INFORMATION ABOUT DATA PROTECTION

1. Who is the Personal Data Controller?

The Controller of your personal data is Bankinter, S.A. – Sucursal em Portugal (“Bankinter”) branch in Portugal of Bankinter, S.A., with registered office at Paseo de la Castellana, 29. 28046 Madrid and Portuguese branch at Praça Marquês de Pombal, nr. 13, 2.º floor, 1250-162 Lisbon, registered in the Commercial Register Office of Lisbon and holder of taxpayer number 980 547 490.

Bankinter has appointed a Data Protection Officer who can be contacted at the following e-mail address: privacidade.pt@bankinter.com.

2. For what purposes are data processed?

Mandatory processing

Customer's data will be processed for the purpose of managing the products and services he/she requests or acquires with the Bank. Data protection regulations oblige us to maintain your identifying data updated, along with any other that are necessary for correctly performing of the contract, so when it is deemed necessary, your data may be updated with information from public sources (public records, register, etc.) and with any sources you may have expressly made public (social networks).
Bankinter may also process your personal data to comply with any of its legal obligations, particularly its obligations with regards to banking sector regulations and money-laundering regulations, among others.

a) Prevention of money laundering and the financing of terrorism.

In order to prevent money laundering and the financing of terrorism, we are obliged to:
- Declare monthly in the File of Database of Accounts under management of the Bank of Portugal the information that, in each moment, is required in accordance with the legislation and regulations in force.
- Provide information on payment transactions to the authorities or official bodies in other countries, both members or non-members of the European Union, in the context of combating money laundering and terrorism financing and serious forms of organised crime and the prevention of money laundering. Financial institutions are also generally obliged to adopt adequate measures for the prevention, investigation and detection of  fraud.
- Amongst other types of processing, complying with these legal obligations and the legitimate interest of the bank in preventing, investigating and detecting fraud may involve the transferring of personal data to companies of Bankinter Group for these purposes.

b) Information to Central Credit Register of Bank of Portugal.

- Bankinter is obliged to declare to Central Credit Register of Bank of Portugal (CRC)  the data required for identifying people with whom it, directly or indirectly, maintains credit risks, as well as the characteristics of these people and risks, specifically including those which affect the amount and the possibility for recovery.

c)  Notifying and consulting solvency and credit files.

- If you have a verified, overdue and enforceable debt with the Bank, which was not paid within the prescribed period, Bankinter may disclose this information of non-payment in financial solvency and credit files .
- If it is necessary to analyse your economic solvency, we will check your data in the financial solvency and credit files for the sole purpose of analysing the economic viability of any products and/or services that involve granting credit or deferred payment.

Voluntary processing

Your personal data may also undergo other processing that is unrelated to the need to perform a contract or to comply with a legal obligation. This processing will be voluntary, so you may oppose or refuse to consent to it.
Provided you do not oppose to it, and it can be reasonably foreseen, you may receive, through any channel of communication (including electronic means), information about products or services that, being similar to those that you have acquired with us, may be of interest to you and that Bankinter sells within its business activities. The Bank's legitimate interest will respect your Fundamental Rights at all times. This authorisation will remain in force until one year has elapsed from when your contractual relationship with the Bank has ended.

When you have provided your consent to receive, through any channel of communication (including electronic means), information about other products or services that are not similar  to the ones you have with us, which may be offered by Bankinter, by any Bankinter Group company or its subsidiary or investees, or by entities with whom Bankinter Group has entered into partnership agreements, whose activities include, among others, the telecommunications and Internet sectors, financial and insurance services, home equipment and assistance, automation and associated, leisure, restaurant sector, the hotel sector, travel and electronics. This authorisation will remain in force until one year has elapsed from when your contractual relationship with the Bank has ended.

If you have already provided your consent, your personal data may be transferred to Bankinter Group companies and their subsidiary or investees, so that they can contact you to inform you about products and services that these companies sell, both generically and in a customised way, adjusting the offers to your needs, likes and preferences, and so that they can use your data to monitor, control and analyse the risk on the products and services acquired. You may obtain further information on the companies that form part of  Bankinter Group at www.bankinter.com, on the 'web corporativa' option, selecting the 'Corporate Gob' tab and then the 'Investees and Subsidiaries’ Section.

How do we adjust the offers to your needs, likes and preferences?
Before sending you any commercial information, provided you do not oppose to it, your personal data will be analysed to create a profile so that the business notices are adjusted as closely as possible to your needs, likes and preferences. This analysis may take into account the data that you have provided and that which the Bank has obtained as a consequence of your contractual relationship, your demographic data, data about other products that you have acquired from the company, your transactions and/or savings capacity.
Occasionally, and provided you have given your consent, these profiling techniques will be enriched with information obtained from sources accessible to the public or with data that you have expressly made public (including social networks) or obtained from other companies.
Bankinter uses anonymised data to create predictive behavioural models both in designing its sales offers and in creating and designing new products.

How long your data will be processed?
Customers' personal data will be stored for as long as necessary for providing the services included in this contract. As soon as they are no longer necessary for this purpose, the data will be stored, but limited its processing for the period for which they may be required for the carrying out, or defence in administrative or legal actions, and they may only be unblocked and processed again for this purpose. Once this period has elapsed, the data will be cancelled definitively.
If we have your authorisation, we will store your data once your contractual relationship with the Bank has ended, for a maximum period of one year, in order to send you business notices.

3. What are the legitimate grounds for data processing? Authentication for processing

The legal basis for fulfilling the purpose included in Section 2 above as 'mandatory processing' will be the performance of a contract or the fulfilment of applicable legal obligations. Any refusal to supply the personal data requested, or the submission of inaccurate or incomplete data, could render impossible to properly provide you the contracted service. Customers are responsible for ensuring the truthfulness of the data provided, and for notifying Bankinter of any modification to the same.

The legal basis for processing carried out for the purpose of sending you business notices about products or services that, being similar to ones you have already acquired, may be of interest to you, and which Bankinter is interested in selling, will be the legitimate interest of the controller or third party. For this reason, you may oppose to this processing when you provide your data or at any later time.

The legal basis for the processing carried out for the purpose of sending you business notices about other products or services that are not similar to those you have acquired, and which are provided by Bankinter, by any company in the Bankinter Group or by companies with whom Bankinter Group has entered into partnership agreements, will be the consent that you may have provided.

The legal basis for transferring your data to Bankinter Group companies and its subsidiary or investees, including the processing required for customising the corresponding offers, will be the consent that you may have provided.

The legal bases for processing relating to the profiling required to adjust the business notices to your needs, likes and preferences as closely as possible, are those indicated in the section entitled 'How do we adjust the offers to your needs, likes and preferences?'

The provisions set out in this document will never be subject to your required consents for voluntary processing. In any case, we remind you that if you have provided your consent, you have the right to withdraw it at any time without this having any consequence on the services or products you have acquired or of which you are a beneficiary.

If you have any question related with the purposes for processing your personal data or its legitimacy, you may contact the Data Protection Officer. You will find the information and contact details in Section 1 above, entitled “Who is the Personal Data Controller?”

4. Who will receive your data?

Your personal data may be transferred to public administrations, authorities and bodies, including courts, Bankinter Group companies and third parties, when required by the applicable legislation or when it is necessary to prevent, investigate and detection fraud or for the correct management of the products and services contracted. Your data may also be transferred to entities engaged in managing credit information systems or similar.

If you have specifically given your consent, your data may be transferred to Bankinter Group companies and its subsidiary or investees, so they can inform you about products or services offered by these companies, both generically and in a customised manner.

Service providers contracted by, or whom may be contracted by Bankinter and who are processors, may also have access to your personal data. You can check the list of provider categories by going to the following link www.bankinter.pt/privacidade/fornecedores.

5. Which rights you have in relation to the processing of your data?

You may exercise your rights to access, rectification, cancellation, opposition, restriction of processing and data portability in the cases and scope established by the regulation in force each time.

If you have provided your consent, you also have the right to withdraw it and to oppose processing for commercial purposes based on the legitimate interest of the controller or a third party.

To exercise these rights, you can contact Bankinter through any of the following channels:

- Through Telephone Banking service (707 50 50 50 or +351 211 112 346 outside from Portugal).
- Through your branch office.
- Sending a letter to Bankinter, S.A. – Sucursal em Portugal, A/C Contas e Clientes, Av. Colégio Militar, Torre Oriente n.º 37-F, 1500-180 Lisboa
- Through the website: www.bankinter.pt  (when available)
Please also be informed of your right to submit a complaint to the Portuguese Data Protection Authority (“Comissão Nacional de Protecção de Dados”).

6. How we obtain your data?

The personal data processed by Bankinter are provided by you when you contract the services described in this contract, other contracts that you may entered into Bankinter and the data deriving from using the services.

Data protection regulations oblige us to maintain your identifying data updated, along with any other that are necessary for correctly performing of the contract, so when it is deemed necessary, your data may be updated with information from public sources (public records, register, etc.) and with any sources you have expressly made public (social networks).

Furthermore, when we have your consent, your personal data will be enriched with data from sources accessible to the public or from othe r companies to be able to create and customise offers and adapt them to your needs, likes and preferences.