Privacy policy of SegurCaixa Adeslas

To manage your relationship with us, at SegurCaixa Adeslas we will process your personal data for various reasons, always in accordance with the provisions of current legislation, respecting your rights and with complete transparency.

Therefore, in this Privacy Policy, which you can access at any time at https://www.segurcaixaadeslas.es/es/proteccion-de-datos, you can consult all the details on how we will use your data in the relationships we establish with you. Also, if you wish, you can request this information on paper at any of our customer service offices.

The main legislation regulating the processing of your personal data is as follows:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter the GDPR)
  • Organic Law 3/2018 of 5th December on the Protection of Personal Data and the Guarantee of Digital Rights (hereinafter the LOPD)
     

 

1. Data controller and data protection officer

The controller of your personal data is SegurCaixa Adeslas, S.A. de Seguros y Reaseguros ("SegurCaixa Adeslas"), with company tax number (NIF) A28011864 and with registered office at Paseo de la Castellana, 259 C (Torre de Cristal), 28046 Madrid, and registered in the Companies Register of Madrid, volume 36733, folio 213, page M-658265. 

SegurCaixa Adeslas, S.A. de Seguros y Reaseguros is an institution that is authorised to carry out insurance transactions in various non-life branches, registered in the Administrative Register of Insurance Companies of the Directorate-General of Insurance and Pension Funds with the code C-0124. More information is available in our Legal Notice.

SegurCaixa Adeslas has appointed a Data Protection Officer, who you can contact by email at dpd@segurcaixaadeslas.es, or by writing to the registered office of SegurCaixa Adeslas with the reference “Data Protection Officer”.

2. Data categories and origin of personal data

At SegurCaixa Adeslas we process different personal data in order to manage the relations you establish with us. To facilitate understanding, we have organised the data we process into the categories listed below.

Not all the data categories that we list are used for all types of data processing. In section 3, where we inform you about the type of data processing that we perform, you can see the specific category of data used for each type of processing.

The categories of data used in the different processing operations described in section 3 are as follows:
 

  • Data you have provided to us when entering into your contracts or during your relationship with us. These data are: 
    1. Identification and contact details: your ID document, name and surname, gender, postal address information, telephone numbers and email, home address, nationality and date of birth, notification language.
    2. Data relating to insured items: data relating to the characteristics of the assets insured.
    3. Employment, professional and socio-economic data: data relating to your professional or employment activity, income or remuneration, level of studies, fiscal and tax data.
    4. Basic financial data: payment methods associated with products taken out.
    5. Health data: healthcare information as a precontractual requirement tied to the arrangement of certain products, health information needed for the assessment or settlement of benefits, information relating to preventive health plans and services.
    6. Biometric data: facial pattern, voice biometry or fingerprint pattern.
    7. Commercial information: interests, likes or preferences regarding products or services.
  • Data observed on the maintenance of the products and services taken out with us. These data are as follows:
    1. Identification and contact data: your identification document, full name, gender, postal, telephone and email contact information, address of residence, nationality, date of birth and communication language.
    2. Data relating to insured items: data relating to the characteristics of the insured assets.
    3. Employment, professional and socio-economic data: data relating to your professional or employment activity, income or remuneration, level of education, fiscal and tax data.
    4. Basic financial data: payment methods associated with contracted products.
    5. Health data: healthcare information as a pre-contractual requirement connected to the contracting of certain products, health information required for the assessment or settlement of benefits, and information relating to preventive healthcare plans or services connected to the promotion of healthy lifestyles in which you participate.
    6. Biometric data: facial pattern, voice biometric or fingerprint pattern.
    7. Commercial data: interests, likes or preferences regarding products or services. 

You will be responsible for the accuracy and veracity of the personal data you provide to us. SegurCaixa Adeslas reserves the right to rectify or delete any false or incorrect data, without prejudice to its right to take other appropriate legal actions in each case. Also, when the data that you provide to us relate to a third party, you must inform the third party and obtain their prior consent to disclose their personal data with SegurCaixa Adeslas.
 

  • Data observed during the maintenance of the products and services contracted with us. These data are: 
    1. Contract data: products and services contracted or ordered, the policyholder, insured party, beneficiary, authorised party or representative and payment history.
    2. Data relating to services received: data obtained directly, derived from the management and provision of ordered services that are covered by the contracted products.
    3. Basic financial data: current and historical balances for products and services and payment history of contracted products and services. 
    4. Data on communications maintained with you: data obtained in chats, communication walls, video conferences, telephone calls or any other equivalent means of communication, including recordings of these.
    5. Your browsing data: data obtained from your browsing of our websites or mobile applications and your browsing on them (device ID, advertising ID, IP address and browsing history), if you have accepted the use of cookies and similar technologies on your browsing devices.
    6. Geographical data: the geolocation data of your mobile device provided by the installation and/or use of our mobile applications, when this has been authorised by you in the settings of the application.
       
  • Data inferred or deduced by analysing and processing other data. These data are:
    • Data obtained from the execution of statistical models: data obtained based on the application of mathematical models to client data.
  • Data obtained through third parties, obtained from sources accessible to the public, public records, external sources, service providers, policyholders or insured parties. These data are:
  • Identification and contact data: data obtained from brokers, insurance policyholders in relation to insured parties and beneficiaries that are included in their insurance policies or those obtained from insured parties in relation to the liable and/or affected parties for the management of claims notified to the insurer.
  • Data relating to the services received: data obtained through insurance companies, reinsurance companies, health centres and professionals, vehicle repair workshops, home repair professionals or companies, experts or other similar professionals, arising from the provision of services covered by the contracted products.
  • Data relating to international sanctions: data on people or entities included in laws, regulations, guidelines, resolutions, programmes or restrictive measures regarding international economic and financial sanctions, imposed by the United Nations, the European Union and Spain.
  • Demographic and socio-economic data: data obtained from companies that provide studies associated with geographical areas or postal codes, not with specific people.
  • Your browsing data: data obtained from your browsing of third-party websites (device ID, advertising ID, IP address and browsing history), if you have accepted the use of cookies and similar technologies on your browsing devices.
  • Data from social networks or the internet: data that you have made public or that you have authorised us to read.
  • Data relating to insured items: data obtained from the Insurance Compensation Consortium, the Land Register or the Directorate-General for Traffic, and from shared databases set up by insurers through their business association, UNESPA.
     

3. Purpose and legal capacity of personal data processing

The legal basis of the following data processing is the fact that it is necessary to comply with a legal obligation that can be enforced against us, as stipulated in art. 6.1.c) of the General Data Protection Regulation (GDPR).
Therefore, this processing is necessary in order for you to establish and maintain contractual relationships with us. If you objected to it, we would have to end these relationships, or we would not be able to establish them if they had not yet started.
 

3.1. Processing based on the data controller’s LEGAL OBLIGATIONS:

The legal basis of the following data processing is the fact that it is necessary to comply with a legal obligation that can be enforced against us, as stipulated in art. 6.1.c) of the General Data Protection Regulation (GDPR).

Therefore, this processing is necessary in order for you to establish and maintain contractual relationships with us. If you objected to it, we would have to end these relationships, or we would not be able to establish them if they had not yet started.
 

3.1.1. Processing required to comply with the regulatory legislation of the insurance market, financial markets, data protection, commercial and tax legislation or any other legislation applicable to SegurCaixa Adeslas.

Purpose: The purpose of this treatment is to comply with any legal obligations incumbent upon us, specifically obligations related to the regulation of the insurance market, financial markets and data protection, commercial and tax regulations.
The processing operations carried out to comply with the obligations arising from said regulations are:

  • Keeping accounting records to comply with the legal, accounting and tax obligations incumbent upon our company.
  • Exchanging information within the corporate group to comply with supervision and reporting obligations.
  • Carrying out the checks and investigations required for the determination of and, where appropriate, the payment of compensation to the insured party, beneficiary or injured party.
  • Controlling and monitoring the calculation and adequacy of the technical provisions.
  • Disclosing information to public authorities, regulators or governmental bodies, when our company is requested to do so.
  • Performing data quality and improvement actions, in order to comply with data protection regulations.
  • Performing the evaluation and risk selection for the contracting, rejection or, in some cases, the application of special conditions or the exclusion of risks.
  • Developing new products and managing existing products.

Categories of data processed: The categories of data that we will process to comply with the regulatory obligations of the data controller concerning insurance, financial markets and data protection, commercial and tax regulations are as follows:

  • Identification and contact data
  • Data relating to insured items
  • Employment, professional and socio-economic data
  • Basic financial data
  • Health data
  • Contract data
  • Data relating to the services received
  • Data obtained from the execution of statistical models
  •  Data relating to international sanctions
  • Aggregate socio-economic and demographic data
     

 

3.1.2. Processing to deal with privacy, complaints and claims rights.

Purpose: The purpose of this processing is to deal with queries, complaints and claims made to SegurCaixa Adeslas, in accordance with the regulations applicable to its capacity as an insurance Institution, which oblige it to have a customer service department where it can deal with users’ complaints and claims.
Furthermore, data protection legislation compels the data controller, in this case SegurCaixa Adeslas, to deal with the claims made to the Data Protection Officer and protect the data protection rights exercised by the data subjects.
The processing operations carried out to comply with these obligations are: 

  • The management of user complaints or claims by the Customer Service Department.
  • Responding to the submitted complaint or claim within the established period.
  • Dealing with data protection right issues and claims made to the Data Protection Officer and carrying out the activities required to cooperate with the supervisory authority (AEPD - the Spanish Data Protection Agency).

Categories of data processed: The categories of data we will process in order to perform these tasks are:

  • Identification and contact data
  • Data relating to insured items
  • Basic financial data
  •  Health data
  • Contract data
  •  Data relating to the services received
  •  Data on communications maintained with you
  • Browsing data
     

 

3.1.3. Processing for fraud prevention.

Purpose: The purpose of this processing is to adopt the necessary measures to prevent malicious transactions or conduct before they occur or to mitigate their impact if they do arise by identifying suspicious transactions or conduct involving attempts to commit fraud against the insurance institution or its customers.

The processing operations carried out in the fight against fraud are:

  • Verifying the identity of customers that interact with the insurance institution to prevent fraudulent access to information or transactions.
  • Reviewing and analysing the contracts and transactions carried out in our systems to prevent fraud and to protect our customers from fraud through any channel and prevent cyber attacks.
  • Reviewing and analysing the activities arising from the services ordered to prevent fraudulent orders.

Categories of data processed: The categories of data we will process for fraud prevention are:

  • Identification and contact data
  • Data relating to insured items
  • Data on your professional or employment and socio-economic activity
  • Contract data
  • Data relating to the services received
  • Basic financial data
  •  Health data
  • Data on communications maintained with you
  • Data obtained from the execution of statistical models
  • Browsing data
  •  Social network or internet data
     

3.1.4. Preparation of management reports and statistical models.

Purpose: The purpose of this processing is to prepare reports and statistical models on the company's activity and its relationship with the market, on the composition and development of its customer base and on the suitability and effectiveness of its products and services. The purpose of processing data for said reports is not to process individual customer data. 
This data processing is necessary, but secondary, to the main purpose, which is to prepare management reports or algorithmic or mathematical formulas, and is therefore carried out using, whenever possible, anonymisation techniques or, failing that, pseudonymisation techniques, and keeping the data processed to a minimum.

The types of processing carried out for the preparation of management reports and statistical models are:

  • Preparing statistical and actuarial reports and profiles for the determination of premiums when entering into an insurance contract. In order to carry out this profiling, the personal data listed in the following section of categories of data processed may be analysed. 
  • Preparing statistical business management reports in order to improve processes.
  • Performing calculations and carrying out price and/or premium renewal monitoring.
  • Evaluating the effectiveness and efficiency of the company’s operations in order to identify points of improvement and, consequently, improve processes. 

Categories of data processed: The categories of data we will process for the preparation of management reports and statistical models are:

  • Data relating to insured items
  • Employment, professional and socio-economic data
  • Health data
  • Contract data
  • Data relating to the services received
  • Data obtained from the execution of statistical models
  • Aggregate socio-economic and demographic data
  • Data on communications maintained with you
     

3.1.5. Preparation of management reports and statistical models.

Purpose: The purpose of this data processing is to act on your behalf in order to carry out all the steps and actions required for the management of claims you are a party to, and to make the relevant personal injury claims on your behalf. For these purposes, your personal data, including health data related to the claim, will be disclosed to other insurance institutions that are affected by or involved in the claim. 
In addition, any information and documentation that is generated and is required for the management of the claim may be disclosed to other insurance institutions, including but not limited to, the relevant expert reports for example. 

The processing operations carried out to access this platform are: 

  • Compiling information.
  • Disclosing information.

Categories of data processed: the categories of data we will process for this purpose are:

  • Identification and contact data
  • Health data
     

3.2. Types of processing required for the enactment of PRE-CONTRACTUAL OR CONTRACTUAL RELATIONSHIPS OR TO PROVIDE SERVICES ORDERED BY THE DATA SUBJECT.

The legal basis for this processing is that the data are required in order to manage the contracts that you request or in which you are a party, or to apply pre-contractual measures if you request them, as established in art. 6.1.b) of the General Data Protection Regulation (GDPR).

Therefore, this processing is necessary in order for you to establish and maintain contractual relationships with us. If you objected to it, we would have to end these relationships, or we would not be able to establish them if they had not yet started.
 

3.2.1. Maintenance and management of contractual relationships (including pre-contractual relationships).

Purpose: The purpose of this data processing is to formalise and maintain the contractual relationships established between you and us. This includes the processing of your orders or instructions and the steps prior to entering into a contract (pre-contractual relationships).
This data processing involves collecting the information necessary to establish the relationship or manage the order, evaluating the suitability of contracts and processing the information required in order to properly maintain and enact the contracts.
The processing operations performed, both prior to the contracting of a policy and during its term are:

  • Dealing with queries and giving advice on questions related to the services we provide as requested by the data subject, both prior to the formalisation of the contractual relationship and during its term (customer service department).
  • Managing orders and evaluating the insurance product that best suits the customer’s needs and requirements.
  • Collecting and recording the data and documents required for the contracting of the products ordered.
  • Formalising the signing of contracts for products and services.
  • Managing the procedure for the products and services you have contracted with us, including the management of product supplements, services and payments.
  • Taking measures to resolve non-payments that may arise, which includes making claims for non-payment.
  • Making the strictly necessary communications during the phase, both prior to the contracting of the insurance and during its term.
  • Making the correct payments to suppliers or refunds to the insured party or their beneficiaries of the expenses that would have been paid in the insurance contract.
  • Sharing minimal and essential information with third-party providers in order to ensure access to the benefit covered by the contracted insurance policies. 
  • Carrying out reinsurance and coinsurance operations with other insurance and/or reinsurance institutions, and disclosing the data of the policyholder, the insured, beneficiary or injured third party to reinsurance institutions as required for the execution of the reinsurance contract.

Categories of data processed: The categories of data we will carry out for the implementation of contractual relationships (including pre-contractual relationships) are:

  • Identification and contact data
  • Data relating to insured items
  • Employment, professional and socio-economic data
  • Basic financial data
  • Health data
  • Biometric data
  • Contract data
  • Data relating to the services received
  • Data on communications maintained with you
  • Data obtained from the execution of statistical models
  • Aggregate socio-economic and demographic data
     

 

3.2.2. Prize draws, competitions, events and webinars.

Purpose: The purpose of this data processing is to enable your participation in actions carried out by this company, such as prize draws, competitions, events and webinars. 

The processing operations carried out during your participation in these actions are: 

  • Managing your participation in and/or attendance at the competition, prize draw, event or webinar. 
  • If you are a winner or attend or participate in an event, publishing your image, voice and name on social media or websites owned by us for promotional purposes. 

Categories of data processed: The categories of data we will process in order to manage your participation in these actions are:

  • Identification and contact data.
  • Basic financial data, if required for the awarding of a prize. 
    Information on the applicable data protection will be provided at the time of the collection of your personal data. 
     

 

3.3. Processing based on legitimate interests

The legal basis for this processing is the satisfaction of legitimate interests pursued by SegurCaixa Adeslas or by a third party, provided that these interests do not take precedence over your interests or your fundamental rights and freedoms, in accordance with art. 6.1.f) of the General Data Protection Regulation (GDPR). 

This processing will imply that we have considered your rights and our legitimate interest and we have concluded that the latter prevails. Otherwise, we would not process the data. You can ask about the analysis that is done to consider the legitimate interest of a processing operation at any time by emailing your enquiry to our Data Protection Officer.

We also remind you that you have the right to object to processing based on a legitimate interest. You can do this simply and free of charge through the channels indicated in section 6.
 

 

3.3.1. Carrying out commercial actions with customers (post, in person, voice telephone, electronic media) regarding the company’s products and services.y

SegurCaixa Adeslas has a legitimate interest in promoting its image and its products to its customers.
Purpose: The purpose of this data processing is to promote the products and/or services marketed by SegurCaixa Adeslas through offers and promotions.

Specifically, provided that the data subject does not oppose and maintains any type of direct relationship with SegurCaixa Adeslas, they may receive, through any communication channel, including electronic means, information on offers or promotions relating to their contracted products and on others marketed by SegurCaixa Adeslas that may be of their interest, to keep them informed about products or services and encourage their contracting and build loyalty.

In this regard, we inform you that your personal data may be analysed to prepare a profile based on your data that will enable said notifications to be adjusted as far as possible in order to match your needs and preferences. Socio-economic and demographic data, and data relating to products contracted with SegurCaixa Adeslas may be considered in this analysis.

The processing operations carried out for the commercial prospecting of customers are:

  • Sending communications about products or services marketed by SegurCaixa Adeslas.
  • Sending communications to retain customers that have reported their wish to discontinue products and/or services, and loyalty-building actions for customers that have contracted a product and/or service, including the delivery of gifts, invitations to events and the application of offers and promotions on their products and/or services.
  • Determining the target audience for direct marketing actions, based on the application of segmentation techniques or the preparation of a commercial profile to assess personal preferences, interests, likes or behaviour in order to adapt the notifications sent. In order to carry out this profiling, the personal data listed in the following section of categories of data processed may be analysed.
  • Applying commercial exclusions determined by regulations and/or statements by the data subjects.

Categories of data processed: The categories of data we will process for this purpose are:

  • Identification and contact data
  • Data relating to insured items
  • Employment, professional and socio-economic data
  • Commercial information data
  •  Contract data
  • Data relating to the services received
  • Browsing data
  • Data obtained from the execution of statistical models
  • Aggregate socio-economic and demographic data
  • Data on communications maintained with you
     

 

3.3.2. The sending of alerts to protect insured assets and informative communications about services and benefits included in contracted products.

SegurCaixa Adeslas has a legitimate interest in keeping its customers informed about all aspects that could help to protect their assets covered by the contracted policies.

Purpose: The purpose of this data processing is to send you information, in various formats and through various communication channels, such as by post, SMS, email, notifications in your private area or notifications through mobile applications, which may be of interest to you regarding your contracted products and/or services, so that you can protect your contractual interests and those of our company, especially protecting your insured assets. It is also used in order to provide information so that customers can make use of and benefit from all the services included in the contracted product.

The processing operations performed to send alerts and informative communications about benefits or services included in contracted products are:

  • Determining the interests covered by communications.
  • Establishing the frequency with which to communicate with you in this regard.
  • Send communications to you via any available contact channel regarding protection alerts and information relating to your contracted products.

Categories of data processed: The categories of data we will process for this purpose are:

  • Identification and contact data
  • Data relating to insured items
  • Contract data
     

3.3.2. Processing of the contact details of representatives of legal entities, sole traders and freelance professionals.

SegurCaixa Adeslas has a legitimate interest in accessing the identification and contact data of representatives of legal entities, sole traders and freelance professionals in order to promote the development of commercial relationships with a legal entity or with individuals when referring to them exclusively in terms of their professional activities.

Purpose: The purpose of this data processing is to process identification and contact data of representatives of legal entities, sole traders and freelance professionals in order to establish commercial relationships with other legal entities, sole traders and freelance professionals in the course of their professional activities.

The processing operations carried out are:

  • Capturing identification and contact data through sources of public access or of third parties relating to companies.
  • Sending communications to legal entities, sole traders and freelance professionals in the course of their professional activities.
  • Managing trading and commercial relationships with people, sole proprietors and freelance professionals in the course of their professional activities.

Categories of data processed: The categories of data we will process for this purpose are:

  • Identification and contact data
  • Employment, professional and socio-economic data
     

3.3.3. Processing of the contact details of representatives of legal entities, sole proprietors and freelance workers

The legitimate interest pursued by SegurCaixa Adeslas is the continuous improvement of services and customer service provided to its insured customers.

Purpose: The purpose of this personal data processing is to give a voice to customers by giving them perceived satisfaction and quality surveys in order to, based on the obtained responses, improve the experience of customers and achieve positive results for the growth of the business.

The processing operations carried out are: 

  • Sending communications to you by any available contact channel in order to offer you the chance to complete a perceived satisfaction and/or quality survey after an interaction with our company. 
  • Carrying out perceived satisfaction and quality surveys about contracted services and/or products.
  • Capturing the responses related to the service provided and preparing statistical reports that will allow us to take strategic decisions in the company in order to improve our products and services. 
  • Contacting customers, if they wish, in order to offer them support or help in the event of any dissatisfaction with the service they have received. 
  • Analysing telephone calls received in order to monitor the quality of the service, identify points of improvement and define action plans for the company’s processes.
  • Managing internet reviews about our company.
  • Offering participation in activities connected to market research. 

Categories of data processed:

  • Identification and contact data
  • Data relating to insured items
  • Health data
  • Contract data
  •  Data relating to the services received
  • Data on communications maintained with you

The participation in the completion of surveys and/or market research is voluntary. In addition, the data subject may object to this processing in each communication received in which they are invited to participate in these actions.
 

 

3.4. Processing based on consent

The legal basis for this processing is your consent, as stipulated in art. 6.1.a) of the General Data Protection Regulation (GDPR).
We may have requested this consent through various channels. If, for any reason, we have never asked you for your consent, this processing will not be performed on your data.
 

3.4.1. Services related to preventive health and the promotion of health and healthy lifestyles included in healthcare policies.

Purpose: The purpose of this data processing is to use personal data and data that reveal your state of health to offer and provide you with additional services related to preventive health and the promotion of health and healthy lifestyles included in healthcare policies. The use of these services is voluntary and you can decide whether to use them or not. This processing will include the preparation of your health profile based on the data that we have observed and you have provided us with during the use of these services, and based on this we will be able to offer personalised recommendations related to healthy lifestyles that might suit your specific needs. 

You will be able to sign up for these services free of charge via the digital services that SegurCaixa Adeslas provides to its insured customers, including via its mobile application.

These services include:

  • Adeslas Salud y Bienestar Services: 
    • Health questionnaire: through which you will be able to complete your health profile by indicating aspects related to your state of health, and regarding which you will receive personalised recommendations from virtual health plans or programmes that have been adapted to suit your specific health profile. 
    • Virtual health programmes and plans: Programmes on diet, family health and disease prevention, through which you will be asked to complete, voluntarily, various tasks related to healthcare (for example: “Enter your cholesterol numbers or the triglyceride numbers from your last test”).
  • Coaching or support programmes: These programmes are focused, firstly, on monitoring and dealing with topics of interest related to changing habits and care for chronic diseases, and as a complement provide virtual plans, and also give you administrative guidance about surgical processes, providing you with information about the healthcare action you are going to receive, and giving you advice and aspects to bear in mind during the action. In addition, in your first contact, you will be asked for your consent so that we can carry out high-quality monitoring after the healthcare assistance.

The processing operations performed with your participation in these services related to the promotion of health and healthy lifestyles are: 

  • Identifying you for the relevant enlistment to the requested service.
  • Preparing a profile about aspects related to your health and well-being, based on which we will send you informative communications related to the promotion of health and healthy lifestyles that might be of interest to you. 
  •  Sending informative communications relating to the plan or programme that you have joined. 
  • Sending communications promoting healthy lifestyles and the prevention of disease.
  • Resolving incidents, queries or questions related to the services provided.
  • Giving various surveys that will make it possible to measure risk factors and/or the quality of life of insured customers and the degree of satisfaction of the people that have joined the programme or plan.
  •  Permitting telephone calls that provide support and help to control your risk factors.
  • Performing monitoring during the course of the programme or plan you have joined.
  • Giving information about the existence of other plans or services that might be of interest that are related to the promotion of healthy lifestyles

Categories of data processed: The categories of data that we will process for the implementation of support programmes in plans on healthy lives and/or preventive health are:

  • Identification and contact data
  • Health data 
  • Contract data
  • Data on communications maintained with you.

You may cancel access to these services or revoke your consent at any time, which will mean the deletion of your processed personal data until then for said purpose and you will no longer be able to use these services. 

 

3.4.2. Commercial management of potential customers.

Purpose: The purpose of this data processing is to send commercial communications about the products and services offered by SegurCaixa Adeslas to potential customers.

For this purpose, profiles will be prepared that enable us to identify you with segments of customers with similar characteristics to yours and to suggest products and services that we believe might be of interest to you, and to establish the frequency with which we communicate with you to do this.

Through this processing, we will analyse your data to try and deduce your preferences or needs and to thereby be able to make you commercial offers that we believe could interest you more than generic offers.

We will only process your data if you have given us your consent to do so, and we will cease if you revoke it. Your consent will remain valid for 18 months, which can be extended.

The processing operations carried out for the commercial management of potential customers are:

  • Registering the data provided by the data subject.
  • Sending communications for direct marketing purposes, specifically, you will be able to receive, by any communication channel, including electronic means, information about offers or promotions on products and services marketed by SegurCaixa Adeslas.
  • Preparing a commercial profile with your data that enables such communications to be adapted to suit your needs and preferences as far as possible. In order to carry out this profiling, the personal data listed in the following section of categories of data processed may be analysed.

Categories of data processed: The categories of data we will process for this purpose are:

  • Identification and contact data
  • Commercial information data
  • Data on communications maintained with you
  •  Aggregate socio-economic and demographic data
     

 

3.4.3. Browsing data analysis (Cookies).

Purpose: The purpose of this data processing is to use cookies and other similar functionality files to be stored in your device and thereby remember information about you.

Cookies are small data files sent to the computer, mobile telephone or other user access devices when said user visits a website, enabling information to be obtained in relation to their browsing or a code that allows the user to be unmistakeably identified.

Essential cookies help to make a website usable by activating basic functions, such as page browsing and access to secure areas of the website. A website cannot work adequately without these cookies. On the basis of your consent, we will process your data through:

  • Statistical cookies: Statistical cookies help website owners to understand how visitors interact with their websites, by gathering and providing information anonymously.
  • Profiling cookies: Profiling cookies store information about user behaviour, obtained through their browsing habits. These data enables us to develop a specific profile and to display advertising based on your likes and interests.
  • Marketing cookies: Marketing cookies are used to track website visitors. The intention is to display relevant attractive adverts for individual users which are, therefore, more valuable for publishers and third-party advertisers.
  • You can obtain further information on processing and the purposes of each cookie category and on how to manage your consent on cookies in the following cookies policy: (https://www.segurcaixaadeslas.es/es/particulares-sitio/Paginas/politica-cookies.html)
  • Categories of data processed: The categories of data we will process for this purpose are:
    Browsing data
     

 

3.4.4. Identification of customers and the signing of documentation through the use of biometrics

Purpose: The purpose of this data processing is to use technical biometric means to verify your identity and enter into transactions or contracts with us.
We will only process your data if you have given us your consent to do so. We will always ask for your consent before using your biometric data.

The processing operations carried out are: 

  • Signing documents by using your biometric signature.

Categories of data processed: The categories of data we will process for this purpose are:

  •  Identification and contact data
  • Biometric data
     

3.4.5. Assignment of data in order to access the Mi Historia Clínica (MiHC) platform.

Purpose: SegurCaixa Adeslas will disclose your identification and contact data to Mi Historia Clínica in order to enable your registration and access to the service of Mi Historia Clinica (MiHC), part of the INSTITUTE FOR THE DEVELOPMENT AND INTEGRATION OF HEALTHCARE FOUNDATION (IDIS FOUNDATION), with registered office at Calle Magallanes 34, local comercial, 28015, Madrid and with tax number (NIF) G-85960805.

Mi Historia Clínica (MiHC) is a technological solution based on the interconnection of various hospital groups and medical centres that are members of the platform, which allows you to register for the service and access and share with healthcare professionals your medical reports, diagnostic tests, radiology results and any other image analyses that you authorise and request, and that form part of the medical records on file at any of the member centres. 
Users of this service may request the exercise of their rights by sending an email to soporteRGPD@mi-historia-clinica.es, indicating “Data protection rights” as the subject and duly accrediting their identity.

The processing operations carried out to access this platform are: 

  • Assigning the minimal data required in order to enable your access to this platform.

Categories of data processed: The categories of data we will process for this purpose are:

  • Identification and contact data.

 

3.4.6. Assignment of data to CaixaBank

Purpose: The purpose of this processing is to be able to assign the data that we indicate below to CaixaBank, S. A., with Tax ID No. (NIF) A08663619 and registered office at carrer Pintor Sorolla, 2-4 46002 València, to provide you with commercial offers regarding the products and services that we market.
We will only process your data if you have given us your consent to do so. Your consent will remain in force until you revoke it and for as long as you have a product contracted with us.
The processing operations carried out in this case are: 

  • Assigning the minimal data required.

Categories of data processed: The categories of data we will process for this purpose are:

  • Identification and contact data

4. Personal data conservation period

The personal data processed will be retained for as long as required in order to satisfy any of the processing purposes indicated in section 3, when the data will be deleted unless a legal retention obligation exists.

With regard to the calculation of the period based on the legal retention obligation, the following cases are presented as examples:

  • The data that you provide to us for the insurance order may be retained at least during the term of the offer, based on the provisions of legislation regulating the activities of insurance and reinsurance companies.
  • The data collected to enter into an insurance contract and other data arising during the course of these commercial relationships will be locked when they cease to be required for the purpose for which they were collected. This lock will mean that your data will be retained exclusively for access by public authorities, judges and courts for the handling by us of any possible liability arising from the processing, during the time period thereof.
  • The personal data processed in SegurCaixa Adeslas digital services will be retained for as long as the contractual relationship remains in force. If the condition that gave you the right to access SegurCaixa Adeslas digital services disappears, or if you cancel the services, your access will be blocked and your recorded personal data will be deleted.
  • The personal data collected during the use of the services related to preventive health and the promotion of health and healthy lifestyles will be deleted if you revoke the consent granted for this purpose or if you ask for the services to be cancelled. 
  • The personal data collected for the purpose of sending commercial communications regarding products and services to potential customers that have given their consent for this will be retained for a period of 18 months, unless the consent granted is revoked before the end of said period.
     

 

5. Personal data recipients (data transfers)

SegurCaixa Adeslas processes the personal data of the data subjects with due confidentiality, and does not transfer data to third parties, except those indicated below and for the following purposes, having a legitimate basis for all of them:

  • To administrations, authorities and public bodies, including courts and tribunals and the Insurance Compensation Consortium, the minimum information when required by the regulatory legislation of the insurance market, the financial markets, commercial and tax legislation or any other legislation applicable to SegurCaixa Adeslas.
  • To the parent company of the business group of which SegurCaixa Adeslas forms an integral part, the minimum information required to comply with the legal obligations imposed by commercial and insurance legislation.
  • To insurance and reinsurance companies, health centres and healthcare professionals, vehicle repair workshops, domestic repair professionals or companies, experts or other similar professionals and financial entities, the minimum information required to comply with the obligations arising from the insurance contract or provide the benefits connected to them.
     
  • If you have a car insurance policy, we may disclose the personal data indicated below: 
     
    • Automobile Insurance History Information System (SIHSA): based on compliance with legal obligations, historical information about policies and losses may be disclosed to the Automobile Insurance History Information System, of which SegurCaixa Adeslas is the joint data controller. The disclosure of data to this information system might entail the possibility that there is later access to the data by other insurance institutions that are users of the system. Its purpose is to provide rigorous and analysed information based on claim data at the time of the formalisation of contracts through the sharing of information obtained from policies and claims during the last five years, under the terms expressed in the Spanish Motor Vehicle Civil Liability Insurance Act. To exercise your data protection rights, please write to TIREA, Ctra. Las Rozas a El Escorial Km 0,3 Las Rozas 28231 MADRID. You can find the remaining data protection information on the websites of UNESPA (www.unespa.es and TIREA (www.tirea.es).
    • Total Write-Off, Theft and Fire System: based on compliance with legal obligations, historical data about the number of claims made related to your insurance or about the claims in which you have been involved may be disclosed to the Total Write-Off, Theft and Fire System, of which SegurCaixa Adeslas is the joint data controller. The disclosure of data to this information system might entail the possibility that there is later access to the data by other insurance institutions that are users of the system. Its purpose is to facilitate the automated identification of possible anomalies and the risk of fraud, to cooperate with the State Security Forces by facilitating the investigation of possible offences of robbery and bribery, among others, linked to insured motor vehicles, and cooperate with CENTRO ZARAGOZA, the State Security Forces, the Directorate-General for Traffic, and the affected insurer in the identification and location of stolen and indemnified vehicles. To exercise your data protection rights, please write to TIREA, Ctra. Las Rozas a El Escorial Km 0,3 Las Rozas 28231 MADRID. You can find the remaining data protection information on the websites of UNESPA (www.unespa.es) and TIREA (www.tirea.es).
    • Based on compliance with legal obligations, your data, including health data and all information and documentation that is generated and is required for the management of a claim may be disclosed so that we can act on your behalf in order to manage a personal injury claim that you have been a party to, and to claim the relevant damages, with these data being disclosed to other insurance institutions involved in the claim, and it also being possible that they might be disclosed to competent third-party entities or bodies created for the final resolution of the claim.
  • To Mutua Madrileña Automovilista, Sociedad de Seguros a Prima Fija with registered office at Paseo de la Castellana, 33 (28046, Madrid), the identification data of its members that have contracted policies with SegurCaixa Adeslas will be disclosed in order to validate their right, as a member or insured party of Grupo Mutua Madrileña, to enter into a policy with special conditions for its members.
  • Your identification and contact data will be disclosed to CaixaBank, S. A., with company tax number (NIF) A08663619 and registered office at Calle Pintor Sorolla, 2-4 46002 València, so that you can be sent, through any means of communication (postal, telephone, electronic, etc.), commercial information regarding its products and services.
  • Your data may be disclosed to the Mi Historia Clínica platform in order to access the interconnected service of medical records that is owned by the IDIS Foundation.

Service providers with which SegurCaixa Adeslas maintains a contractual relationship and that hold the status of data processor.
 

6. RIGHTS OF THE DATA SUBJECT IN RELATION TO THE PROCESSING OF THEIR PERSONAL DATA 

The data subject may exercise their rights of access, rectification, erasure, restriction of processing and portability of data in the cases and with the scope established in the applicable regulations at any time. They are also entitled to withdraw consent for voluntary processing if it has been provided and/or to object to receiving commercial notifications. To exercise these rights you may contact SegurCaixa Adeslas through any of the following channels:

  • By post to: “Tramitación Derechos de Privacidad” at Paseo de la Castellana 259 C - 6ª Planta – Torre de Cristal, 28046 Madrid.
  •  By email to: lopd@segurcaixaadeslas.es.
  •  By visiting any of the customer service offices of SegurCaixa Adeslas. 

To do this, you must provide sufficient information to enable this company to identify you and confirm your identity.

Nevertheless, SegurCaixa Adeslas reserves the right to request additional information that is necessary to confirm your identity, including, as appropriate, a photocopy of your national identity card (DNI), passport or equivalent valid document if it has reasonable doubts concerning the identity of the physical person that makes the request.

Furthermore, we hereby inform you that you can submit a claim regarding the processing of your personal data to the Spanish Data Protection Agency at www.aepd.es, if you consider that the processing of your personal data breaches the regulations in force.
 

 

7.DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA

At SegurCaixa Adeslas we process your data within the European Economic Area and, in general, we employ service providers located within the European Economic Area or in countries declared by the European Commission to have an adequate level of data protection.
If we need to use service providers that perform processing outside of the European Economic Area or in countries that have not been declared to have an adequate level of protection, we require that these suppliers provide adequate guarantees in line with the provisions of the GDPR.
 

 

8. Automated decisions

If during the contractual relationships you maintain with us we take decisions that could produce legal effects for you or that could significantly affect you (not allow you to contract a certain product, for example), based solely and exclusively on automated processing (i.e. without the participation of a person), we will inform you of this, as well as of the reasoning behind the decision, in the contractual documentation of the product or service that you have ordered from us.

At that time, we will also adopt measures to safeguard your rights and interests by giving you the right to request human intervention, to express your views and to challenge the decision.
 

 

9. PERMISSIONS REQUIRED FOR USERS OF THE ADESLAS APP

If you are a user of the mobile health application, in order to enjoy all its features it is necessary to permit the use of the following resources of your mobile device:

  • Memory: The platform will need access to the user’s telephone memory in order to locate downloaded files related to health plans, downloaded files arising from the use of the medical support service and to download informative documents related to the usual activity of the platform, such as the points catalogue for example.
  • Camera: It is necessary to access the camera of the data subject’s mobile device so that they can enjoy the remote medical support service offered on the platform. Services such as the chat service and video calls will require the use of their camera in order to access images that will firstly help in the provision of the service and also make it possible to send and receive a video signal for video calls.
  • Microphone: It is necessary to authorise access to the microphone of the user’s mobile phone so that they can enjoy the medical support service, as communication with the healthcare professional who will answer their medical queries requires this.
  • Body sensors: So that the user can participate in and complete the challenges available on the platform related to physical activity, it will be necessary to synchronise their mobile phone with a device that records activity, such as wrist devices, other mobile applications or various wearables.
  • Location: Permission to access the location of the data subject’s device will be required so that the features in the “challenges” section related to physical activity and movement are fully available.

We also inform you that you may activate or disable access by the app to any of the resources mentioned in the above section at any time, and configure the permissions in the main menu of your phone by accessing this application through the Settings menu.
 

 

10. Review and update of the Data Protection Policy

SegurCaixa Adeslas may modify this Data Protection Policy, based on legal or regulatory requirements, or to adapt the policy to current regulations and to the instructions and recommendations issued by the Spanish Data Protection Agency or other authorities. It is therefore recommended that you regularly review your Data Protection Policy.

Date of last review: 26th September 2025