A. Data Controller
Compañía Española de Seguros de Crédito a la Exportación, S.A., Compañía de Seguros y Reaseguros (SME), with registered address at Velázquez, 74, 28001, Madrid (Spain). Email address: firstname.lastname@example.org.
Additionally, you are informed that CESCE has a Data Protection Delegation that can be contacted at the following address:email@example.com.
You guarantee the veracity of the personal data provided to CESCE. Furthermore, CESCE may periodically request the review and update of the personal data maintained about you.
B. Aims and legitimising bases
Below, the different aims for which we process your personal data and the bases that give the processing legitimacy are described:
- i. Legitimacy by the application of pre-contractual measures:
- a. To manage and assess an application for insurance or for the management of credit risk, including the taking of automated individual decisions via the assessment and evaluation of your personal data so as to determine the acceptance and/or denial of your application in accordance with the provisions of article 22.2a of Regulation (EU) 2016/679 on General Data Protection.
- b. To specify, based on the information provided by you, your demands and requirements or those of the company you represent, and to offer the insurance or credit risk product or service best suited to the same.
- ii. Legitimacy by compliance with a legal obligation:
- a. To conduct the assessment, selection and pricing of risks associated with the contracting of the insurance requested in accordance with article 99.1 of Law 20/2015, of 14 July, on the regulation, supervision and solvency of insurance and reinsurance companies.
- b. To communicate information to public regulatory authorities and governmental bodies in those cases in which it is necessary to do so by law, local regulation or in compliance with regulatory obligations.
- iii. Legitimacy by legitimate interests of CESCE:
- a. To prevent possible fraud arising from the contracting of insurance, for which the actions that are reasonably necessary may be conducted with the aim of detecting the existence of possibly fraudulent information, or inaccurate, incorrect or incongruent data.
- b. To consult information files on solvency and creditworthiness when required so as to judge the financial solvency of the affected in accordance with the applicable regulations on the matter.
- c. To communicate your personal data to other companies in the CESCE Group for internal administrative reasons, including the processing of personal data of clients and employees.
- iv. Express consent:
- a. To conduct marketing and/or advertising actions or communications, by any medium, including by electronic communications or equivalent, about products and services offered by CESCE or third parties.
C. Recipients of the data
CESCE may communicate your personal data under the terms described in the previous section B. Aims and legitimising bases to the following bodies:
- i. CESCE Group companies
- ii. Competent public bodies and authorities, when CESCE has the legal obligation to provide them.
- iii. Solvency and creditworthiness lists.
- iv. Furthermore, CESCE relies on the collaboration of some third party service providers that have access to your personal data and that process this data in the name of and on behalf of CESCE as a consequence of their provision of services, such as financial institutions, collection agencies, lawyers or insurance distributors.
D. Origins of the data
CESCE obtains your personal data from the following sources:
- i. The information that You provide us in the processing of your application or at trade fairs, institutional activities and other events.
- ii. Publicly available information sources, such as newspapers or official bulletins, public records and Public Administration decisions.
- iii. State Security Bodies and Forces, Records of Organisations and Institutions for the detection and prevention of fraud.
Specifically, the data that we process includes the following categories: identifying data, corporate data, economic data and commercial information obtained from public access sources and others legally organised for the assessment, underwriting and management of credit and claim risk. No specially protected personal data is obtained from third parties.
E. International transfers
We inform you that CESCE may rely on service providers located outside the European Economic Area. In these cases, the company demands that these recipients comply with the established measures designed to protect personal data in a binding contract, except in cases in which the European Commission has determined that the country where the recipient is located provides an appropriate level of personal data protection. The client may obtain a copy of the measures demanded by CESCE by contacting the Data Protection Delegation (“DPD”) at the address indicated at the end of clause A.
F. Retention of personal data
Your personal data will be retained throughout the duration of the contractual relationship between You or the Company that you represent and CESCE.
On the termination of the same, your personal data will be deleted once all the necessary actions for the management and completion of any obligation that may remain between the parties have been competed, all necessary administrative management being completed in this time, except in those cases where You have provided your consent to send you marketing communications once the contractual relationship is terminated.
Notwithstanding the above, your data will be retained, duly blocked, while liabilities may arise from the execution of the contract, as well as for compliance with other legal obligations falling to CESCE.
In this respect, CESCE guarantees that it will not process the data except where necessary in the formulation, exercise or defence of claims, or when it is required so as to provide the same to the Public Administration, Judiciary and Courts during the prescription period of your legal rights and obligations.
G. Data protection rights
We inform you that in accordance with the current legislation, you have the right to exercise your rights of access, rectification, cancellation and opposition, as well as the right to deletion, of limitation of processing and the right to the portability of your data, authenticating your identity (by means of a copy of your ID Card or equivalent) at the following address. Compañía Española de Seguros de Crédito a la Exportación, S.A., Compañía de Seguros y Reaseguros (SME), Velázquez, 74, 28001, Madrid (Spain), or to the following email firstname.lastname@example.org.
You can obtain more information about your rights by addressing yourself to the Spanish Data Protection Agency (AEPD), before whom you have the right to present a claim in the event that you consider your rights have not been respected, located at Jorge Juan, 6, 28001, Madrid.