Privacy Policy - Premios a la investigación FJS

PRIVACY POLICY

Introduction

The right of privacy, particularly the right of personal data protection, is one of the fundamental principles of Grupo Catalana Occidente.

The purpose of this privacy policy of Grupo Catalana Occidente (hereinafter, the “Policy“) is to set forth, in compliance with the European Union General Data Protection Regulations, 2016/679, in Organic Law 3/2018, of December 5, on Data Protection and Guarantee of Digital Rights and its implementation regulations in force at any given time (the “Personal Data Protection Regulation”), the way in which Grupo Catalana Occidente will process any personal data collected from its customers (as defined below).

Who is the controller of your personal data?

The Entity of Grupo Catalana Occidente with which you have a relationship. In the Attachment at the end of this Policy, the identification and registered office of the Entities that make up Grupo Catalana Occidente may be found along with other information.

Who is the Data Protection Officer?

The Data Protection officer is the person designated by the Entities that constitute Grupo Catalana Occidente to ensure compliance with the aforementioned Personal Data Protection Regulations and other applicable regulations, whom you may contact especially if you think your data protection rights have been breached, via the postal or email address provided in the Attachment at the end of this Policy.

Who is the data protection supervisory authority?

The supervisory authority is the Spanish Data Protection Agency, with headquarters in Madrid (28001), calle Jorge Juan, nº 6, the independent authority responsible for ensuring the data privacy and protection of citizens, to whom you can submit queries and/or complaints regarding this matter, should you consider that your data protection rights and freedom have not been duly taken care of by the corresponding Entity of the Grupo Catalana Occidente. For more information, go to the following website: www.agpd.es.

What personal data is object of processing?

All personal data, whether provided directly by the interested party or by an insurance distributor, seller or collaborator, including documents containing it, or personal data obtained from recorded telephone conversations or Internet website browsing or other means, including biometric and geolocation data, will be processed before, during and after executing an application, pre-contract, contract or service related to any of the products and/or services marketed by Grupo Catalana Occidente’s Entities on behalf of the customer, whose data is needed in the study, issue, development and execution of contractual relationships.

In this sense, the definition of customer is established as any data subject that is a: requests a product, service or information, policyholder, insured person, beneficiary, participant, third party involved in a claim, participant, partner, subscriber, rightholder, mortgagor, investor in promissory notes and/or third party that arises from a contractual or services relationship with an Entity of Grupo Catalana Occidente.

If the personal data is provided by a person other than the holder, it shall be the provider’s obligation to previously communicate this information to the holder of the personal data, as well as to obtain his/her consent, when required, so the Entity of Grupo Catalana Occidente can process this data.

In addition, this personal data can be supplemented, always complying with the requirements established in the personal data protection regulations, by other data obtained from providers of Grupo Catalana Occidente, as well as that obtained from public sources or any personal data that the data subject has made public.

In general terms, the personal data of minors shall only be processed when their parents or legal guardians have provided their consent for the processing required to execute the corresponding contract or service with the specific Entity of Grupo Catalana Occidente, in compliance with a legal obligation and/or in legitimate interest, after the corresponding weighing analysis by the Entity of Grupo Catalana Occidente responsible for the processing; notwithstanding the exercise of personal data protection rights established by the current Personal Data Protection Regulation.

What are the categories of data subject to processing?

In general, the categories of personal data subject to processing in the issue of an offer, a precontract or contract, will be referred to the identifying details of the interested party, as well as those relating to their personal characteristics and/or social circumstances, as well as any other data that may be necessary for their implementation.

In addition and of a specific nature; (i) in the case of life, accident, healthcare, illness and/or death insurance policies, they will also be subject to processing the data relating to the profession or activity of the policyholder and/or the insured person, as well as, if necessary, the data relating to the health of the insured person and (ii) in the case of investment funds, the data relating to the profession or activity of the policyholder will also be processed and/or the insured person, as well as the categories of data necessary for carrying out the suitability and/or suitability test.

Finally, in the contact forms provided by the Entities of Grupo Catalana Occidente, once the information prior to the collection of data has been provided, with reference to this Policy, the identification and contact details required for the execution of the requested contact will be processed.

Which are the purposes of processing your personal data?

(i). Main purpose:

The main purpose of processing personal data is the study, issue, development and/or execution of the pre-contract, contract, contractual relationship or service subscribed to with the corresponding Entity of Grupo Catalana Occidente and to effectively comply with the obligations established in the regulations applicable at all times to the Entity of Grupo Catalana Occidente responsible for such data processing.

(ii). Other aims:

Personal data will be object of processing for the purpose of setting prices and selecting risks and managing subsequent requests related to the risks that can be contracted. This processing may include, if necessary, profiling and/or automated decision-making in accordance with the provisions established in this Policy.

Likewise, personal data shall be processed for the purposes of the prevention of and fight against fraud, and for the possible reporting and disclosure to information systems of the insurance sector; for the compliance by the pertinent Entity of Grupo Catalana Occidente with the legal obligations derived from the Public Liability and Insurance Act regarding the circulation of motor vehicles and/or the Law of Rule and Supervision for Insurance and Reinsurance companies;similarly, for the prevention of money laundering and terrorist financing, for compliance of the bound Entities of Grupo Catalana Occidente with the legal obligations and the corresponding adoption of measures of due diligence arising from the Directive on Prevention of money laundering and terrorist financing and its Implementing regulation.

In addition, within the scope of managing the request and/or any of the contracts or services provided by any of the Entities of Grupo Catalana Occidente, the Entity controlling the personal data may process your personal data to assess your economic solvency, by reporting and disclosure to information systems of the insurance sector or credit rating agencies, as well as carry out statistical, quality and technical studies, including those related to satisfaction surveys, market analysis, and research and service quality.

In insurance products the personal data may be processed to manage the coinsurance or reinsurance, in conformance with the current regulation. The reporting of data in such cases shall be carried out in compliance with a legal obligation, in execution of the contract, or in legitimate interest, after a weighing analysis by the Entity of Grupo Catalana Occidente responsible for the processing.

Finally, with regard to contact forms, telephone numbers, mailboxes and social network profiles provided by the different Entities of Grupo Catalana Occidente, your data will be used to (i) attend to and manage suggestions, queries, requests and/or claims made via these channels; and (ii) to manage CVs provided for selection processes in Entities of Grupo Catalana Occidente.

(iii). Automated decisions including profiling:

Some processing of personal data necessary for the execution or formalising of contracts may require the adoption of automated decision-making and/or profiling. This means that certain decisions may be made automatically without human involvement, where the data subject will always have the right to: (i) request the review of the results by a person; (ii) express their point of view; and (iii) contest the decision; in accordance with the Personal Data Protection Regulations.

Similarly, the potential use of artificial intelligence will always be in accordance with the general principles and values of the Grupo Catalana Occidente Code of Ethics, which inspire the operations and actions of the Entities involved, in particular, regarding privacy and the right to personal data protection. It will also take into consideration the guidelines of the document on ethical principles for the use of Artificial Intelligence in the insurance sector, drawn up by the Spanish Union of Insurance Companies and Reinsurers (UNESPA) and the report of the Advisory Group of the European Insurance and Occupational Pensions Authority (EIOPA) on Artificial Intelligence (AI) governance principles: governance principles for an ethical and trustworthy AI in the European insurance sector.

Similarly, in the aforementioned processing of personal data for the prevention of and fight against fraud and/or prevention of money laundering and terrorist financing, profiling is necessary for compliance with the legal obligation of the Entity of Grupo Catalana Occidente responsible for the processing.

(iv). Advertising purposes:

In addition, with customer authorisation, personal data shall also be processed with a view to: (i) carrying out commercial activities and sending information, even via remote means, on other general or customised products and services, either proprietary or of other Entities of Grupo Catalana Occidente to which the controller belongs, as identified in the Annex at the end of this Policy and/or on the website www.grupocatalanaoccidente.com; (ii) present customised advertising on websites, search engines and social networks; and (iii) offer participation in promotional competitions; All of this even following the termination of the contractual relationship. In any of aforementioned cases the adjustment of products and services to your profile may be performed based on the analysis of risk and behavioural profiles, considering both internal and external sources, geolocation information and your browsing habits through the internet or social networks.

What is the legal basis for the processing of your personal data?

The legal grounds for the processing stated in the aforementioned main purpose is legally based on the management of the offer, or if applicable, contract or service agreed with the corresponding data controlling Entity of Grupo Catalana Occidente.

Any processing for the other aforementioned purposes and for making automated decisions is legally based on the applicable regulation or the legitimate interest, if applicable, after the weighing analysis, of each Entity of Grupo Catalana Occidente responsible for the processing.

Specifically, the processing of personal data for the purpose of the prevention of fraud and/or money laundering and the financing of terrorism, is based on the applicable regulations, and the processing with the aim of developing loyalty programmes for customers is based on the legitimate interest, after the aforementioned analysis, of the Grupo Catalana Occidente entity responsible for processing.

Lastly, the processing of personal data for advertising purposes is legitimised, where applicable, by express consent.

How long will we store your personal data for?

Your personal data will be held for the effective period of the relationship with the Entity of Grupo Catalana Occidente with which the service or contract has been agreed. Once this relationship has ended, this data will be stored for the necessary period of time established by the applicable legislation at all times, and will be available to the courts and tribunals, Public Prosecutor’s Office, State security forces and/or competent public administrations, in particular the appropriate personal data protection supervisory authorities, and corresponding supervisory bodies, in order to deal with any legal or contractual liabilities arising from the contract or service related to the data processing in question and during the applicable time in force.

Any requests or proposals that do not materialise in a contract or service, regardless of the reason, shall be held for the required period to guarantee the fight against fraud in contracting and to prevent money laundering and the financing terrorism.

The guidelines on the storage period, erasure and restriction of personal data, for their application by the Entity of Grupo Catalana Occidente responsible for the processing, are specified in the internal regulations on terms of the conservation, suppression and restriction of personal data, such as the development of the personal data protection policy and the use of ICT resources of Grupo Catalana Occidente.

To which recipients will your personal data be communicated?

(i). Entities belonging to the Grupo Catalana Occidente:

The customer’s personal data, contract or service and any information arising or related thereof can be transferred to the Grupo Catalana Occidente entities specified in the Annex at the end of this Policy and/or on the website www.grupocatalanaoccidente.com for the purposes of complying with the regulations applicable to each Entity, and in general terms, for the prevention of and fight against fraud and/or prevention of money laundering and terrorist financing, as well as, where applicable, to maintain and comprehensively and centrally manage your relationship with the different Entities of Grupo Catalana Occidente.

We also specifically inform you that the Entities of Grupo Catalana Occidente share common services, with a different level of intensity, for the purpose of making use of the existing synergies, optimising resources and offering a better service to customers. To this end, several framework agreements have been entered to provide reciprocal services, which involve access to personal data managed by other Entities of Grupo Catalana Occidente and include various service provisions, including, but not limited to, the following:

a) Services provided by Grupo Catalana Occidente, Tecnología y Servicios A.I.E. for Grupo Catalana Occidente’s Entities: (i) hosting and data hosting, (ii) computing system, communication and equipment maintenance and management (iii) information security and the supporting systems (iv) IT application development and maintenance, (v) providing a service to handle claims, and (vi) reporting of information relating to the services provided, (vii) maintenance and management of presence monitoring,
security and video surveillance systems and (viii) document management, printing and labelling.

b) Services provided by the Grupo Catalana Occidente Contact Center A.I.E. for Grupo Catalana Occidente’s Entities: (i) providing customer service via any means, including remote, such as telephone, email, internet and/or social networks, and (ii) carrying out campaigns and satisfaction surveys.

c) Services provided by Prepersa Peritación de Seguros y Prevención A.I.E. for the Entities of the Grupo Catalana Occidente: render a service to cooperate in the management of claims related to insurance policies.

(ii). Other Entities:

Personal data can also be communicated to different collaborators or service providers of any data controlling Entity of Grupo Catalana Occidente, such as, including but not limited to: insurance brokers, co-insurers, reinsurers, lawsuit experts and investigators, lawyers and solicitors, auditors, consultants, medical professionals and health assessors, financial, depository and managing Entities and other suppliers and professionals who process personal data as party responsible and on behalf of the corresponding Entity responsible for Grupo Catalana Occidente, in order to guarantee that services rendered by the aforementioned party responsible for the contract or service comply with obligations stipulated in the applicable regulations, in legitimate interest after the weighing analysis and/or in accordance with their given consent.

We inform you that the computer servers of some Grupo Catalana Occidente service providers may be located in countries outside the European Union, where, if the level of privacy protection were not equivalent to the European or nationals personal data protection regulations, the corresponding data controlling Entity of Grupo Catalana Occidente shall adopt the necessary and appropriate measures envisaged in the Personal Data Protection Regulations for transfers to third countries and organisations, with the exceptions to specific situations expressly provided for, in order to ensure that the level of protection of stakeholders is not undermined, as well as appropriate and necessary measures for the best safeguarding of the rights of stakeholders and the security of information, based on the technical measures available at any time.

(iii). Official bodies and authorities:

Personal data will be given to all those recipients for whom such information must be disclosed by the Entities of the Grupo Catalana Occidente, in compliance with legal obligations, including, but not limited to, competent public bodies and administrations, such as the Spanish Tax Administration Agency or regional tax authorities, personal data protection control authorities, courts and tribunals, corresponding supervisory bodies, the Public Prosecutor’s Office and/or State security forces and bodies.

(iv). Common credit information systems:

Entities of Grupo Catalana Occidente are entitled to view and process data regarding default of monetary obligations, either financial or credit, through common credit information systems, information on financial and credit solvency and any other such data to enable it to assess personal risk, and maintain and monitor the contractual relationship.

(v). In the case of having a car insurance policy:

The Insurance Entities of the Grupo Catalana Occidente, in accordance with current legislation, will provide the habitual driver subject to the insurance policy with information on sanctions, if any, that may be published in his or her name on the current or future certified websites, in compliance with current legislation on personal data protection.

Said insurance entity shall use data belonging to the Vehicle Investigation Institute in the centre of Zaragoza (Instituto de Investigación sobre Vehículos S.A) to identify the vehicle’s registration and chassis number and all technical and administrative characteristics of the vehicle covered in the insurance policy.

The Insurance Entity of Grupo Catalana Occidente through which the car insurance policy has been purchased, as jointly responsible of the data processing, will provide, if applicable, the following details of your insurance policy, to the following reporting and disclosure information systems of the insurance sector:

a) historical data of policies and claims registered in the Car Insurance History File, the purpose of which is to provide rigorous and contrasted information on claims data at the time the contract is signed by pooling the information obtained through policies and claims over the previous five years, in accordance with the terms set out in the Civil Liability and Motor Vehicle Insurance Act.

b) Historical data on the number of claims related to your insurance or claims in which you have been involved registered in the Total Loss, Theft and Fire File, the purpose of which is to facilitate the automated identification of possible irregular situations and risks of fraud, cooperate with Security Forces and Bodies, facilitating the investigation of possible theft and fraud offences, among others, related to the insured motor vehicles, and cooperate with Centro Zaragoza, Law enforcement agencies, the Directorate General for Traffic and the insurance company affected in the identification and location of stolen vehicles and vehicles that have received compensation.

To exercise your data protection rights in relation to either Historical Car Insurance Information Systems and Information on Automobiles on Writeóffs, Theft and fire, please contact Tecnologías de la Información y Redes para las Entidades Aseguradoras S.A. (TIREA), Ctra. Las Rozas a El Escorial Km 0.3 Las Rozas 28231 Madrid.

You can find the rest of the data protection information on the information systems for the insurance sector in the websites of the Union of Insurance and Reinsurance Companies (UNESPA) (www.unespa.es) and TIREA (www.tirea.es) websites.

(vi). In the case of multi-risk home, store, business, owner’s community, SME, industry or civil liability insurance policies and/or any other insurance policies in the general insurance category:

The Insuring Entity of Grupo Catalana Occidente with which the general insurance policy has been taken out, shall report, as appropriate, data on claims involving your insurance and/or your claims to the Fraud Management System in General Insurance Policies, which includes the policy purchased by you or the claim involving you, with the Insuring Entity being the joint controller of said System. Its purpose is to prevent and detect fraud by either warning the insurer once the policy is issued, or by detecting the fraud committed in the declared claims. Its purpose shall also be to cooperate with law enforcement agencies by facilitating the investigation of possible theft and fraud offences, among others, related to the insured goods.

To exercise your data protection rights in relation to any of these Fraud Prevention Systems in General Insurance Policies, please contact Tecnologías de la Información y Redes para las Entidades Aseguradoras S.A. (TIREA), Ctra. Las Rozas a El Escorial Km 0.3 Las Rozas 28231 Madrid.

(vii). In the case of a life, accident, health, illness or funeral insurance or any other insurance through which we request or manage data on your health:

Your personal data may be disclosed to the different partners and service providers of the corresponding Grupo Catalan Occidente Insurance Company mentioned above, who shall process all personal data as responsible party in the name and on behalf of the aforementioned Insurance Company.

In addition, and specifically, if you are a holder of:

a) a life insurance policy with death benefit and/or an accident insurance policy covering the contingency of the insured person’s death, whether individual or collective policies, in compliance with current legislation, your personal data will be disclosed to the public insurance register of contracts with death benefit dependent on the Ministry of Justice or the one that may replace it in the future, as the case may be.

b) of health insurance or healthcare insurance, in which case your personal data, including health data, may be disclosed to the corresponding insurance company of the Catalana Occidente Group to doctors, health centres, hospitals or other institutions or persons in order to fulfil, develop, control and execute healthcare, leading to the reimbursement or indemnity stipulated in the insurance contract upon consulting or verifying the causes and medical background of the interested party with the aforementioned health providers to justify any benefits, reimbursements or indemnifications, and, where applicable, recovering expenses. Specifically, in the case of healthcare insurance, in order to inform the policyholder of the collection of each co-payment, the insurance Entity may communicate to the policyholder the details of the medical services used by each insured person of the policy, including the healthcare and professional centres they have visited and/or the tests each insured person has taken.

(viii). In the event of having contracted a social welfare product:

Your personal data may be exchanged between the Managing Entity, the Depositary and the Promoter and/or Marketing Entity of such social welfare products.

Likewise, in the case of asking to demonstrate vested rights from the Managing Entity or target insurance company, the client must present this demonstration request and an authorization to the Managing Entity or target insurance company so that, in their name, the source fund Managing Entity may be asked to demonstrate such vested rights, in addition to all financial and fiscal data needed in the process.

(ix). In the case of having subscribed participations from any investment fund marketed and/or managed by Grupo Catalana Occidente:

Your personal data may be exchanged between the Managing Entity, the Depositary and the corresponding Marketing Entity of the said investment funds.

What are your rights when you provide your personal data?

As holder of your personal data, you are entitled to the rights set out below, which you may exercise by verifying your identity, in the way explained in the section Who is the Data Protection Officer? previous:

(i). Right of access. You can obtain from the Entity of Grupo Catalana Occidente responsible for the processing of your personal data, confirmation on whether it is processing your personal data, and if so, you have the right to access said data and information on the processing, as well as obtain a copy thereof in a structured, common use and easy-reading format.

(ii). Right of rectification. You may request the rectification of personal data that is inaccurate, and, where incomplete, you have the right to request that such data be correctly filled in, including an additional declaration where necessary.

(iii). Right of withdrawal. You may request your personal data be withdrawn when it is no longer needed for the purposes for which it was collected by the Entity of the Grupo Catalana Occidente responsible for its processing, or when you withdraw your consent for which such processing is based. Such a request shall not be applicable when processing is required on the grounds of what is stipulated in the paragraph “The user always has at his disposal for information purposes the present privacy policy as well as the cookie policy of the Grupo Catalana Occidente adapted the guidelines of the Guide on the use of cookies issued by the control authority and also provides at all times of the ability to manage and customize your preferences about the use of cookies. ?” above.

In this respect, in the digital environment of any of the Entities of Grupo Catalana Occidente, if you exercise your right to be forgotten, the corresponding Entity will contact the Internet service provider to transmit the interested party’s request to cancel the processing of personal data affecting them, taking into account available technology and the cost of using it; in this case, data will only be stored by the person responsible in order to make, exercise rights to or defend claims. The request shall not be applicable when the processing is required on the basis of the provisions included in the section “What is the legal basis for processing your personal data?”, whether the processing is required to exercise the right of freedom of expression and information or on grounds of public interest.

(iv). Right to Object. You may object to your personal data being processed, unless the Grupo Catalana Occidente Entity responsible for such processing, after the weighing analysis, have legitimate reasons to continue doing so, in which case such data will only be stored by the legally responsible person to make, exercise rights to or defend claims. The processing of personal data for commercial or advertising purposes shall not be considered legitimate and therefore the right to object shall be deemed equivalent to the withdrawal of given prior consent. Such a request shall not be applicable when processing is required on the grounds of what is stipulated in the paragraph “What is the legal basis for processing your personal data?” above.

(v). Right to restrict processing.You may request the processing of your personal data be restricted, which may involve your data being blocked in the following circumstances: (i) when you challenge data accuracy, (ii) when the data controller objects to data deletion in the event of lawful processing, (iii) when the controller no longer needs the data but it is needed to make, exercise rights to or defend claims or, (iv) when you have objected to processing, whilst the controller verifies whether your legitimate reasons prevail over theirs; in this case they shall only be held by controller to draw up, exercise or defend claims.

(vi). Right to data portability. Where technically possible, you may request that relevant personal data subject to automated processing be transmitted to another controller, or to yourself as data subject, in a structured, commonly used and easy to read format, and without detriment to your rights of deletion or to be forgotten, in which case such data will only be stored by the data controller for the purpose of formulating, exercising or defending claims.

Any communications and actions performed in the context of exercising your rights shall be free of charge. When the requests are manifestly unfounded or excessive, especially when they are of a repetitive nature, the data controlling Entity of Grupo Catalana Occidente may charge a fee according to the expenses borne to fulfil the request.

Confidentiality of personal data

From the first moment it initiates the data processing, the data controlling Entity of Grupo Catalana Occidente shall implement the technical, organisational and security measures necessary, considering the state of technology, to guarantee the confidentiality, integrity, availability and resilience of the personal data, as well as to prevent its unauthorised access, alteration, loss or processing.

With regard to browsing the official websites of the Entities of Grupo Catalana Occidente, the user always has at their disposal for information purposes this privacy policy as well as the cookie policy of the Grupo Catalana Occidente adapted to the guidelines of the Guide on the use of cookies issued by the control authority and also provides at all times of the ability to manage and customise their preferences about the use of cookies.

Validity of the Policy

Grupo Catalana Occidente states that the Privacy policy published on the website www.grupocatalanaoccidente.com at any given time shall always be the valid version, and it reserves the right of modifying it at any time and without warning whenever necessary. A customer of an Entity belonging to Grupo Catalana Occidente may view the latest updated version of the Policy at any time in the official websites and, should they wish to access previous versions, they may contact the corresponding Data Protection Officer in the way indicated in the Attachment to this Policy.

Copyright

Grupo Catalana Occidente reserves their rights regarding the content of this Policy. The reproduction, distribution, transformation, handling, public communication or any other kind of total or partial use, free of charge or in return of a consideration, of this document is strictly forbidden without a written authorisation.

Latest update to the Policy: version 6, approved on 20 September 2022.

* * * * *

ATTACHMENT: ENTITIES THAT MAKE UP THE GRUPO CATALANA OCCIDENTE FOR THE PURPOSES OF THE CURRENT PRIVACY POLICY

COMPANY	Tax ID number (NIF)	REGISTERED OFFICE	REGISTRATION DETAILS	CONTACT DETAILS / DEPT.	EMAIL ADDRESS
Grupo Catalana Occidente S.A.	A08168064	Paseo de la Castellana 4, 28046 Madrid	Registered in Madrid’s Mercantile Registry, volume 36.829, folio 141, page M-659.287	Data Protection Officer Catalana Occidente Group	dpo@grupocatalanaoccidente.com
Bilbao, Compañía Anónima de Seguros y Reaseguros, Sociedad Unipersonal	A48001648	Paseo del Puerto 20, 48992 Neguri- Getxo (Vizcaya)	Registered in the Vizcaya Mercantile Registry, volume 55, section 103, page 2.436	Data Protection Officer Seguros Bilbao	dpo@grupocatalanaoccidente.com
Seguros Catalana Occidente, S.A. de Seguros y Reaseguros, Sociedad Unipersonal	A-28119220	Paseo de la Castellana 4, 28046 Madrid	Registered in Madrid’s Mercantile Registry, volume 37.110, section 177, page M-91.458	Data Protection Officer Seguros Catalana Occidente	dpo@grupocatalanaoccidente.com
Nortehispana de Seguros y Reaseguros S.A., Sociedad Unipersonal	A-08185589	Paseo de la Castellana 4, 28046 Madrid	Registered in Madrid’s Mercantile Registry, volume 36.935, section 1, page M-660.565.	Data Protection Officer Nortehispana Seguros	dpo@grupocatalanaoccidente.com
Plus Ultra, Seguros Generales y Vida S.A. de Seguros y Reaseguros, Sociedad Unipersonal	A-30014831	Plaza de las Cortes 8, 28014 Madrid	Registered in the Mercantile Register of Madrid, in volume 5,992, section 100, page M-97.987	Data Protection Officer Plus Ultra Seguros	dpo@grupocatalanaoccidente.com
Grupo Catalana Occidente Gestión de Activos S.A. S.G.I.I.C., Sociedad Unipersonal	A-28475754	Cedaceros 9, planta baja, 28014 Madrid	Registered in Madrid’s Mercantile Registry, in volume 36.521, section 171, page M-52.463	Data Protection Officer GCO Gestión de Activos	dpo@grupocatalanaoccidente.com
Bilbao Hipotecaria S.A.U., E.F.C.	A-48409023	Paseo del Puerto 20, 48992 Neguri- Getxo (Vizcaya)	Registered in Madrid’s Mercantile Registry, volumen 2,228, section 150, page nº 16,326	Data Protection Officer Bilbao Hipotecaria	dpo@grupocatalanaoccidente.com
Grupo Catalana Occidente Contact Center, A.I.E.	V-65404063	Jesus Serra Santamans 3, 08174 Sant Cugat del Vallés (Barcelona)	Registered in Barcelona’s Mercantile Registry, volume 42.241, section 185, page nº B-405.292	Data Protection Officer GCO Contact Center	dpo@grupocatalanaoccidente.com
Grupo Catalana Occidente Tecnología y Servicios A.I.E.	V-65004517	Avenida Alcalde Barnils 63, 08174 Sant Cugat del Vallès (Barcelona)	Registered in Barcelona’s Mercantile Registry, volume 41.030, section 29, page nº B-376.366	Data Protection Officer GCO Tecnología y Servicios	dpo@grupocatalanaoccidente.com
Catalana Occidente Capital, Agencia de Valores, S.A.U.	A-63764138	Avenida Alcalde Barnils 63, 08174 Sant Cugat del Vallès (Barcelona)	Registered in Barcelona’s Mercantile Registry, in volume 37.416, section 142, page number B-298.341	Data Protection Officer COCAV	dpo@grupocatalanaoccidente.com
GCO Previsión, Individual Voluntary Social Welfare Entity	V-48410120	Paseo del Puerto 20, 48992 Neguri- Getxo (Vizcaya)	Registered in the Vizcaya Mercantile Registry, volume 2111, section 124, page number 5-8	Data Protection Officer GCO Previsión EPSV	dpo@grupocatalanaoccidente.com
GCO Gestora Pensiones E.G.F.P., S.A.U.	A-67000471	Paseo de la Castellana 4, 28046 Madrid	Registered in Madrid’s Mercantile Registry, volume 36,886, section 90, page M-659,976.	Data Protection Officer GCO Gestora de Pensiones	dpo@grupocatalanaoccidente.com
GCO Activos Inmobiliarios S.L.	B66672544	Avenida Alcalde Barnils 63, 08174 Sant Cugat del Vallès (Barcelona)	Registered in Barcelona’s Mercantile Registry, page no. B-478.427	Data Protection Officer GCO Activos Inmobiliarios S.L.	dpo@grupocatalanaoccidente.com