Privacy Policy

PRIVACY POLICY

Introduction

The right of privacy, particularly the right of personal data protection, is one of the fundamental principles of Grupo Catalana Occidente.

The purpose of this privacy policy is to explain, in compliance with the European Union's General Data Protection Regulations, 2016/679, the Organic Law 3/2018, of December 5, on Data Protection and Guarantee of Digital Rights and its implementation regulations in force at any given time (the "Personal Data Protection Regulation"), the way in which Grupo Catalana Occidente will process any possible personal data collected from its clients (as defined below).

 

Who is the controller of your personal data?

The Entity of Grupo Catalana Occidente with which you have a relationship. In the Attachment at the end of this privacy policy, the identification and registered office of the Entities that make up the Grupo Catalana Occidente may be found along with other information.

 

Who is the Data Protection Officer?

The Data Protection officer is the person designated by the Grupo Catalana Occidente to ensure compliance with the aforementioned Personal Data Protection Regulations and other applicable regulations, who you may contact especially when you consider that your data protection rights and freedom have not been met, via the respective postal or electronic mail address indicated in the Attachment at the end of this privacy policy.

 

Who is the data protection supervisory authority?

The supervisory authority is the Spanish Data Protection Agency, with headquarters in Madrid (28001), calle Jorge Juan, nº 6, the independent authority responsible for ensuring the data privacy and protection of citizens, to whom you can submit queries and/or complaints regarding this matter, should you consider that your data protection rights and freedom have not been duly taken care of by the corresponding Entity of the Grupo Catalana Occidente. For more information, go to the following website: https://www.agpd.es. 

 

What personal data is object of processing?

All personal data, whether collected directly or by an insurance distributor or seller, including documents containing it, or obtained from recorded telephone conversations or Internet website browsing or other means, including biometric and geolocation data, will be processed before, during and after executing an application, contract or service related to any of the products marketed by Grupo Catalana Occidente's Entities on behalf of the customer, whose data is needed in the study, transmission, development and execution of contractual relationships. 

In this sense, the definition of customer is established as any data subject that is a: requestor of a product, service or information, policyholder, insured person, beneficiary, participant, third party involved in a claim, participant, partner, subscriber, rightholder, mortgagor, investor in promissory notes and/or third party that establishes a contractual or services relationship with an Entity of Grupo Catalana Occidente. 

If the personal data is provided by a person other than the holder, it shall be the provider's obligation to previously communicate this information to the holder of the personal data, as well as to obtain his/her consent, when required, so the Entity of Grupo Catalana Occidente can process this data.

In addition, this personal data can be supplemented, always complying with the requirements established in the personal data protection regulations, by other data obtained from providers of Grupo Catalana Occidente, as well as that obtained from public sources or any personal data that the data subject has made public.

In general terms the personal data of minors shall only be processed when their parents or legal guardians have provided their consent for the processing required to execute the corresponding contract or service, the fulfilment of a legal obligation and/or in legitimate interest, after the corresponding weighing analysis, of the Entity of Grupo Catalana Occidente responsbile for the processing, notwithstanding the exercise of personal data protection rights established by the current Personal Data Protection Regulation.

 

What are the categories of data subject to processing?

In general, the categories of personal data subject to processing in the issue of an offer, a precontract or contract, will be referred to the identifying details of the interested party, as well as those relating to their personal characteristics and/or social circumstances, as well as any other data that may be necessary for their implementation. 

In addition and of a specific nature; (I) in the case of life, accident, healthcare, illness and/or death insurance policies, they will also be subject to processing the data relating to the profession or activity of the policyholder and/or the insured person, as well as, if necessary, the data relating to the health of the insured person and (ii) in the case of investment funds, the data relating to the profession or activity of the policyholder will also be processed and/or the insured person, as well as the categories of data necessary for carrying out the suitability and/or suitability test.

Finally, in the contact forms provided by the Entities of Grupo Catalana Occidente, once the information prior to the collection of data has been provided, with reference to this privacy policy, the data necessary for the formalisation of the requested contact will be processed.

 

Which are the purposes of processing your personal data?

(i) Main purpose:

The main purpose of processing this personal data is the study, transmission, development and/or execution of the contract or service subscribed to by the corresponding Entity of the Grupo Catalana Occidente and to effectively comply with the obligations established in the regulations applicable at all times to the Entity of the Grupo Catalana Occidente responsible for such data processing.

(ii) Other aims:

Personal data will be object of processing for the purpose of setting prices and selecting risks and managing subsequent requests related to the risks that can be contracted. This processing may include, if necessary, profiling and/or automated decision-making in conformance with the provisions established in this privacy policy. 

Likewise, personal data will be object of processing for the purpose of fighting and preventing fraud and money laundering and the financing of terrorism, and the consultation and communication of information from/to sectoral files shall be permitted.

In addition, within the scope of managing the request and/or any of the contracts or services provided by any of the Entities of Grupo Catalana Occidente, the Entity controlling the personal data may process your personal data to assess your economic solvency, consulting and communicating information from/to financial solvency and creditworthiness files, as well as the carrying out of statistical, quality and technical studies, including those related to satisfaction surveys, market analysis, and research and service quality.

In insurance products the personal data may be processed to manage the coinsurance or reinsurance, in conformance with the current regulation. The communication of data that can be made in such cases shall be carried out in compliance with a legal obligation, in execution of the contract, or in the legitimate interest, after the weighing analysis, of the Grupo Catalana Occidente entity responsible for the processing. 

Finally, with regards to contact forms, telephone numbers, email addresses and social network profiles that may be made available to you by the different Entities of the Grupo Catalana Occidente, your data will be used to (i) attend to and manage queries and requests made via the telephone numbers and social network profiles provided for this purpose; (ii) attend to and manage suggestions, requests, complaints and other queries made using the corresponding form; and (iii) to manage CVs provided for a selection process opened in Entities of Grupo Catalana Occidente.

(iii) Automated decisions including profiling:

Some processing of personal data necessary for the execution or formalising of contracts may require the adoption of automated decision-making and/or profiling. This means that certain decisions may be made automatically without human involvement, always having the data subject the right to: (i) request the review of the results by a person; (ii) express their point of view; and (iii) contest the decision; always in accordance with current applicable regulations.

Similarly, in the processing of personal data for the prevention of fraud and/or money laundering and the financing of terrorism, profiling has as a legal basis the fulfilment of a legal obligation of the Entity of Grupo Catalana Occidente responsible for the processing. 

(iv) Advertising purposes:

In addition, if the customer authorises so, personal data shall also be processed to: (i) perform commercial actions and send the customer information, even via remote means, on other general or customised products and services, whether proprietary or belonging to other Entities of Grupo Catalana Occidente of which the controller is part of, as identified in the Annex included at the end of this privacy policy and/or on the website www.grupocatalanaoccidente.com; (ii) present customised advertising on websites, search engines and social networks; and (iii) offer participation in promotional competitions; All of this even following the termination of the contractual relationship. In any of aforementioned cases the adjustment of products and services to your profile may be performed based on the analysis of risk and behavioural profiles, considering both internal and external sources, geolocation information and your browsing habits through the internet or social networks. 

 

What is the legal basis for the processing of your personal data?

The legal basis of the aforementioned processing for the main purpose established above is based on the exercise of the offer, or as applicable, contract or service entered with the corresponding data controlling Entity of Grupo Catalana Occidente. 

Any processing for the other purposes mentioned above and for making automated decisions has legal grounds in the applicable regulation or the legitimate interest, after the weighing analysis, of each Entity of Grupo Catalana Occidente responsible for the processing. Specifically, the processing of personal data for the purpose of developing loyalty programmes for customers is based on the legitimate interest, after the aforementioned analysis, of the Grupo Catalana Occidente's entity responsible for processing.

Lastly, the processing of personal data for advertising purposes is legitimised, where applicable, by express consent.  

 

For how long will we store your personal data for?

Your personal data will be stored for the entire time that the relationship with the Entity of Grupo Catalana Occidente with which the service or contract has been formalised is effective. Once this relationship has ended, this data will be stored for the necessary period of time established by the applicable legislation at all times, and will be available to the courts and tribunals, Public Prosecutor's Office, State security forces and/or competent public administrations, in particular the appropriate personal data protection supervisory authorities, and corresponding supervisory bodies, in order to deal with any legal or contractual liabilities arising from the contract or service related to the data processing in question and during the applicable time in force. 

 

Any requests or proposals that do not materialise in a contract or service, regardless of the reason, shall be held for the required period to guarantee the fight against fraud in contracting and to prevent money laundering and the financing terrorism.

The guidelines on the terms of the storage, deletion and blocking of personal data, for their application by the Entity of Grupo Catalana Occidente responsible for the processing, are specified in the internal regulations on terms of the conservation, suppression and blocking of personal data, such as the development of the personal data protection policy and the use of ICT resources of Grupo Catalana Occidente.

 

To which recipients will your personal data be communicated?

(i) Entities belonging to the Grupo Catalana Occidente:

The customer's personal data, contract or service and any information arising or related thereof can be transferred to the Grupo Catalana Occidente entities specified in the Annex at the end of this privacy policy and/or on the website www.grupocatalanaoccidente.com for the purposes of complying with the regulations applicable to each Entity, and in general terms, to fight against fraud and prevent money laundering and the financing of terrorism, as well as, where applicable, maintain and comprehensively and centrally manage you relationship with the different Entities of Grupo Catalana Occidente.

We also specifically inform you that the Entities of Grupo Catalana Occidente share common services, with a different level of intensity, for the purpose of making use of the existing synergies, optimising resources and offering a better service to customers. To this end, several framework agreements have been entered to provide reciprocal services, which involve access to personal data managed by other Entities of Grupo Catalana Occidente and include various service provisions, including, but not limited to, the following: 

a) Services provided by Grupo Catalana Occidente, Tecnología y Servicios A.I.E. for Grupo Catalana Occidente's Entities: (i) hosting and data hosting, (ii) computing system, communication and equipment maintenance and management (iii)  information security and the supporting systems (iv) IT application development and maintenance, (v) providing a service to handle claims, and (vi) reporting of information relating to the services provided, (vii) maintenance and management of presence monitoring, 

security and video surveillance systems and (viii) document management, printing and labelling.

b) Services provided by the Grupo Catalana Occidente Contact Center A.I.E. for Grupo Catalana Occidente's Entities: (I) provision of customer service through any means, including remote, such as telephone, internet and/or social networks, and (ii) carrying out campaigns and satisfaction surveys.

c) Services provided by Prepersa Peritación de Seguros y Prevención A.I.E. for the Entities of the Grupo Catalana Occidente: render a service to cooperate in the management of claims related to insurance policies.

 

(ii) Other Entities:

Personal data can also be communicated to different collaborators or service providers of any data controlling Entity of Grupo Catalana Occidente, such as, including but not limited to: insurance brokers, co-insurers, reinsurers, lawsuit experts and investigators, lawyers and solicitors, auditors, consultants, medical professionals and health assessors, financial, depository and managing Entities and other suppliers and professionals who process personal data as party responsible and on behalf of the corresponding Entity responsible for Grupo Catalana Occidente, in order to guarantee that services rendered by the aforementioned party responsible for the contract or service comply with obligations stipulated in the applicable regulations, in legitimate interest after the weighing analysis and/or in accordance with their given consent.

We inform you that the computer servers of some Grupo Catalana Occidente service providers may be located in countries outside the European Union, where, if the level of privacy protection were not equivalent to the European or nationals personal data protection regulations, the corresponding data controlling Entity of Grupo Catalana Occidente shall adopt the necessary and appropriate measures envisaged in the Personal Data Protection Regulations for transfers to third countries and organisations, with the exceptions to specific situations expressly provided for, in order to ensure that the level of protection of stakeholders is not undermined, as well as appropriate and necessary measures for the best safeguarding of the rights of stakeholders and the security of information, based on the technical measures available at any time. 

(iii) Official bodies and authorities:

Personal data will be given to all those recipients for whom such information must be disclosed by the Entities of the Grupo Catalana Occidente, in compliance with legal obligations, including, but not limited to, competent public bodies and administrations, such as the Spanish Tax Administration Agency or regional tax authorities, personal data protection control authorities, courts and tribunals,  corresponding supervisory bodies, the Public Prosecutor's Office and/or State security forces and bodies.

(iv) Financial services and credit worthiness:

The Entities of the Grupo Catalana Occidente have the right to consult and process data from claims files, information on capital and credit solvency and any other data allowing personal risk assessment, the maintenance and control of contractual relationship development, claims management and execution of statistical analyses for claims and fraud prevention.  

(v) In the case of having a car insurance policy:

The Insurance Entities of the Grupo Catalana Occidente, in accordance with current legislation, will provide the habitual driver subject to the insurance policy with information on sanctions, if any, that may be published in his or her name on the current or future certified websites, in compliance with current legislation on personal data protection.

Said insurance entity shall use data belonging to the Vehicle Investigation Institute in the centre of Zaragoza (Instituto de Investigación sobre Vehículos S.A) to identify the vehicle's registration and chassis number and all technical and administrative characteristics of the vehicle covered in the insurance policy.

The Insurance Entity of Grupo Catalana Occidente with which the car insurance policy is taken out will communicate the historical data of the number of claims related to the insurance to the following common sector information systems:

a) The Car Insurance History File for the pricing and selection of risks, the purpose of which is to facilitate at the moment of the subscription of the contract the rigorous and verified information of accident rate data by pooling the information obtained through policies and claims, from the previous five years, in the terms expressed in the Civil Liability and Insurance Act.

b) The Total Loss, Theft and Fire File, the purpose of which is to facilitate the automated identification of possible anomaly situations and of the risk of fraud, to cooperate with the State Security Forces and Bodies, facilitating the investigation of possible theft and fraud offences, among others, related to the insured motor vehicles; and cooperate with Centro Zaragoza, the State Security Forces and Bodies, the Directorate General for Traffic and the insurance company affected in the identification and location of stolen and compensated vehicles. 

For the exercise of data protection rights in relation to any of these files, please contact: Tecnologías de la Información y Redes para las Entidades Aseguradoras S.A. (TIREA), Ctra. Las Rozas a El Escorial Km 0,3 Las Rozas 28231 Madrid. 

You can find the rest of the data protection information on the Spanish Union of Insurance and Reinsurance Companies (UNESPA) (www.unespa.es) and TIREA (www.tirea.es) websites.

(vi) If you have taken out a multi-risk insurance policy for home, business, community, SME and industry, civil liability or other insurance for various areas:

The Insuring Entity pertaining to Grupo Catalana Occidente with which the relevant policy is held may communicate the information on the claim relating to their insurance with different bodies responsible for said file for fraud prevention purposes. The purpose of the System is to prevent and detect fraud by either warning the insurer at the time a policy is contracted or by detecting fraud committed in the declared claims, as well as to cooperate with the State Security Forces in their actions and investigations related to insured goods. For the exercise of data protection rights, please contact TIREA, Ctra. Las Rozas a El Escorial Km 0,3 Las Rozas 28231 Madrid. 

You can find the rest of the data protection information on the UNESPA (www.unespa.es) and TIREA (www.tirea.es) websites

(vii) If you have taken out a life, accident, health, illness, death or any other insurance policy in which we request or process health information:

Your personal data may be disclosed to the different partners and service providers of the corresponding Grupo Catalan Occidente Insurance Company mentioned above, who shall process all personal data as responsible party in the name and on behalf of the aforementioned Insurance Company.

 

In addition, and specifically, if you are a holder of:

(a) a life insurance policy with death benefit and/or an accident insurance policy covering the contingency of the insured person's death, whether individual or collective policies, in compliance with current legislation, your personal data will be disclosed to the public insurance register of contracts with death benefit dependent on the Ministry of Justice or the one that may replace it in the future, as the case may be.

(b) of health insurance or healthcare insurance, in which case your personal data, including health data, may be disclosed to the corresponding insurance company of the Catalana Occidente Group to doctors, health centres, hospitals or other institutions or persons in order to fulfil, develop, control and execute healthcare, leading to the reimbursement or indemnity stipulated in the insurance contract upon consulting or verifying the causes and medical background of the interested party with the aforementioned health providers to justify any benefits, reimbursements or indemnifications, and, where applicable, recovering expenses. Specifically, in the case of healthcare insurance, in order to inform the policyholder of the collection of each co-payment, the insurance entity may communicate to the policyholder the details of the medical services used by each insured person of the policy, including the healthcare and professional centres that he has visited and/or the list of the tests to which each insured person has submitted.

 

(viii) In the event of having contracted a social welfare product:

Your personal data may be exchanged between the Managing Entity, the Depositary and the Promoter and/or Marketing Entity of such social welfare products.

Likewise, in the case of asking to demonstrate vested rights from the Managing Entity or target insurance company, the client must present this demonstration request and an authorization to the Managing Entity or target insurance company so that, in their name, the source fund Managing Entity may be asked to demonstrate such vested rights, in addition to all financial and fiscal data needed in the process.

 

(ix) In the event of having subscribed shares in any of the investment funds commercialised by Grupo Catalana Occidente:

Your personal data may be exchanged between the Managing Entity, the Depositary and the corresponding Marketing Entity of the said investment funds.

 

What are your rights when you provide your personal data?

As holder of your personal data, you are entitled to the rights set out below, which you may exercise by proving your identity, in the way explained in the Data Protection Officer section:

(i) Right of access. Information about your personal data may be requested from the corresponding Entity of the Grupo Catalana Occidente, including how such data is processed, as well as obtaining a copy of such data in a user-friendly, structured, easy to read format.

(ii) Right of rectification. You may request the rectification of personal data that is inaccurate, and, where incomplete, you have the right to request that such data be correctly filled in, including an additional declaration where necessary.

(iii) Right of withdrawal. You may request your personal data be withdrawn when it is no longer needed for the purposes for which it was collected by the Entity of the Grupo Catalana Occidente responsible for its processing, or when you withdraw your consent for which such processing is based. Such a request shall not be applicable when processing is required on the grounds of what is stipulated in the paragraph "The user always has at his disposal for information purposes the present privacy policy as well as the cookie policy of the Grupo Catalana Occidente adapted the guidelines of the Guide on the use of cookies issued by the control authority and also provides at all times of the ability to manage and customize your preferences about the use of cookies. ?" above.

In this respect, in the digital environment of any of the Entities of Grupo Catalana Occidente, if you exercise your right to be forgotten, the corresponding Entity will contact the Internet service provider to transmit the interested party's request to cancel the processing of personal data affecting them, taking into account available technology and the cost of using it; in this case, data will only be stored by the person responsible in order to make, exercise rights to or defend claims. The request shall not be applicable when the processing is required on the basis of the provisions included in the section “What is the legal basis for processing your personal data?”, whether the processing is required to exercise the right of freedom of expression and information or on grounds of public interest.

(iv) Right to Object. You may object to your personal data being processed, unless the Grupo Catalana Occidente Entity responsible for such processing, after the weighing analysis, have legitimate reasons to continue doing so, in which case such data will only be stored by the legally responsible person to make, exercise rights to or defend claims. The processing of personal data for commercial or advertising purposes shall not be considered legitimate and therefore the right to object shall be deemed equivalent to the withdrawal of given prior consent. Such a request shall not be applicable when processing is required on the grounds of what is stipulated in the paragraph "What is the legal basis for processing your personal data?" above.

(v) Right to restrict processing. You may request the processing of your personal data be restricted, which may involve your data being blocked in the following circumstances: (i) when you challenge data accuracy, (ii) when the data controller objects to data deletion in the event of lawful processing, (iii) when the controller no longer needs the data but it is needed to make, exercise rights to or defend claims or, (iv) when you have objected to processing, whilst the controller verifies whether your legitimate reasons prevail over theirs; in this case they shall only be held by controller to draw up, exercise or defend claims.

(vi) Right to data portability. Where technically possible, you may request that relevant personal data subject to automated processing be transmitted to another controller, or to yourself as data subject, in a structured, commonly used and easy to read format, and without detriment to your rights of deletion or to be forgotten, in which case such data will only be stored by the data controller for the purpose of formulating, exercising or defending claims.  

Any communications and actions performed in the context of exercising your rights shall be free of charge. When the requests are manifestly unfounded or excessive, especially when they are of a repetitive nature, the data controlling Entity of Grupo Catalana Occidente may charge a fee according to the expenses borne to fulfil the request.

Confidentiality of personal data

From the first moment it initiates the data processing, the data controlling Entity of Grupo Catalana Occidente shall implement the technical, organisational and security measures necessary, considering the state of technology, to guarantee the confidentiality, integrity, availability and resilience of the personal data, as well as to prevent its unauthorised access, alteration, loss or processing.

We inform you that the computer servers of some Grupo Catalana Occidente service providers may be located in countries outside the European Union, where, if the level of privacy protection were not equivalent to the European or nationals personal data protection regulations, the corresponding data controlling Entity of Grupo Catalana Occidente shall adopt the necessary and appropriate measures envisaged in the Personal Data Protection Regulations for transfers to third countries and organisations, with the exceptions to specific situations expressly provided for, in order to ensure that the level of protection of stakeholders is not undermined, as well as appropriate and necessary measures for the best safeguarding of the rights of stakeholders and the security of information, based on the technical measures available at any time.  

With regard to browsing the official websites of the Entities of Grupo Catalana Occidente, the user always has at their disposal for information purposes this privacy policy as well as the cookie policy of the Grupo Catalana Occidente adapted to the guidelines of the Guide on the use of cookies issued by the control authority and also provides at all times of the ability to manage and customise their preferences about the use of cookies.

 

Privacy policy validity

Grupo Catalana Occidente states that the privacy policy published on the website www.grupocatalanaoccidente.com at any given time shall always be the valid version, and it reserves the right of modifying it whenever necessary. If the customer of an Entity belonging to Grupo Catalana Occidente wishes to access previous versions, they may contact the corresponding Data Protection Officer in the way indicated in the Attachment to this privacy policy. 

 

Copyright

Grupo Catalana Occidente reserves all the rights regarding the content of this privacy policy. The reproduction, distribution, transformation, handling, public communication or any other kind of total or partial use, free of charge or in return of a consideration, of this document is strictly forbidden without a written authorisation. 

Grupo Catalana Occidente reserves the right to apply, at any given time and without prior notice, as many modifications, variations, deletions or cancellations in the content and in the way it is presented as deemed appropriate. 

Version 5, approved on 29 September 2021.

 

ATTACHMENT: ENTITIES THAT MAKE UP THE GRUPO CATALANA OCCIDENTE FOR THE PURPOSES OF THE CURRENT PRIVACY POLICY

COMPANY    

Tax ID number  

REGISTERED OFFICE    

REGISTRATION DETAILS    

CONTACT DETAILS / DEPT.    

EMAIL ADDRESS

Grupo Catalana Occidente S.A.    

A08168064    

Paseo de la Castellana 4, 28046 Madrid    

Registered in Madrid's Mercantile Registry, volume 36.829, folio 141, page  M-659.287    

Data Protection Officer Catalana Occidente Group
dpo@grupocatalanaoccidente.com

Bilbao, Compañía Anónima de Seguros y Reaseguros (Anonymous Insurance and Reinsurance Company)    

A48001648    

Paseo del Puerto 20, 48992 Neguri- Getxo (Vizcaya)  

Registered in the Vizcaya Mercantile Registry, volume 55, section 103, page 2.436    

Data Protection Officer Seguros Bilbao
dpo@grupocatalanaoccidente.com

Seguros Catalana Occidente, S.A. de Seguros y Reaseguros, Sociedad Unipersonal    

A-28119220    

Paseo de la Castellana 4, 28046 Madrid    

Registered in Madrid's Mercantile Registry, volume 37.110, section 177, page M-91.458    

Data Protection Officer Seguros Catalana Occidente
dpo@grupocatalanaoccidente.com

Nortehispana de Seguros y Reaseguros S.A., Sociedad Unipersonal    

A-08185589    

Paseo de la Castellana 4, 28046 Madrid    

Registered in Madrid's Mercantile Registry, volume 36.935, section 1, page M-660.565.    

Data Protection Officer Nortehispana Seguros
dpo@grupocatalanaoccidente.com

Plus Ultra, Seguros Generales y Vida S.A. de Seguros y Reaseguros, Sociedad Unipersonal    

A-30014831    

Plaza de las Cortes 8, 28014 Madrid    

Registered in the Mercantile Register of Madrid, in
volume 5,992, section 100, page  M-97.987    

Data Protection Officer Plus Ultra Seguros
dpo@grupocatalanaoccidente.com

Grupo Catalana Occidente Gestión de Activos S.A. SGIIC, Sociedad Unipersonal    

A-28475754    

Cedaceros 9, planta baja, 28014 Madrid      

Registered in Madrid's Mercantile Registry, in volume 36.521, section 171, page M-52.463    

Data Protection Officer GCO Gestión de Activos
dpo@grupocatalanaoccidente.com

Bilbao Hipotecaria S.A.U., EFC    

A-48409023    

Paseo del Puerto 20, 48992 Neguri- Getxo (Vizcaya)   

Registered in Madrid's Mercantile Registry, volumen 2,228, section 150, page nº 16,326    

Data Protection Officer Bilbao Hipotecaria
dpo@grupocatalanaoccidente.com

Grupo Catalana Occidente Contact Center, AIE    

V-65404063    

Jesus Serra Santamans 3, 08174 Sant Cugat del Vallés (Barcelona)    

Registered in Barcelona's Mercantile Registry, volume 42.241, section 185, page nº B-405.292    

Data Protection Officer GCO Contact Center
dpo@grupocatalanaoccidente.com

Grupo Catalana Occidente Tecnología y Servicios AIE    

V-65004517    

Avenida Alcalde Barnils 63, 08174 Sant Cugat del Vallès (Barcelona)    

Registered in Barcelona's Mercantile Registry, volume 41.030, section 29, page nº B-376.366    

Data Protection Officer GCO Tecnología y Servicios
dpo@grupocatalanaoccidente.com

Catalana Occidente Capital, Agencia de Valores, S.A.U.    

A-63764138    

Avenida Alcalde Barnils 63, 08174 Sant Cugat del Vallès (Barcelona)    

Registered in Barcelona's Mercantile Registry, in volume 37.416, section 142, page number B-298.341    

ata Protection Officer COCAV
dpo@grupocatalanaoccidente.com

GCO Previsión, Individual Voluntary Social Welfare Entity    

V-48410120    

Paseo del Puerto 20, 48992 Neguri- Getxo (Vizcaya)  

Registered in the Vizcaya Mercantile Registry, volume 2111, section 124, page number 5-8    

Data Protection Officer GCO Previsión EPSV
dpo@grupocatalanaoccidente.com

GCO Gestora Pensiones E.G.F.P., S.A.U.  

 A-67000471    

Paseo de la Castellana 4, 28046 Madrid    

Registered in Madrid's Mercantile Registry, volume 36,886, section 90, page M-659,976.    

Data Protection Officer GCO Gestora de Pensiones
dpo@grupocatalanaoccidente.com

GCO Activos Inmobiliarios S.L.    

B66672544    

Avenida Alcalde Barnils 63, 08174 Sant Cugat del Vallès (Barcelona)    

Registered in Barcelona's Mercantile Registry, page no. B-478.427    

Data Protection Officer  GCO Activos Inmobiliarios S.L.    

dpo@grupocatalanaoccidente.com