At Bankia, we know how important the privacy and protection of your personal information is. That is why we employ high security standards in our applications and systems, and we apply advanced protective measures to ensure the confidentiality and integrity of the information.

The purpose of this Policy is to inform you about how we obtain, process, store and protect the personal data that customers or users provide us, either directly or through a third party. This includes both where they provide us their data in forms or web tools owned by Bankia and where they do so by browsing Bankia's websites or web tools (cookies). For example, (i) when a user registers to use services or web applications, to acquire products or services, to receive news bulletins, to take part in programmes or events or to use Bankia's official social media channels; or (ii) when a user voluntarily provides Bankia their contact details as a means of contact for dealing with enquiries sent to customer services or social media platforms, in accordance with the current regulations regarding data protection, as well as their consent where necessary, all of which will be referred to hereinafter as “Bankia's communication channels”.

This Policy shall only apply to personal data obtained through Bankia's own websites and web tools, and shall not apply to information collected by third parties through other channels or in any contracts which users enter into with Bankia, even if they are linked or related to “Bankia's communication channels”. Where customers sign up for Bankia products or services, their personal data will be processed in accordance with the terms set out in the corresponding document signed by the customer.

The User declares that the information and details they provide are accurate and truthful.


Data controller

Bankia, S.A.
Tax number: A14010342.
Registered office: C/Pintor Sorolla 8, 46002 Valencia.
Telephone: 91 602 46 80.
Contact of the Delegate of Data protection:


Purposes and justification of the data processing

Data provided by users is collected via “Bankia's communication channels”, and/or any data collection forms that are included in these channels, to be used for the purposes indicated in each form by obtaining users' consent.

At the moment of data collection the voluntary or compulsory nature of the data being collected will be indicated. Refusal to provide data marked as compulsory will result in the service for which the data was requested not being rendered and it being inaccessible to the customer. Similarly, data may be provided voluntarily in order to allow the services on offer to be provided in the best possible way.

It may be necessary to process users' personal data to maintain, fulfil and control the relationship established between the user and Bankia, as well as for Bankia to meet its legal obligations. In all other cases, and provided it is appropriate and necessary, Bankia will ask users for their consent to process their personal data.

Any personal data that is provided by users (including the image contained in their identification document, their mobile phone number and email address), as well as any data to which Bankia has access as a result of users browsing on its websites, acquiring any product or service, or carrying out any transaction or other procedure, will be processed by Bankia for various purposes, including:

  1. 1. Attend, manage and reply the enquiries, questions and applications made by the users via the service channels of attention or communication enabled by Bankia (Legitimate basis for the data processing: the user's consent).
  2. 2. Maintain, fulfill and control the contractual relationship and pre-contractual between the users and Bankia (Legitimate basis for the data processing: execution of a contract).
  3. 3. Improve the pages or tools website owned by Bankia, as well as its products and services, with such of offering a finest quality and service to the user, develop new products/services or improve the internal processes of the company (Legitimate basis for the data processing: the user's consent (cookies) and legitimate interest).
  4. 4. Send commercial communications on products and services, own or third-party (Legitimate basis for the data processing: the user's consent).
  5. 5. Carry out studies with statistical ends that they can be of interest for Bankia or third parties (Legitimate basis for the data processing: legitimate interest).
  6. 6. Comply with the legal obligations of Bankia (Legitimate basis for the data processing: fulfilment of a legal obligation).

If users of “Bankia's communication channels” are required to provide their email address to access some of the services on offer at any given time, they will be able to state that they do not wish to receive any communications of any kind from Bankia, provided that they are not strictly related to the purpose for which the service was requested. Bankia will offer users who have been included in any mailing list within “Bankia's communication channels” the suitable means to remove themselves from those lists in an easily accessible manner.


Disclosure of data

Bankia will not provide data to third parties, except (i) to fulfil a legal obligation, (ii) when it is necessary in order to render the service or carry out the request, in which case the user will be informed of the provision of their data beforehand, or (iii) when the user has provided their prior consent, and has been informed of both the identify or category of the third-party recipients and the type of data that is to be provided, by marking a box in the forms or web tools in which their data is collected.

If the user is asked for their consent for their personal data to be provided to companies of the Bankia Group for marketing purposes, they will be offered the possibility to either grant or not grant their consent, by marking the corresponding box. The updated list of companies of the Bankia Group and those that collaborate with it, to which data can be provided for marketing purposes, can be viewed in the following link (PDF, 198 KB).

Only in cases where it is necessary may data be transferred to other countries or international organisations, including to those for which the European Commission has not reached a decision regarding their suitability. In these cases, suitable procedures will be established to guarantee the appropriate measures that should be adopted. International transfers to countries that cannot guarantee a suitable level of protection will be carried out on an exceptional basis, where it is essential for the proper fulfilment of the contractual relationship.


Data storage

The data will be stored for the time necessary to fulfil the purpose for which they were initially collected, and this period will be specified in each case (in the form or web tool).

In general, personal data (including a user's voice, where applicable) will be kept in accordance with the following criteria: (i) enquiries or requests for information will be kept for 5 years; (ii) applications for operations that are not finally carried out will be kept for up to six months, unless a longer period is agreed, (iii) upon the contractual relationship or provision of services coming to an end, personal data will be blocked and stored for the periods required by law, which will generally be 10 years under anti-money laundering and financing of terrorism regulations, and up to 21 years in accordance with the Civil Code and mortgage legislation and, (iv) until a request is received to delete the data, where applicable.

Once these legally determined periods have elapsed, your data will be deleted.


<strong">Financial year of rights</strong>

At any time, the user may:

  1. 1. Access its personal details that Bankia has he (access right ).
  2. 2. Modify its personal details that they are inaccurate or incorrect (right of rectification).
  3. 3. Cancel its personal details when, among others reasons the details are no longer necessary (right of suppression).
  4. 4. Request the limitation of the use of its personal details by Bankia, in which case will only be kept for the financial year of claims (right of limitation).
  5. 5. Hold out against that its personal details are used for ends different than the relationship with the user (right of opposition).
  6. 6. Obtain its personal details in a computer file for its use or to provide it to him to a third party (right of portability).

The above rights of access, correction, deletion, limitation, objection and portability can be exercised directly by the holder of the data or through a legal representative or volunteer, by sending a written communication, with proof of their identity, to or by post to Apartado de Correos nº 61076, Madrid 28080.

Bankia does not carry out automated individual decisions that it produces legal effects in the user or it affects him significantly of similar way, unless it has the consent of the user in other words necessary to the service provision. In any case, the user shall have the right to require Bankia to involve humans in the process, to express their point of view and, where applicable, to contest the decision.


Marketing communications

Users are informed that Bankia may obtain their consent, through data collection forms, to send them marketing communications.

By giving their consent, Bankia may contact the user by post, email, SMS, or by any other equivalent electronic means, to send them marketing communications regarding its products and/or services; or, where applicable, to send them marketing communications regarding products and/or services of particular third-parties or of third parties which belong to sectors indicated in the corresponding box, an updated list of which you can find in the following link (PDF, 198 KB).

In any case, the user is not obliged to receive this marketing material. If, at any given time, the User no longer wishes to continue receiving communications of this nature, they may revoke their consent by sending a written communication, with proof of their identity, either to the email address, to the Section of Correos no. 61,076, 28080 Madrid, or using the link set up for this purpose in the electronic commercial communications that receives.



Bankia's communication channels” can contain links to other websites. Users should bear in mind that Bankia is not responsible for the privacy and processing of data provided through other websites or channels. This document applies exclusively to information that is collected through “Bankia's communication channels”. We recommend that you read the data processing policy of other websites which are linked to from "Bankia's communication channels” or which you otherwise visit.

Social networks

Users have the opportunity to sign up on Bankia's pages or groups on various social networks. In these cases, users must take into account that, unless Bankia requests their data from them directly (for example, to respond to enquiries in a private environment), their data will belong to the corresponding social network. Therefore, users are recommended to carefully read the terms and conditions of use and the privacy policies of the corresponding social network, as well as to ensure that they set their preferences in relation to data processing.



Protecting our client's data is one of Bankia's top priorities. In order to achieve this, Bankia uses high security standards in its applications and systems, and the most advanced protective measures are implemented in order to guarantee the confidentiality and integrity of the information. Bankia maintain the highest levels of security required by Law to protect users' personal data against accidental loss and unauthorised access, processing or disclosures, in light of the state of technology, the nature of the information stored and the risks the information is exposed to.

Take a closer look at the security measures with which the Entity protects your information and that will allow it to improve the protection of enquiries and transactions both at the Bank and on the Internet.



Any personal data that Bankia obtains via “Bankia's communication channels” or through the various communications it maintains with the user will be processed with absolute confidentiality. Bankia undertakes to keep such data secret and guarantees that it will fulfil its duty to adopt all the necessary actions in storing them, in order to protect them against any alteration, loss, authorised processing or access, in accordance with the applicable law at any given time.

In order to ensure that the information provided is always up-to-date and does not contain any errors, users should inform Bankia as soon as possible of any changes and corrections to their personal data that arise over time.


Video surveillance and access to Bankia's buildings

As a financial institution, Bankia is obliged to install permanently-operational video surveillance cameras, devices or systems that are able to capture and record images of potential culprits of any criminal offences committed against people and property in its establishments and branches, in order for such potential culprits to be subsequently identified (Legitimate basis for the data processing: fulfilment of a legal obligation –Private Security Act 5/2014 of 4 April).

Bankia will process images using still or video camera systems for the purposes of upholding the safety and security of people and goods, as well as its facilities. It may also capture images from public areas to the extent that it is strictly necessary and only for the aforementioned purpose.

The State Security Forces and Agencies will have access to the systems installed by the private security companies that allow for information to be checked in real time, when necessary for the prevention of a real and present threat to public safety or to prevent criminal offences.

In addition, when accessing certain buildings, Bankia, S.A. will request identification details from you in order to control access. Providing such details will be a requirement in order for you to gain access, for security reasons and on the basis of a legitimate interest of the company (Legitimate basis for the data processing: fulfilment of a legal obligation and a legitimate interest of the company).

The data and images will be deleted within one month of being obtained or recorded, in accordance with the aforementioned regulation, except for when they have to be kept to provide evidence of any offences that have been committed against people, goods or facilities.

Visitors can exercise their rights of access, correction, deletion, objection, portability and limitation of processing, as appropriate, by writing to Bankia's General Register, with proof of their identity, at the address Registro General de Bankia, Paseo de la Castellana nº 189, 28046 Madrid.


Recording of telephone conversations

Telephone communications that take place between the parties may be recorded during the contract process or use of the services rendered by Bankia, in order to:

  1. i. prove its identification and acceptance of the conditions of contracts, pre-contracts, operations or services that the user requests, as an element of proof for any judicial proceeding or arbitration that between both parts you could pose direct or indirectly (Legitimate basis for the data processing: execution of a contract); as well as,
  2. ii. in the case of products request for information or contracting or investment services, to comply with the obligation established in the current regulations in share market. (Legitimate basis for the data processing: fulfilment of a legal obligation - Royal Decree-Act 14/2018 of 28 September, which amends the consolidated text of the Stock Market Act, approved by Legislative Royal Decree 4/2015 of 23 October).

In addition, any computer and electronic records generated through the contact process or through gaining access to Bankia's service may be recorded.

The register will include recordings of telephone conversations or electronic communications that are related, at least, to the transactions carried out when the user makes trades for themselves, as well as those related to services rendered in relation to the receipt, transmission and execution of client orders of any kind, including conversations or communications regarding transactions or services even if they are not finally executed.


Accessing “Bankia's communication channels” can involve the use of cookies. Cookies are files downloaded to the user's device in order to collect data. They are essential for the proper operation of the Bankia Group's web pages, applications and other websites, providing benefits to users and making it easier for them to browse and use these facilities. They can be updated and recovered by the Bankia Group institutions responsible for installing them. Cookies have, in general, a limited time duration.

No cookie permits the possibility of contact via the phone number of the user, their e-mail address or with any other means of contact. No cookie can extract information from the hard disk of the user or steal personal information. The only way by which the private information of a user forms part of the cookie file is if the user personally gives that information to the server.

The users can shape at any time the consents that they have provided for those cookies that they are not necessary to visualise the page or tool website (analytical cookies, advertising executives or advertising comportamental) via the Cookies policy of the Bankia group. Users can also disable the use of cookies, using their browser's configuration/settings options, in order to block, restrict, disable or delete the acceptance of cookies.

You can view detailed and up-to-date information regarding cookies in the Cookies policy of the Bankia group.


Review of the Privacy Policy

Bankia will perform an annual review of its Privacy Policy, unless regulations or other requirements make it necessary to adapt the Policy more frequently. Therefore, users are advised to consult the Policy each time they access or use pages, websites or web tools owned by Bankia or, at least, to consult its content periodically.


Last update: 01/12/2018.