SECURITY AND PRIVACY

bankinter/empresas.com

Bankinter was the first bank to incorporate technology to make life easier for its customers. We also strive to offer you a high level of protection and privacy of your data and transactions. Therefore:

• High security standards are implemented and developed to protect the authenticity, confidentiality, integrity and availability of information systems from an operational and technical standpoint.
• The Online Banking web servers use an extended validation certificate issued by the trust certifying entity Entrust.
• All transmitted information is encrypted with standard complex algorithms and with passwords established in each connection using a secure protocol. Our systems connected to the internet are protected by "firewalls" and intrusion detection systems to prevent possible attacks and protect online banking.
• We run regular internal and external Intrusion tests on our information systems.

Bankinter was the first financial institution in the world to simultaneously receive ISO 22301:2019 and ISO/IEC 27001:2022 certification by the British Standards Institution (BSI). The Bank subsequently obtained ISO/IEC 27017:2015 certification from BSI. These certifications attest to the Bank's quality, operability and compliance with the requirements of the business continuity management system, the information security management system and the cloud services security management system.

Our information security, business continuity and cloud services security policies are available here.

Additional security measures

1. Every time you sign a transaction, you enter your coordinates using a display panel (this system averts the risk of keylogger malware that tries to capture information by using keystrokes).
2. You are automatically logged off after 20 minutes of non-use (30 minutes in the Broker). This measure prevents others from accessing your data on your computer if you are careless or neglectful (if you do not use the Logout option).
3. We have control systems for custom operating limits to prevent transactions above a certain amount; and general operating limits, which limit the total amount of transactions that can be carried out through our websites. This measure limits the risk of any loss.
4. You have to change the password the first time you log in so only you know it—to ensure nobody can impersonate you.
5. Your online banking username and password must be at least 6 characters long, so they are difficult to guess.
6. You can choose not to receive account statements or regular mail about your banking activity; this also means there is less risk of someone finding out about your financial situation by looking through your mailbox. All account statements and supporting documents for transactions are available and can be consulted on the website.

Biometric Login: Touch ID/Face ID on iOS and Fingerprint on Android

We can use the Biometric Login as an access method, based on TouchID technology, Apple FaceID and Android Fingerprint 6.0. We can use this technology to safely store certain data that can only be accessed via fingerprint. These data are stored locally on the device, in a single, secure and fingerprint-protected location, not synchronised in iCloud or copied in any device backups that might be made.

Touch ID is only accessible on Apple phones from iPhone 5S with iOS8 or higher and on iPads with TouchID. The FaceID mechanism is only available on iPhone X.

Android fingerprint authentication is only available for devices that support fingerprint and Android 6 or higher.

The authentication process applied to the new online banking is based on enabling this secure location after a successful “manual” login through the new app. Users can safely store a unique key for that terminal which is their fingerprint or face (FaceID) protected. For subsequent authentication processes, all users have to do is put their fingerprint on the sensor button to access their private area directly (without typing in credentials); FaceID authentication is even more transparent for user as you simply need to be facing your phone.

The volume of attempted fraud against us and other banks is increasing every year. These attempts are designed to steal your login credentials and are carried out through different means:

• Phishing (fraudulent emails)
• Vishings (fraudulent calls)
• Smishings (fraudulent SMS)
• Identity theft
• QR hacks (modified QR codes)
• Baiting (fraudulent external devices)
• BIZUM (unexpected payment request attempts)

If you think you have been the victim of a scam or fraud, or you suspect any movement in your account or on your card, contact our Fraud Assistance Service (900 81 00 62) immediately. The line is open 24/7. If you prefer, you can also go to the nearest branch to receive help.

Remember, you can block your card directly on the Bankinter website or app, or cancel it by calling VISA (900 991 124).

Some important recommendations:

1. Change your username and password regularly. Your username and password should contain a combination of numbers, letters and special characters. Avoid using real names or things associated with you.
2. Never reveal your password, particularly by email or phone.
3. Don't forget to disconnect from the website once you have finished with it.
4. Keep your browser version updated.
5. Keep your operating system up to date with the latest updates.
6. Avoid downloading from unknown web sites.
7. Always keep your antivirus up to date.

Check the FREE PROTECTION TOOLS.

Privacy and Data

The processing of your personal data by Bankinter is governed by compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter, the LOPDyGDD). Therefore, we inform you that Bankinter, S.A. (hereinafter, "Bankinter") is responsible for the processing of your data.

As the data controller, Bankinter has the technical, organisational and human resources necessary to guarantee the security and protection of its information systems, as well as the data and information that are stored in them.

Your personal data will not be transferred to third parties unless legally required or when you give us your consent to do so. However, the service providers that Bankinter uses (or may use in the future) to process data may be able to access your personal data. In these cases, Bankinter guarantees the confidentiality of personal data provided to third parties and that they implement appropriate security measures.

We remind you that your personal data will be processed to comply with both applicable legal obligations and the rights and obligations set forth in the contracts you have with us.

Please note that Bankinter has a legitimate interest in processing your data to prevent and avoid fraud related to the products and/or Services you acquire, as well as to contact you to assist you with any pending processes. In addition and unless you have indicated otherwise, your personal data will be processed to: (i) Inform you, through any channel (including electronic and digital channels), about products and/or services similar to those you have acquired from us and that the Bank is interested in marketing (ii) Analyse aspects of your personal and financial situation, based on data provided by you and/or derived from the products and/or services you have with Bankinter or in which you are involved (including aggregated transactional data such as, for example, average balances or receipt numbers), in order to understand your habits and preferences, create a basic commercial profile and offer you products and/or services that may be of interest to you. In addition, it will also allow us to create and/or improve our portfolio of products and services.

Additionally and provided you have given your consent, your personal data may be processed for the following purposes: (i) Bankinter may send you commercial communications, through any channel (including electronic and digital channels), about products and/or services of Bankinter, the Bankinter Group and its subsidiaries or companies with which we have collaboration agreements, which have no similarity with those you have already acquired, (ii) analyse aspects of your personal and financial situation based on data provided by you, data derived from the products and/or services that you have with Bankinter or in which you are involved (including all transactional data) and data incorporated in our files obtained from external sources, in order to understand your habits and preferences and create an advanced commercial profile. This will allow us to offer you products and/or services specifically designed for you, as well as create and/or improve our portfolio of products and services. Data from public registers, credit information systems, the CIRBE, social networks and Informa, among other sources, will be accessed for this processing. (iii) to share your personal data with companies in the Bankinter Group and its subsidiaries so that they can offer you products and/or services through different channels (including electronic and digital channels); (iv) to share your personal data with companies in the Bankinter Group and its subsidiaries so they can evaluate and predict personal aspects about your financial situation, preferences, interests and behaviour, so they can prepare a commercial profile for you.

The personal data subject to processing refers to: (i) that provided by you when becoming a Bankinter customer and when acquiring different products and/or services (ii) data derived from the provision of the products and/or services you have acquired, (iii) Data obtained from third parties when you have given your consent or when permitted by regulations.

You may exercise your rights of access, rectification, cancellation, opposition, restriction of processing and portability in the cases and within the scope specified in the applicable legislation at any time by calling Telephone Banking on 900 80 20 81, in person by visiting your branch or Bankinter agent, or by writing to: Bankinter, S.A. Operations "Data Protection", Pico de San Pedro, 1 Tres Cantos CP 28760, Madrid.

You can obtain more information about how Bankinter processes your data, in particular the legal bases that legitimise it, in Section "Additional Information on Data Protection", which you can find in Section 3 of the legal notice on the Bankinter website.

If you have any additional questions, you can contact our Data Protection Officer by sending an email to [email protected].

Use of personal data

You can find information on how the bank obtains your data, the purposes for which it processes your data, the legal basis for this, the recipients of the data and your rights with regard to personal data processing at Information on the use of personal data.