Privacy policy

Privacy policy

Privacy Policy ImaginersGen S.A.

1. HOW WE PROCESS YOUR PERSONAL DATA

To manage your relationship with us, at Imaginersgen, S.A. (hereinafter “IMAGIN”) we will process your personal data for various purposes while respecting your rights and acting with utmost transparency.

In this Privacy Policy, which you can access at any time at www.imagin.com/en/privacy-policy, you can find full details on how we will use your data. Alternatively, you can ask for a hardcopy of the policy at any of our branches.

The processing of your data may vary depending on the type of customer you are.

There are two possibilities:

  • Imagin Customer: you will be one when you register in our mobile app (“Imagin app”) with a name, phone number and email address. In this case, this privacy policy will apply to you (processing detailed in section 6).
  • ImaginBank Infinity Customer: ou will be one when you register in the Imagin app and also open a current account. In this case, this privacy policy and its processing will also apply to you, as well as CaixaBank’s privacy policy. ImaginBank is a trademark of Caixabank, the company with which you will open your current account. From now on, when we mention imaginBank we will be referring to Caixabank S.A. You can see CaixaBank’s privacy policy on its website or via the following link: www.caixabank.es/particular/general/privacy-policy.html

The main regulations that govern how we process your personal data are:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the GDPR).
  • Law 3/2018, of 5 December on the Protection of Personal Data and the guarantee of digital rights (hereinafter LOPD). This policy is based on the privacy and data protection principles approved by CaixaBank’s Board of Directors which you can view on the website www.caixabank.com/en/shareholders-investors/corporate-governance/corporate-documents.html

 

2. WHO PROCESSES YOUR DATA

Data controller: The controller of your personal data in your interactions with us (“Contractual Relations”) is IMAGIN (ImaginersGen, S.A.), with Tax ID number (NIF) A-61363339 and registered address at Carrer de l’Estany 1-11, Barcelona.

Joint data controllers: In some processing operations, we will process your data jointly with other companies. We will decide on the purposes and means used together with them, and are therefore joint controllers for such processing.

The processing operations in which CaixaBank will process your data jointly with other companies are described in detail in section 7 “JOINT PROCESSING WE WILL CARRY OUT INVOLVING IMAGINBANK IMAGINITY CUSTOMERS”.

You can see the list of joint controllers and key details regarding these processing operations at www.caixabank.es/empresasgrupo.

 

3. DATA PROTECTION OFFICER

IMAGIN and the CaixaBank Group companies have appointed a Data Protection Officer who will deal with any matters related to the processing of your personal data and the exercising of your rights.

You can contact the Data Protection Officer to send your suggestions, queries or claims at: www.caixabank.com/dataprotectionofficer.

 

4. EXERCISING RIGHTS AND FILING COMPLAINTS THROUGH THE SPANISH DATA PROTECTION AUTHORITY (AEPD)

You can exercise your rights to access, rectification, object to processing, erasure, restriction, data portability, withdraw consent and not be subject to automated decision-making as permitted by law. /p>

You can exercise these rights through any of the following channels:

  • by using the options available in the SETTINGS area of the Imagin app;
  • at our CaixaBank branches open to the public;
  • by emailing [email protected]; and
  • by sending a letter to Apartado de Correos no. 209, 46080 Valencia.

Additionally, if you have any complaints related to the processing of your data, you can send them to the Spanish Data Protection Authority (www.agpd.es). Don’t worry if you are an imagin or imagin infinity customer. Since all the companies are part of the CaixaBank Group, any right you wish to exercise or claim you send will be answered regardless of the type of customer you are.

 

5. DATA PROCESSED

The types of information used in the different processing operations described in this Privacy Policy are specifically detailed in each of the processes explained in Section 6.

 

6. HOW WE PROCESS THE DATA OF IMAGIN CUSTOMERS

The processing we will perform with your data varies and has a range of purposes and legal bases.

As an imagin customer, we will process your data as follows:

  • Processing required for Contractual Relations.
  • Processing required to comply with regulatory obligations.
  • Processing based on IMAGIN’s legitimate interest.

In addition to the processing operations described below, we may carry out specific processing operations not covered by this policy. These processing operations may be performed to meet your requests for products or services. We will provide you with detailed information about these processing operations when you make the specific request.

 

6.1 PROCESSING REQUIRED FOR CONTRACTUAL RELATIONS

This processing is necessary to manage the contracts you request from us or to which you are a party. It is also necessary to apply, if you request it, pre-contractual measures. We will do so based on Article 6(1)(b) of the General Data Protection Regulation (GDPR).

This processing is necessary so that you can enter into and maintain your contracts with us. If you do not want us to carry out this processing, we will have to end this relationship, or you will not be able to enter into the relationship if it is not already in place.

The processing operations required to manage your contracts are set out below. For each item, we will indicate: the purpose, the type of data processed, information on profiling, other relevant information about the processing and whether the processing is carried out jointly with other companies in the CaixaBank Group.

A. Signing, maintenance and performance of Contractual Relations.

Purpose: The purpose of this data processing is to enter into and maintain the Contractual Relations between you and us. This means that Imagin will process your data to:

  • Manage your requests and instructions.
  • Carry out procedures prior to your contract being signed (known as “pre-contractual relations”).
  • Put in place measures to ensure compliance with your contracts with CaixaBank.

The processing operations involved in signing, maintaining and performing the Contractual Relations are:

  • Collecting and registering the data and documents needed for you to purchase the products or services requested.
  • Managing the products and services you have taken out with us. This includes attending to your operational enquiries, handling incidents, recording and verifying accounting entries for payments and charges relating to your products, and sending operational communications. It also involves all the necessary steps to meet the commitments made when taking out specific products or services. These may be loyalty schemes, fee or interest discounts and specific offers.
  • Checking and confirming the ownership of your accounts when there are requests for direct debits and payments from service or utility companies with which you have or will have a commercial relationship. This prevents any adverse effects arising from errors in the direct debit arrangements for these payments.
  • Handling applications for access to prize draws, promotions, events and newsletters.

Data processed: The data we will process for this purpose are:

  • Identification and contact details: Name, email address and telephone number.
  • Basic financial data: payment history for products and services.
  • Contract details: the products and services you have with us or third parties or have requested.
  • Details of our communications with the data subject:: data obtained in chats, phone calls or any other equivalent means of communication.

Other relevant information: Once you have contracted any products or services (leisure, mobility, travel, financing, insurance, etc.) from third-party companies, your data will be processed by said company, as agreed upon.

When you benefit from our special offers or discounts, your data will also be processed by the companies that offer them (for example, when you benefit from Booking discounts from the application).

Application or monitoring of commitments, discounts or preferential conditions: if you take out a product or service which requires you to meet certain requirements, we will process your data as necessary to check that you continue to meet these requirements. Furthermore, if there are other joint account holders in your accounts, please note they may indirectly become aware of information concerning your compliance with these requirements.

For example, if you take out a product or service which makes you eligible for discounts because you belong to a professional group, such as healthcare or law enforcement personnel, or because your salary is paid through us, we will check throughout the term of the contract that you are still a member of this group. You should be aware that if you share accounts with other people, they may learn that you meet the requirements when they see the discounts applied to your account, or that you no longer meet them if you stop receiving the discounts.

Finally, when you are an imaginBank customer and access your banking information and manage your financial products and services through our app, remember that ImaginBank is the data controller.

Data Controller: The data controller in this case is IMAGIN. This processing is not done with another controller.

 

6.2 PROCESSING REQUIRED TO COMPLY WITH REGULATORY OBLIGATIONS

This processing of personal data is necessary to comply with a legal obligation to which we are subject as set out in Article 6(1)(c) of the General Data Protection Regulation (GDPR).

We need to process your data so that you can enter into and maintain your contracts with us. If you do not want us to carry out this processing, we will have to end this relationship, or you will not be able to enter into the relationship if it is not already in place.

The types of processing required to satisfy the regulatory requirements are listed below. For each item, we will indicate: a description of the purpose, the type of data processed, information on profiling, other relevant information about the processing and whether the processing is carried out jointly with other companies in the CaixaBank Group.

A. Processing for handling complaints and claims.

Purpose: The purpose of this processing is to handle queries, complaints and claims submitted to IMAGIN.

Furthermore, Law 3/2018 of 5 December on the Protection of Personal Data and the guarantee of digital rights requires the data controller (in this case IMAGIN) to handle any complaints submitted to its Data Protection Officer and respond to any data protection rights exercised by data subjects.

The following processing operations are carried out to comply with regulations on the processing of complaints and claims:

  • Receiving complaints and claims submitted to Customer Service
  • Responding to complaints and claims within the established time frame

Purpose: Handling enquiries and complaints made to Imagin in accordance with applicable regulations.

Data protection regulations also require us to handle any complaints you may make to our Data Protection Officer and manage any requests to exercise your data protection rights.

Accordingly, Imagin will process your data to:

  • Receive your complaints and claims in Customer Service.
  • Reply to you within the specified timeframe.
  • Handle requests concerning your personal data and any enquiries you make to Imagin’s Data Protection Officer.
  • Cooperate with supervisory authorities such as the Spanish Data Protection Authority.

Data processed: The data that we will process for this purpose are:

  • Identification and contact details: full name, sex, telephone and email contact information, address of residence, nationality and date of birth, language choice, identification document.
  • Contract details: products and services signed up for or requested.

Data Controller: The data controller in this case is IMAGIN. This processing is not done with another controller.

 

6.3 PROCESSING BASED ON IMAGIN’S LEGITIMATE INTEREST

The legal basis of this processing is the legitimate interest pursued by IMAGIN or a third party, provided that these interests do not take precedence over your interests, or your fundamental rights and freedoms, as per Article 6(1)(f) of the GDPR.

This processing will imply that we have considered your rights and our legitimate interest and we have concluded that the latter prevails. Otherwise, we would not process the data. You can ask about the analysis that is done to weigh the legitimate interest of a processing operation at any time by emailing your enquiry to [email protected].

We also remind you that you have the right to object to processing based on a legitimate interest. You can do this simply and free of charge through the channels indicated in Section 4.

This processing is indicated below, from (A) to (B). For each item, we will indicate: IMAGIN’s Legitimate Interest (IMAGIN’s legitimate interest), a description of the purpose (Purpose), the data processed (Data processed), if applicable, information on the use of profiling (Use of profiling), other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).

A. Preparation of management reports and mathematical models.

Legitimate interest: Organising and improving our business operations as efficiently as possible. To achieve this, we need to create mathematical algorithms which help us analyse information using advanced methods.

Purpose: Creating and maintaining statistical and mathematical algorithms and models. These enable us to perform complex calculations and analyses which allow us to apply the processing operations described in this policy.

Data type: We use the data already identified in each processing operation. Wherever possible, we apply techniques to ensure that the data cannot be linked to an individual (anonymisation or pseudonymisation). This enables us to ensure that the rights of data subjects are not affected and that the result is mathematical formulas or algorithms.

Other relevant information: The following section includes other relevant data processing information:

  • Right of objection: If you believe that Imagin should stop using your data due to any personal reason, you can ask us to do so simply and free of charge via the channels listed in section 4.
  • Ancillary data processing: The aim is not to process customer data individually. Instead, it is necessary but secondary processing to create mathematical formulas. We thus use anonymisation techniques and minimise the amount of information. This processing has no individual consequences for customers.
    This data processing is necessary, but accessory, to the main purpose, which is to prepare management reports, or algorithmic or mathematical formulas, and therefore they are carried out using anonymization techniques whenever possible or, failing that, pseudonymization and minimization of information. processed information. These processes have no individual impact or consequence on the data owners.

Data Controller: The data controller in this case is IMAGIN. This processing is not done with another controller.

B. Commercial communications to Imagin customers.

IMAGIN’s legitimate interest: It is in IMAGIN’s legitimate interest to provide information on the products and services that it markets to users who have shown an interest in them, or who have requested or signed up for similar products or services previously.

Purpose: The purpose of the processing is to select the target audience for the products and services offered by means of commercial communications through electronic means.

Data processed: For this purpose, we will process the following data:

  • Identification and contact details: full name, sex, telephone and email information, language choice, identification document.
  • Contract details: products and services signed up for or requested.
  • Basic financial data: payment history for products and services.
  • Own browsing data: if you accepted the use of cookies and similar technologies in the devices you use to browse, the data obtained from your browsing of our websites or mobile apps and what information you view on them: browsing history (pages visited and clicks on content), device ID, advertising ID, IP address and installed version of the app.
  • Browsing data: data obtained from your browsing of third-party websites or applications and your browsing history in these websites: browsing history (pages visited and clicks on content), device ID, advertising ID, IP address, whether you have accepted the use of cookies and similar technologies on your browsing devices.

Other relevant information:

  • Right to object to processing: Note that you have the right to object to processing based on a legitimate interest. You can do this simply and free of charge through the channels indicated in Section 4.

Data Controller: The data controller in this case is IMAGIN. This processing is not done with another controller.

 

7. JOINT PROCESSING WE WILL CARRY OUT INVOLVING IMAGINBANK INFINITY CUSTOMERS

As mentioned in Section 1 of this policy, you can see the processing that will apply to you for being an imaginbank infinity customer on the CaixaBank website: www.caixabank.es/particular/general/privacy-policy.html

Specifically, you can find it in Section 6 of that policy.

We also explain the data processing we carry out jointly. You will also find it in CaixaBank’s policy.

 

7.1 PROCESSING BASED ON CONSENT

The legal basis for these processes, which only apply to imaginbank infinity customers, is your consent, as laid out in Article 6(1)(a) of the GDPR.

We may have requested this consent through different channels: in your customer registration interview, through your adviser (in person or remotely), through Bankia S.A. before its merger with CaixaBank, or at any of the CaixaBank Group companies which is a joint controller for the specific processing operation.

If, for any reason, we never asked you for your consent, this processing will not apply to you.

You can view the consent you have given or denied and change your decision at any time at no cost in the IMAGIN app (SETTINGS) or at a CaixaBank branch.

Processing based on your consent is indicated below from (A) to (C). For each item, we will indicate: the processed data, a description of the purpose (Purpose), the details of the processed data (Processed data), if applicable, information on the use of profiling (Use of profiling), other relevant processing information (Other relevant information) and whether or not the processing is carried out jointly with other CaixaBank Group companies (Joint data controllers/Data controller).

A. Customising our product and service offer based on an analysis of your data

Purpose: If you give us permission, we will use your data to create a commercial profile to define your preferences and offer you through your adviser (in person or remotely) the products or services we think may interest you most.

This does not mean you can only take out the products we have concluded may be of interest to you.

Whether you accept or decline this processing, you can always apply for any of our products or services.

By processing your data, we can make customised offers which we believe may be of more interest to you than generic offers.

If you also authorise us to send you information about our commercial offer through other channels (see section 6.1.B of the Privacy Policy), you will additionally receive our offers through the channels you specify.

Data processed For this processing, we will not use data about your ethnicity or race, your political opinions, religious or philosophical beliefs, trade union membership, genetic data, your biometric data that identifies you, your health data or data about your sex life or orientation.

For this purpose, we will process the following data:

  • Identification and contact details: full name, sex, telephone and email contact information, address of residence, nationality and date of birth, language choice, identification document.
  • Details of your professional or work activity and socio-economic information: details related to your job, income or remuneration, household, level of education, assets, tax and fiscal data.
  • Contract data: contracted or requested products and services (own or third-party), status as holder, authorised user or representative of the product and/or service contracted, categorisation according to regulations regarding securities markets and financial instruments (MiFID category), information on investments made and their evolution and information and transactions related to your financing operations.
  • Basic financial data: current and historical balances of products and services and payment history of contracted products and services (own or third party).
  • Third-party data from statements and receipts of instant accounts and payment accounts: information on entries and transactions that third-party issuers make to your accounts, including transaction type, issuer, amount, and the concept as it appears on your receipts and statements for debit, credit and prepaid card transactions.
  • Details of whether or not you are a CaixaBank shareholder: if you own CaixaBank shares or not.
  • Details of our communications with you: data obtained in chats, walls, video conferences, telephone calls or any other equivalent means of communication.
  • Own browsing data: if you accepted the use of cookies and similar technologies in the devices you use to browse, the data obtained from your browsing of our websites or mobile apps and what information you view on them: browsing history (pages visited and clicks on content), device ID, advertising ID, IP address and installed version of the app.
  • Geographical data: details of the location of the businesses where you make card transactions and geolocation data from your mobile device provided by the installation and/or use of our mobile applications, when authorised by you in the settings for the apps themselves.
  • Data obtained from other processing operations provided for in this policy:
    - Risk assessment data or scoring: in financing or instalment payment transactions, we will assess your ability to pay or likelihood of default or your risk limits by applying statistical mathematical models calculated using your data (processing as defined in section 6.2.C).
    - Customer classification data. (processing defined in section 6.4.A).
  • Data obtained from the execution of statistical models: we use the results of applying mathematical modelling to customer data to deduce your consumption habits, product preferences or tendencies or to classify customers.
  • Demographic and socio-economic data: these are data not relating to specific people but geographical areas, age sectors or professional activity sectors, which we will use to put into context with customer information.
  • Details of properties and vehicles associated with you: data obtained from the land registry and basic data on vehicles obtained from the Spanish Traffic Directorate, which we will use to add to the information on your properties and vehicle.
  • Details of directors, functional officers and corporate relationships: data taken from the INFORMA databases that we will use to add to the information on your activities.
  • Details of agricultural subsidies and insurance: these are data published by the Spanish Agricultural Guarantee Fund (FEGA) and the State Agricultural Insurance Institution (ENESA).
  • Data from third-party companies when you have given them your consent to share such data with us: data of yours processed by other companies with which we have agreements, and which you have authorised to share your information with us.
  • Browsing data: if you have accepted the use of cookies and similar technologies on your browsing devices, the data obtained from your browsing on third-party websites or mobile applications and your browsing activity thereon: browsing history (pages visited and clicks on content), device ID, advertising ID and IP address.
  • Data from social media or the internet: social media or internet data that you authorise us to view.

Use of profiling: We will create a commercial profile that we will only use to customise your product and service offerings:

  • Purpose of the profile: Our profiling using the information we have about you will help us to identify the products and services we think might interest you and provide you with personalised rather than generic offers.
  • Consequences: If you authorise us to process your data for this purpose, we will use commercial profiles to decide which products or services to offer you. If you do not give your authorisation, we will not use your information to customise our commercial offer.
    We will never use this profile to refuse to provide any product or service or to set credit limits. Not accepting this data processing will not prevent, limit or condition your access to our full catalogue of products and services that is always available to you.
    If you ask us for any product or service, we will assess your application in accordance with our procedures. Acceptance or non-acceptance of the analysis of your data for the purpose of customising the product and service offering will not affect this assessment.
    Not accepting this data processing will also not prevent us from contacting you to manage your products and services.
  • Logic: The profile of a customer is calculated based on the data indicated in the “processed data” section.
    These data are applied to mathematical formulas obtained from past behaviours observed in clients of similar characteristics to infer the customer’s future behaviour. These mathematical formulae allow us to determine the importance of all the data processed in the final result of the applicant’s profile.
    This final result is the probability that the customer will be interested in a product or service.

Other relevant information: The following section includes other relevant data processing information:

  • Pre-check of your ability to pay: When we offer you products or services that involve payment in instalments or financing, we will first check your ability to pay. We will do this as explained in section 6.2.C.
    The purpose is to offer you a credit limit and a repayment term that is appropriate based on our knowledge of your financial situation. We will do all of this in accordance with the principle of responsibility for offering financing products that is required by the Bank of Spain, under regulations on the oversight and solvency of credit institutions and responsible lending.
    Not accepting this processing will not prevent, limit or condition your access to our catalogue of finance products and services. If you make an application, we will assess it according to our procedures.
  • Duration of data processing: We will only process your data in this way if you have given us your express consent to do so. Your consent will remain valid until you revoke it. If you cancel all your products or services with us but forget to revoke your consent, we will do so automatically.
  • Creating management reports and mathematical models: the data processed and resulting from this processing will also be used to prepare management reports and mathematical models as described in point 6.4.F.

Joint data controllers: The following CaixaBank Group companies are joint controllers for this data processing.

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • Nuevo Micro Bank, S.A.U.
  • Facilitea SelectPlace, S.A., Single Shareholder Company
  • ImaginersGen, S.A.
  • VidaCaixa, S.A.U. Insurance and Reinsurance

You will find the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo

B. Notification of products and services through channels

Purpose: You can choose other channels you would like us to use to tell you about our products or services, whether customised or not, depending on what you have stated in section A above.

If you give us permission, we will offer you our products and services through the channels you specify:

  • website, app and email
  • letter
  • phone

The data we will use will vary as follows:

  • If you do not allow us to customise our commercial offer (see section 6.1.A), we will only use your identification and contact details to send you generic offers.
  • If you allow us to customise our commercial offer (see section 6.1.A), we will also use information from your commercial profile to provide you with customised offers.

Data processed: For this processing, we will not use data about your ethnicity or race, your political opinions, religious or philosophical beliefs, trade union membership, genetic data, your biometric data that identifies you, your health data or data about your sex life or orientation.

For this purpose, we will process the following data:

  • Identification and contact details: name and surname, sex, postal, telephone and e-mail contact information, address of residence, language of communication.
  • Data obtained from other processing operations provided for in this policy:
    - Data from the customisation of our product and service offer based on an analysis of your data: If you authorise us to customise our commercial offer (see processing in 6.1.A of the policy), we will also use the information from your commercial profile to provide you with customised offers.

Other relevant information: The following section includes other relevant data processing information:

  • Duration of data processing: We will only process your data in this way if you have given us your express consent to do so. Your consent will remain valid until you revoke it. If you cancel all your products or services with us but forget to revoke your consent, we will do so automatically.

Joint data controllers: The following CaixaBank Group companies are joint controllers for this data processing:

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • Nuevo Micro Bank, S.A.U.
  • Facilitea SelectPlace, S.A., Single Shareholder Company
  • ImaginersGen, S.A.
  • VidaCaixa, S.A.U. Insurance and Reinsurance

You will find the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.

C. Sharing your data with other companies

Purpose: If you give us permission, we will disclose your data to other companies so they can send you commercial offers for their products and services. These data will vary as follows:

  • If you do not allow us to customise our commercial offer (see section 6.1.A), we will only share your identification and contact details with these companies.
  • If you allow us to customise our commercial offer (see section 6.1.A), we will also share with these companies information from your commercial profile and information regarding your likelihood of payment or default or about risk limits.

If you do not give us permission, we will not disclose your data to other companies.

These companies to which we may disclose your data are engaged in the following activities:

  • banking
  • investment services
  • insurance and reinsurance
  • venture capital
  • property
  • transport
  • sale and distribution of goods and services
  • consulting services
  • leisure and
  • charitable and social

Data processed: For this processing, we will not use data about your ethnicity or race, your political opinions, religious or philosophical beliefs, trade union membership, genetic data, your biometric data that identifies you, your health data or data about your sex life or orientation.

For this purpose, we will process the following data:

  • Identification and contact details: full name, sex, telephone and email contact information, address of residence, nationality and date of birth, language choice, identification document.
  • Data obtained from other processing operations provided for in this policy:
    - Data from the customisation of our product and service offer based on an analysis of your data:     If you authorise us to customise our commercial offer (see section 6.1.A), we will also use information from your commercial profile to provide you with customised offers.

Other relevant information: The following section includes other relevant data processing information:

  • Data disclosure information: If we reach an agreement with a company to share your data, the company receiving the data will tell you about it. They will also notify you of the data received and the details of the processing they intend to carry out.
  • Duration of data processing: We will only process your data in this way if you have given us your express consent to do so. Your consent will remain valid until you revoke it. If you cancel all your products or services with us but forget to revoke your consent, we will do so automatically.

Joint data controllers: The following CaixaBank Group companies are joint controllers for this data processing:

  • CaixaBank, S.A.
  • CaixaBank Payments & Consumer, E.F.C., E.P., S.A.U.
  • Nuevo Micro Bank, S.A.U.
  • Facilitea SelectPlace, S.A., Single Shareholder Company
  • ImaginersGen, S.A.
  • VidaCaixa, S.A.U. Insurance and Reinsurance

You will find the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.

 

8. DATA PROCESSING IN APPS AIMED AT MINORS (IMAGINTEENS)

ImaginTeens is an app designed for people over the age of 14 to introduce them to money management through their mobile.

If the child’s legal guardian gives their authorisation, the minor can view all the products they own in the app (ImaginBank accounts and/or cards, and/or prepaid MoneyToPay cards) and carry out certain transactions from their mobile phone.

The data controller for the Imaginteens app is CaixaBank, with VAT No. A-08663619 and registered office at Calle Pintor Sorolla, 2-4, Valencia.

We will process the minor’s data to offer the features and services of the application.

The Imaginteens app shows all users the same range of products, services, content and promotions. The only exception is when a particular product or promotion has a minimum age requirement, in which case we may only show it to the group of minors for whom it is intended.

We will also process the data to comply with the obligations that the law imposes on CaixaBank, and to prevent and identify actions or behaviours that may result in fraud.

Pursuant to our contractual relationship, we will process this data to comply with our regulatory obligations, and with our legitimate interest to prevent any fraud that may result in economic or reputational losses, either for us or our customers. For certain processing activities, CaixaBank and certain CaixaBank Group companies will process the data together, jointly deciding on the purposes (“Why the data is used”) and the resources used (“how data is used”), meaning they will act as joint data controllers. You will find the list of CaixaBank Group companies and the essential aspects of the joint data controller agreements at: www.caixabank.es/empresasgrupo.

We will not use the minor’s data for other purposes, such as showing them tailored ads or offering them products, services or promotions that differ from those shown on the home screen to all imaginTeens users.

This application only uses technical elements to collect browsing information on the app (those that allow browsing and the use of the different features and services).

9. RECIPIENTS OF THE DATA

Data controller and joint data controllers
The data that we process due to your status as an IMAGIN customer (remember that you become one when you register in our mobile app) we do so from IMAGIN.

The data that we process due to your status as an imaginbank infinity customer (remember that you become one when you register in the app and open a current account) we do so from Caixabank.

If data is processed by joint data controllers, it will be processed by CaixaBank Group companies in accordance with the previous processing sections.

Authorities or official bodies
IMAGIN may be legally required to provide information on transactions we carry out to authorities or official bodies in other countries located both within and outside the European Union.

Disclosure of data to outsourced service providers
Sometimes we use service providers with potential access to personal data.

These providers have appropriate data processing safeguards in place. They are selected responsibly by CaixaBank. In addition, they have to meet specific requirements if the service involves data processing.

Furthermore, CaixaBank has mechanisms in place to make sure its providers comply with data protection regulations. They must also comply with CaixaBank’s corporate principles approved by its Board of Directors and referred to in section 1 of this Policy.

The type of services we can assign to service providers is:

  • Financial back office services
  • Administrative support services
  • Audit and consulting services
  • Legal services and asset and non-payment recovery services
  • Payment services
  • Marketing and advertising services
  • Survey services
  • Call centre services
  • Logistics services
  • Physical security services
  • Computer services (system and information security, cybersecurity, information systems, architecture, hosting, data processing)
  • Telecommunications services (voice and data)
  • Printing, enveloping, postal and courier services
  • Data storage and destruction services (digital and physical)
  • Maintenance services for buildings, installations and equipment

10. DATA STORAGE PERIODS

Storage for maintaining Contractual Relations
We will use your data for as long as the contractual relations we have with you remain in effect.

Storage of authorisations for processing your data based on your consent (Imaginer Infinity user)
We will process the data based on your consent, until you revoke it.

If you cancel all your product and service contracts with CaixaBank Group companies but do not withdraw the consents you previously gave us, we will automatically void them as soon as you cease to be a customer.

Storage to comply with legal obligations and to formulate, exercise and defend claims
Once your contractual relation with us has ended, we will only retain your data to comply with legal obligations. We will also retain your data to address any potential claims during the limitation period for any legal actions you may bring.

We will implement technical and organisational measures to ensure your data are used solely for these purposes.

Storage of authorisations for processing based on consent or legitimate interest
We will process your data based on your authorisation until you withdraw it. If you cancel all your product and service contracts with CaixaBank Group companies but do not withdraw the consents you previously gave us, we will automatically void them as soon as you cease to be a customer. We will process your data on the basis of our legitimate interest. If you do not agree, you may object and we will stop processing your data once we have accepted your objection.

Data destruction
We will destroy your data once the limitation periods for actions arising from the contractual relations between us have ended.

11. DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA

At IMAGIN, we process your data and engage service providers within the European Economic Area or in countries with an appropriate level of personal data protection.

If we need to use service providers who process personal data in cases other than the two mentioned above, we ensure that they do so securely and lawfully.

To this end, we require them to provide appropriate safeguards pursuant to data protection regulations. This means they must have binding corporate rules which ensure the same protection as in the European Economic Area or use the European Union’s standard contractual clauses. You can ask for a copy of these safeguards at https://www.caixabank.com/delegadoprotecciondedatos

12. AUTOMATED DECISION-MAKING

Automated decision-making is based solely on automated processing of your data (without human intervention) and may produce legal effects for you or significantly affect you.

We tell you about processing operations which involve automated decision-making.

Furthermore, if we use automated decision-making during our contractual relations (for example, refusing to sell you a particular product), we will tell you about this in the contractual documentation for the product or service you ask us for along with the logic behind the decision.

You will additionally have the right to obtain human intervention, express your point of view and challenge the decision.

13. REVIEW

We will review this Privacy Policy as needed to keep you informed. This includes, for example, when new regulations or guidelines are published, or when we implement new processing operations.

Whenever there are significant changes to this privacy policy, we will notify you in the monthly statement of your current account transactions we send you. We will also tell you via our usual channels.

 

March 2026

Logo imagin

Customer service

Access to file an official claim.
FAQ Privacy policy Cookies policy Other policies Legal notice Fees and information Accessibility Cybersecurity Whistleblowing PSD2 report Sandbox Service Cancellation

We are what we do

We have been a Certified B Corporation™ since 2020. Discover more here.