The ICF Group includes in its databases and records the personal data of all the people involved in any financing application or business or contractual relationship with the ICF Group.

The ICF Group collects personal data pursuant to personal data protection regulations to ensure their security, confidentiality and proper use by means of appropriate technical and organisational measures. All the data requested are essential and necessary to handle the data subject’s financing application or manage their business or contractual relationship with us.

Data subjects who provide their data do so voluntarily and warrant that they are true, accurate and up to date. If the data submitted belong to another person, the person providing them represents that they have informed that person of the aspects contained in this document and have obtained their consent to provide their data to the ICF Group.

The ICF Group cannot and does not make any fully automated final decisions with the data provided. Segmentation and profiling studies may, however, be used to facilitate and expedite the risk assessment of the funding application or management and monitoring of the contract entered into. 

The ICF Group operates as a group in relation to compliance with personal data protection regulations pursuant to the definition and characteristics set out in applicable regulations.

The data controller is the ICF Group entity that has collected the personal data of the data subjects. Nevertheless, the technical and organisational measures for safeguarding and protecting the information are the same for the entire ICF Group.

The identification of the companies that make up the ICF Group for the purposes of compliance with personal data protection regulations is as follows:

Under applicable regulations, the data protection officer is in charge of ensuring that the ICF Group complies with personal data protection regulations across all its activities.

The contact email address of the ICF Group’s data protection officer is dpoICF@icf.cat.

The legitimacy and legal basis of the processing of personal data by the ICF Group are detailed below:

The fulfilment or performance of a contract which entails diligent management of the obligations in it.

The data subject’s explicit and unambiguous consent.

In the ICF Group’s legitimate interest, it may anonymously and securely use the data derived from the contractual relationship: on the use of communication channels and any other interactions as may be established to improve the products offered, make the relationship more satisfactory, meet the expectations of third parties, and conduct statistical studies, surveys or market research which may be of interest to both parties.

In compliance with a legal or court obligation which requires the ICF Group to process the available information in a specific way. In these cases, the data subject’s consent would not be necessary. For example, this is the case with processing data in compliance with obligations established by money laundering and terrorist financing prevention regulations.

The personal data gathered by the ICF Group are primarily used to appropriately manage the products applied for or taken out with the ICF Group.

The purposes for which the data subject may give their consent are set out below:

    1. Managing and monitoring the products and services applied for or taken out: this consent is necessary and     essential to be able to evaluate and manage the applications received and subsequently supervise and     properly manage any contractual relationships which may arise from them together with any incidents or     complaints. The legal basis and legitimacy for these processing operations is the performance of the contract.

    Likewise, it is in the ICF Group’s legitimate interest to conduct risk assessments and credit profiling to     ascertain the creditworthiness of the applicant and facilitate and expedite the process of assessing risks     resulting from the application for financing. Under no circumstances will the ICF Group undertake any fully     automated decision-making on whether to accept an application for financing.

    2. Providing and sending marketing information about ICF Group products and services: it allows the ICF Group     to offer customer companies a range of business propositions relating to products and campaigns, send them     other information from the ICF Group and suggest surveys to gather their feedback and rating of the products     and services applied for/taken out.

    As long as there is no legitimate interest of the ICF Group, the legitimacy for carrying out this processing is the     data subject’s consent.

    3. Profiling and risk segmentation in relation to the ICF Group’s products and services: the data subject’s     personal data may be used by the ICF Group to perform segmentation, profiling or statistical studies or market     research to better meet their expectations and enhance the business relationship. As long as there is no     legitimate interest of the ICF Group, the legitimacy for carrying out this processing is the data subject’s     consent.

    4. Disclosing your personal data to third parties: the ICF Group may not disclose any personal data to third     parties except when required by law or with the data subject’s explicit consent.

    5. For promotional and advertising purposes: images will be taken during events organised by the ICF Group in     which the attendees may appear. The ICF Group will use the images captured in its own publications and social     media, particularly on its website, in-house portal, social media, press releases and in promotional and     advertising actions.

We advise event attendees that their personal data will not be segmented or used for any purposes other than those stated above.

If an event attendee does not want their image to be used in the aforementioned media, after its publication they may exercise their rights of objection or erasure as set out in the "Exercising your rights" section of this policy.

The personal data gathered by the ICF Group are stored throughout the term of the contract signed.

Data related to applications for transactions which are not concluded will be kept for no more than six (6) months provided that there is no legal requirement or a longer period has not been agreed in the application form.

Once the contractual relationship has ended, the personal data will be blocked for the statutory limitation periods; this is generally ten (10) years under money laundering and terrorist financing regulations and up to twenty-one (21) years in application of the Civil Code and mortgage legislation. After these periods have ended, the personal data will be removed from the records and files held by the ICF Group.

The data subject may at any time withdraw their consent to the processing or transfer of their personal data and exercise their rights to access, rectify and erase their data, object to and restrict processing and to data portability without this affecting the processing request or the contract.

You can use the following channels to exercise these rights:

• By emailing protecciodedades@icf.cat.
• By writing to Gran Via de les Corts Catalanes, 635, 08010 Barcelona.
• You can also do so on this website by filling out the form at this link.

In all cases you can always make a complaint to the Catalan Data Protection Agency (www.apdcat.cat) or the Spanish Data Protection Agency (www.agpd.es).

The data subject must be clearly identified before any procedure can be undertaken. Hence you need to enclose or attach a copy of your ID card or an equivalent document proving your identity to your complaint.

There is no charge for exercising the aforementioned rights or for making complaints to the Group or official agencies.

Use the form to make it easier to process a request or exercise your rights in any financial or contractual relationship with ICF Group entities.