Bank of Africa

This Policy (hereinafter, the “Privacy and Cookies Policy”) regulates the privacy and cookies policy of the Web Platform http://www.bankofafrica-europe.com/ (hereinafter, “the Platform”), under the ownership of BANK OF AFRICA EUROPE, S.A.U. (BOAE, hereinafter), a financial institution with its registered office in Madrid, c/ Serrano 59, with Tax Identification Code A-http://www.bankofafrica-europe.com/, and registered in the Commercial Registry of Madrid, in Volume 7064, Book 0, folio 185, Section 8, page 114811, and in the Registry of Banks in Madrid, under Volume 7064, Book 0, folio 185, Section 8, page 114811. I.F. A-80754781, and registered in the Mercantile Registry of Madrid, Volume 7064, Book 0, folio 185, Section 8, page 114811, and in the Registry of Banks and Bankers of the Bank of Spain under number 0219. Its contact e-mail address for the purposes of this privacy and cookies policy is as follows: protecciondatos@bankofafrica-europe.com.

1. USE, PURPOSE AND APPLICABLE LEGAL REGIME

The Platform is a mechanism for interaction, communication and support that BOAE makes available to Internet users in order to provide them with sufficient, legal and appropriate information regarding their activity, products and services in relation to their legitimate economic and business activities, which are governed by applicable Spanish regulations and, in regards to:

To the provision of information society services, on a basic basis, by Law 34/2002, of July 11, on information society services and electronic commerce.

For the processing of personal data, according to the current Spanish and European regulations on the protection of personal data of natural persons. In particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter, the "RGPD") will be directly applicable as of 05/25/2018, in accordance with the provisions of this same regulation.

In any case, the user undertakes to make appropriate and lawful use of the Platform as well as the content, products and services available from it, in accordance with the legislation applicable at all times.

Furthermore, the user of the Platform specifically agrees to the following:

Guarantee the authenticity, veracity, timeliness and accuracy of all data communicated to BOAE, with such user being the sole party responsible in the event

Use it exclusively for the purposes and functionalities provided for such purpose by BOAE, presenting such functionalities as they are by BOAE, and the user is prohibited from using the Platform for any other purpose or means.
Make legal and legitimate use of the Platform, avoiding unauthorized, fraudulent, illegal or illegitimate use of it and/or the content and information available through it, avoiding violating this policy and applicable regulations, and damaging the legitimate rights and interests of BOAE, or any other third party that could be affected as a result of such action.
Not to cause damage to the systems or elements associated with the Platform, its suppliers or third parties, or attempt to breach their security or authentication measures, carry out any action that causes a disproportionate or unnecessary saturation in the infrastructure or communications environment related to the Platform, attacking the BOAE in any way may adopt any preventive or corrective measures necessary to protect its interests in order to ensure the correct functioning of the Web Platform and the specific functionalities provided in each case.
Do not introduce or spread through the Platform computer viruses or malware that may cause damage.
Do not attempt to access, use and/or manipulate BOAE data or, under your own responsibility, that of third-party providers and other users.
In particular, and by way of example only and not exhaustively, the user undertakes not to transmit, disseminate or make available to third parties information, data, content or messages that may constitute a violation of the rights of BOAE or third parties.
Do not access without authorization or interact with a false identity, impersonating or not the identity of third parties or using a profile or performing any other action that may cause confusion or lead to error regarding the correct identification of the user in question, especially with regard to access to the Electronic Banking service available through the Platform.

USERS

This privacy and cookies policy is addressed to users of the Platform with regard to the processing of their personal data.

In any case, it is noted that this Platform is aimed at users over 18 years of age and its use by minors is prohibited.

The information and personal data provided by users who intend to browse or register on the Platform must be:

Sufficient, although adjusted, limited and proportionate to the legitimate purposes of processing reported by BOAE, with the utmost respect for the principles of purpose limitation and minimisation of personal data (articles 5.1 sections b) and c) of the GDPR).
Accurate, up-to-date and truthful, in order to be able to adequately verify the identity, capacity and, where applicable, representation of the user in question, as well as to be able to adjust, in each case, the data processing carried out to the specific needs and the real situation of the users. All of this in accordance with the principle of accuracy of personal data (5.1 section d) of the GDPR).

Users will be fully responsible for the correct use of their user accounts and the passwords associated with them. If the registered user considers that the security of their account and associated passwords may have been compromised, they must immediately contact BOAE using the contact details provided at the beginning of this Policy and report the situation or incident so that BOAE can adopt the appropriate measures from the moment the user makes the communication.

All liability for damages and losses associated with improper use and personal management of accounts and associated passwords will fall on the users who own such accounts, completely exempting BOAE from any liability as a result of the above.

RIGHT TO INFORMATION

In compliance with current regulations on the protection of personal data, and in particular with the provisions of articles 12 to 14 of the GDPR, you are hereby informed of the following:

That the person responsible for the treatment is BANK OF AFRICA EUROPE, AU, with registered office and tax office located at Calle Serrano 59, 28006, Madrid and with tax identification code A-80754781 and websitehttps://www.bankofafrica-europe.com/and with contact email for the purposes of this policyprotecciondatos@bankofafrica-europe.com .

Likewise, you are informed that for the greatest guarantee and protection of the personal data processed by BOAE, you must contact the Data Protection Officer, whose contact address would be the following: Data Protection Officer, BANK OF AFRICA EUROPE SAU, C/Serrano 59, 28006 Madrid C/Serrano 59, 28006 Madrid or emaildataprotection@bankofafrica-europe.com.

That the personal data that users provide through the Platform will be processed for the purpose specifically stipulated in this privacy and cookies policy and, where applicable, in the various data forms available on the Platform. In this regard, the collection of data through the Platform serves the following processing purposes:

Enable users to navigate through the same, thereby allowing access to the information and content available on the Platform, including information on promotional campaigns regarding BOAE products and services.
Allow the user to access and use the electronic banking system accessible from the Platform online when appropriate in accordance with the services contracted by the user from BOAE.
Respond to specific requests or queries that users may make in this area through the Platform, in relation to such products or services, or in relation to any other matter provided through the Platform's contact form:bankofafrica- europe.com/contact
Adopt all applicable protection measures in accordance with current regulations, including the possible anonymization of your personal data by applying, for this purpose, the appropriate techniques available to the Data Controller. Consequently, in this area, anonymization and pseudonymization treatments may also be carried out for the best protection of your personal data in accordance with the provisions of the GDPR.
Apply the relevant security, technical and/or organizational measures to the personal data of users that are appropriate in light of the risks detected in relation to their rights at any given time by BOAE, including the encryption of personal data and other measures that may involve certain processing of the data of the Platform users for greater protection thereof.

If you do not agree with such processing purposes, we urge you to immediately leave our Platform. Otherwise, for example, by accepting this policy, or simply by continuing to browse the Platform, and having previously been informed of the information contained in this policy, it will be understood that the user unequivocally consents to the previously informed processing purposes. For these purposes, the provisions of section 4 of this policy must also be observed with regard to consent and the rights of users in this area.

That the legitimate basis for processing is, primarily, the user's consent, so that, once the user has been informed of this policy, if he or she accepts it, or simply continues browsing the Platform, it will be understood that he or she gives his or her unequivocal consent to the processing of his or her personal data for the purposes indicated. Therefore, if a user does not agree with this policy or the purposes of processing reported, as already indicated, he or she is urged not to continue browsing and to immediately leave the Platform. In the event of a specific request or contracting by users of certain content, products or services through the Platform, the main basis for processing will be that relating to the necessary application of pre-contractual measures at the request of the interested party, when this occurs, or that relating to the execution of a contract in the event that the user finally contracts the corresponding content, product or service.
That, in general, the personal data of users collected through the Platform will not be transferred to third parties without previously informing them of what specific data will be transferred, the identity of the assignees or recipients of their data, their activity and the specific processing purposes for which said assignees may use their data.

Outside of these cases, the personal data of users will not be transferred to any other third party, unless the user has given their consent or, where applicable, any other basis for legitimizing the processing exists as provided for in article 6 of the GDPR, such as, for example, due compliance with a legal obligation on the part of BOAE (lawfulness of processing).

That, as a general rule, international transfers of your personal data are not planned, and the necessary measures will be adopted in this area in accordance with the GDPR otherwise.
Pursuant to Article 30 of the Spanish Commercial Code, if the user is a BOAE client, after the end of the relationship between the parties, his/her personal data may be retained by BOAE for a minimum period of six years pursuant to Article 30 of the Spanish Commercial Code or, in this case, ten years, for the purposes and purposes set out in Law 10/2010, of 28 April, on the prevention of money laundering and the financing of terrorism. If the user is not a client, his/her user data will be retained for the time strictly necessary to allow him/her to correctly navigate, access and enjoy the content, products and services available through the Platform that he/she requires or visits, all in accordance with the provisions of this privacy and cookies policy and the applicable legislation in each case, and may also be retained for a maximum period of 3 years for the possible clarification of any responsibilities arising from the processing of data that corresponds in accordance with the regulations in force in this area.
You may exercise your rights of access, rectification, deletion, limitation of processing, data portability and opposition by sending a written communication to protecciondatos@bankofafrica- com with the Ref. “Exercise of Rights” and accompanying your request with a copy of your national identity document or equivalent identification document (passport or NIE). If you do not consider that your personal rights have been duly respected, you may file a claim with the competent supervisory authority, in this case, the Spanish Data Protection Agency, although you are advised to contact the appointed Data Protection Officer (DPD) beforehand in order to resolve the conflict in question out of court, if you so wish.

CONSENT OF THE INTERESTED PARTY

By accepting this policy, the user gives his/her unequivocal, free and informed consent to the processing of his/her personal data for the purposes described in section 3 of this privacy and cookies policy. In the specific case of cookies, the provisions of section 7 of this same policy must be followed.

The user will have the ability to choose the treatment and destination of his/her data, according to his/her specific interests and needs in each case, so that, when the treatment is based on the user's consent, he/she will have the right to withdraw it at any time, although such withdrawal will not affect in any way the legality of the previous treatment carried out by BOAE.

In any case, BOAE may prevent the use of the Platform and the services, content and functionalities associated with it if the user does not accept this policy, or does not consent to the processing of his or her personal information in accordance with the provisions set forth herein.

For users of the Platform who are BOAE clients and use the Electronic Banking Service, this Privacy and Cookies Policy will form an inseparable part of the Terms and Conditions of Use of the aforementioned Service.

For the rest of the users, the acceptance of this policy is independent of the possible acceptance of the particular legal terms and conditions that may govern the specific contracting by the users of the services and products available through the Platform.

SECURITY

BOAE has adopted and applies the security levels required by applicable legislation regarding personal data under its responsibility, based on the corresponding risk approach taken, and seeks to install and/or apply additional technical or organizational means and measures of protection in order to reinforce the general security of the processing of personal data, systems, communications environment and corporate organization, as well as to guarantee due protection against unauthorized or unlawful processing and against its loss, destruction or incidental damage (principle of integrity and confidentiality). However, the user must be aware that Internet security measures are by no means impregnable and respond to the state of the art at any given time and its cost of application.

For these purposes, it will take into account in a special way the application criteria and security measures, and other security obligations associated with the GDPR, with particular attention to the provisions of Article 32 of the GDPR.

DUTY OF SECRECY AND CONFIDENTIALITY

BOAE undertakes to comply with the duty of secrecy and confidentiality regarding the information and personal data provided by users of the Platform, and which is under its control and responsibility, in accordance with the applicable legislation and the risk approach that applies at any given time.

COOKIE POLICY

As established in Recital 30 of the GDPR, natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, session identifiers in the form of “cookies” or other identifiers, such as radio frequency identification tags. This may leave traces that, in particular, when combined with unique identifiers and other data received by the servers, may be used to create profiles of natural persons and identify them. For this reason, BOAE has a cookie policy consistent with the applicable regulations.

7.1. Applicable regulations:

Article 22 of Law 34/2002, of July 11, on information society services and electronic commerce (LSSICE), regarding the rights of recipients in commercial communications by electronic means, service providers may only use data storage and recovery devices on recipients' terminal equipment when they have given their prior informed consent.

To this end, these recipients and end users must be provided with clear and complete information about their use, in particular, about the purposes of the data processing, in accordance with the provisions of the personal data protection regulations. Therefore, when technically possible and effective, the recipient's consent to accept the processing of the data may be facilitated by using the appropriate parameters of the browser or other applications.

The foregoing shall not prevent any possible storage or access of a technical nature for the sole purpose of carrying out the transmission of a communication over an electronic communications network or, to the extent strictly necessary, for the provision of an information society service expressly requested by the recipient.

7.2. User consent and cookies: general rule and exception.

In general, when the installation and/or use of cookies involves the processing of personal data, whether they are own or third-party cookies, session or persistent, BOAE, as the data controller, will provide the necessary information in this area and will obtain the user's prior informed consent to install and/or use them.

The only cookies exempt from this consent are those that allow, exclusively, communication between the user's computer and the network and, strictly, those used to provide a service requested by the user. For example, the so-called "technical cookies" would be exempt (e.g., those necessary for browsing the platform or application); "personalization or configuration cookies" (e.g., those that allow the page to recognize the user's language, etc.); and "security cookies" (e.g., to detect repeated erroneous attempts to connect to a site).

7.3. Are cookies served on the Platform? What are they?

At the moment, cookies are not used or served on the Platform, but they do refer to files or devices that are downloaded to the user's terminal equipment (personal computer, smartphone, tablet, mobile terminals and devices, etc.), regardless of their nature.

7.4. What cookies do we use on the Platform?

Cookies may be first-party or third-party. First-party cookies are those sent or served to the user's terminal equipment from the Platform (publisher) and are managed by the latter, while third-party cookies are those sent or served to the user's terminal equipment from other domains or equipment not managed by the Platform (publisher), but by another entity that processes the data obtained through the cookies.

Likewise, the aforementioned cookies may be session or persistent. The former are a type of cookie designed to collect and store data while the user accesses the Platform with the main purpose of storing information that is only of interest to retain for the provision of the service requested by the user on a single occasion. However, with the latter, the data remains stored on the user's terminal and can be accessed and processed for a period defined by the person responsible for the cookie.

Cookies may also be technical, allowing the user to navigate through the Platform and use the different options or services available through it, for example, controlling traffic and data communication, identifying the session, accessing restricted access areas, remembering the elements that make up a contractual request, using security elements during navigation, storing content for the dissemination of videos or sound or sharing content through social networks.

They may also be personalised, referring to those that allow the user to access the service with some predefined characteristics based on certain criteria associated with their own terminal, for example, the type of browser through which they access the service, the regional configuration from where they access the service, etc.

Likewise, they may have a statistical or informative purpose for the editor regarding the particular use that users make of its Platform and the content or services available through it.

At present, cookies are not served through the Platform, but if they are served, information will be provided in accordance with this policy through the corresponding informative summary table about them. In addition, despite not using cookies at the moment, if it does, BOAE adapting to the regulations published by the AEPD on July 20, 2020, if necessary, the following measures will be established:

Mechanisms will be implemented so that the rejection of Cookies is as accessible as acceptance.
In the case of cookies that deal with special categories, information will be provided separately, including the special category being used, and the user must accept said cookies separately.
So-called “cookie walls” will not be used.
In the case of using third-party cookies, the possibility of informing you that they can be deleted through the systems offered by said third parties, as well as through the configuration in the browser, is established.

7.5. Who uses cookies?

The information collected, if applicable, through the cookies served through the Platform may be used by both the owner of the Platform and a third party that provides a service to this owner.

7.6. Cookie management and configuration.

Based on the information provided in this policy, we provide you with information on how you can manage the cookies used on the Platform through the different options offered by the most common browsers.

You can manage the use of cookies, including blocking them, which will depend on the browser installed on your computer. You can obtain more information on how to manage them by clicking on the following links:

Google Chrome

Mozilla Firefox

Microsoft Internet Explorer

VALIDITY AND MODIFICATION OF THE PRIVACY AND COOKIE POLICY

This policy is in force from May 25, 2018 and BOAE reserves the right to modify this policy to adapt it to future legislative, doctrinal or jurisprudential developments that may be applicable, or for technical, operational, commercial, corporate and business reasons, informing users in advance and reasonably of any changes that may occur when possible. In any case, it is recommended that each time this Platform is accessed, this policy is read in detail, since any modification will be published through it. Likewise, BOAE may inform users personally and in advance of any planned changes to this policy, before they come into force, provided that this is technically and reasonably possible, in particular when they are considered registered users or clients of BOAE.

PERSONAL DATA PROTECTION OFFICER (DPD)

Our commitment to the protection of our users' personal data has led us to appoint a Data Protection Officer (DPO) at BOAE, whom users may contact, if they so wish, regarding all matters relating to the processing of their personal data and to exercise their rights as provided for in the GDPR. You can contact our DPO using the following contact details:

Postal address: Data Protection Officer, BANK OF AFRICA EUROPE, SAU, C/Serrano 59, 28006 Madrid.

Contact email:protecciondatos@bankofafrica-europe.com .

Contact phone number: +34 915756800.

JURISDICTION AND APPLICABLE LAW.

As a general rule, any controversy or conflict will be submitted to the parties as a matter of preference for their knowledge in order to obtain an amicable and mutually agreed solution using, for these purposes, as far as BOAE is concerned, the legal contact channel (or data protection delegate, if designated) described in section 9 of this policy. If this is not possible, taking into account the criteria contained in the GDPR for determining the competence of the leading or main authority in order to hear any conflict, controversy or claim regarding this privacy and cookies policy, at least through administrative channels, it is reported that such authority will be the Spanish Data Protection Agency (AEPD), and in any case, the provisions of article 56 of the GDPR must be observed. As regards the right to effective judicial protection against BOAE in these cases, the provisions of Article 79.2 of the GDPR shall also apply, and the appropriate action must be taken before the Spanish Courts and Tribunals, given that BOAE is a company based in Spain. In any case, the applicable regulations will be Spanish.

Type	Cookies
Necessary	cookie_B4NK0F4FR1C4	Mandatory
Correct functioning of the page without which the site could present errors and not correspond to the user's needs. Cookie cookie_B4NK0F4FR1C4 Duration 1 year Description We set this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. Does not collect or store any personal information about site visitors.
Analytics	_ga, _ga_TM1EZJ4LVY
Collect information about user navigation through the site in order to know the origin of visits and other similar data at a statistical level. It does not obtain data on the names or surnames of the users or the specific postal address from which they connect. Cookie _ga Duration 1 year, 1 month y 4 days Description Registers a unique ID that is used to generate statistical data about how the visitor uses the website. Cookie _ga_TM1EZJ4LVY Duration 1 year, 1 month y 4 days Description Google uses this cookie to count page visits.