Personal Data Protection Policy

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) will apply from 25 May. 

As the Regulation modifies some aspects of the current legal framework and contains new obligations for data controllers, below you will find information on the data protection policy that applies to you.


PERSONAL DATA PROTECTION POLICY

BBVA ASSET MANAGEMENT, S.A., S.G.I.I.C., POLICY

BBVA PENSIONES, S.A., E.G.F.P., POLICY

GESTIÓN DE PREVISIÓN Y PENSIONES, E.G.F.P., S.A., POLICY

VOLUNTARY SOCIAL WELFARE ENTITIES POLICY

SICAV POLICY

Voluntary Social Welfare Entities Policy

  • Customer
  • Representatives and contacts

Extended information on the data protection policy of:

Colegios de Ingenieros del País Vasco, EPSV Asociada
Norpensión, EPSV Individual
Norpyme, EPSV de Empleo
Tubos Reunidos, EPSV de Empleo
Grupo de Empresas Tubacex E.P.S.V de Empleo

Each of the above EPSVs [Voluntary Social Welfare Entities] will process your personal data in accordance with this Personal Data Protection Policy. 

 Who is the controller of your personal data?  

Corporate name and contact details: 

  • COLEGIOS DE INGENIEROS DEL PAÍS VASCO, EPSV ASOCIADA, with registered office at Calle Alameda de Mazarredo, nº 69, Bilbao Spain. 
  • NORPENSIÓN, EPSV INDIVIDUAL, with registered office at Calle Gran via nº 12, Bilbao, Spain. 
  • NORPYME, EPSV OF EMPLOYMENT with registered office Calle Gran via nº 12, Bilbao, Spain. 
  • TUBOS REUNIDOS, EPSV DE EMPLEO, with registered office at Bº Sagarribai S/N – Amurrio Spain. 
  • GRUPO DE EMPRESAS TUBACEX E.P.S.V DE EMPLEO, with registered office at Calle Tres Cruces nº 9, Lloido. Spain. 

The controller of your data is the EPSV you have a relationship with as a member of an employee pension plan with said EPSV ("Employee Pension Plan"), a payee appointed by the member of an employee pension plan, the spouse, direct parents or descendants of either the member or their spouse, or a person who either lives with the member or is dependent on them as a guardian or a foster parent. 


 What personal data does the EPSV process? 

The EPSV may process the following personal data categories: 

  • If you are a member of an employee pension plan:  
    • ID and contact data (including postal and/or email addresses) 
    • Financial details 
    • Data relating to health 
  • If you are the payee designated by the member of an employee pension plan:  
    • Your identity data provided to us by said member. 
    • Your financial and contact data (including postal and/or email addresses) and data about your health that you submit to us in a benefit application when you are the payee entitled to receive said benefit. 
  • If you are the spouse of a member, a parent or direct descendant of either the spouse or the member, or the person who lives with or is dependent on the member as a guardian or foster parent, in order to process and implement the employee pension plan, the member must submit the following data categories to the EPSV:  
    • Identity and contact data 
    • Data relating to health 

Please keep all data up-to-date to ensure the data the EPSV uses is accurate. If you amend your data, please tell the EPSV directly, or via the patron member, so we are aware of your current situation. 


 What do we use your personal data for? 

  • If you are a member of an employee pension plan:

    The EPSV will process your personal data in order to:

    • Process and implement orders concerning the employee pension plan engaged directly with us or through a patron member (who will have communicated your data to us) and to inform you of such action. 
    • Monitor, analyze and manage potential inquiries, events or claims. 
    • Comply with other obligations imposed by regulations in order to manage the protection plan you have purchased. 
  • If you are a payee of the employee pension plan:  
    • To process and implement orders relating to the employee pension plan engaged by a member in which you feature as a payee. 
    • Monitor, analyze and manage potential inquiries, events or claims. 
    • Comply with other obligations imposed by regulations in order to manage the employee pension plan purchased directly or through a patron member. 
  • If you are the member's spouse, parent or direct descendant of either the spouse or the member or someone who lives with the member or is dependent on them as a guardian or foster parent: we will process your data so the member can enforce your consolidated rights. 
 

 Why we use your personal data 

Below is an explanation of the legal basis that allows us to process your data for each of the aforementioned purposes: 

  1.    1. In accordance with a contract:  
    • If you are a member of an employee pension plan:

      To process and implement orders relating to the employee pension plan engaged either directly with us or through the patron member of the employee pension plan (who, if applicable, will have communicated your data to us) and to keep you informed of the same.

    • If you are a payee:

      We will process your data in order to perform a contract in which you feature as a payee.

    • If you are the member's spouse, parent or direct descendant of either the spouse or the member or someone who lives with the member or is dependent on them as a guardian or foster parent:

      We will process your data so the member can enforce your consolidated rights.

  2. In accordance with the law

    The EPSV must also comply with other legal obligations, such as Law 5/2012 of February 23 on Voluntary Social Welfare Entities, Decree 2013/2015 of October 27, the Law of April 28, 2010 on the prevention of money laundering and the financing of terrorism and the prevailing regulation on personal data protection.


 How long will we keep your data for? 

We will keep your personal data on file throughout the term of the contractual relationship. 

Once the contractual relationship has ended, the EPSV will block your personal data throughout the statutory limitation period (usually ten years) prescribed by the regulation on the prevention of money laundering and the financing of terrorism and the prevailing regulation on personal data protection. We will destroy your data once the statutory limitation period has ended. 


 Who will we communicate your data to? 

We will only assign your personal data to third parties if required to do so by law, if necessary in order to perform the purchased employee pension plan or if you have previously agreed such action with the EPSV. 

In the event of a transfer request, the EPSV must communicate the member's personal data to the EPSV that has requested the transfer of the consolidated/financial rights in order to comply with the transfer request. 

The EPSV notifies members and payees that it will be necessary to submit their personal data to the depository agent in order to process and implement orders in respect of the employee pension plans purchased. 

If an application to pay a benefit as guaranteed income is submitted, the EPSV: (i) must communicate the personal details of both the member and the payee to the insurance company the employee pension plan has a policy to pay guaranteed income with and, (ii) shall receive the financial data relating to the income generated by the member and the payee from the insurance company in order to comply with the obligations deriving from the employee pension plan. 

In order to provide you with a suitable service and manage our relationship with you as a customer, included below is a categorized list of the companies that process your data on behalf of the EPSV as part of the services they have been engaged to provide. 

We also inform you that certain companies that provide services to the EPSV may access your personal data (international data transfers) for the same purpose as indicated in the above paragraph. These transfers will be made to countries with a data protection level that is equivalent to that of the European Union (suitability decisions issued by the European Commission, standard contractual clauses and certification mechanisms). For more information contact dpogrupobbva@bbva.com 

 What are your rights when you submit data to us? 

LAW CONTENT SUPPORT CHANNELS
Access
You can to check which aspects of your personal data have been included in the files of the EPSV
Corrections
You can amend your personal data if it is inaccurate
Removal
You can request that your personal data be deleted 
Objection
You can request for your personal data not to be processed
Data processing restrictions
You can request that the processing of your data be restricted under the following circumstances:
  • While challenges as to the accuracy of your data are being checked.
  • When the processing of your data is unlawful, but you object to it being erased.
  • If the EPSV does not need to process your data, but you need them in order to submit or defend claims.
  • If you have objected to your data being processed in order to comply with an undertaking in the public interest or to fulfil a legitimate interest, while it is considered if the legal grounds for processing the data prevail over the ones you cite.
Portability
You may receive, in electronic format, the personal data you have provided us and data that has been obtained due to your contractual relationship with the EPSV and transfer it to another entity. 

If you think we have failed to process your personal data in accordance with the regulations, you can contact the EPSV at the above email addresses.
You can also file a claim with the Spanish Data Protection Agency (
www.agpd.es)

 In order to exercise your rights, please submit a copy of your ID Card or equivalent document proving your identity with your application. 

Exercising these rights is free.


 Glossary 

The below terms, as used in this document, have the following meaning:

  •  Personal data processing 

    Procedures to collect, manage, record, store, create, amend, block, remove, pass on, etc., an individual's personal data.

  •  Personal Details  
  • Information used to identify an individual.

  •  Data controller 
  • person or company who/that decides how customers' personal data is used.

  •  Blocked personal data 

    The company must retain customers' personal data throughout the period in which any type of liability deriving from the contractual relationship may be enforced, wherein, it shall be exclusively available to judges, courts, the Public Prosecutor's Office or competent public administrations.

  •  International data transfers 

    Data processing activities that require the data at issue to be transferred outside the European Economic Area

  •  Right to portability 

    You have the right to request and receive the personal data you have provided as a customer and other data obtained due to your contractual relationship with BBVA PENSIONES and to transmit it to another entity. 

Categories of service lenders of management of the EPSV. Download PDF.

Personal data protection policy for representatives and contacts in service agreements

Personal data protection legislation will change in the near future. More information on this area and a recap of how we will process your data is provided below.


 Who is the controller of your personal data? 

  • BBVA ASSET MANAGEMENT, S.A., S.G.I.I.C., with registered office at Calle Azul, nº 4, 28050, Madrid, Spain. (“BBVA AM”)
  • BBVA PENSIONES, S.A., E.G.F.P. with registered office at Calle Azul, nº 4, Madrid, Spain. (“BBVA PENSIONES”)
  • GESTIÓN DE PREVISIÓN Y PENSIONES, E.G.F.P., S.A., with registered office at Calle Azul, nº 4, Madrid, Spain. (“GPP”)
  • COLEGIOS DE INGENIEROS DEL PAÍS VASCO, EPSV ASOCIADA, with registered office at Calle Alameda de Mazarredo, nº 69, Bilbao Spain.
  • NORPENSIÓN, EPSV INDIVIDUAL, with registered office at Calle Gran via nº 12, Bilbao, Spain.
  • NORPYME, EPSV OF EMPLOYMENT with registered office Calle Gran via nº 12, Bilbao, Spain.
  • TUBOS REUNIDOS, EPSV DE EMPLEO, with registered office at Bº Sagarribai S/N – Amurrio Spain.
  • GRUPO DE EMPRESAS TUBACEX E.P.S.V DE EMPLEO, with registered office at Calle Tres Cruces nº 9, Lloido. Spain.

 The controller of your personal data will be the entity that processes it as a result of a contract in which you feature as a representative or contact. 


 Who the BBVA Group Data Protection Officer is and how to contact them  

The Data Protection Officer is the person in charge of ensuring that basic personal data protection rights are upheld and who is also responsible for complying with data protection regulations.

In connection with the processing activities performed by the below companies (“Management Companies”):

  • BBVA AM 
  • BBVA PENSIONES 
  • GPP 

 you will be able to contact the BBVA Group Data Protection Officer at the following email address: dpogrupobbva@bbva.com 


 What do we use your personal data for? 

We process your personal data in order to manage a contract with the Entity in which you feature as a representative or contact.

Where applicable, the Entity will also process your personal data to prevent money laundering and the financing of terrorism in order to comply with information collection and identification obligations, as well as obligations with respect to supplying information about payments to authorities in other countries both inside and outside the European Union on the basis of the legislation in effect in certain countries and agreements executed with the same.


 Why we use your personal data 

The legal basis that enables us to process your personal data is the performance of the agreement in which you feature as a representative or contact.

The Entity must also comply with certain obligations imposed by laws such as Law 35/2003 of November 4 on Collective Investment Institutions and its implementing regulations (in the case of BBVA AM), Royal Legislative-Decree 1/2002 of November 29, which approves the revised text of the Law Regulating Pension Plans and Funds (in the case of BBVA PENSIONES and GPP), Law 5/2012 of February 23 on Voluntary Social Welfare Entities (in the case of EPSVs), the Law of April 28, 2010 on the Prevention of Money Laundering and the Financing of Terrorism and prevailing regulations on personal data protection.


 How long with the Entity retain your data? 

The Entity will retain your personal data during the term of the contractual relationship. Once the agreement has ended, the Entity shall retain blocked versions of your personal data during the statutory limitation period (usually ten years) prescribed by regulations on money laundering. The Entity will destroy your data once the statutory limitation period has ended.


 Who will we communicate your data to?  

We will only transfer your personal data to third parties if we are obliged to do so by law, or if you have previously agreed such action with the Entity.

We also inform you that certain companies that provide services to the Entity may access your personal data (international data transfers) for the same purpose as stipulated in the above paragraph. These transfers will be made to countries with a data protection level that is equivalent to that of the European Union (suitability decisions issued by the European Commission, standard contractual clauses and certification mechanisms). For more information on the data transfers performed by Management Companies, please contact the BBVA Group Data Protection Officer at the following email address: dpogrupobbva@bbva.com.


 What are your rights when you submit data to us? 

LAW CONTENT SUPPORT CHANNELS
Access
You can view your personal data included in the Entity's files.
derechosarso-proveedores.es@bbva.com
Corrections
You can amend your personal data if it is inaccurate
Removal
You can request that your personal data be deleted 
Objection
You can request for your personal data not to be processed
Data processing restrictions
You can request that the processing of your data be restricted under the following circumstances:
  • While challenges as to the accuracy of your data are being checked.
  • When the processing of your data is unlawful, but you object to it being erased.
  • If the Entity does not need to process your data, but you need it in order to file or defend claims.
  • If you have objected to your data being processed in order to comply with an undertaking in the public interest or to fulfil a legitimate interest, while it is considered if the legal grounds for processing the data prevail over the ones you cite.
Portability
You may receive the personal data you have provided in electronic format and transfer it to another entity. 

If you think the Management Companies, as data controllers, have failed to process your personal data in accordance with prevailing regulations, you can contact the BBVA Group Data Protection Officer at dpogrupobbva@bbva.com.
You can also file a claim with the Spanish Data Protection Agency (
www.agpd.es)

 In order to exercise your rights, please submit a copy of your ID Card or equivalent document proving your identity with your application. 

Exercising these rights is free.