A. Data Controller
Compañía Española de Seguros de Crédito a la Exportación, S.A., Compañía de Seguros y Reaseguros (SME), with registered address at Velázquez, 74, 28001, Madrid (Spain). Email address: firstname.lastname@example.org.
Additionally, you are informed that CESCE has a Data Protection Delegation that can be contacted at the following address: email@example.com.
B. Aims and legitimising bases
Below, the different aims for which we process your personal data and the bases that give the processing legitimacy are described:
- i. Legitimacy by compliance with a legal obligation:
- a. To manage the resolution of complaints and conflicts that may arise between policy holders, insurers, beneficiaries, third parties prejudiced or rights-holders of any of them and CESCE in accordance with article 97 of Law 20/2015, of 14 July, on the regulation, supervision and solvency of insurance and reinsurance companies.
- b. To communicate information to public regulatory authorities and governmental bodies in those cases in which it is necessary to do so by law, local regulation or in compliance with regulatory obligations.
- ii. Legitimacy by legitimate interests of CESCE:
- a. To commercially verify the commercial operation, manage the credit risk and claim payment of the credits within the framework of the contract underwritten by CESCE with its client.
- b. Assess and, if applicable, underwrite the credit risk.
- c. To prevent possible fraud arising from the contracting, for which the actions that are reasonably necessary may be conducted with the aim of detecting the existence of possibly fraudulent information, or inaccurate, incorrect or incongruent data, which includes the commercial verification of the invoice provided by our Client that accredits the services provided to You with the aim of issuing a liquidity certificate.
- d. To process the claim reported by our clients, for which CESCE may make an extrajudicial and/or judicial claim for the unpaid credit.
C. Recipients of the data
CESCE discloses your personal data to:
- i. CESCE Group companies for the following reasons:
- a) To provide certain services within the framework of the contractual relationship maintained between CESCE and the Client.
- b) To manage the credit risk and claim payment of the same by CESCE Group companies whose legal purpose is the insurance of these risks or providing auxiliary or complementary insurance services.
- c) Compliance with legal obligations.
- ii. Competent Public Bodies, Revenue Agency, Judiciary and Courts, when CESCE has the legal obligation to provide them.
- iii. Solvency and creditworthiness lists.
- iv. Furthermore, CESCE relies on the collaboration of some third party service providers that have access to your personal data and that process this data in the name of and on behalf of CESCE as a consequence of their provision of services, such as financial institutions, collection agencies, lawyers or insurance distributors.
D. Origins of the data
CESCE obtains your data from the following sources:
- i. The information that our Client provides to CESCE when contracting and maintaining an insurance or other contract for the management of the commercial risk.
- ii. Open information sources, such as newspapers or official bulletins, public records, and Public Administration decisions.
Specifically, the data that we process includes the following categories: identifying data, corporate data, economic data and information obtained from public access sources and others legally organised for the assessment, underwriting and management of credit and claim risk.
E. International transfers
We inform you that CESCE may rely on service providers located outside the European Economic Area. In these cases, the company demands that these recipients comply with the established measures designed to protect personal data in a binding contract, except in cases in which the European Commission has determined that the country where the recipient is located provides an appropriate level of personal data protection. The client may obtain a copy of the measures demanded by CESCE by contacting the Data Protection Delegation (“DPD”) at the address indicated at the end of clause A.
F. Retention of personal data
Your personal data will be retained until the completion of all the actions necessary for the management of the credit risk, as well as while it is required by CESCE for compliance with contractual or legal obligations.
G. Data protection rights
We inform you that in accordance with the current legislation, you have the right to exercise your rights of access, rectification and opposition, as well as the right to deletion, of limitation of processing and the right to the portability of your data, authenticating your identity (by means of a copy of your ID Card or equivalent) at the following address Compañía Española de Seguros de Crédito a la Exportación, S.A., Compañía de Seguros y Reaseguros (SME), Velázquez, 74, 28001, Madrid (Spain), or at the following email firstname.lastname@example.org.
You can obtain more information about your rights by addressing yourself to the Spanish Data Protection Agency (AEPD), before whom you have the right to present a claim in the event that you consider your rights have not been respected, located at Jorge Juan, 6, 28001, Madrid.