At Bankia, we know how important the privacy and protection of your personal information is. That is why we employ high security standards in our applications and systems, and we apply advanced protective measures to ensure the confidentiality and integrity of the information.

The purpose of this Policy is to inform you about how we obtain, process, store and protect the personal data that customers or users provide us, either directly or through a third party. This includes both where they provide us their data in forms or web tools owned by Bankia and where they do so by browsing Bankia's websites or web tools (cookies). For example, (i) when a user registers to use services or web applications, to acquire products or services, to receive news bulletins, to take part in programmes or events or to use Bankia's official social media channels; or (ii) when a user voluntarily provides Bankia their contact details as a means of contact for dealing with enquiries sent to customer services or social media platforms, in accordance with the current regulations regarding data protection, as well as their consent where necessary, all of which will be referred to hereinafter as “Bankia's communication channels”.


This Policy shall only apply to personal data obtained through Bankia's own websites and web tools, and shall not apply to information collected by third parties through other channels or in any contracts which users enter into with Bankia, even if they are linked or related to “Bankia's communication channels”. Where customers sign up for Bankia products or services, their personal data will be processed in accordance with the terms set out in the corresponding document signed by the customer.

The User declares that the information and details they provide are accurate and truthful.

Purposes and justification of the data processing

Data provided by users is collected via “Bankia's communication channels”, and/or any data collection forms that are included in these channels, to be used for the purposes indicated in each form by obtaining users' consent.


At the moment of data collection the voluntary or compulsory nature of the data being collected will be indicated. Refusal to provide data marked as compulsory will result in the service for which the data was requested not being rendered and it being inaccessible to the customer. Similarly, data may be provided voluntarily in order to allow the services on offer to be provided in the best possible way.

It may be necessary to process users' personal data to maintain, fulfil and control the relationship established between the user and Bankia, as well as for Bankia to meet its legal obligations. In all other cases, and provided it is appropriate and necessary, Bankia will ask users for their consent to process their personal data.

Any personal data that is provided by users (including the image contained in their identification document, their mobile phone number and email address), as well as any data to which Bankia has access as a result of users browsing on its websites, acquiring any product or service, or carrying out any transaction or other procedure, will be processed by Bankia for various purposes, including:

1. attend, manage and reply the enquiries, questions and applications made by the users via the service channels of attention or communication enabled by Bankia (Legitimate basis for the data processing: the user's consent).

2. maintain, fulfill and control the contractual relationship and pre-contractual between the users and Bankia (Legitimate basis for the data processing: execution of a contract).


3. improve the pages or tools website owned by Bankia, as well as its products and services, with such of offering a finest quality and service to the user, develop new products/services or improve the internal processes of the company (Legitimate basis for the data processing: the user's consent (cookies) and legitimate interest).

4. send commercial communications on products and services, own or third-party (Legitimate basis for the data processing: the user's consent).

5. carry out studies with statistical ends that they can be of interest for Bankia or third parties (Legitimate basis for the data processing: legitimate interest).

6. comply with the legal obligations of Bankia (Legitimate basis for the data processing: fulfilment of a legal obligation).

If users of “Bankia's communication channels” are required to provide their email address to access some of the services on offer at any given time, they will be able to state that they do not wish to receive any communications of any kind from Bankia, provided that they are not strictly related to the purpose for which the service was requested. Bankia will offer users who have been included in any mailing list within “Bankia's communication channels” the suitable means to remove themselves from those lists in an easily accessible manner.


Disclosure of data

Bankia will not provide data to third parties, except (i) to fulfil a legal obligation, (ii) when it is necessary in order to render the service or carry out the request, in which case the user will be informed of the provision of their data beforehand, or (iii) when the user has provided their prior consent, and has been informed of both the identify or category of the third-party recipients and the type of data that is to be provided, by marking a box in the forms or web tools in which their data is collected.

If the user is asked for their consent for their personal data to be provided to companies of the Bankia Group for marketing purposes, they will be offered the possibility to either grant or not grant their consent, by marking the corresponding box. The updated list of companies of the Bankia Group and those that collaborate with it, to which data can be provided for marketing purposes, can be viewed in the following link (PDF, 198 KB).

Only in cases where it is necessary may data be transferred to other countries or international organisations, including to those for which the European Commission has not reached a decision regarding their suitability. In these cases, suitable procedures will be established to guarantee the appropriate measures that should be adopted. International transfers to countries that cannot guarantee a suitable level of protection will be carried out on an exceptional basis, where it is essential for the proper fulfilment of the contractual relationship.


Data storage

The data will be stored for the time necessary to fulfil the purpose for which they were initially collected, and this period will be specified in each case (in the form or web tool).

In general, personal data (including a user's voice, where applicable) will be kept in accordance with the following criteria: (i) enquiries or requests for information will be kept for 5 years; (ii) applications for operations that are not finally carried out will be kept for up to six months, unless a longer period is agreed, (iii) upon the contractual relationship or provision of services coming to an end, personal data will be blocked and stored for the periods required by law, which will generally be 10 years under anti-money laundering and financing of terrorism regulations, and up to 21 years in accordance with the Civil Code and mortgage legislation and, (iv) until a request is received to delete the data, where applicable.

Once these legally determined periods have elapsed, your data will be deleted.

Exercising of rights

At any time, the user may:

1. Access any personal data that Bankia holds about them (right of access).

2. Modify any of their personal data that is inaccurate or incorrect (right of correction).

3. Cancel their personal data, when it is no longer necessary to hold it, among others reasons (right of deletion).

4. Request the limitation to Bankia's use of their personal data by Bankia, in which case the data will only be kept for the purposes of carrying out their requests (right of limitation).

5. Object to their personal data being used for purposes other than for maintaining the institution's relationship with the user (right of objection).

6. Obtain their personal data in a computer file in order to use it or provide it to a third party (right of portability).

The above rights of access, correction, deletion, limitation, objection and portability can be exercised directly by the holder of the data or through a legal representative or volunteer, by sending a written communication, with proof of their identity, to or by post to Apartado de Correos nº 61076, Madrid 28080.

Bankia does not carry out automated individual decisions that it produces legal effects in the user or it affects him significantly of similar way, unless it has the consent of the user in other words necessary to the service provision. In any case, the user shall have the right to require Bankia to involve humans in the process, to express their point of view and, where applicable, to contest the decision. Marketing communications


Users are informed that Bankia may obtain their consent, through data collection forms, to send them marketing communications.

By giving their consent, Bankia may contact the user by post, email, SMS, or by any other equivalent electronic means, to send them marketing communications regarding its products and/or services; or, where applicable, to send them marketing communications regarding products and/or services of particular third-parties or of third parties which belong to sectors indicated in the corresponding box, an updated list of which you can find in the following link (PDF, 198 KB).

In any case, the user is not obliged to receive this marketing material. If, at any given time, the User no longer wishes to continue receiving communications of this nature, they may revoke their consent by sending a written communication, with proof of their identity, either to the email address, to the Section of Correos no. 61,076, 28080 Madrid, or using the link set up for this purpose in the electronic commercial communications that receives.



“Bankia's communication channels” can contain links to other websites. Users should bear in mind that Bankia is not responsible for the privacy and processing of data provided through other websites or channels. This document applies exclusively to information that is collected through “Bankia's communication channels”. We recommend that you read the data processing policy of other websites which are linked to from "Bankia's communication channels” or which you otherwise visit.

Social networks

Users have the opportunity to sign up on Bankia's pages or groups on various social networks. In these cases, users must take into account that, unless Bankia requests their data from them directly (for example, to respond to enquiries in a private environment), their data will belong to the corresponding social network. Therefore, users are recommended to carefully read the terms and conditions of use and the privacy policies of the corresponding social network, as well as to ensure that they set their preferences in relation to data processing.


Protecting our client's data is one of Bankia's top priorities. In order to achieve this, Bankia uses high security standards in its applications and systems, and the most advanced protective measures are implemented in order to guarantee the confidentiality and integrity of the information. Bankia maintain the highest levels of security required by Law to protect users' personal data against accidental loss and unauthorised access, processing or disclosures, in light of the state of technology, the nature of the information stored and the risks the information is exposed to.

Take a closer look at the security measures with which the Entity protects your information and that will allow it to improve the protection of enquiries and transactions both at the Bank and on the Internet.