SECURITY AND PRIVACY

Using bankinter.com

Bankinter was the first bank to incorporate technology to make life easier for its customers. We also strive to offer you a high level of protection and privacy of your data and operations. So:

• High security standards are implemented and developed to protect the authenticity, confidentiality, integrity and availability of information systems from an operational and technical standpoint.
• The Online Banking web servers use an extended validation certificate issued by the trusted certifying entity Entrust.
• All transmitted information is encrypted with standard, complex algorithms and with keys established in each connection using a secure protocol. Our systems connected to the internet are protected by "firewalls" and intrusion detection systems to prevent a possible attack and protect online banking.
• We run regular internal and external Intrusion tests on our information systems.

Bankinter was the first financial institution in the world to simultaneously receive ISO 22301:2019 and ISO/ISEC 27001:2022 certification by the British Standards Institution (BSI). These certifications guarantee the Bank's quality, operability and compliance with the requirements of its business continuity management system and the information security management system.

Additional security measures

1. Every time you sign a transaction, you enter your coordinates using a display panel (this system averts the risk of "keylogger" malware that tries to capture information by using keystrokes).
2. You are automatically logged off after 20 minutes of non-use (30 minutes in the Broker). This measure prevents others from accessing your data on your computer if you are careless or neglectful (if you do not use the Logout option).
3. We have control systems for custom operating limits, so that a customer cannot carry out operations above a certain amount; and general operating limits, which limit the total amount of transactions that can be carried out through our websites. This measure limits the risk of any loss.
4. You have to change the password the first time you log in so only you know it—to ensure nobody can impersonate you.
5. Your online banking username and password must be at least 6 characters long, so they are difficult to guess.
6. You can choose not to receive statements of account or regular mail about your banking activity; this also means there is less risk of someone finding out about your financial situation by looking through your mailbox. All statements of account and supporting documents for transactions are available and can be consulted on the website.

Biometric Login: Touch ID/Face ID on iOS and Fingerprint on Android

We can use the Biometric Login as an access method, based on TouchID technology, Apple FaceID and Android Fingerprint 6.0. We can use this technology to safely store certain data that can only be accessed via fingerprint. This data is stored locally on the device, in a single, secure and fingerprint-protected location, not synchronised in iCloud or copied in any device backups that might be made.

The Touch ID is only accessible on Apple phones from iPhone 5S with iOS8 or higher and on iPads with TouchID. The FaceID mechanism is only available on iPhone X.

Android fingerprint authentication is only available for devices that support fingerprint and Android 6 or higher.

The authentication process applied to the new online banking is based on enabling this secure location after a successful “manual” login through the new App. The user can safely store a unique key for that terminal which is fingerprint or face (FaceID) protected. For later authentication processes, all the user has to do is put the fingerprint on the sensor-button to access the private area directly (without typing in credentials); FaceID authentication is even more transparent for the user, all you need to do is to be facing your phone.

The volume of attempted fraud against us and other banks is increasing every year. These attempts are designed to steal your login credentials and are carried out through different means:

• Phishing (fraudulent emails)
• Vishings (fraudulent calls)
• Smishings (fraudulent SMS)
• Identity theft
• QR hacks (modified QR codes)
• Baiting (fraudulent external devices)
• BIZUM (unexpected payment request attempts)

If you think you have been the victim of a scam or fraud, or you suspect any movement in your account or on your card, contact our Fraud Assistance Service (900 81 00 62) immediately. The line is open 24/7. If you prefer, you can also go to the nearest branch to receive help.

Remember, you can block your card directly on the Bankinter website or app, or cancel it by calling VISA (900 991 124).

Some important recommendations:

1. Change your username and password regularly. Your username and password should contain a combination of numbers, letters and special characters. Avoid using real names or things associated with you.
2. Never reveal your password, particularly by email or phone.
3. Don't forget to disconnect from the website once you have finished with it.
4. Keep your browser version updated.
5. Keep your operating system up to date with the latest updates.
6. Avoid downloading from unknown web sites.
7. Always keep your antivirus up to date.

Check the FREE PROTECTION TOOLS.

Privacy

Bankinter's processing of your personal data is conducted in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to personal data processing and on the free movement of such data, and with Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter, the LOPDGDD). Accordingly, we hereby inform you that Bankinter, S.A. (hereinafter, “Bankinter”) is the data controller.

As the data controller, Bankinter has the technical, organisational and human resources needed to guarantee the security and protection of its information systems, along with the customer information and data they host.

We will not transfer your personal data to any third parties, unless it is to comply with a legal obligation or unless you give your consent. However, service providers that Bankinter engages or may engage as data processors may have access to your personal data. In these cases, Bankinter guarantees the confidentiality of the personal data provided to third parties, and that they will apply appropriate security measures.

Your personal data will be processed to comply with the applicable legal obligations and with the rights and obligations specified in your contracts with us.

We inform you that, unless you have indicated otherwise, your personal data will be used for the following purposes: (i) to inform you, through any channel (including electronic channels), about products and/or services similar to those you have arranged with us and that the Bank is interested in promoting; (ii) to assess your personal characteristics using data that you have provided or data from your products and/or services so that we can learn more about you and anticipate your financial situation, personal preferences, interests and behaviour. This will enable us to prepare a commercial profile about you and identify which products and/or services that the Bank wants to promote may interest you, personalise marketing actions related to these products and/or services, and create new products and/or services and improve their features.

Additionally, if you have given your consent, your personal data may also be processed: (i) to enable Bankinter to send you commercial communications, by any channel (including electronic channels), about products and/or services from Bankinter, Bankinter Group and its subsidiaries, or companies with which we have partnership agreements, that may not be similar to those you have already contracted; (ii) to incorporate and analyse personal data obtained about you from external sources for the purpose of evaluating your personal aspects to prepare a commercial profile to understand your interest in products and/or services that the bank is interested in marketing, personalise commercial actions, create new products and/or services, and improve existing products and/or services. Data from public registers, credit information systems, the CIRBE, social networks and Informa, among other sources, will be accessed for this processing. (iii) to share your personal data with companies in the Bankinter Group and its subsidiaries so that they can offer you products and/or services through different channels (including electronic channels); (iv) to share your personal data with companies in the Bankinter Group and its subsidiaries so they can evaluate and predict personal aspects about your financial situation, preferences, interests and behaviour, so they can prepare a commercial profile for you.

The personal data processed are: (i) data provided by you when you became a Bankinter customer and those you have provided for the contracting of products and/or services. (ii) data from providing the products and/or services you have arranged. (iii) data obtained from third parties when you have given your consent or when permitted by the regulations.

You may exercise your rights of access, rectification, cancellation, opposition, restriction of processing and portability in the cases and within the scope specified in the applicable legislation at any time by calling Telephone Banking on 900 80 20 81, in person by visiting your branch or Bankinter agent, or by writing to: Bankinter, S.A. Operations “Data Protection”, Pico de San Pedro 1, Tres Cantos, 28760 Madrid.

For more information about how Bankinter processes your data, and in particular about the lawful basis for doing so, please refer to “Additional Information on Data Protection” in section 3 of the legal notice on Bankinter's website.

If you have any further questions, please contact our Data Protection Officer at: [email protected].

Use of personal data

You can find information on how the bank obtains your data, the purposes for which it processes your data, the legal basis for this, the recipients of the data and your rights with regard to personal data processing at Information on the use of personal data.