Any personal data and information you provide will be processed by CRÈDIT ANDORRÀ, S.A., acting as the data controller. CRÈDIT ANDORRÀ, S.A. is the owner of this website and its identification details are:
- Identity of the data controller: CRÈDIT ANDORRÀ, SA with NRT A-700068-C
- Address: Avinguda Meritxell, 80, AD500 Andorra la Vella
- Telephone: 00 376 888888
- Email: info@creand.ad
- Contact details of the Data Protection Officer (DPO): dpo@creandgroup.com
In compliance with the provisions of the LQPD and its implementing regulations, we hereby inform you that the personal data subject to processing are those categorised in the following section (CATEGORIES OF PERSONAL DATA PROCESSED).
All personal data collected directly from the data subject, or through their relationship manager, intermediary, distributor or any other collaborator, will be subject to processing. This includes any documents containing such data, as well as data that may be obtained through the recording of telephone conversations, biometric data and geolocation data, collected before, during and after the formalisation of an application, pre-contractual arrangement or service relating to any of the products marketed by CRÈDIT ANDORRÀ, S.A., insofar as such data are necessary for the assessment, issuance, development and execution of the contractual relationship.
In general, personal data relating to minors will only be processed when their parents or legal guardians have given their consent for the processing necessary for the performance of the relevant contract or service, for compliance with a legal obligation or for the purposes of legitimate interest, provided that the appropriate balancing of rights has been carried out, and without prejudice to the exercise of the rights granted to the data subject under personal data protection legislation.
With regard to the processing of personal data arising from a potential capacity as an authorised representative or proxy, CRÈDIT ANDORRÀ, S.A. may process identification and contact data, professional data and biometric data for the purpose of representing any legal person that may maintain a relationship with the Bank.
With regard to the capacity of guarantor of individuals who may provide guarantees for client transactions and who do not maintain a contractual relationship with the Bank, CRÈDIT ANDORRÀ, S.A. may process identification and contact data, biometric data, and data relating to ownership status in respect of properties that may be provided as collateral.
In general, the categories of personal data subject to processing in connection with the issuance of an offer, pre-contractual arrangement or contract by CRÈDIT ANDORRÀ, S.A. through any channel shall include identification data relating to the data subject, in their capacity as a client or potential client, as well as data relating to their personal characteristics, social circumstances, or any other data that may be necessary for the execution thereof.
More specifically:
- Identification and contact data for the purpose of requesting information on any product or service, as well as for their effective contracting, including biometric data.
- Data relating to the capacity of account holder or authorised person, proxy or representative of legal persons, or guarantor of credit transactions.
- Economic and financial data, including current and historical balances of products and services, payment history relating to contracted products and services, solvency and risk data, and transactional data.
- Categorisation data in accordance with legislation on securities markets and financial instruments (MiFID), information on investments made and their performance, and information relating to movements in financing transactions.
- Voice recording data obtained through the recording of telephone calls in the context of the provision of investment services.
- Voice recording data obtained through the recording of telephone calls for the purposes of customer service quality control, commercial activities or security, based on the lawful basis of legitimate interest.
- Third-party data appearing on current account statements and receipts, including information relating to entries and transactions carried out by third-party issuers on such accounts.
- Tax and fiscal data.
- Data relating to communications maintained, including data obtained from chats, video calls, recorded telephone calls or other equivalent means, for the purposes of incident support and quality control of user services.
- User data generated through digital interaction with the Bank, including data that may be obtained from browsing our website, any mobile applications, device ID, IP address, acceptance of the use of cookies, geolocation data, and interactions with the Bank’s applications and social networks.
- Image recording data obtained for video surveillance purposes.
- Data relating to complaints and claims.
- Data relating to a potential status as a shareholder of the Bank.
- Identification and contact data, as well as data relating to academic background and training (including CVs) of candidates.
With regard to any contact forms that CRÈDIT ANDORRÀ, S.A. may make available to you, in any format, once the prior information required before the collection of personal data has been provided by reference to this Privacy Policy, the data necessary to establish the requested contact will be processed.
CRÈDIT ANDORRÀ, S.A. can obtain data from the following sources:
- Directly from its clients or potential clients, or through authorised persons or, where applicable, representatives of legal persons, via any of the channels made available by the Bank (branches, Contact Center, Creand Online Banking, etc.).
- Internal sources: data inferred on the basis of the information available to the Bank by virtue of the individual’s status as a client, in particular in relation to financial or credit risk indicators.
- External sources: specialised information databases or publicly available sources accessible via the internet in connection with the prevention of money laundering and terrorist financing, as well as publicly accessible sources such as public registers and official gazettes.
CRÈDIT ANDORRÀ, S.A. processes the personal data you provide to us through any channel, as well as personal data collected via creand.ad and any data arising from your relationship with us, for the following purposes:
- On the lawful basis of the management of the contractual or pre-contractual relationship in connection with the products or services offered, we may process your personal data for the following purposes:
-
- To manage requests for information relating to products or services provided by the Bank to its clients or potential clients, to respond to enquiries, process requests and carry out the procedures necessary to give effect to the contracting of products or the provision of services.
- To handle and process complaints, claims, enquiries or suggestions for improvement relating to the services provided.
- To manage internally the various operational channels made available by the Bank, including mobile applications, the website, the Contact Center or any other channels that may be implemented from time to time.
- To manage and make available the minimum information necessary to other payment service providers and technology providers that act as necessary parties in order to carry out all types of transactions relating to the payment methods contracted by clients.
- On the lawful basis of compliance with legal obligations, we may process personal data for the following purposes:
-
- To comply with obligations relating to the prevention of money laundering and terrorist financing, we may process the data necessary to fulfil due diligence obligations concerning the identification of the parties involved who request the contracting of any product or service, as well as the verification of their professional or business activity prior to contracting.
For identity verification and authentication purposes, we may process personal data in cases of onboarding as a client and in connection with any remote contracting of services through the video identification system that the Bank may make available to clients from time to time. - Within the framework of compliance with the same legislation, we may communicate to the Andorran Financial Intelligence Unit information relating to accounts that may present indications of suspected money laundering or terrorist financing, or specific information relating to a particular transaction.
- To comply with obligations arising from tax legislation, in particular in relation to foreign accounts, including the Foreign Account Tax Compliance Act (FATCA), which entails the obligation of automatic exchange of information requiring the identification, classification and reporting of accounts held by clients with legal obligations in the United States, as well as the Common Reporting Standard (CRS) applicable to the financial authorities of the jurisdictions subject to that standard.
- To comply with legal obligations arising from the regulations applicable to the provision of investment services, for the purpose of assessing knowledge and experience in financial markets, financial situation and investment objectives, including the obligation to record telephone conversations where their purpose is the execution of orders or investment service transactions.
- To comply with obligations relating to the prevention of money laundering and terrorist financing, we may process the data necessary to fulfil due diligence obligations concerning the identification of the parties involved who request the contracting of any product or service, as well as the verification of their professional or business activity prior to contracting.
- On the lawful basis of explicit consent, we may process personal data for the following purposes (provided that the client consents in whole or in part):
-
- For commercial offers and advertising of all types of products and services related to the banking, financial and insurance sectors of all entities forming part of the Creand Group, through any of the channels operated by the Bank.
- For the analysis and review of personal data for the purpose of segmentation and profiling, in order to develop new commercial product proposals.
- For the disclosure of personal data to third parties, in particular to enable the Bank to transfer your data to companies in which Crèdit Andorrà has a shareholding, or to other companies with which the Bank has agreements and whose activities are related to the banking sector, investment services, shareholding activities, private equity and real estate, the distribution of goods or services, and insurance, so that such entities may send you commercial offers relating to the products they market.
You are hereby informed that the explicit consent you grant shall remain valid unless and until it is revoked. Please note that, if you are an online banking user, you may adjust your preferences via the Creand Online Banking App by accessing the Personal Settings / Consents menu. If this is not the case, you may manage your preferences in person at your branch.
-
- To handle and manage requests from data subjects who interact with the Bank through CRÈDIT ANDORRÀ, S.A. social media channels, in order to respond to enquiries and requests submitted through such channels. The consent granted shall be deemed to have been expressly given through the user’s voluntary initiative to submit any request via social networks.
- To manage the receipt of CVs for potential applications and participation in recruitment processes for job vacancies or professional internships. The consent granted shall be deemed to have been expressly given through the voluntary initiative of attaching a CV on the website.
- In the event of subscribing to the Telegram channel made available by CRÈDIT ANDORRÀ, S.A., you shall be deemed to have expressly consented to the Bank having access to your telephone number and your name or alias, solely for the purpose of enabling access to the content generated through that channel.
- On the lawful basis of legitimate interest, and following a prior balancing in accordance with the requirements of the law, we may process personal data for the following purposes:
-
- For internal administrative purposes, and for the prevention of fraud and the prevention of money laundering and terrorist financing, we may process personal data of clients and employees within the corporate group, subject to the principles of transparency and data minimisation and, where applicable, with the adoption of appropriate international safeguards.
- For the assessment of clients’ or potential clients’ solvency and credit risk, using information contained in internal databases or information that may be provided at the Bank’s request for this purpose.
- For the prevention and investigation of fraud, we may process your personal data, including geolocation data, in order to send you communications relating to potential fraudulent activity, with a view to anticipating possible scenarios or situations that could cause you harm as a result of fraudulent actions by third parties.
In certain cases, and provided that you have expressly requested or consented to it, CRÈDIT ANDORRÀ, S.A. will disclose your personal data to third parties.
In this regard, we hereby inform you that your personal data may be disclosed to third parties, and in particular to service providers that necessarily require access to such data. Where such data are processed on behalf of CRÈDIT ANDORRÀ, S.A., such third parties shall act as data processors and shall be subject to the Bank’s internal selection criteria, which ensure the adoption of the technical and organisational measures required under applicable legislation, for the purposes of managing and processing your request.
Where possible, we engage service providers located within the European Union or, where applicable, in countries that have been declared to provide an adequate level of protection for personal data. Where it is necessary to engage service providers located outside the European Union or in a third country, we ensure that the security and lawfulness of the processing of personal data are guaranteed.
To this end, we require such service providers to provide adequate safeguards in accordance with applicable legislation, such as the implementation of Binding Corporate Rules or the execution of the European Union Standard Contractual Clauses.
Finally, CRÈDIT ANDORRÀ, S.A. may be required to disclose your personal data to third parties in order to comply with the applicable legal obligations in each case.
In your capacity as a data subject, you may exercise your rights of access, rectification, objection, erasure, restriction and data portability, in accordance with the provisions of the LQPD, by submitting a written request to dpo@creandgroup.com or to CRÈDIT ANDORRÀ, S.A., Avinguda Meritxell, 80, AD500 Andorra la Vella, enclosing a copy of a document that allows your identity to be verified (such data will be processed solely for the purpose of handling the exercise of your rights).
If you believe that your rights have not been satisfied, or in the event of any violation, you may file a complaint with the Andorran Data Protection Agency (APDA).
Your personal data will be processed for as long as the contractual relationship and any related contractual or business relationships remain in force, or for as long as the consent granted for the specific purposes referred to above remains valid.
Once your personal data are no longer necessary for the purposes referred to, they will be duly blocked, meaning that the Bank will not carry out any processing other than their retention for the purpose of making them available to the competent authorities, addressing any potential liabilities arising from the contractual relationship maintained, or those related to the processing of the data.
We will retain your personal data for the periods established under the applicable legal provisions or, as the case may be, for the limitation periods applicable to claims arising from the contractual relationships maintained with the Bank.
Once such periods have elapsed, the data will be physically deleted or irreversibly anonymised.
CRÈDIT ANDORRÀ, S.A. adopts appropriate technical and organisational security measures to ensure the confidentiality and security of personal data and to prevent their alteration, loss, unauthorised processing or unauthorised access.
This Privacy Policy may be subject to changes in accordance with the applicable legislation in force from time to time. In any event, any material modification will be communicated to users through the channel deemed most appropriate.