Privacy policy

1. Introduction

BCASFINTECH, in accordance with the General Data Protection Regulation (GDPR EU 2016/679) and Organic Law 3/2018 on the Protection of Personal Data and the Guarantee of Digital Rights, hereby sets out this clause to regulate the collection and processing of personal data of its clients and/or potential clients.

BCASFINTECH informs that the personal data collected through its website (https://bcasapp.com/) are incorporated into automated files designated as “Clients”, owned by the entity, which implement the appropriate security measures to ensure the accessibility, integrity, and availability of the stored data.

‍

2. Who processes your data?

Data Controller Details

• Corporate name: BCASFINTECH, S.L.
• Tax ID (N.I.F.): B05429998
• Registered office address: Gran Vía, 28
• Electronic address: https://bcasapp.com

3. For what purpose are your data processed?

The general purpose for which BCASFINTECH obtains your data is the proper and adequate assessment of your financial situation, as requested by you and arising from the commercial relationship maintained with the entity.

Specific purposes of data processing

Depending on the reason for contacting BCASFINTECH through the website, personal data are processed for the following purposes:

Processing Activity: Clients

• Maintenance of the commercial relationship.
• Contact and communications with the client.
• Sending of advertising and commercial communications.
• Invoicing.
• Analysis of potential financing.

4. What is the legal basis for processing your data?

The legal bases that legitimize the processing of personal data carried out by BCASFINTECH are as follows:

Processing Activity: Clients

• Explicit consent of the data subject.
• Existence of a contractual relationship.
• Article 6.1(f) of the GDPR EU 2016/679.

5. How long are your data retained?

Personal data will be retained by BCASFINTECH for the periods indicated below. Once these periods have elapsed, the data will be restricted, deleted, or destroyed, as applicable.

Data retention periods

Processing Activity: Clients

• 6 years, counted from the termination of the commercial relationship, without prejudice to longer retention periods imposed by legal obligations.
• Data may be retained for statistical purposes, duly protected by appropriate and relevant security measures.

The indicated periods shall apply without prejudice to longer periods required by applicable legal obligations.

6. What rights may you exercise?

In accordance with applicable data protection legislation, the data subject may exercise the following rights by submitting a request addressed to the Data Protection Officer (DPO), Javier Ausín, via email at javier@bcasapp.com, indicating the company against which the exercise of rights is requested:

• Right of access: To obtain confirmation as to whether personal data concerning you are being processed and, if so, access to such data.
• Right to rectification: To request the correction of inaccurate or incomplete personal data.
• Right to erasure: To request the deletion of personal data held by the Data Controller.
• Right to object: To request the cessation of the processing of personal data concerning you.
• Right to data portability: To request the transmission of your data to yourself or to another Data Controller, in a structured, commonly used, and machine-readable format, where technically feasible.
• Right to restriction: To request the restriction of the processing of your personal data, except for their storage.

BCASFINTECH will acknowledge receipt of the request and will resolve it within a maximum period of one month, which may be extended by an additional two months in duly justified cases, in which case the data subject will be duly informed.

7. Supervisory authority

The competent authority for handling complaints regarding data protection matters is the Spanish Data Protection Agency (Agencia Española de Protección de Datos – AEPD).

8. To whom are your data disclosed?

The personal data provided will not be disclosed to third parties outside BCASFINTECH, except in the following cases:

• Requests from administrative, judicial, or court authorities.
• Legal obligations requiring disclosure to public bodies.

9. Data required for the provision of services

All data requested by BCASFINTECH are necessary for the maintenance of the commercial relationship or for the granting of the requested loan, in strict compliance with the principles of purpose limitation and data minimization established in the GDPR.

If the requested data are not provided, BCASFINTECH will be unable to maintain the commercial relationship with the appropriate quality standards or to assess the submitted request.

Categories of processed data

Processing Activity: Clients

• Identification data: name, date of birth, address, email address, telephone number, national ID number, and photograph.
• Economic data: bank accounts, cards, debts, etc.
• Employment data.

This is without prejudice to any additional data that may be required by legal or contractual obligation.

10. Automated decision-making and profiling

BCASFINTECH does not carry out automated decision-making processes nor profiling, either directly or indirectly, based on the personal data provided.

11. International data transfers

BCASFINTECH does not carry out international data transfers of the personal data provided. Should such transfers become necessary in the future, the data subject will be informed in advance, including details of the applicable safeguards and the means to obtain a copy of such information.