Information on personal data processing (GDPR)
Processing of your personal data
In Cecabank we process your personal data with the only purpose for which they were requested for. We therefore process them in order to manage the contracts/operations/actions requested or opened.
We therefore process them in order to maintain the pre-existing relationship between the bank and the client/supplier/collaborator.
The processing of your personal data for other purposes is not envisaged and cannot be carried out without prior legitimisation.
Legitimisation for the use of the data
Processing is only legal if at least one of the following conditions is fulfilled:
- The data subject has consented to the processing of his/her personal data for one or more specific purposes.
- Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
- Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Processing is necessary to protect the vital interests of the data subject or another individual.
- Processing is necessary to perform a task carried out in the public interest or to exercise the official authority conferred upon the controller.
- Processing is necessary to satisfy the legitimate interests pursued by the controller or by a third party, provided that these interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular when the data subject is a child.
Cecabank’s Data Protection Officer (DPO)
Cecabank’s DPO is the Head of Compliance. You can get in touch directly by emailing firstname.lastname@example.org
Your rights regarding the use of your data
If so desired, you may exercise the rights provided for in the regulations regarding the use of your personal data. We specifically refer to the right of access, to rectification and erasure, to restriction (in respect to the purposes they were requested), to data portability (sending to other entity), and to object automated individual decision-making (not being used to adopt decisions just based on automated processing, including profiling).
Similarly, you may request the limitation of the processing of your personal data (with regard to the purposes for which they are being processed), request the portability of your data (sent to another entity), and request that they not be subject to automated individual decisions (not be subject to a decision solely based on automated processing, including preparing profiles, that produces legal effects or significantly affects you in a similar manner).
You can exercise your rights by sending a written request to email@example.com, attaching a copy of your ID.
Attached are forms that may facilitate the exercise of your rights:
Storage of personal data
We will retain your personal data for the duration of the relationship. Once ended, Cecabank will keep your personal data blocked until the deadlines applicable for legal claims and, in general terms, during the ten years required by the laws on anti-money laundering and the financing of terrorism. After the legal statute of limitations has expired, we will destroy your data.
Your data will not be disclosed to third parties unless a legal obligation is applicable or a previous agreement legitimates the entity to do so.
Finally, you can withdraw your consent at any time, without this affecting the legality of data processing, by sending a request to firstname.lastname@example.org. Please remember to accompany your request with a copy of your National Identification Document or equivalent document proving your identity.