A. Data Controller
Compañía Española de Seguros de Crédito a la Exportación, S.A., Compañía de Seguros y Reaseguros (SME), with registered address at Velázquez, 74, 28001, Madrid (Spain). Email address: firstname.lastname@example.org.
Additionally, you are informed that CESCE has a Data Protection Delegation that can be contacted at the following address: email@example.com.
You guarantee the veracity of the personal data provided to CESCE. Furthermore, CESCE may periodically request the review and update of the personal data maintained about you.
B. Aims and legitimising bases
Below, the different aims for which we process personal data provided to CESCE and the bases that give the processing legitimacy are described:
- i. Legitimacy by the execution of the contract entered into with CESCE:
- a. To manage, maintain and control the contractual relationship, including the management of enquiries and claims to the customer services department, as well as the payment of the premiums and the processing of modifications and extensions.
- b. To verify the operations subject to insurance, as well as manage the credit risk and claim the payment of the same, whether they are secured or unsecured credits.
- c. To conduct necessary communications concerning the products and services provided or marketed by CESCE in the framework of this contract, with the aim of informing you about the situation of the same and the tools that CESCE places at your disposal.
- ii. Legitimacy by compliance with a legal obligation:
- a. To manage the resolution of complaints and conflicts that may arise between policy holders, insurers, beneficiaries, third parties prejudiced or rights-holders of any of them and CESCE in accordance with article 97 of Law 20/2015, of 14 July, on the regulation, supervision and solvency of insurance and reinsurance companies.
- b. To communicate information to public regulatory authorities and governmental bodies in those cases in which it is necessary to do so by law, local regulation or in compliance with regulatory obligations.
- c. To keep the accounting ledgers demanded by the Code of Commerce and other applicable provisions, as well as the records of the accounts, claims, technical provisions, investments, reinsurance contracts and of policies, supplements and cancellations issued, in accordance with article 96 of Royal Decree 1060/2015, of 20 November, on the regulation, supervision and solvency of insurance and reinsurance companies.
- iii. Legitimacy by legitimate interests of CESCE:
- a.To conduct marketing and/or advertising actions or communications, by any medium, including via electronic communications or equivalent, related to products or services similar to those contracted by You of the Company you represent with CESCE, in accordance with article 21.2 of Law 34/2002, of 11 July, on information society and e-commerce services.
- b. To conduct satisfaction surveys related to the product or service contracted by You or the Company you represent and the services provided by CESCE, with the aim of assessing your satisfaction with the same, in order to improve processes and services linked with the compliance of CESCE with obligations pursuant to this contract.
- c. To prevent possible fraud arising from the contracting, for which the actions that are reasonably necessary may be conducted with the aim of detecting the existence of possibly fraudulent information, or inaccurate, incorrect or incongruent data.
- iv. Legitimacy by express consent:
- a. To conduct marketing and/or advertising actions or communications, including after the termination of the contractual relationship, by any medium, including via electronic communication of equivalent, about products or services different from those contracted to CESCE, whether they are offered by CESCE or other companies i the CESCE Group or by third parties that are complementary to the insurance and the management of the credit risk and
- b. To disclose your personal data and any information that CESCE possesses to other companies in the CESCE Group and other third parties dedicated to the provision of credit management services so that these may send you marketing information about their products and services.
C. Recipients of the data
CESCE may communicate the personal data under the terms described in the previous section B. Aims and legitimising bases to the following bodies:
- i. CESCE Group companies for the following reasons:
- a) To provide certain services within the framework of the contractual relationship maintained between CESCE and You or the Company you represent.
- b) For internal administrative reasons, including the processing of personal data of clients and employees.
- c) Compliance with legal obligations.
- ii. Competent Public Bodies, Revenue Agency, Judiciary and Courts, when CESCE has the legal obligation to provide them.
- iii. Solvency and creditworthiness lists.
- iv. Furthermore, CESCE relies on the collaboration of some third party service providers that have access to your personal data and that process this data in the name of and on behalf of CESCE as a consequence of their provision of services, such as financial institutions, collection agencies, lawyers or insurance distributors.
D. Origins of the data
CESCE obtains your data from the following sources:
- i. The information that You or the Company that you represent provides us on entering into the contract and during the development of the same or at trade fairs, institutional activities and other events.
- ii. Publicly available information sources, such as newspapers or official bulletins, public records, and Public Administration decisions.
- iii. State Security Bodies and Forces, Records of Organisations and Institutions for the detection and prevention of fraud.
Specifically, the data that we process includes the following categories: identifying data, corporate data, economic data and commercial information obtained from public access sources and others legally organised for the assessment, underwriting and management of credit and claim risk. No specially protected personal data is obtained from third parties.
E. International transfers
We inform you that CESCE may rely on service providers located outside the European Economic Area. In these cases, the company demands that these recipients comply with the established measures designed to protect personal data in a binding contract, except in cases in which the European Commission has determined that the country where the recipient is located provides an appropriate level of personal data protection. The client may obtain a copy of the measures demanded by CESCE by contacting the Data Protection Delegation (“DPD”) at the address indicated at the end of clause A.
F. Retention of personal data
Your personal data will be retained throughout the duration of the contractual relationship between You or the business that you represent and CESCE.
On the termination of the same, your personal data will be deleted once all the necessary actions for the management and completion of any obligation that may remain between the parties have been competed, all necessary administrative management being completed in this time, except in those cases where You have provided your consent to send you marketing communications once the contractual relationship is terminated.
Notwithstanding the above, your data will be retained, duly blocked, while liabilities may arise from the execution of the financing contract, as well as for compliance with other legal obligations falling to CESCE.
In this respect, CESCE guarantees that it will not process the data except where necessary in the formulation, exercise or defence of claims, or when it is required so as to provide the same to the Public Administration, Judiciary and Courts during the prescription period of your legal rights and obligations.
G. Data protection rights
We inform you that in accordance with the current legislation, you have the right to exercise your rights of access, rectification and opposition, as well as the right to deletion, of limitation of processing and the right to the portability of your data, authenticating your identity (by means of a copy of your ID Card or equivalent) at the following address Compañía Española de Seguros de Crédito a la Exportación, S.A., Compañía de Seguros y Reaseguros (SME), Velázquez, 74, 28001, Madrid (Spain), or at the following email firstname.lastname@example.org.
You can obtain more information about your rights by addressing yourself to the Spanish Data Protection Agency (AEPD), before whom you have the right to present a claim in the event that you consider your rights have not been respected, located at Jorge Juan, 6, 28001, Madrid.