Data protection

The Bankinter Group is known for its commitment to personal data protection and information confidentiality, and for offering its customers measures that ensure compliance at all times with Personal Data Protection Organic Law 15/1999 (LOPD) and its implementing regulations. 

The Group's personal data protection policy rests on two basic pillars: legal and technical compliance. 

All contracts that customers enter into with the Bankinter Group include a data protection clause, through which customers not only provide their consent for processing their data, but are also provided with detailed information on the identity and address of the data controller, the purpose of processing this data and the recipients of said information. When the contract is signed, customers also have the possibility of objecting to having their data processed for commercial purposes by checking a box that lets them indicate their wishes. 

The data protection clause also notifies customers of their rights of access, correction, deletion and objection to the processing that are available thereto and the way in which these rights may be exercised, ensuring that they have the power to control their personal data. Simple and fast communication channels have been enabled for this purpose, such as telephone banking, writing to the address provided for such purpose and the possibility of going to their branch.

With regard to data confidentiality and security, the Bankinter Group's security policy guarantees at all times that data is transmitted using suitable, reliable and secure channels, ensuring the integrity and confidentiality of the transactions executed by customers. The Bankinter Group has also made a commitment to supervise the security measures on a regular basis, conducting audits on its own systems and on the systems of those suppliers with which the bank has business relations and which may have access to customers' personal data.

In 2016 the Bankinter Group performed an internal audit on the ‘Compliance with the LOPD security measures (Royal Decree 1720/2007)’. This audit reviewed the security and compliance measures of the Personal Data Protection Organic Law, included in Royal Decree 1720/2007, that are applicable to automated and non-automated (paper) files, with a medium and high level of protection. The audit report concluded that the Bankinter Group's information systems and facilities for processing and storing data reasonably comply with the security measures required under Royal Decree 1720/2007. 

With regard to training, there is an online course that is mandatory for all employees.

In short, every year the Bankinter Group continues to fulfil its commitment of guaranteeing the protection, integrity and confidentiality of all customer data, strengthening and innovating the strict internal protection measures. 

The Bankinter Group is currently working to implement the new European Data Protection Regulation, which entered into force on 25 May 2016 and will be applicable on 25 May 2018.