The controller of your personal data is Bankinter, S.A. ("Bankinter"), with Tax ID No. A28157360 and registered office at Paseo de la Castellana 29, 28046 Madrid.

Bankinter has appointed a Data Protection Officer who can be contacted at the following e-mail address: [email protected]

The data you have provided will be processed:

1. The data you have provided will be processed in order to manage the development, compliance, and control of the existing shareholder relationship for the calling and holding of the general meeting. More specifically, they will be processed for the exercise of the rights of attendance, delegation, and voting at the General Meeting, the right to information, as well as for participation in the Electronic Shareholders' Forum, or they may be provided by banks and Stock companies and agencies where said shareholders' shares are deposited or held.

   If you are a representative of a shareholder, we hereby inform you that your personal data will be processed in order to manage the development, compliance, and control of the shareholder relationship for the exercise of the rights of attendance, delegation, and voting at the General Meeting.

2. For the purposes and subject to the lawful basis indicated in the data protection clause that you accept when filling out each of the forms that ask you for personal data.

The legal grounds for processing your personal data are:

For purpose 1: the contractual relationship you have with the Entity as a shareholder. 

For purpose 2: compliance with applicable legal obligations.

Any refusal to supply the personal data requested, or the submission of inaccurate or incomplete data, could therefore render it impossible to properly provide you the services. Shareholders are responsible for ensuring the data they provide are true, accurate, current, and complete, and for notifying Bankinter of any changes.

Your personal data will be kept as long as you are a shareholder.

As soon as they are no longer necessary for this purpose, they will be blocked for the period during which they may be required for the exercise of, or as a defense against, administrative or legal proceedings. In general, the data will be kept for a period of 6 years as established in the Code of Commerce.

Bankinter will not disclose your data to any third parties unless it is to fulfill a legal obligation.

Likewise, we hereby inform you that your data will be communicated to the Notary when necessary for the purposes of drafting the notarial record for the General Meeting, as well as to any third parties who are entitled to the right to information in accordance with the law or where publicly available to the extent recorded in the documents available on the Company's website or declared at the General Meeting, the holding of which may be subject to audiovisual recording and published on Bankinter's website.

If you attend the General Meeting, we hereby inform you that it will be recorded and published on Bankinter's website (www. bankinter.com)

You may exercise the following rights at any time in the situations and subject to the scope established by applicable legislation:

• - Access
• - Rectification
• - Erasure
• - Objection to processing
• - Restriction of processing
• - Portability

To exercise these rights, you may contact Bankinter through any of the following channels, attaching a copy of your National Identity Document or equivalent document proving your identity.

• - At your usual branch.
• - By writing to Bankinter, S.A. Operations, Data Protection. Calle Pico San Pedro, 1. Tres Cantos. 28760.
• - By e-mail: [email protected]

You are entitled to lodge a claim with the Spanish Data Protection Agency.

Bankinter will process the personal data you have supplied in your capacity as a shareholder.

In the case that the shareholder includes personal data relating to other natural persons in the attendance/proxy/remote voting card, the holder shall inform them of the contents in the preceding paragraphs and comply with any other requirements that may be.