where you have installed our Mobile Banking app, all of the above provided that, when cookies and/or similar technologies are used, you have expressly accepted their use; data about the ISP (domain of the provider giving access to the network), and the date-time linked to access; as well as codes or keys used to access/operate in Mobile Banking and the physical identification of the device or mobile device (e.g., IMEI).

We inform you that not all the categories of data mentioned above are used for all the processing activities provided for in this Privacy Policy. Indeed, and by application of the legal principle of data minimization, such personal data will only be used to the extent that, depending on the circumstances of each specific case, they are adequate and relevant to fulfill the purpose assigned in this Privacy Policy to the corresponding processing.

Below, we inform you about the different processing activities of your personal data for which ABANCA is responsible, specifying the purposes and legal bases for each of them.

Additionally, we will distinguish which processing activities are necessary for the basic operation of the Application and which are optional, that is, processing activities that, while not strictly necessary for the use of the Application, offer improvements in its use or allow us to enhance security; these processing activities are linked to device permissions.

3.1 Processing strictly necessary for the basic operation of the Application

3.1.1 Processing based on the execution of the remote banking contract.

The purpose of this processing is the correct formalization, maintenance, and fulfillment of the contractual relationship established with ABANCA through the download of the Application. Below, we indicate the data processing operations we may carry out within the framework of this processing:

  • Manage access to the Mobile Banking Application through your remote banking credentials.

  • Execute the operations you carry out through your Mobile Banking.

  • Provide you with information about:

    • Your balance and movements in ABANCA accounts.
    • Your ABANCA cards, including details of your operations and, in the case of credit cards, information about your available and used balance.
    • Your loans and investments with ABANCA.
    • Your insurance policies marketed through ABANCA may be displayed.

  • Proceed, where applicable, to the signing of contracts using the ABANCA signature modality.

  • Where applicable, provide you with a chat service that allows you to communicate directly with your manager.

  • Send you strictly non-commercial communications related to the products and services you have contracted with ABANCA or marketed by ABANCA (communications related to your insurance or investment funds) to your private mailbox of the e-Correspondence service of Remote Banking.

  • Automatically categorize your transactions so that you can generate a complete report of your expenses and income, grouped by categories.

  • If you believe that this automatically assigned categorization is incorrect, you can modify it and even create your own labels from the transaction details.

  • Provide you with information about the geographical location of the merchant where you made a purchase or the ABANCA ATM where you withdrew cash. This information is inferred from the location of the merchant or ATM and never from your device's location, as we will only access your device's location after obtaining the corresponding geolocation permission and for the purposes informed in section 3.2.6 of this policy.

  • Installation and use of ABANCA Key. ABANCA Key is an additional security tool integrated into Mobile Banking; it is an identity verification system based on access key technology, also known as Passkey. Access keys validate your identity using your personal device's unlock method (your face, fingerprint, or device PIN). It is important to clarify that ABANCA will never have access to your PIN or biometric data; this information is only stored on your device.

    This tool allows you to confirm certain operations that require your authentication (for example, sending money), with the aim of strengthening the security of such operations. Consequently, it will be mandatory to verify your identity using ABANCA Key to execute certain operations from your Mobile Banking.

    ABANCA Key can help you prevent fraud attempts, since if you provide your access credentials to cybercriminals through deception, it will be more difficult for them to operate from your Mobile Banking, as they will be required to validate their identity with your ABANCA Key, which only you can access using your device's unlock method (your face, fingerprint, or PIN).

    Remember that if you create your ABANCA Key from a device that can be accessed by more than one person with their biometric data (face or fingerprint), you are authorizing those people to identify themselves with the ABANCA Key and, therefore, to carry out operations from your Mobile Banking, just as if you share your device's unlock PIN with third parties.

3.1.2 Processing based on ABANCA's legitimate interest in fraud prevention.

This section refers to the processing of your personal data based on the legal grounds of satisfying legitimate interests pursued by ABANCA, provided that your own interests or fundamental rights and freedoms do not override those legitimate interests.

For this reason, before carrying out the processing described in this subsection 3.3, we have weighed your rights against ABANCA's legitimate interest, concluding that the latter prevails. You can consult the balancing analysis we have carried out by contacting our DPO at the following email address: privacidad@abanca.com.

ABANCA has a legitimate interest in preventing fraud situations in the use of the application that could result in identity theft and therefore harm you. For this reason, and for the purpose of fraud prevention both in (i) the provision of Mobile Banking, and (ii) during its use, we may carry out the following data processing operations on your personal data:

  • After provisioning Mobile Banking, data such as device model, manufacturer, operating system, or connection data will be associated with your user; these parameters allow us to apply fraud prevention measures, based on certain rules, considering the combination of the above parameters.

  • Share the phone number provided to ABANCA with your mobile operator through specialized technology providers, solely for your operator to confirm if that number matches the one associated with the SIM of the device you are operating from.

  • We may detect malicious code (malware) installed on the device where you have provisioned your Mobile Banking; thus, if malware is detected on the mobile device, ABANCA may apply fraud prevention measures.

  • Considering the behavior in the interaction with the Application of the authenticated user in Mobile Banking, it can be determined whether such behavioral pattern is common or if irregularities are detected in the use, in which case fraud prevention measures may be applied.

    As informed in section 2.2 of this policy “Category of personal data,” the Mobile Banking Application only processes biometric data during client registration and after obtaining your consent; therefore, we clarify that through this processing we do not generate biometric data associated with your specific behavior in the Application (“behavioral data”), but only verify that the behavior in the Application of the authenticated user does not correspond to a pattern associated with a fraud risk.

  • If your device's system allows it, we may collect information about whether you are making a call during the use of the application, as well as collect data from the SIM installed in your device; all with the aim of increasing your protection against social engineering attacks.

In other cases, your device's system will only allow access to this information if you grant us the “Phone” permission, as informed in section 3.2.4 of this policy.

3.2 Optional processing to improve the services offered by the application, subject to user authorization.

These processing activities are linked to your device's permissions. That is, the application may request permissions, for example, to access the camera, contacts, or your notifications so that you can use certain functionalities of the application. You can review and modify your permissions at any time in your device settings.

3.2.1. Processing associated with the “Notifications” permission:

If you grant us this permission on your device, we can send you alerts about your operations from Mobile Banking:

To allow you to receive alerts regarding your operations with ABANCA, you can activate the notifications permission on your device. Additionally, in your Mobile Banking, you can configure in detail which types of notifications you want to receive:

  • Notifications about your accounts and cards:

    • We will notify you each time you receive a deposit in any of your ABANCA accounts.
    • We will notify you if you have a negative balance in any of your ABANCA accounts.
    • We will notify you each time you have expenses with your cards exceeding the amount you specify.

  • Other services:

    • We will notify you if a direct debit is returned in ABANCA.
    • We will notify you about operations carried out in your securities account.
    • We will send you notifications about products and services that may interest you based on your commercial and risk profile, only if you have not previously objected to receiving commercial communications from the Entity.

You cannot disable security notifications in your Mobile Banking, as they are necessary to ensure maximum service security, although, like other notifications, they depend on you granting the notifications permission on your device.

3.2.2 Processing associated with the “Contacts” permission:

If you grant us this permission on your device, you can use the following functionalities from Mobile Banking:

  • a) Directly select a contact from your address book to notify a transfer. To notify a transfer made to one of your device contacts, you can authorize the permission to access your address book.

  • b) Directly select a contact from your address book to make a Halcash. To send money with Halcash by instant cash withdrawal at an ATM, you can authorize the permission to access your address book.

  • c) Directly select a contact from your address book to make a Bizum.

    Mobile Banking includes among its functionalities the Immediate Transfer Service (hereinafter Bizum) provided by Bizum S.L, which allows sending and receiving money using only the beneficiary's (or, where applicable, sender's) phone number for the payment order.

    To speed up this process, you can authorize the permission to access your address book on your device, in which case the application will share your contact data with Bizum so you can identify which of them are Bizum service users.

    If you have not authorized this permission on your device, you can use these application functionalities by manually entering the phone number to notify the transfer or request/send a payment via Bizum or Halcash.

  • d) Increase your security in the use of your Mobile Banking.

    Additionally, if you have enabled this permission on your device, we can implement additional controls to increase your security in the use of our Application.

3.2.3. Processing associated with the “Camera” permission.

If you grant us this permission on your device, you can use the following functionalities from Mobile Banking:

  • a) Video identification during client registration

    To manage your registration as a client and authenticate you online, you can authorize access to your device's camera.

    In this case, and as informed in section 2.2 “Category of personal data,” we may process biometric data associated with your image, always with your prior consent (consent separate from the camera access permission) and after informing you of all aspects of the processing of biometric data that will be carried out in this process.

  • b) Personalize your Mobile Banking profile.

    To personalize your Mobile Banking profile by including a photograph taken directly with your device's camera, we request your permission to access the camera. If you do not grant us permission, you can use this application functionality by uploading an image directly from your gallery.

  • c) Manage the payment of bills.

    To manage the payment of non-direct debited bills by capturing the barcode directly with the camera, we request your permission to access the device's camera. If you do not grant us permission, you can use this application functionality by manually entering the digits of your bill's barcode.

  • d) Upload documentation through your Mobile Banking.

    To provide your Branch with documentation required for the provision of your financial services (for example, a copy of your DNI, payslip, employment contract, or IRPF), you can upload it from your Mobile Banking by taking a photograph directly with your device's camera.

    If you do not grant us this permission, you can attach the required documentation by uploading a photograph or file directly from your gallery. By using this functionality, you are authorizing the application to access only the image or file you select from your gallery, which will be used solely to process your request.

    In any case, you can deliver the required documentation at any Branch of the Entity.

  • e) Increase your security in the use of your Mobile Banking.

    Additionally, if you have enabled this permission on your device, we can implement additional controls to increase your security in the use of our Application.

3.2.4. Processing associated with the “Phone” permission.

The application may request this permission in order to increase your security when using Mobile Banking, allowing us to collect information about whether you are making a call while using the application, as well as gather data from the SIM installed in your device; all for the purpose of enhancing your protection against social engineering attacks.

3.2.5. Processing associated with the “Mobile Data” permission.

In order to access your Mobile Banking Application using your device’s mobile data, we may require permission to access your mobile device’s data. This permission (unlike the other permissions mentioned) is authorized by default by the device itself; however, if your device version allows, you may withdraw it at any time, so that access to the Mobile Banking Application will only be possible via Wi-Fi network.

3.2.6. Processing associated with the “Location” permission.

If you grant this permission on your device, you will be able to use the following features from Mobile Banking:

  • a) Branch Locator.

    In order to offer you the integrated Branch Locator service in our Mobile Banking Application, we will request permission to access your device’s location, so we can show you the ABANCA branch offices available in your area at any given time.

  • b) Increase your security when using Mobile Banking

    To enhance your security when using Mobile Banking, we will request permission to access your location, which will allow us to implement additional controls both in the use and download of our Application.

    We will only process your location data at the time you download the application and access it, which enables us to implement additional controls to prevent fraud. Therefore, we will only access your location if you are using Mobile Banking and never in the background.

3.2.7. Processing associated with the “Biometric Identification” permission:

To increase your security when accessing Mobile Banking, if your device or the application version allows, we offer you the possibility to authenticate using your biometric pattern associated with your device. You must have previously activated biometric identification on your mobile device and, as informed in the conditions accepted on your own device, your biometric data (Face ID, fingerprint) remain on your device and under no circumstances can the Mobile Banking Application access this information. Thus, the only information we receive from your device is that authentication has been successful.

4. Who do we share your data with?

The application may share data with the entity Bizum S.L only if you voluntarily activate the Immediate Transfers Service provided by Bizum S.L in Mobile Banking.

By activating this service, you can, through Mobile Banking, send or request funds from other Users of the service immediately, using the beneficiary’s (or, where applicable, sender’s) mobile phone number as identification data, and under the terms and conditions of the Bizum service, which you must accept to activate this feature.

Thus, in order to manage the Bizum Immediate Transfers service, the application may share the following data with Bizum S.L:

  • Identification and contact data: name, surname, and mobile phone number

  • Financial data: only the IBAN of the account you select as the debit account or, where applicable, the beneficiary account for payment orders, as well as the amount and purpose of each transaction you carry out using the service.

Additionally, as detailed in section 3.2.2.c), and if you grant permission to access your contact list, we may share your contact data with Bizum so you can identify which of them are Bizum service users. Otherwise, we will provide Bizum with the phone number you manually enter as the beneficiary (or, where applicable, sender) of a payment order.

  • With your mobile phone operator through specialized technology providers for fraud prevention purposes and under the terms informed in section 3.1.2.

5. Is any international transfer planned?

Certain companies providing services to ABANCA are located outside the European Union, which involves International Data Transfers. In this regard, ABANCA guarantees the application of technical, organizational, and legal security measures appropriate to the risk level of the processing, regardless of the territory where it takes place.

Any data communication to third parties located in countries outside the European Economic Area (EEA) will be subject to an adequate level of protection that guarantees the security and legitimacy of the processing of your personal data, in accordance with the applicable regulations.

For more information about international data transfers, you can contact ABANCA’s Data Protection Officer at the following email address: privacidad@abanca.com

6. How long do we keep your data?

Your personal data will be kept for the duration of the contractual or pre-contractual relationship with ABANCA and, if you have given your consent for this purpose, will be retained after the contractual or pre-contractual relationship for a maximum period of 5 years. Once the contractual or pre-contractual relationship ends (or, where applicable, after the 5-year period), the data will be blocked in accordance with the applicable regulations, which means identifying and reserving the data, adopting technical and organizational measures to prevent its processing, except for the formulation, exercise, or defense of claims or for making it available to Judges and Courts, the Public Prosecutor’s Office, or competent Public Administrations, for the purpose of attending to or demanding possible responsibilities arising from the processing and only during the legal limitation periods. After these periods, your personal data will be deleted.

7. What are your rights?

Data protection regulations grant you a series of rights regarding the processing of your personal data:

  • Right of access. You can find out what type of data we are processing and the characteristics of the processing we are carrying out.

  • Right of rectification. You can request the modification of your data when it is inaccurate or incomplete.

  • Right of portability. You can obtain a copy in an interoperable format of the data being processed.

  • Right to restriction of processing. You can request the restriction of the processing of your personal data when any of the conditions set out in the law are met:

    • When you challenge the accuracy of your personal data, during the period in which ABANCA verifies its accuracy;
    • When the processing is unlawful but you oppose the deletion of your data;
    • When ABANCA does not need to process your data but you need it for the exercise or defense of claims; and
    • When you have objected to the processing of your data carried out for the fulfillment of a mission in the public interest or for the satisfaction of a legitimate interest while it is verified whether the legitimate grounds for processing prevail over yours.

  • Right of erasure. You can request the deletion of your data when the processing is no longer necessary.

  • Right to object. You can request that we do not process your personal data (e.g., to stop sending commercial communications about the entity’s products) and not be subject to decisions based solely on automated processing. Likewise, you can request the cessation of processing based on ABANCA’s legitimate interest, in which case we will stop processing your data unless we demonstrate compelling legitimate grounds for the processing that may prevail over your rights, or for the formulation, exercise, or defense of claims.

  • Right to withdraw consent given at any time.

  • Right to lodge a complaint with the supervisory authority (in Spain, the Spanish Data Protection Agency: https://www.aepd.es/You will be redirected to another website.

To exercise any of these rights, you must contact our Customer Service at the postal address: Rúa Nueva, 1 - Entreplanta, 15003, A Coruña; or by email at: atencioncliente@abanca.com.

We will process your request as quickly as possible and, in any case, within the legal period of one month from receipt of your request. This period may be extended by another two months if necessary, taking into account the complexity and number of requests. In this case, you will be informed of the extension within the first month from receipt of the request, indicating the reasons for the delay.

8. More information about data protection.

In this policy, we inform you about the specific processing of your data when using our Mobile Banking application. You can consult the customer privacy policy from our website (https://www.abanca.com/) in the “Legal and Security Aspects” section, located at the bottom of the website https://www.abanca.com/es/legal/politica-privacidad-clientes/informacion-adicional/.

9. Privacy Policy Modifications.

This policy will be reviewed and updated to comply with regulatory changes that occur at any time, or when new processing is carried out by ABANCA. For this reason, it is important that you periodically review its content. The date of last update is January 2025.

LEGAL NOTICE FOR THE APP CHAT SERVICE

This chat uses Generative Artificial Intelligence technology based on information provided by Abanca.

You must read these Terms of Use, which will always be available on the ABANCA website.

1. Purpose

The chat service is owned by ABANCA Corporación Bancaria, S.A. (ABANCA) and its sole purpose is to inform and assist the user regarding any questions related to their contracted or offered products and/or services by ABANCA, as well as to carry out non-transactional operations such as, for example, blocking and unblocking cards, or activating them. Keep in mind that this service is provided through technology that uses generative artificial intelligence, so the answers provided by the chat may not be up to date or may be incorrect and therefore this information will not be binding.

If you require and/or need personalized advice, we recommend you visit a branch in person or use other mechanisms and/or services that ABANCA makes available to users for these purposes, such as by phone.

The app chat service cannot be used to request transactional operations on ABANCA products or services, nor to contract products or services. ABANCA will never ask you for confidential information such as your PIN or passwords through the chat, so you must refrain from providing such information under any circumstances. Nor should you provide any information about third parties through the chat.

In any case, ABANCA reserves the right not to respond to queries you may raise if they do not correspond to or are not related to the purpose of the chat service.

2. User Obligations

  • You must use the chat service diligently and correctly and not use the service to carry out activities contrary to the Law, morality, public order, or accepted good customs, nor for illicit, prohibited, or harmful purposes or effects to the rights and interests of ABANCA or third parties, as well as not to carry out any use that in any way may damage, disable, overload, deteriorate, or impede the normal use of the Service.

  • You must not use inappropriate, offensive, derogatory, defamatory, or insulting expressions.

  • You must not provide confidential information or personal data of third parties through the chat.

If you breach the Terms of Use of the chat, ABANCA may automatically end the chat without prior notice.

3. Limitation of Liability

ABANCA does not guarantee that access to the chat service or its use will be uninterrupted or error-free. In this regard, ABANCA will not be liable for damages you may suffer from improper use of the Service, nor for outages, interruptions, absence, or defects in telecommunications. Likewise, it is the sole responsibility of the user to have an appropriate Internet connection.

ABANCA will not be responsible for your use of this service, so the user will, in any case, hold ABANCA harmless from any claim, judicial or extrajudicial, that may arise as a result of the user’s use of the service. ABANCA will not be liable for any damages of any kind that may arise from the information provided in the chat responses, nor for damages that may arise from confidential information or data you provide through the chat, nor for errors in certain operations such as blocking or unblocking cards due to misuse of the chat.

ABANCA will not be liable for any damages of any kind that may be due to impersonation of a third party by the user in any communication made through the Service.

The information provided by the chat service cannot be considered as advice, recommendation, or a determining element for the user’s decision-making, and ABANCA declines any responsibility for the use that may be made of it in this regard.

4. Industrial and Intellectual Property

The chat service is exclusively owned by ABANCA and is protected by Industrial and Intellectual Property regulations, and may not be exploited, reproduced, distributed, modified or transformed, assigned, publicly communicated, or any other form of dissemination or exploitation not expressly and specifically authorized by ABANCA.

Access to the Service does not grant the user any right or ownership over ABANCA’s industrial and intellectual property rights, except for the mere right to use the aforementioned service.

5. Modification and Deletion of the Service

ABANCA reserves the right to modify, either totally or partially, these Terms of Use of the Chat Service, as well as to include new conditions. You can consult the current conditions at any time in the section "Terms of Use of the Chat Service in the app".

ABANCA reserves the right to modify or delete the chat service for any reason and, in particular, when technical or operational difficulties arise due to circumstances beyond ABANCA’s control that, in its opinion, reduce or nullify the standard security levels adopted for the proper functioning of the Service.

ABANCA reserves the right to temporarily interrupt access to the chat service for website maintenance, installation of updates, content updates, technical or design improvements, or for any other reason it deems appropriate.

6. Applicable Law

In any case, the rules of the Spanish legal system will apply to the relationships established between the user and ABANCA.

7. Privacy

a. Who is responsible for processing your personal data?

It is ABANCA Corporación Bancaria, S.A., with NIF A70302039 and registered office at Cantón Claudino Pita 2, CP 15300, in Betanzos (A Coruña).

At ABANCA, we have a formally appointed Data Protection Officer, whom you can contact in writing, if necessary, at the email address privacidad@abanca.com

b. How do we obtain your personal data?

ABANCA will process the personal data it has as a result of your use of the chat to provide you with the aforementioned service.

c. Why do we process your personal data and under what legal basis?

The processing of your personal data is intended to provide you with the chat service in your Mobile Banking, providing the information you request, resolving the questions you ask us through the chat, and the queries or incidents that may arise from its use, as well as managing the available operations you request through the chat in each case.

Likewise, we will manage, process, and control the legal relationships that, as a result of using the chat, are established between ABANCA and the user.

The legal basis legitimizing the aforementioned processing is the development and execution of the chat service.

Additionally, the Participant is informed that they have additional information about the processing carried out by ABANCA Corporación Bancaria on their personal data by consulting the privacy policy on its website, as well as the data processing carried out by the ABANCA app in the app privacy policy.

d. To whom will we communicate your personal data?

When necessary to achieve the purposes referred to in the previous section, your data may be communicated to Public Administrations, under the terms established by current regulations, exclusively if such data communication is required.

Outside the cases referred to above, your personal data will not be communicated to any third party, unless there is a legal obligation applicable to ABANCA.

e. Is any international transfer of your personal data planned?

No international transfer of your personal data is planned to achieve the purposes indicated above.

f. How long do we keep your personal data?

The personal data obtained by using the app chat service will be kept for the time necessary to fulfill the purposes indicated above.

Once these purposes have been fulfilled, the data will be blocked in accordance with the regulations, which means they will only be available for the formulation, exercise, or defense of claims or at the request of Judges and Courts, the Public Prosecutor’s Office, or competent Public Administrations during the legal limitation periods (generally, 5 years, which is the limitation period for personal actions). After these periods, the data will be deleted.

g. What are your rights?

You may exercise your rights of access, rectification or erasure, restriction of processing, objection, and portability, by written communication addressed to our Customer Service at the postal address: Rúa Nueva 1 - Entreplanta, C.P 15003, A Coruña, or by email atencioncliente@abanca.com. Likewise, we inform you that you have the right to file a complaint with the Spanish Data Protection Agency (www.aepd.es), if you believe your rights have been violated.

The date of last update is March 2026