The purpose of this notice is to provide you with transparent information on the recordings of business communications and communications to the internal security desk that we may implement with regard to our clients or persons acting on behalf of clients as well as the Bank’s staff or representatives.

1. Data Controller

Your personal data is processed by CaixaBank Wealth Management (hereinafter referred to as the “Bank”). The Bank has its main registered office at 46B, avenue J.F. Kennedy, 5ème étage, L-1855 Luxembourg and registered with the Trade and Companies Register under number B236788.
Tel: (+352) 2756201

2. Purposes and legal basis of processing

The Bank collects and processes the personal data required to carry out its activities:

For the performance of a legal obligation to which it is subject

The Bank records business communications to prove their existence and the terms of any orders and transactions placed during those communications, including the provision to clients of the information provided for by the Markets in Financial Instruments Directive MiFID 2), and other similar European or International legislation or derivatives thereof, as well as related Luxembourg legislation and regulations.

For the purposes of the legitimate interests pursued by the Bank

The Bank records communications for the purposes of its legitimate interests, in particular in order to improve its risk management and defend its interests in legal proceedings, which includes processing such as:

  • documenting the existence and terms of a commercial transaction, including the provision of information required by law and which forms an integral part of the transaction;
  • listening back to an instruction to avoid material errors;
  • tracing a transaction in the event of a material error or a dispute;
  • establishing and retaining proof of operations and transactions;
  • establishing and retaining proof of any business communication;
  • preventing internal and external fraud.

3. Categories of data processed and origin

The data processed include:

  • audio recordings of incoming and outgoing telephone calls and associated data such as the caller number, the number called, the date and duration of the call; and
  • if applicable, incoming and outgoing electronic messages.

4. Categories of recipients of processed data

As a banking institution, we are bound by professional confidentiality and may only share your data under strict conditions or with your consent.

The Bank may share your data with its subcontractors and service providers, in accordance with the law and solely for the purposes of the services entrusted to them.

The Bank is also required to share your data when professional confidentiality is lifted by law and in particular with regard to tax authorities and supervisory authorities (CSSF, CNPD, etc.) as well as the competent police or judicial authorities acting in the context of criminal proceedings, as well as civil or commercial proceedings, if the Bank is required to defend its interests in court.

5. Retention period

Data is retained for a maximum period of 5 years, which may be extended to 7 years upon the request of the competent authorities.

These periods may be extended in the event of legal action or ongoing proceedings. In this case, the data are retained until the end of the legal proceedings and then archived according to the applicable legal limitation periods.

6. Rights of data subjects

Within the limits and conditions imposed by legislation, you have the following rights:

  • The right to information. We hope that this notice has answered your questions. For further information, please contact the Bank's Data Protection Officer.
  • The right to access your data. You can access your data by contacting the Bank's Data Protection Officer. Please note, however, that the Bank processes a large amount of data and, in accordance with the law, you may be asked to specify which data or transactions your request relates to prior to any provision of data.
  • The right to rectify your data if they are incorrect or obsolete.
  • The right to lodge a complaint with the National Commission for Data Protection (CNPD, 15, Boulevard du Jazz, L-4370 Belvaux, if you consider that the processing of your data does not comply with the law.

In certain cases and according to the conditions laid down by law (in which case the Bank will first check that these conditions have been met), you are also entitled to the following:

  • The right to request the erasure of your data, to the extent permitted by the law.
  • The right to request the restriction of processing of your data.
  • The right to object to the processing of your data for reasons relating to your specific situation (except where there are legitimate and compelling reasons for the Bank to continue processing).
  • The right to portability of data that you have provided to the Bank, where technically feasible.

For any questions concerning the processing of your personal data by the Bank, and for any request relating to the exercise of your rights, please contact our Data Protection Officer (DPO):

- by e-mail: [email protected]

- by post:

CaixaBank Wealth Management
46B, avenue J.F. Kennedy, 5ème étage,
L-1855 Luxembourg

For all requests, please attach a copy of your identity document so that we can identify you.

This notice may be altered from time to time to best protect your personal data. The latest version in force is available on the Bank’s website