Privacy Policy

PRIVACY POLICY

Introduction

The right of privacy, particularly the right of personal data protection, is one of the fundamental principles of Grupo Catalana Occidente.

The purpose of this privacy policy is to explain, in compliance with the European Union's General Data Protection Regulations, 2016/679, and national and community implementation regulations in force at any given time, the way in which Grupo Catalana Occidente will process any possible personal data collected from its clients (as defined below).

 

Who is the controller of your personal data?

The Entity of Grupo Catalana Occidente with which you have a relationship. In the Attachment at the end of this privacy policy, the identification and registered office of the Entities that make up the Grupo Catalana Occidente may be found along with other information.

 

Who is the Data protection delegate?

The Data Protection delegate is the person designated by each Entity of the Grupo Catalana Occidente to ensure compliance with the aforementioned General Data Protection Regulations and other applicable regulations, who you may contact especially when you consider that your data protection rights and freedom have not been met, via the respective postal or electronic mail address indicated in the Attachment at the end of this privacy policy.

 

Who is the data protection supervisory authority?

The supervisory authority is the Spanish Data Protection Agency, with headquarters in Madrid (28001), Calle Jorge Juan, nº 6, to whom you may submit queries and/or complaints regarding this matter, should you consider that your data protection rights and freedom have not been duly respected by the corresponding Entity of the Grupo Catalana Occidente. For more information, go to the following website: https://www.agpd.es. 

 

What personal data is object of processing?

All personal data, whether collected directly or by an intermediary, including documents containing it, or obtained from recorded telephone conversations or Internet website browsing or other means, including biometric and geolocation data, will be processed before, during and after executing an application, contract or service related to any of the products marketed by Grupo Catalana Occidente's Entities on behalf of the customer, whose data is needed in the study, transmission, development and execution of contractual relationships.

In this sense, the definition of customer is established as any data subject that is a: policyholder, insured person, beneficiary, participant, shareholder, partner, subscriber, rightholder, mortgagor, investor in promissory notes and/or third party that establishes a contractual or services relationship with an Entity of Grupo Catalana Occidente. 

If the personal data is provided by a person other than the holder, it shall be the provider's obligation to previously communicate this information to the holder of the personal data, as well as to obtain his/her consent, when required, so the Entity of Grupo Catalana Occidente can process this data.

In addition, this personal data can be supplemented, always complying with the requirements established in the personal data protection regulations, by other data obtained from providers of Grupo Catalana Occidente, as well as that obtained from public sources or any personal data that the data subject has made public.

In general terms the personal data of minors shall only be processed when their parents or legal guardians have provided their consent for the processing required to execute the corresponding contract or service, the fulfilment of a legal obligation and/or in legitimate interest of the data controlling Entity of Grupo Catalana Occidente, notwithstanding the personal data protection rights established by the current applicable regulation.

 

Which are the purposes of processing your personal data?

(I) Main purpose:

The main purpose of processing this personal data is the study, transmission, development and execution of the contract or service subscribed to by the corresponding Entity of the Grupo Catalana Occidente and to effectively comply with the obligations established in the regulations applicable at all times to the Entity of the Grupo Catalana Occidente responsible for such data processing.

 

(II) Other aims:

Personal data will be object of processing for the purpose of setting prices and selecting risks and managing subsequent requests related to the risks that can be contracted. This processing may include, if necessary, profiling and/or automated decision-making in conformance with the provisions established in this privacy policy. 

Likewise, personal data will be object of processing for the purpose of fighting and preventing fraud and money laundering and the financing of terrorism, and the consultation and communication of information from/to sectoral files shall be permitted.

In addition, within the scope of managing the request and/or any of the contracts or services provided by any of the Entities of Grupo Catalana Occidente, the Entity controlling the personal data may process your personal data to assess your economic solvency, consulting and communicating information from/to financial solvency and creditworthiness files, as well as the carrying out of statistical, quality and technical studies, including those related to satisfaction surveys, market analysis, and research and service quality.

In insurance products the personal data may be processed to manage the coinsurance or reinsurance, in conformance with the current regulation.

Finally, as for contact forms, telephone numbers and social network profiles that may be made available to you by the different Entities of the Grupo Catalana Occidente, your data will be used to (i) attend to and manage queries and requests made via the telephone numbers and social network profiles provided for this purpose; (ii) attend to and manage suggestions, complaints and other queries made using the corresponding form; and (iii) to manage CVs provided for a selection process opened in Entities of Grupo Catalana Occidente.

 

(III) Advertising purposes:

In addition, if the customer authorises so, personal data shall also be processed to: (i) perform commercial actions and send the customer information, even via remote means, on other general or customised products and services, whether proprietary or belonging to other Entities of Grupo Catalana Occidente of which the controller is part of, as identified in the Annex included at the end of this privacy policy and/or on the website www.grupocatalanaoccidente.com; (ii) present customised advertising on websites, search engines and social networks; and (iii) offer the participation in promotional competitions. All of this even following the termination of the contractual relationship. In any of aforementioned cases the adjustment of products and services to your profile may be performed based on the analysis of risk and behavioural profiles, considering both internal and external sources, geolocation information and your browsing habits through the internet or social networks. 

 

What is the legitimation of the processing of personal data?

The legitimation of the aforementioned processing for the main purpose established above is based on the exercise of the offer, contract or service entered with the corresponding data controlling Entity of Grupo Catalana Occidente. 

Any processing for the other purposes mentioned above and for making automated decisions has legal grounds in the applicable regulation or the legitimate interest of each data controlling Entity of Grupo Catalana Occidente. Specifically, the processing of personal data for the purpose of developing loyalty programmes for customers is based on the legitimate interest of the Grupo Catalana Occidente's entity responsible for processing.

Lastly, the processing of personal data for advertising purposes is legitimised, where applicable, by express consent.  

 

For how long will we hold on to your personal data?

Your personal data will be held for the entire time that the relationship with the Entity of Grupo Catalana Occidente with which the service or contract has been formalised is effective. Once this relationship has ended, this data will be stored for the necessary period of time established by the applicable legislation at all times, and will be available to the courts and tribunals, Public Prosecutor's Office, State security forces and/or competent public administrations, in particular the appropriate personal data protection supervisory authorities, and corresponding supervisory bodies, in order to deal with any legal or contractual liabilities arising from the contract or service related to the data processing in question and during the applicable time in force. 

Any requests or proposals that do not materialise in a contract or service, regardless of the reason, shall be held for the required period to guarantee the fight against fraud in contracting and to prevent money laundering and the financing terrorism.

The guidelines on the terms of the storage, deletion and blocking of personal data, for their application by the Entity of Grupo Catalana Occidente responsible for the processing, are specified in the internal regulations on terms of the conservation, suppression and blocking of personal data, such as the development of the personal data protection policy and the use of ICT resources of Grupo Catalana Occidente.

 

To which recipients will your personal data be communicated?

(I) Entities belonging to the Grupo Catalana Occidente:

The customer's personal data, contract or service and any information arising or related thereof can be transferred to the Grupo Catalana Occidente entities specified in the Annex at the end of this privacy policy and/or on the website www.grupocatalanaoccidente.com for the purposes of complying with the regulations applicable to each Entity, and in general terms, to fight against fraud and prevent money laundering and the financing of terrorism, as well as, where applicable, maintain and comprehensively and centrally manage you relationship with the different Entities of Grupo Catalana Occidente.

We also specifically inform you that the Entities of Grupo Catalana Occidente share common services, with a different level of intensity, for the purpose of making use of the existing synergies, optimising resources and offering a better service to customers. To this end, several framework agreements have been entered to provide reciprocal services, which involve access to personal data managed by other Entities of Grupo Catalana Occidente and include various service provisions, including, but not limited to, the following: 

  1. Services provided by Grupo Catalana Occidente, Tecnología y Servicios A.I.E. for Grupo Catalana Occidente's Entities: (i) hosting and data hosting, (ii) computing system, communication and equipment maintenance and management (iii)  information security and the supporting systems (iv) IT application development and maintenance, (v) providing a service to handle claims, and (vi) reporting of information relating to the services provided, (vii) maintenance and management of presence monitoring, security systems and videosurveillance systems and (viii) document, printing and labelling management.
  2. Services provided by the Grupo Catalana Occidente Contact Center A.I.E. for Grupo Catalana Occidente's Entities: (I) provision of customer service through any means, including remote, such as telephone, internet and/or social networks, and (ii) carrying out campaigns and satisfaction surveys.
  3. Services provided by Prepersa Peritación de Seguros y Prevención A.I.E. for the Entities of the Grupo Catalana Occidente: render a service to cooperate in the management of claims related to insurance policies.

(II) Other Entities:

Personal data can also be communicated to different collaborators or service providers of any data controlling Entity of Grupo Catalana Occidente, such as, including but not limited to: insurance brokers, co-insurers, reinsurers, lawsuit experts and investigators, lawyers and solicitors, auditors, consultants, medical professionals and health assessors, financial, depository and managing Entities and other suppliers and professionals who process personal data as party responsible and on behalf of the corresponding Entity responsible for Grupo Catalana Occidente, in order to guarantee that services rendered by the aforementioned party responsible for the contract or service comply with obligations stipulated in the applicable regulations, in legitimate interest and/or in accordance with their given consent.

In all the aforementioned cases, we inform you that the computer servers of these service providers may be located in countries outside the European Union, where, if the level of privacy protection were not equivalent to the European or national personal data protection regulations, the corresponding data controlling Entity of Grupo Catalana Occidente shall adopt the necessary and appropriate measures to safeguard the data subject's rights and the information's security, according to the available technical means at any given time. 

(III) Official bodies and authorities:

Personal data will be given to all those recipients for whom such information must be disclosed by the Entities of the Grupo Catalana Occidente, in compliance with legal obligations, including, but not limited to, competent public bodies and administrations, such as the Spanish Tax Administration Agency or regional tax authorities, personal data protection control authorities, courts and tribunals, corresponding supervisory bodies, the Public Prosecutor's Office and/or State security forces and bodies.

(IV) Financial services and credit worthiness:​

The Entities of the Grupo Catalana Occidente have the right to consult and process data from claims files, information on capital and credit solvency and any other data allowing personal risk assessment, the maintenance and control of contractual relationship development, claims management and execution of statistical analyses for claims and fraud prevention. 

(V) In the case of having a car insurance policy:

The Insurance Entities of the Grupo Catalana Occidente, in accordance with current legislation, will provide the habitual driver subject to the insurance policy with information on sanctions, if any, that may be published in his or her name on the current or future certified websites, in compliance with current legislation on personal data protection.

Said insurance entity shall use data belonging to the Vehicle Investigation Institute in the centre of Zaragoza (Instituto de Investigación sobre Vehículos S.A) to identify the vehicle's registration and chassis number and all technical and administrative characteristics of the vehicle covered in the insurance policy.

The Insurance Entity of Grupo Catalana Occidente with which the car insurance policy is taken out will communicate the historical data of the number of claims related to the insurance to the following common sector information systems:

a)   The Car Insurance History File for the pricing and selection of risks, the purpose of which is to facilitate at the moment of the subscription of the contract the rigorous and verified information of accident rate data by pooling the information obtained through policies and claims, from the previous five years, in the terms expressed in the Civil Liability and Insurance Act.

b)   The Total Loss, Theft and Fire File, the purpose of which is to facilitate the automated identification of possible anomaly situations and of the risk of fraud, to cooperate with the State Security Forces and Bodies, facilitating the investigation of possible theft and fraud offences, among others, related to the insured motor vehicles; and cooperate with Centro Zaragoza, the State Security Forces and Bodies, the Directorate General for Traffic and the insurance company affected in the identification and location of stolen and compensated vehicles. 

For the exercise of data protection rights in relation to any of these files, please contact: Tecnologías de la Información y Redes para las Entidades Aseguradoras S.A. (TIREA), Ctra. Las Rozas a El Escorial Km 0,3 Las Rozas 28231 Madrid. 

You can find the rest of the data protection information on the Spanish Union of Insurance and Reinsurance Companies (UNESPA) (www.unespa.es) and TIREA (www.tirea.es) websites

 

(VI) If you have taken out a multi-risk insurance policy for home, business, community, SME and industry, civil liability or other insurance for various areas:

The Insuring Entity pertaining to Grupo Catalana Occidente with which the relevant policy is held may communicate the information on the claim relating to their insurance with different bodies responsible for said file for fraud prevention purposes The purpose of the System is to prevent and detect fraud by either warning the insurer at the time a policy is contracted or by detecting fraud committed in the declared claims, as well as to cooperate with the State Security Forces in their actions and investigations related to insured goods. For the exercise of data protection rights, please contact TIREA, Ctra. Las Rozas a El Escorial Km 0,3 Las Rozas 28231 MADRID. 

You can find the rest of the data protection information on the UNESPA (www.unespa.es) and TIREA (www.tirea.es) websites

 

(VII) If you have taken out a life, accident, health, illness, death or any other insurance policy in which we request or process health information:

Your personal data may be disclosed to the different partners and service providers of the corresponding Grupo Catalan Occidente Insurance Company mentioned above, who shall process all personal data as responsible party in the name and on behalf of the aforementioned Insurance Company.

In addition, and specifically, if you are a holder of:
 

(a)   a life insurance policy with death benefit and/or an accident insurance policy covering the contingency of the insured person's death, whether individual or collective policies, in compliance with current legislation, your personal data will be disclosed to the public insurance register of contracts with death benefit dependent on the Ministry of Justice or the one that may replace it in the future, as the case may be.

(b)   of health insurance or healthcare insurance, in which case your personal data, including health data, may be disclosed to the corresponding insurance company of the Catalana Occidente Group to doctors, health centres, hospitals or other institutions or persons in order to fulfil, develop, control and execute healthcare, leading to the reimbursement or indemnity stipulated in the insurance contract upon consulting or verifying the causes and medical background of the interested party with the aforementioned health providers to justify any benefits, reimbursements or indemnifications, and, where applicable, recovering expenses. Specifically, in the case of healthcare insurance, in order to inform the policyholder of the collection of each co-payment, the insurance entity may communicate to the policyholder the details of the medical services used by each insured person of the policy, including the healthcare and professional centres that he has visited and/or the list of the tests to which each insured person has submitted.

 

(VIII) In the event of having contracted a social welfare product:

Your personal data may be exchanged between the Managing Entity, the Depositary and the Promoter and/or Marketing Entity of such social welfare products.

Likewise, in the case of asking to demonstrate vested rights from the Managing Entity or target insurance company, the client must present this demonstration request and an authorization to the Managing Entity or target insurance company so that, in their name, the source fund Managing Entity may be asked to demonstrate such vested rights, in addition to all financial and fiscal data needed in the process.

 

(IX) In the event of having subscribed shares in any of the investment funds commercialised by Grupo Catalana Occidente:

Your personal data may be exchanged between the Managing Entity, the Depositary and the corresponding Marketing Entity of the said investment funds.

 

What are your rights when you provide your personal data?

As holder of your personal data, you are entitled to the rights set out below, which you may exercise by proving your identity, in the way explained in the Data Protection Delegate section:

(i) Right of access. Information about your personal data may be requested from the corresponding Entity of the Grupo Catalana Occidente, including how such data is processed, as well as obtaining a copy of such data in a user-friendly, structured, easy to read format.

 

(ii) Right of rectification. You may request the rectification of personal data that is inaccurate, and, where incomplete, you have the right to request that such data be correctly filled in, including an additional declaration where necessary.

 

(iii) Right of withdrawal. You may request your personal data be withdrawn when it is no longer needed for the purposes for which it was collected by the Entity of the Grupo Catalana Occidente responsible for its processing, or when you withdraw your consent for which such processing is based. Such a request shall not be applicable when processing is required on the grounds of what is stipulated in the paragraph "legitimation of the processing of personal data".

In this respect, in the digital environment of any of the Entities of Grupo Catalana Occidente, if you exercise your right to be forgotten, the corresponding Entity will contact the Internet service provider to transmit the interested party's request to cancel the processing of personal data affecting them, taking into account available technology and the cost of using it; in this case, data will only be stored by the person responsible in order to make, exercise rights to or defend claims. The request shall not be applicable when the processing is required on the basis of the provisions included in the section “legitimation of the processing of your personal data”, whether the processing is required to exercise the right of freedom of expression and information or on grounds of public interest.

 

(iv) Right to Object. You may object to your personal data being processed, unless the Grupo Catalana Occidente Entity responsible for such processing have legitimate reasons to continue doing so, in which case such data will only be stored by the legally responsible person to make, exercise rights to or defend claims. The processing of personal data for commercial or advertising purposes shall not be considered legitimate and therefore the right to object shall be deemed equivalent to the withdrawal of given prior consent. Such a request shall not be applicable when processing is required on the grounds of what is stipulated in the paragraph "legitimation of the processing of personal data".

 

(v) Right to restrict processing. You may request the processing of your personal data be restricted, which may involve your data being blocked in the following circumstances: (i) when you challenge data accuracy, (ii) when the data controller objects to data deletion in the event of lawful processing, (iii) when the controller no longer needs the data but it is needed to make, exercise rights to or defend claims or, (iv) when you have objected to processing, whilst the controller verifies whether your legitimate reasons prevail over theirs; in this case they shall only be held by controller to draw up, exercise or defend claims.

 

(vi) Right to data portability: Where technically possible, you may request that relevant personal data subject to automated processing be transmitted to another controller, or to yourself as data subject, in a structured, commonly used and easy to read format, and without detriment to your rights of deletion or to be forgotten, in which case such data will only be stored by the data controller for the purpose of formulating, exercising or defending claims.  

Any communications and actions performed in the context of exercising your rights shall be free of charge. When the requests are manifestly unfounded or excessive, especially when they are of a repetitive nature, the data controlling Entity of Grupo Catalana Occidente may charge a fee according to the expenses borne to fulfil the request.

 

Confidentiality of personal data

From the first moment it initiates the data processing, the data controlling Entity of Grupo Catalana Occidente shall implement the technical, organisational and security measures necessary, considering the state of technology, to guarantee the confidentiality, integrity, availability and resilience of the personal data, as well as to prevent its unauthorised access, alteration, loss or processing.

We inform you that the computer servers of some Grupo Catalana Occidente service providers may be located in countries outside the European Union, where, if the level of privacy protection were not equivalent to the European or nationals personal data protection regulations, the corresponding data controlling Entity of Grupo Catalana Occidente shall adopt the necessary and appropriate measures to safeguard the data subject's rights and the information's security, according to the available technical means at any given time.  

 

Privacy policy validity

Grupo Catalana Occidente states that the privacy policy published on the website www.fundacionjesusserra.org at any given time shall always be the valid version, and it reserves the right of modifying it whenever necessary. If any customer of an Entity of Grupo Catalana Occidente would like to access previous versions, they may write to the corresponding Data Protection Officer as established in the Annex of this Policy Privacy. 

 

Copyright

Grupo Catalana Occidente reserves all the rights regarding the content of this privacy policy. The reproduction, distribution, transformation, handling, public communication or any other kind of total or partial use, free of charge or in return of a consideration, of this document is strictly forbidden without a written authorisation. 

Grupo Catalana Occidente reserves the right to apply, at any given time and without prior notice, as many modifications, variations, deletions or cancellations in the content and in the way it is presented as deemed appropriate. 

Version 4, approved on 10 December 2020.

 

ANEXO: ENTIDADES QUE INTEGRAN EL GRUPO CATALANA OCCIDENTE A LOS EFECTOS DE LA PRESENTE POLÍTICA DE PRIVACIDAD

 

ENTIDAD

NIF

DOMICILIO SOCIAL

DATOS REGISTRALES

DATOS DE CONTACTO DPO

 CORREO ELECTRONICO

Grupo Catalana Occidente S.A.

A08168064

Paseo de la Castellana 4, 28046 Madrid

Inscrita en el Registro Mercantil de Madrid, en el tomo 36.829, folio 141, Hoja M-659.287

Delegado Protección de Datos

Grupo Catalana Occidente

 

dpo@grupocatalanaoccidente.com

Bilbao, Compañía Anónima de Seguros y Reaseguros

A48001648

Paseo del Puerto 20,   48992 Neguri- Getxo (Vizcaya)

Inscrita en el Registro Mercantil de Vizcaya, en el tomo 55, folio 103, Hoja 2.436

Delegado Protección de Datos

Seguros  Bilbao

 

dpo@grupocatalanaoccidente.com

Seguros Catalana Occidente, S.A. de Seguros y Reaseguros, Sociedad Unipersonal

A-28119220

Paseo de la Castellana 4, 28046 Madrid

Inscrita en el Registro Mercantil de Madrid, en el tomo 37.110, folio 177, hoja M-91.458

Delegado Protección de Datos

Seguros Catalana Occidente

 

dpo@grupocatalanaoccidente.com

Nortehispana de Seguros y Reaseguros S.A., Sociedad Unipersonal

A-08185589

Paseo de la Castellana 4, 28046 Madrid

Inscrita en el Registro Mercantil de Madrid, en el tomo 36.935, folio 1, hoja M-660.565

Delegado Protección de Datos

Nortehispana Seguros

 

dpo@grupocatalanaoccidente.com

Plus Ultra, Seguros Generales y Vida S.A. de Seguros y Reaseguros, Sociedad Unipersonal

A-30014831

Plaza de las Cortes 8, 28014 Madrid

Inscrita en el Registro Mercantil de

Madrid, en el

tomo 5.992,

folio 100,

hoja  M-97.987

Delegado Protección de Datos

Plus Ultra Seguros

 

dpo@grupocatalanaoccidente.com

Grupo Catalana Occidente Gestión de Activos SGIIC, S.A.

A-28475754

Cedaceros 9, planta baja, 28014 Madrid 

Inscrita en el Registro Mercantil de Madrid, en el tomo 36.521, folio 171, hoja M-52.463

Delegado Protección de Datos

GCO Gestión de Activos

 

dpo@grupocatalanaoccidente.com

Bilbao Hipotecaria S.A., EFC

A-48409023

Paseo del Puerto 20,   48992 Neguri- Getxo (Vizcaya)

Inscrita en el Registro Mercantil de Vizcaya, en el tomo 2.228, folio 150, hoja número 16.326

Delegado Protección de Datos

Bilbao Hipotecaria

 

dpo@grupocatalanaoccidente.com

Grupo Catalana Occidente Contact Center, AIE

V-65404063

Jesus Serra Santamans 3, 08174 Sant Cugat del Vallés (Barcelona)

Inscrita en el Registro Mercantil de Barcelona, en el tomo 42.241, folio 185, hoja número B-405.292

Delegado Protección de Datos

GCO Contact Center

 

dpo@grupocatalanaoccidente.com

Grupo Catalana Occidente Tecnología y Servicios AIE

V-65004517

Avenida Alcalde Barnils 63, 08174 Sant Cugat del Vallés (Barcelona)

Inscrita en el Registro Mercantil de Barcelona, en el tomo 41.030, folio 29, hoja número B-376.366

Delegado Protección de Datos

GCO Tecnología y Servicios

 

dpo@grupocatalanaoccidente.com

Catalana Occidente Capital, Agencia de Valores

A-63764138

Avenida Alcalde Barnils 63, 08174 Sant Cugat del Vallés (Barcelona)

Inscrita en el Registro Mercantil de Barcelona, en el tomo 37.416, folio 142, hoja número B-298.341

Delegado Protección de Datos

COCAV

 

dpo@grupocatalanaoccidente.com

GCO Previsión, Entidad de Previsión Social Voluntaria Individual

V-48410120

Paseo del Puerto 20,   48992 Neguri- Getxo (Vizcaya)

Inscrita en el Registro Mercantil de Vizcaya, en el tomo 2111,  Folio 124, Hoja 5-8

Delegado Protección de Datos

GCO Previsión EPSV

 

dpo@grupocatalanaoccidente.com

GCO Gestora Pensiones E.G.F.P., S.A.

A-67000471

Paseo de la Castellana 4, 28046 Madrid

Inscrita en el Registro Mercantil de Madrid, en el tomo 36.886, folio 90, hoja M-659.976

Delegado Protección de Datos

GCO Gestora de Pensiones

 

dpo@grupocatalanaoccidente.com