Security and privacy

Bankinter was the first bank to incorporate technology to make life easier for its customers. We also strive to offer you a high level of protection and privacy for your data and operations. Accordingly:

• High security standards are implemented and developed to protect the authenticity, confidentiality, integrity and availability of Information Systems from an operational and technical standpoint.
• Online Banking web servers use an Extended Validation Certificate issued by Entrust.
• All information transmitted is encrypted with standard algorithms and keys established on each connection using TLS protocol, and our systems connected to the Internet have been protected by “firewalls” and intrusion detection systems, which would prevent a possible attack by protecting our Online Banking.
• We run regular internal and external Intrusion Tests on our Information Systems.

Bankinter is the first Spanish financial institution to simultaneously receive the ISO 22301:2012 and ISO/ISEC 27001:2013 certificates from the British Standards Institution (BSI). These certifications guarantee the bank's operability and compliance with its requirements regarding the Business Continuity Management System and the Information Security Management System.

• Every time you sign an transaction, you enter your coordinates using a display panel (this system averts the risk of malware that try to capture information using keystrokes [“KeyLogger”]).
• You are automatically logged off after 20 minutes of non-use (30 minutes in the Broker). This measure prevents someone else from accessing your data on your computer if you forget to log off (by not clicking on Log Off).
• We have control systems for custom operating limits, so that a customer cannot carry out operations above a certain amount; and general operating limits, which limit the total amount of transactions that can be carried out through our websites. This measure limits the risk of any loss.
• Safer transfers thanks to the two-factor authentication factor that Bankinter uses if you provide us with your mobile phone number.
• We show you the date and time of your last connection and the last password change so you can detect if anyone has connected on your behalf in the past few days.
• We ask you to change the password the first time you log in so only you know it. That way, we know it's really you.
• Your online banking username and password must be at least 6 characters long, so they are difficult to guess.
• You can choose not to receive statements of account or regular mail about your banking activity; this also means there is less risk of someone finding out about your financial situation by looking through your mailbox. All statements of account and supporting documents for transactions are available and can be consulted on the website.

Bankinter has obtained the ISO 27001 certification for:

• Identification.
• Authentication.
• Signing of transactions and the respective electronic evidence through the internet.

This international certification consolidates Bankinter's commitment to achieving the highest quality standards and the greatest professionalism in managing the security of customers' data on the internet.

To achieve ISO 27001 certification, the Bank has undergone a thorough review of its organisational and technical aspects related to security management consisting in an extremely rigorous, methodological and periodic impact analysis to detect and manage risks.

The successful outcome of these reviews demonstrates, to our customers, shareholders and ourselves, the committed approach we adopt to quality, security, continuous improvement and customer satisfaction.

Bankinter is the first Spanish financial institution to obtain ISO 22301 certification for:

• Identification.
• Authentication.
• Signing of transactions and the respective electronic evidence through the internet, teleprocessing banking platforms and the electronic equity trading infrastructure.

To achieve this certification, the Bank has undergone a thorough review consisting of a rigorous, methodological and periodic analysis of its organisational and technical aspects related to continuity management, operational processes for incident detection and response, and risk management.

Bankinter was the first bank in the world to obtain ISO 22301 certification from BSI.

This globally recognised certification offers further proof of the Bank's leadership and commitment to professional excellence and the quality of the services provided to customers.

Bankinter will never ask you for your access or signature passwords by email or any other means. If you have any doubts about the authenticity of an email in our name, contact Telephone Banking immediately.

Recommendations for your passwords

• Change your username and password regularly.
• Include numbers and letters in your username and password. Avoid using real names or things associated with you.
• Never reveal your password, particularly by email or phone.

Remember: no one at Bankinter will ever ask for your password. It that happens, it's an attempt at fraud (phishing, smishing, vishing, etc.). Do not trust emails that request your data, pop-up windows, forms that ask for several codes to sign transactions, even if they seem to be from us.

Recommendations for your connections

• Do not use the "Autocomplete passwords" option to connect to an entity or service.
• Do not forget to disconnect from the website once you have finished with it.

Recommendations for your computer

• Keep your browser version updated.
• Keep your operating system up to date with the latest updates.
• Avoid downloading from unknown web sites.
• Always keep your antivirus up to date.

The security of your computer is essential. Your computer should always be up to date.

Regardless of what you use your computer for, it should always be protected with appropriate tools, such as:

• An antivirus, which should always be up to date.
• A firewall.

Check the free protection tools.

Mobile phones can also be infected with a virus. Our advice is:

• Do not breach the manufacturer's security (root/jailbreak).
• Install an antivirus.
• Do not download applications from unofficial sites.
• Be careful about the installation of applications and the permissions you give them.

It is important that the browsers you use to access Bankinter Online Banking are up-to-date, this can help us prevent fraud, as they feature prevention technologies.

Bankinter processes your personal data in compliance with the provisions of Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Bankinter, S.A. ('Bankinter') is therefore the data controller.

As the data controller, Bankinter has the technical, organisational and human resources needed to guarantee the security and protection of its information systems, along with the customer information and data they host.

Your personal data will not be passed to third parties, except due to legal obligation or if you give your consent. However, the service providers that Bankinter uses (or may use in the future) to process data may be able to access your personal data. In these cases, Bankinter guarantees the confidentiality of the personal data provided to third parties, and that they will apply appropriate security measures.

We process your personal data to comply with prevailing legal obligations and the rights and obligations set out in your contracts with us.

Unless you have withheld your consent, we may use your personal data to send you information through any channel (including electronic ones) about products or services that Bankinter is interested in promoting and that may be of interest to you since they are similar to the ones you already hold with us. To be able to carry out these commercial actions, we will analyse your personal data and create a profile so that the communications you receive match your needs, tastes and preferences as closely as possible. We will disclose your data to the Bankinter Group companies from which you request or with which you hold any type of financing product or service so that they can verify your solvency or the credit risk of approving said products or services, and can also manage and monitor the financing products and services you already hold, using the details in the possession of any other Group company for these purposes. This consultation with other Group companies will speed up the application and management process for these products and services because it will enable us to ensure that your financing products and services are suitable for your debt capacity and to guarantee that Bankinter Group performs adequate risk control.

Additionally, and provided you have given your consent, we may process your data for the following purposes: (i) to send you commercial communications, through any channel (including electronic ones), about products and services that have no similarity to those you already hold with Bankinter, any Bankinter Group company or any entity with which the Bank has entered into partnership agreements; (ii) to enable Bankinter Group companies and their subsidiaries and investees to send you information through any channel (including electronic ones) about products and services tailored to your tastes and preferences, for which purpose you give them permission to consult the personal data that any of these entities hold about you; (iii) to access and add to our own records any personal data that third parties hold about you so that we can customise our commercial offers more accurately and tailor them to your needs, tastes and preferences.

The personal data we process are the data you provide when you acquire a product or service with us, as well as the data we obtain from Bankinter Group companies when you have given us permission to do so. However, if you have given your consent, we may enrich your data as described in the previous paragraph.

You can exercise your rights of access, rectification, cancellation, opposition, limitation of treatment and portability in the cases and with the scope established in prevailing legislation at any time, by calling our Telephone Banking on 91 657 88 00, going to your branch or Bankinter agent, or by writing to: Bankinter, S.A. Operations “Data Protection”, Pico de San Pedro 1, Tres Cantos, 28760 Madrid.

For more information about how Bankinter processes your data, and in particular about the lawful basis for doing so, please refer to the “Use of personal data” section under “Privacy and Data” at www.bankinter.com/banca/nav/seguridad-privacidad.

If you have any further questions, please contact our Data Protection Officer by email at the following address: [email protected].

You can find information on how the bank obtains your data, the purposes for which it process your data, the legal basis for this, the recipients of the data and your rights with regard to personal data processing at Information on the use of personal data.