Skip to content

Privacy policy

In compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), Spanish Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”) and any other applicable data protection regulations, we inform you that the personal data provided will be added to a database owned by Loreto Mutua, a Social Welfare Mutual Society.

Company name: Loreto Mutua, M.P.S. (hereinafter referred to as Loreto Mutua)
Spanish tax identification number (NIF): V-28277002
Postal address: Paseo de la Castellana, 40, 28046 Madrid – Spain
Email: info@loretomutua.com

Likewise, we inform you that Loreto Mutua will process the data jointly with one of the companies of the Loreto Mutua Group as joint data controllers. This joint responsibility will be explained in detail in the “JOINT RESPONSABILITY” section of this Privacy Policy.

For any matter related to the processing of the data of natural persons by Loreto Mutua, you may contact our Data Protection Officer by sending an email to dpd@loretomutua.com

Loreto Mutua may collect the following data:

1.BUSINESS CONTACT:

Providing assistance for queries and contact requests received by any means, of the services of Loreto Mutua, as well as the maintenance of business relations:

    • Data collected:full name, telephone, e-mail and query.
    • Purpose: responding to requests for information that the interested party has made by any means about Loreto Mutua products and services, and to establish and maintain business
      relations.
      o Legal basis:       based on the provision of consent Loreto Mutua is entitled to process the data of the interested party provided through the contact request, and in accordance with the legitimate interest for the development and maintenance of business relations.
      o Storage period:       the data will be kept for the time required until the data subject requests the cancellation or deletion of their data and once deleted, they will be kept at the disposal of the public administration, judges and courts, for the legal periods established for the handling and defence of possible liabilities arising from the processing.
    •  

2.MUTUAL AND PENSION PLAN MEMBERS (CLIENTS):

Data provided for the provision of services either off-line or on-line through the private area of Loreto Mutua. Services will be identified at the time of data collection and registration.

    • Data collected: full name, ID number, contact address, postal address, e-mail address, contact telephone number and other data necessary according to the service requested, and which will be exclusively necessary for the registration and the correct provision of services by Loreto Mutua.
    • Purpose: the registration of data subjects for the provision of services (application for membership of the Mutual Society or the pension plan either via the contributing or promoter company or individually, making extraordinary contributions to the products, processing the designation of beneficiaries, application for reinstatement, affidavit of life form, application for benefits either for covered contingencies or exceptional liquidity event or early provision in accordance with the contractual documentation of each product; fulfilment of the legal obligations arising from the legal relationship) as well as establishing and maintaining business relations.
    • Legal basis: the existing legal or contractual relationship necessary for the provision of the service and the legitimate interest for the development of commercial relations.
    • Storage period: the data will be kept for the time required for its processing, and once finished, it may be made available to the public administration, judges and courts for the handling and
      defence of possible liabilities arising from the processing.
    •  

3.REGISTRATION:

To obtain a password to access the Private Area that enables the contracting and management of Loreto Mutua products and services:

    • Data collected: full name, ID number, contact address, postal address, email, contact telephone and other additional data specified in the form for collecting data for the product or service requested.
    • Purpose: registration of users for the contracting and management of Loreto Mutua products and services.
    • Legal basis: legal relationship arising out of the service contracted.
    • Storage periods: the data will be held until you request that it be erased, after which the data may be stored for six years for providing it to the government and the courts for responding to and defending legal claims arising out of the data processing.
    •  

4. SERVICES:

Data provided for the provision of Loreto Mutua's services. Services will be identified at the time of data collection and registration.

    • Data collected: full name, ID number, contact address, postal address, e-mail address, contact telephone number and other data necessary according to the service requested, and which will be exclusively necessary for the registration and the correct provision of services by Loreto Mutua.
    • Purpose: the registration of data subjects for the provision of services and to establish and maintain business relations.
    • Legal basis: the existing legal or contractual relationship necessary for the provision of the service and the legitimate interest for the development of commercial relations.
    • Storage period: the data will be kept for the time required for its processing, and once finished, it may be made available to the public administration, judges and courts for the handling and defence of possible liabilities arising from the processing.
    •  

5. PREVENTION OF MONEY LAUNDERING:

Data provided for the formal identification of the client and investigation into the Prevention of Money Laundering and Financing of Terrorism by Loreto Mutua Group companies that are considered obliged to comply with the Prevention of Money Laundering and Financing of Terrorism regulations. Services will be identified at the time of data collection and registration.

    • Data collected: full name, ID number, contact address, postal address, e-mail address, contact telephone number and other data necessary for the formal identification of the client and investigation into the Prevention of Money Laundering and Financing of Terrorism.
    • Purpose: formal identification of the client and investigation for compliance with the Prevention of Money Laundering regulations.
    • Legal basis: the existing legal or contractual relationship necessary for the provision of the service, as well as the fulfilment of a legal obligation.
    • Storage period: the data will be kept for the time required for its processing (10 years), and once finished, it may be made available to the public administration, judges and courts for the handling and defence of possible liabilities arising from the processing.
    • Communication and transfer of data: in certain services provided by any of the Loreto Group companies, with the prior acceptance of the corresponding Special Conditions of the Service, personal data identifying the user in accordance with the provisions of Law 10/2010, of 28 April, on the prevention of money laundering and the financing of terrorism or any other related applicable regulations, may be communicated between Loreto Group companies in order to comply with the current regulations on the Prevention of Money Laundering. In any case, the transfer of data that may occur will be communicated in the Special Conditions of each Service and must be accepted prior to the use of this.
    •  

6. SUPPLIERS:

Professional personal data provided by Clients/Suppliers for the provision of services and management of the legal or contractual relationship.

    • Data collected: full name, ID number, professional contact address, e-mail address, contact telephone number.
    • Purpose: managing the contractual relationship of the service.
    • Legal basis: the existing legal or contractual relationship necessary for the provision of the service.
    • Storage period: the data will be kept for the time required for its processing, and once finished, it may be made available to the public administration, judges and courts for the handling and defence of possible liabilities arising from the processing.
    •  

7. ACCESS CONTROL AND SECURITY:
Data collected by video surveillance cameras or, where appropriate, provided for access control to the buildings of any of the Loreto Mutua Group companies:

    • Data collected: full name, ID number, and images.
    • Purpose: controlling access and managing the internal security of Lotero Mutua's facilities.
    • Legal basis: legitimate interest in guaranteeing security in the facilities on the part of the owner, which justifies the recording of data in the access control, and that the images are necessarily captured when accessing these facilities.
    • Storage period: the data will be kept for a period not exceeding 30 days, unless it is necessary to keep them for a longer period due to the need to clarify any infringement or unlawful act detected, and therefore they will be kept at the disposal of the public administration, judges and courts, for the legal periods established for the attention and defence of possible liabilities arising from the processing.
    •  

8. CURRICULUM OR EMPLOYMENT:

CV submission through the website or by any other means to Loreto Mutua.

    • Data collected: professional area, full name, telephone, e-mail, CV, cover letter and any other personal data associated with the CV or professional profile.
    • Purpose: managing the data subject’s candidacy for published selection processes or for other vacancies in line with their professional profile that may arise in the future within Loreto Mutua activities.
    • Storage period: The data will be kept until you are offered a job or until you ask us to delete your data. The data will be kept for the time required for its processing, and once finished, it may be made available to the public administration, judges and courts for the handling and defence of possible liabilities arising from the processing.
    • Legal basis: provision of the data subject's consent or the implementation of pre-contractual measures at the request of the data subject.
    • Recipients: the data provided and derived from the selection process may be transferred to third-party companies identified by the interested party for the request of references that may be necessary for the selection of the candidate.
    •  

9. MARKETING OR NEWSLETTERS:

Submission of information, news, notices, reminders and promotions that may be of interest to you, related to the activities of Loreto Mutua.

    • Data collected: e-mail address, full name, telephone number, city or country. As well as user metadata produced during browsing (browser, operating system, IP, among others).
    • Purpose: registration of data subjects for information, news and promotions submission to establish and maintain business relations.
    • Legal basis: provision of the data subject's consent to Loreto Mutua to register for promotional services, and legitimate interest in the development of commercial relations.
    • Storage period: the data will be kept for the time required for its processing, and once finished, it may be made available to the public administration, judges and courts for the handling and defence of possible liabilities arising from the processing.

We inform you that Loreto Mutua will process your data jointly with the companies that are part of the Loreto Mutua Group, depending on the processing to be carried out, as set out below:

Company name: Loreto Mutua, M.P.S.
o Tax identification number (NIF): V-28277002
o Postal address: Paseo de la Castellana, 40, 28046 Madrid – España
o Email: info@loretomutua.com

Company name: Loreto Inversiones, SGIIC, S.A.U.
o Tax identification number (NIF): A-88022199
o Postal address: Paseo de la Castellana, 40, 5ª planta 28046 Madrid – España
o Email: info@loretoinveriones.com

Under the provisions of the GDPR and the LOPDGDD (Spanish law), we inform you that the joint data controllers have signed a joint responsibility agreement for certain processing operations, the essential points of which are as follows:

– The joint data controllers state that they will act in a coordinated or joint manner for the processing operations outlined in this Privacy Policy.
– Both companies of the Loreto Mutua Group have taken the necessary measures to ensure the security of the data under their joint responsibility.
The Loreto Mutua Group has an email address (privacidad@grupoloretomutua.com) so that data subjects may exercise their rights.

– The companies of the Loreto Mutua Group acting as joint data controllers will comply with the duty of confidentiality and non-disclosure of the personal data under their joint responsibility.

Specifically, we inform you that the processing operations subject to joint responsibility are the following:

Processing based on legitimate interest:

– Processing for commercial purposes:

– Business communications.
– Marketing or newsletters.
– Services.
– Clients/suppliers.

-Fraud prevention. Data processing for the prevention of fraud, with the purpose of adopting the necessary measures to avoid operations or behaviour leading to financial loss or reputational damage, both to the companies of the Loreto Mutua Group and to its:

– Services.
– Clients/suppliers.

-In processing based on this legitimate interest, the companies Loreto Mutua and Loreto Inversiones act as joint data controllers.

Processing to comply with a legal obligation:

-Prevention of money laundering: In compliance with Spanish Law 10/2010, on the Prevention of Money Laundering and the Financing of Terrorism.

– Compliance with tax obligations. In compliance with Spanish Law 35/2006, of 28 November, on Personal Income Tax and partial amendment of the laws on Corporate Income Tax, Non-Resident Income Tax and Wealth Tax (Ley del Impuesto sobre la Renta de las Personas Físicas).

– Services.
– Clients/suppliers.
– Raffles and competitions.

– Compliance with its obligations under international financial sanctions and countermeasures policies. In compliance with Spanish Law 10/2010, on the Prevention of Money Laundering and the Financing of Terrorism.

– In processing based on meeting a legal obligation, the companies Loreto Mutua and Loreto Inversiones act as joint data controllers.

We inform you that there are data processing operations whose legal basis is to meet legitimate interests pursued by Loreto Mutua jointly with the companies of the Loreto Mutua Group. These processing operations are carried out after weighing your rights against our legitimate interest, in which we have concluded that the latter prevails, as set out in Art. 6.1.(f) of the General Data Protection Regulation (GDPR).

You may consult the analysis weighing the legitimate interest of a processing operation at any time by sending your request to dpd@loretomutua.com.

We also remind you that you have the right to object to processing on the basis of legitimate interest. You can do so by sending an email to privacidad@grupoloretomutua.com.

Specifically, based on Loreto Mutua’s legitimate interest, the data subject’s personal data may be used for fraud prevention and to avoid financial loss or reputational damage from such fraud, to establish or maintain commercial relations by any means, including electronic means, on information of interest about Loreto Mutua’s products and services, as well as to ensure security on the premises by the owner of the same.

There may be data disclosures to third parties or the competent authorities (Spanish Tax Agency – AEAT; Spanish General Directorate of Insurance and Pension Funds – DGSFP; Spanish National Securities Market Commission – CNMV; SEPBLAC Financial Intelligence Unit, Bank of Spain, etc.) to comply with legal obligations as well as for the provision of services by third parties. These will be considered as data processors with whom Loreto Mutua will have signed third-party data access agreements, having previously verified that they are able to apply appropriate technical and organisational measures in such a way that the processing is carried out in accordance with the requirements of the GDPR, ensuring the security and protection of the data subject’s rights.

The subject data is entitled to rights of access, rectification, erasure, limitation, opposition and portability of their data. Similarly, you are protected by the right to withdraw your consent for processing by Loreto Mutua, in those cases where the legitimacy of the processing is based on the same. On the other hand, you have the right to complain to the supervisory authority (AEPD – Agencia Española de Protección de Datos (Spanish Data Protection Agency)) You may at any time exercise your rights by sending a letter to LORETO MUTUA at the address specified above or an email to dpd@loretomutua.com in which you state the right you want to exercise. You must attach a document that demonstrates your identity.

Loreto Mutua has adopted the necessary technical and organisational measures to ensure the security and integrity of the data, as well as to avoid its alteration, loss, or unauthorised processing or access.

The data collected through the different channels provided are those strictly necessary to respond to your request, which the data subject voluntarily communicates. Refusal to provide the data classified as obligatory will result in the impossibility to provide or access the service for which the data were requested. Data may also be provided on a voluntary basis in order to enable services to be provided in the best possible way. Likewise, where third-party data is provided, the data subject undertakes to inform them of the content of this privacy policy.

The data subject undertakes to inform Loreto Mutua as soon as possible of any modification or rectification of their personal data so that the information contained in Loreto Mutua’s activity logs is always kept up to date.