MAPFRE
Madrid 2,598 EUR 0,01 (0,31 %)
Madrid 2,598 EUR 0,01 (0,31 %)

Home > Privacy and Personal Data Processing Policy

Privacy and Personal Data Processing Policy

MAPFRE S.A., with registered offices at Carretera de Pozuelo, no. 52. Majadahonda 28222 Madrid, Spain is the owner of this Website, and is responsible for the personal data provided by users through this website.

The user is hereby informed of the processing performed on any data provided while browsing the website, as well as any data generated while using said website, including, if applicable, any communications or international transfers of the data that may occur, for the purposes referred to in the “Why do we process your personal data?” section.

If the data provided refers to third-party natural persons other than the user, the user guarantees that said data was gathered with the third party’s prior consent to sharing their data and that the third party has been informed, before providing said data, of the purposes of the processing, sharing, and other terms provided for in the section “Information on Data Protection.”

The user hereby states that he or she is over 14. If the data provided during browsing come from children under the age of 18, including health data, as the holder of parental authority or guardianship over the minor, you expressly authorize the processing of such data under the terms established in the additional information.

The user warrants the accuracy and truthfulness of the data provided, committing to communicate to MAPFRE SA any changes in the data provided.

The use of this website is subject to the Privacy and Personal Data Processing Policy, the Terms of Use detailed below, and the Cookies Policy. Please read them carefully.

INFORMATION ABOUT DATA PROTECTION:

Who is the data controller of your personal data?

The party responsible for processing the personal data and/or information that you provide to us is:

  • Identity: MAPFRE S.A., Company ID number A-08055741
  • Mailing address: Carretera de Pozuelo, no. 52. Majadahonda 28222 Madrid, Spain.
  • Contact information of the Data Protection Officer: DataProtectionOfficer.MAPFRE@mapfre.com

What data do we collect?

MAPFRE SA obtains information about its users. The following data are stored:

  1. Data obtained about the browsing and use of our website, specifically:
    • The domain name of the provider (ISP) that provides users with access to the Internet. For example, a user with provider XXX will be identified using the domain name xxx.es.
    • Date and time of access to our website.
    • Internet address containing the link used to arrive at our website.
  2. Identification data, financial data, and any other data provided to us using each of the forms accessible to users on the Website and for the purpose shown on each of the forms.

Why do we process your personal data?

Below are the purposes of the processing:

  • Regarding data obtained from the browsing and use of our website, we will process the data generated during browsing for the purposes shown in the cookies panel and your associated preferences  
  • In this case, the data provided on the forms available on the Website will be processed for the purposes related with those forms, specifically:
    • If you provide your data in the Investor’s Diary, we will process your data for the purpose of subscribing to events and, if requested, sending you email notifications about the events you have chosen.
    • If you provide your data in the Shareholder’s Diary, we will process your data to manage your participation in published events.
    • If you provide your data in the Shareholder’s Loyalty Plan, we will process your data to manage your subscription to the MAPFRE Te Cuidamos Accionista plan.
    • If you provide your data in the Contact forms, we will process your data to handle and respond to requests for information, as well as any suggestions you may make and, if you authorize so, to send you sales information.
    • If you provide your data for the MAPFRE Complaints Channel, we will process your data to manage any queries or complaints related to the MAPFRE Group Code of Ethics and Conduct.
    • If you provide your data to Work at MAPFRE, we will process your data to manage your participation in selection processes.
    • If you provide your data for the Subscription to the Economía y Seguro Magazine, we will process your data to send you notifications on publications and to inform you of events related to these publications.
  • If you contact us at any of the published addresses, we will process your data in order to contact you and handle your request.

How long will we store your personal data?

Personal data provided will be stored for a time period determined based on the following criteria: (i) the legal storage obligation; and (ii) the data subject’s deletion request, when applicable.

What is the legal basis for processing your data?

The legal bases for processing your data for the purposes indicated in the section entitled “Why do we process your personal data?” are listed below:

  • Regarding the browsing and use of our website, it is the consent given by the user in the cookies panel
  • Regarding the data provided through the forms for the Investor’s Diary, the Shareholder’s Diary, the Shareholder’s Loyalty Plan, Contact Forms, the MAPFRE Complaints Channel, Work at MAPFRE, and Subscription to the Economía y Seguro Magazine:
    • The legitimate basis is the user’s consent to provide their data through the form in order to respond to the request filed.
  • Regarding the processing of data from emails sent to any of the published addresses, the legitimate basis is the user’s consent to provide their contact details in order to handle their request.

With whom will your data be shared?

MAPFRE SA may send your data to the following recipients, exclusively for the purposes shown in the section “Why do we process your personal data?”:

  • To the different companies of the MAPFRE Group (www.mapfre.com) for the proper handling of your request.
  • Public authorities, regulators, or government bodies in the cases required by the law and local regulations, or to comply with regulatory obligations.

Within the framework of the communications indicated in the previous paragraph, international data transfers may be made to third countries. These transfers will only be made when necessary to fulfill the stated purposes. The appropriate guarantee will be implemented in each case to ensure compliance with data protection regulations.

For countries where there is an adequacy decision approved by the European Commission, the guarantee will be such decision. In the absence of an adequacy decision, appropriate guarantees will be provided, which may be (i) the signing of Standard Contract Clauses for data protection adopted by the European Commission or (ii) with regard to international transfers between MAPFRE Group companies, international transfers may be regulated in accordance with the Binding Corporate Rules (hereinafter, “BCR”) approved by the MAPFRE Group. You can access the BCR content, or view a list of MAPFRE Group companies bound by the BCRs.

In any event, if an international transfer must be made to countries that do not have an adequacy decision, and the mechanisms described in the previous paragraph cannot be used, the international transfer will be carried out in accordance with the system of exceptions for specific situations provided for in the General Data Protection Regulation.

How do we protect your data?

For MAPFRE, people are the most important asset, which is why our central mission is to protect them and the data they entrust to us, guaranteeing the service we provide to them and the trust they place in us.

We believe that protecting your data is an essential task that we must pursue proactively, and not simply to maintain compliance with the current legal framework.

MAPFRE’s approach to security, cybersecurity, and privacy is articulated in a series of strategic lines, including the protection of information when it is collected, transmitted, stored, processed, or deleted, and taking diligent action when establishing preventive measures and detecting and responding to cyberattacks or instances of business interruption.

To this end, at MAPFRE, we have put in place the necessary organizational and technical measures to guarantee the security of the information and your personal data, monitoring their effectiveness through the implementation of controls that allow us to safeguard the integrity, confidentiality, and availability of information and your personal data.

The security and privacy function at MAPFRE is based on the following fundamental principles: it is defined as Global and Comprehensive, it is Permanent and Sustainable, it is Service-oriented, it is Independent from any other MAPFRE department, and it must offer value for the needs of the MAPFRE Group and its customers.

The outcome of this function is governed by MAPFRE’s Code of Ethics and is based on industry standards and best practices, such as, among others:

  • ISO 27001 and 27002 on Information Systems Security
  • ISO 22301 on Business Continuity
  • ISO 9001 on quality management

In particular, specific measures and principles are in place to guarantee the confidentiality of your data, including access control managed and supervised by security, based on authorization matrices and adequate segregation of functions.

Likewise, Multi-Factor Authentication (MFA) mechanisms are in place for particularly sensitive access, especially any kind of remote access, which is backed by a strong password policy, regular security reviews of accounts and permissions assigned to users, and ongoing review of the activities of particularly privileged users in critical environments. All this ensures that users access only the resources they need.

MAPFRE uses various security procedures and solutions to protect its devices (computer workstations, servers, and mobile devices) such as advanced anti-malware protection, data encryption, bastioning of devices, and Mobile Device Management for mobile devices and tablets, etc.

Certified as a Computer Emergency Response Team (CERT), MAPFRE’s General Control Center (GCC) provides the Group with monitoring, identity and access control management, and company-wide incident response capabilities. Its staff works around the clock, 24x7x365.

It is certified in ISO 27001 and ISO 22301, was the first Spanish CERT to obtain ISO 9001 certification, and has been recognized by the Gartner Group as a success story in the design, implementation, and operation of a comprehensive security model.

Finally, we believe that it is our duty to guarantee you the best service, no matter the circumstances. That is why MAPFRE has developed and implemented Crisis Management and Business Continuity plans in its companies. These plans are tested annually and aim to ensure service continuity for our customers, even in the worst circumstances.

If you wish, you can view the document “MAPFRE Security” posted on our website, where you can find more information about how we protect your data.

What are your rights when you provide us with your data?

Under the terms and scope set out in the current regulations, any person may exercise the following rights:

Access: See your personal data in the possession of MAPFRE SA.

  • Rectification: Request the rectification of any incorrect data.
  • Erasure: Request that the data be erased when, among other reasons, it is no longer necessary for the purposes for which it was collected.
  • Restriction of processing: Request that we stop processing your data, if, for example, the data are inaccurate or the processing thereof is unlawful. Nevertheless, it may still be processed for the exercise or defense of possible claims, the protection of the rights of another person, or for reasons of public interest.
  • Opposition: Oppose the processing of your data, except when necessary for, among other reasons, the development of the contractual relationship, if appropriate, or for the exercise or defense of possible claims.
  • Portability: Receive your personal data in a structured, commonly used, and readable format, or request that it be sent to another controller where technically feasible.

We remind you that you may also, at any time, withdraw your consent to the processing of your data, where appropriate.

The aforementioned rights may be exercised directly by the owner of the data or by a legal or voluntary representative via written communication addressed to the Corporate Office for Privacy and Data Protection (CODP). Carretera de Pozuelo, 52 – 28222 Majadahonda – Madrid, Spain, or by email to OCPPD@mapfre.com

Furthermore, you can submit a complaint to the Spanish Data Protection Agency, if you consider that we have not processed your data in accordance with the regulations, through the website set up for such purposes by the corresponding Control Authority.

LEGAL NOTICE

The owner of the domain is MAPFRE SA, with tax ID number (CIF) A-08055741, head office at Carretera de Pozuelo de Alarcón, No. 52 Majadahonda, 28222, Madrid, Spain, registered in the Madrid Commercial Registry under Volume 307, Section 3, Sheet 1, Page M-6152, Entry 251, composed of the websites associated with the mapfre.net domains.

CONDITIONS OF USE OF THE WEBSITE 

The user undertakes to make good use of the website, with good use meaning in accordance with current legislation, good faith, and public order.

You also agree not to use the website for fraudulent purposes, and not to perform any action intended to damage, disable, or overload the website, or to prevent, in any way, its normal use and operation. 

The user is informed that, in the event of non-compliance with the Conditions of Use, the Privacy Policy or any other terms or conditions contained on the Website, MAPFRE reserves the right to limit, suspend, or block access to the Website using any technical measure that it deems necessary.

MAPFRE SA accepts no responsibility for information on this website originating from sources outside of the MAPFRE Group, nor for any content that it has not created.

The links that appear on this page are solely intended to inform the user about the existence of other relevant sources of information available on the Internet, where the data provided here may be expanded. Under no circumstances will MAPFRE SA be liable for the outcome obtained through said links.

Copyright

All rights reserved. The design of the portal and its source codes, as well as the logos, trademarks, and other distinctive signs that appear on it, belong to MAPFRE and are protected by the corresponding intellectual and industrial property rights.

The reproduction, distribution, transformation, manipulation, public communication, or any other total or partial, free, or onerous use of the texts, images, or any other content that appears on the website is strictly forbidden without written authorization from the owners of the copyright.

MAPFRE SA reserves the right, at any time and without prior notice, to make any changes, variations, deletions, or cancellations of the contents and its manner of presentation that it deems necessary, whether temporarily or permanently. The user must ensure to use the updated version at all times. This capability does not grant users the right to receive indemnification for any damages and losses.

BINDING CORPORATE RULES

Guaranteeing the privacy and protection of the personal data we have access to when conducting our operations is an absolute priority for MAPFRE. This must be done proactively, not only to comply with applicable regulations, but also in return for the trust that customers, providers, collaborators, employees, and other stakeholders place in MAPFRE.

MAPFRE has developed and approved its Binding Corporate Rules for Controllers (BCR-C) for the MAPFRE Group. This process, led by the Spanish Data Protection Agency (AEPD) in accordance with the established coordination and cooperation procedure, aims to obtain the approval of these BCR-C by the supervisory authorities of the EU countries and, subsequently, a positive opinion from the European Data Protection Board (EDPB). Finally, the MAPFRE Group’s Binding Corporate Rules were approved by a resolution of the Director of the AEPD.

With the approved Binding Corporate Rules, the EDPB recognizes that MAPFRE has put in place adequate safeguards to ensure that all the Group’s companies provide a level of protection equivalent to that of the European Union, no matter where they are located.

It also demonstrates to regulators and third parties MAPFRE’s commitment to privacy and data protection, as well as its dedication to enforcing and monitoring these policies. This recognition also facilitates the international transfer and processing of data by Group companies outside the European Union.

For any questions or additional information regarding the MAPFRE Group’s Binding Corporate Rules, please contact our Data Protection Officer at: dpo.mapfre-bcr@mapfre.com

You can consult the MAPFRE Group’s BCRs.