1. Data Controller
Banco Santander S.A., a company registered with the Bank of Spain under number 0049, with registered office in Santander, at Paseo de Pereda, 9-12 and with tax number A-39000013, and which is the owner of this website www.santander.com (the “Bank” or the “Publisher”), hereby informs visitors to the website (the “Users” or “User” and the “Website”, respectively) about its Cookies Policy, so as to make them aware of the cookies that will be used while browsing the Website and so that they may give their consent to the use of cookies.
2. What are cookies?
Cookies are a type of file that is downloaded and stored in the data storage and retrieval device used in the terminal of a user (computer/smartphone/tablet) browsing the internet in order to gather information and retrieve, for subsequent use, the information already stored by the cookies.
Cookies can be installed either directly by the websites visited by the user or by third parties related to the Website, and allow the Website to keep track of the user’s activity on the site or on other related sites, including: the location from which it is accessed, the connection time, the device from which it is accessed (wired or mobile), the operating system and browser used, the most visited pages, the number of clicks and data on the user’s browsing habits.
For more information on how websites and apps use cookies, please visit https://www.allaboutcookies.org/es/.
Although cookies do not need to be enabled to access the Website, disabling them may limit the use of certain services or prevent the full functionality of the Website as it might not be possible to run certain functions or processes.
3. Protection of personal data
In certain circumstances, the downloading of cookies to the data storage and retrieval systems of the recipients’ computer or device may involve the processing of personal data. The legal basis for this processing of data is the consent given by the users after they have been provided with clear and complete information on the use of their data, particularly on the purposes of processing their data, so as to ensure the protection of personal data.
Note that this Cookies Policy (the "Cookies Policy") is supplemented by the Privacy Policy for this Website.
4. Types of cookies used
In accordance with this Cookies Policy, the Bank will use cookies as described below, provided that the user has consented to their use. The user of the Website may modify or reject the use of cookies, except for technical, preference or personalisation cookies, which are needed to ensure the basic functioning of the Website or to provide the requested service on a personalised basis.
The Website uses the following types of cookies:
a. Strictly necessary cookies: technical, preference or personalisation cookies:
These cookies are inserted by the Publisher and are needed to ensure the proper functioning of the Website or to provide a service requested by the user. Preference or personalisation cookies are considered necessary when they allow information to be recorded so that the user can access the service with certain characteristics that effectively make their experience different from that of other users, such as their preferred language or the number of search results to be shown.
Technical cookies include, without limitation, user interface personalisation cookies, cookies used by the Publisher to control data traffic and communication and identify the session, or cookies for sharing content on social networks.
In accordance with Article 22.2 of the Spanish Information Society Services Act, there is no requirement of consent for this type of cookie.
The table below provides further information on this type of cookie:
NAME | OWNER | PURPOSE | DURATION/EXPIRY |
---|---|---|---|
affinity | Azure | An Azure App Service feature that enables end users to talk to the same Azure App Service worker instance until the session finishes. | End of session |
incap_ses_* | Imperva | An Imperva/Incapsula session cookie to filter malicious requests. The information it generates cannot identify you individually. | End of session |
visid_incap_XXXXXX | Imperva | DDoS and Firewall protection for Imperva/Incapsula web applications: Cookie to link sessions to a certain visitor (who represents a specific computer) to identify customers who have previously visited Incapsula. | 1 year |
nlbi_XXXXXX | Imperva | Imperva/Incapsula cookies are sent to make sure that user interactions with the website are directed to the correct server. | End of session |
AWSELBCORS | Investis Digital | This cookie is managed by AWS and is used for load balancing. | End of session |
AWSALB | Investis Digital | Load balancing cookie that connects to the required Investis server. | 6 days |
san_lang | Santander | Used to define the user’s language preferences. | 10 years |
SAN_REDIRECT | Santander | Cookie that defines the preference in the redirect component and selects the user's preferred option | End of session |
CONSENTMGR | Tealium | This cookie will be used to store the general consent stored through Tealium, the tool that manages user preferences. | 90 days |
utag_main | Tealium | This cookie is set by Tealium, the tool that manages tags and consent on all of our web pages. | 1 year |
YSC | YouTube | This cookie is used by YouTube to remember user input and associate a user’s actions | End of session |
CONSENT | YouTube | Google uses the ‘CONSENT’ cookie, which lasts for 2 years, to store a user’s state regarding their cookies choices. | 24 months |
VISITOR_INFO1_LIVE | YouTube | This cookie contains a unique ID used to remember your preferences and other information such as your preferred language, how many search results you prefer to have shown on a results page and is also used to detect and resolve problems with the service. | 6 months |
VISITOR_PRIVACY_METADATA | YouTube | It is a YouTube cookie that is used in the context of visitor privacy on websites. It is used to store information about the visitor's privacy settings, such as whether they have accepted or rejected the use of cookies. | 5 months |
LOGIN_INFO | YouTube | YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services. | End of session |
AWSALBCORS | Investis Digital | Used to attribute commission to affiliates when you arrive at the website from an affiliate referral link. It is set when you click on one of our links and used to let the advertiser and us know the website from which you came. | 7 days |
b. Analytics or performance cookies
These cookies, which may be proprietary or third-party, allow the Publisher to track and analyse the behaviour of users when browsing the Website or using its services. They allow the Publisher to view information on the most and least visited pages and see how visitors browse the Website, and to analyse such browsing activity, thus allowing it to make improvements. The information handled does not allow the user to be uniquely identified.
The analytical cookies used on this Website include those of GOOGLE ANALYTICS and ADOBE ANALYTICS. We also use the tag management service provided by TEALIUM and TWITTER cookies to be able to share information through the social network’s widget.
GOOGLE ANALYTICS is a web analysis service provided by Google Ireland. In particular, the use of Google Analytics allows the Publisher to monitor how visitors use the Website, compile reports and improve the Website.
If you consent to the installation of web analytics or performance cookies on your device, please be advised that GOOGLE ANALYTICS cookies will be installed. The installation of these cookies may involve the international transfer of data to the United States by Google Ireland, which could in very isolated and specific cases entail access to data by the authorities of that country for national investigation and security purposes. However, in line with our rigorous privacy standards, please be advised that the contracts in effect between Google Ireland and its subcontractors in the United States include the Standard Contractual Clauses approved by the European Commission on 4 June 2021, as a safeguard mechanism recognised in the GDPR that aims to ensure the security of any data that may be subject to international transfer. We also adopt additional measures to protect the confidentiality and integrity of personal data.
ADOBE ANALYTICS is a web analysis service provided by ADOBE that the Publisher uses to analyse Website audience, count unique visitors, record the time and date of unique visitors, etc.
The table below provides further information on this type of cookie:
NAME | OWNER | PURPOSE | DURATION/ EXPIRY |
---|---|---|---|
s_cc | Adobe Analytics | Used to determine whether the cookies are enabled | Session |
s_nr | Adobe Analytics | Stores the date of the visit and whether the visitor is a first-time visitor or a repeat visitor |
2 years |
s_sq | Adobe Analytics | Used when the ClickMap and Activity Map functionalities are enabled. Contains information about the last link that the user clicked on |
Session |
s_ ecid | Adobe Analytics | Used to allow persistent ID tracking in 1st-party state and used as a benchmark ID if the AMCV cookie has expired. See AMCV cookie here for further details |
2 years |
AMCV_###@AdobeOrg | Adobe Analytics | Used to identify a unique visitor – Experience Cloud |
2 years |
s_vi | Adobe Analytics | Used to record the date and time for the unique visitor identifier |
2 years |
s_fid | Adobe Analytics | Used to record the date and time for the alternative unique visitor ID |
2 years |
mbox | Adobe Target | Used to conduct tests aimed at improving the user experience and knowing the most relevant elements and content for visitors |
2 years |
at_check | Adobe Target | A cookie created by Adobe Target that is used to determine whether a visitor accepts cookies. |
Session |
_ga_18TFZRJTGN | It is used to maintain session status. | 2 years | |
_utma | Distinguishes between users and sessions. A user is a person who visits the site. A session is the period that the user spends on the site, and may consist of several page visits. This allows for an analysis of how the site is used in terms of user page visits and views |
2 years from creation/update |
|
_utmb | Used to differentiate new sessions/visits from repeat visits. Return visitors can be identified through the use of the cookie, which new visitors will not have |
30 minutes from creation/refresh |
|
_utmc | Used in conjunction with the _utmb cookie to determine whether a user is a new or return visitor |
End of browsing session |
|
_utmz | Stores the source of traffic or campaign that explains how the user got to the site |
6 months from creation/update |
|
_utmt | Used to throttle the request rate. This means limiting the number of analysis events sent to |
10 minutes | |
_ga | Used by the web audience analysis tool to differentiate unique users |
2 years | |
_gid | Used by the web audience analysis tool to differentiate unique users |
24 hours | |
___utmvxxxxxxxxxxxxxx | Cookie used by Google to distinguish users. | 2 years | |
OTZ | This domain is owned by Google. The main business activity is: User Accounts sub-domain. Cookies in this domain have lifespans between 1 month to 2 years. | 1 year | |
__Host-GAPS | This domain is owned by Google. The main business activity is: User Accounts sub-domain. Cookies in this domain have lifespans between 1 month to 2 years. | 1 year | |
__Host-1PLSID | This domain is owned by Google. The main business activity is: User Accounts sub-domain. Cookies in this domain have lifespans between 1 month to 2 years. | 8 months | |
ACCOUNT_CHOOSER | This domain is owned by Google. The main business activity is: User Accounts sub-domain. Cookies in this domain have lifespans between 1 month to 2 years. | 1 year | |
__Host-3PLSID | This domain is owned by Google. The main business activity is: User Accounts sub-domain. Cookies in this domain have lifespans between 1 month to 2 years. | 8 months | |
LSID | This domain is owned by Google. The main business activity is: User Accounts sub-domain. Cookies in this domain have lifespans between 1 month to 2 years. | 8 months |
c. Advertising or targeting cookies
Used to store information on user behaviour, as obtained through continuous observation of their browsing habits or behaviour when using Website services. This information is then used to draw up a specific profile for delivering tailored advertising. They also allow the Publisher to make improvements based on data analysis. The information handled does not allow the user to be uniquely identified. They may be inserted into the website by the Publisher or by a third party.
Rejecting the use of these cookies will prevent the Bank from displaying personalised advertising that may be of interest to the user.
The table below provides more detailed information on these cookies:
NAME |
OWNER | PURPOSE | DURATION/ EXPIRY |
---|---|---|---|
MUID | Bing | Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. | 1 year |
_uetsid | Bing | UET assigns this ID to store and track visits to websites. | 1 day |
_uetvid | Bing | UET assigns this unique, anonymous visitor ID that represents a unique visitor. UET stores these data in a first-party cookie and locally. | 13 months |
_gac_UA-58567623-40, _gac_gb_G-18TFZRJTGN |
Includes user-related campaign information through the link between Google Analytics and Google Ads. Google Ads website conversion tags will read this cookie | 90 days | |
SID | This cookie is used by Google in combination with HSID to verify a Google user account and most recent login time. | End of session | |
HSID | Used by Google in combination with SID to verify Google user account and most recent login time. | End of session | |
SAPISID | It is used to measure ad performance and to provide ad recommendations | 2 years | |
__Secure-1PAPISID | It is used to personalize advertisements that may be of interest to you. | 2 years | |
SSID | It is used to measure ad performance and to provide recommendations | 2 years | |
__Secure-1PSID | This cookie is set by Google and is used to authenticate users, store session preferences, and perform security measure. | 2 years | |
APISID | It is used to measure ad performance and to provide recommendations. | 2 years | |
_IDE, test_cookie, _gcl_au |
Google / Doubleclick | The Google / DoubleClick cookie aims to improve the advertising displayed to users | 1 year, 1 month, 3 months |
fr, _fbp, _fbc | Collects a combination of the user’s browser and unique identifier, used to tailor advertising to users | 3 months | |
wd | Through the use of this cookie, Facebook stores the user's screen resolution. | 7 days | |
xs | Through the use of this cookie, Facebook detects if you are logged in on its platform. | 1 year | |
dpr | Through the use of this cookie, Facebook is able to improve the experience offered to users based on their device settings. | 7 days | |
sb | Facebook stores information about the browser to improve its security settings. | 2 years | |
usida | Collects a combination of the user’s browser and unique identifier, used to tailor advertising to users | Session | |
m_pixel_ratio | Through the use of this cookie, Facebook is able to improve the experience offered to users based on their device settings. | Session | |
datr | >The purpose is to identify the web browser used to connect to Facebook, regardless of which user is logged in. This cookie plays a key role in security. | 2 years | |
locale | It stores the user's language. | 7 days | |
li_oatml, lms_ads, li_fat_id |
Used to identify members of LinkedIn for advertising and analysis purposes outside the designated countries and, for a limited time, for advertising purposes in the designated countries. | 30 days | |
lidc | Facilitates the selection of the best data centre for LinkedIn. | 24 hours | |
li_gc | It is used to store user consent regarding the use of cookies for non-essential purposes. | 2 years | |
bcookie | A browser identification cookie to uniquely identify devices accessing LinkedIn and detect platform abuse. | 2 years | |
bscookie | Used for remembering that a logged in user is verified by two factor authentication. | 2 years | |
JSESSIONID | It is a platform login cookie and is used by websites with JavaServer Pages (JSP). The cookie is used to maintain an anonymous user session on the server. | End of session | |
li_alerts | Used to track impressions of LinkedIn alerts, such as the Cookie Banner and to implement cool off periods for display of alerts. | 1 year | |
In_or | Determines if Oribi analytics can be carried out on a specific domain. | 1 day | |
lang | It stores the user's language. | Session | |
sc_at | Snapchat | Used to identify a visitor across multiple domains. | 1 year |
X-AB | Snapchat | This cookie is used by the website’s operator in context with multi-variate testing. This is a tool used to combine or change content on the website. This allows the website to find the best variation/edition of the site. | 1 day |
_scid | Snapchat | Used to help identify a visitor. | 1 year |
_sctr | Snapchat | Used to determine whether a third party tag will be called in Snap Ads Pixel. | 1 year |
sp_landing | Spotify | This cookie from Spotify is stored when a user plays audio content from Spotify embedded in our website. It helps to collect information about the user's interaction with this audio content. | 1 day |
sp_t | Spotify | This cookie from Spotify is stored when a user plays audio content from Spotify embedded in our website. It helps to collect information about the user's interaction with this audio content. | 1 year |
sa-user-id | StackAdapt | These third party advertising / targeting cookies record information about your website activity, such as the pages you’ve visited and the locations you’ve viewed to enable us to provide you with interest based content and personalised adverts on external websites. | 1 year |
sa-user-id-v2 | StackAdapt | These third party advertising / targeting cookies record information about your website activity, such as the pages you’ve visited and the locations you’ve viewed to enable us to provide you with interest based content and personalised adverts on external websites. | 1 year |
sa-user-id-v3 | StackAdapt | Third-party advertising/targeting cookies that track your website activity — such as the pages you’ve visited and the locations you’ve viewed — so we can suggest personalized content and adverts on external websites. | 1 year |
_ttp | TikTok | Used to measure and improve the performance of your advertising campaigns and to personalize the user's experience (including ads) on TikTok. | 6 months |
ttwid | TikTok | Used by the social networking service to store if the user has seen embedded content. | 1 year |
_twitter_sess | It is used to allow Twitter content to appear on the Website and to allow content to be shared over its network. Its storage is enabled to recognise whether the user is logged in. | Session | |
gt | A cookie used to integrate Twitter functionalities correctly into our Website. | 2 hours | |
ct0 | Twitter service cookie. This is used to obtain information from users and to be able to share original content from the Website through the social network. | 5 years | |
guest_id | A twitter cookie that allows the social network to identify the user of Twitter via the Website. | 2 years | |
_personalization_id | The purpose is to collect information from users who have been directed to the Website by advertising campaigns from this platform | 2 years | |
muc_ads | Collects data on user behaviour and interaction in order to optimize the website and make advertisement on the website more relevant. | 13 months | |
Visitor_Privacy_metadata | YouTube | It is a YouTube cookie that is used in the context of visitor privacy on websites. It is used to store information about the visitor's privacy settings, such as whether they have accepted or rejected the use of cookies. | 5 months |
SIDCC | This cookie allows you to serve targeted ads that are relevant to users across the web. | 3 years | |
NID | To provide ad delivery or retargeting, store user preferences. | End of session |
5. What are the legal grounds for the use of cookies?
Except in the case of technical or strictly necessary cookies, the use of which does not require the User’s informed consent, the Publisher will place cookies on the User’s computer only with the User’s prior informed consent. Users may give their consent either by clicking on “Accept all cookies” or by adjusting the settings whereby users freely choose to approve particular cookies, through the cookie settings panel displayed by the Publisher the first time the user accesses the Website or the App.
6. Can you revoke your consent?
Users may revoke their consent and delete installed cookies at any time. To do so, they may either:
- Use the content and privacy settings available in their browser while navigating. The following are some examples of procedures for withdrawing consent and deleting cookies, depending on the browser used:
- Firefox: https://support.mozilla.org/en-US/
- Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
- Safari: https://support.apple.com/en-euro/HT201265
- Opera: https://help.opera.com/Windows/8.54/en/index.html
- Chrome: https://support.google.com/chrome/answer/95647?hl=en-en
- Reconfigure accepted cookies through the cookie settings panel that the Publisher makes available at all times and which can be found here:
7. Updates to the Cookies Policy and contact details
This Cookies Policy may change depending on the cookies used. If new types of cookies are included whose use requires informed consent, the Publisher shall inform the User and record their due consent.
Without prejudice to the above, the Publisher recommends that you review this policy each time you access our Website, so that you are properly informed about how and why we use cookies and are aware of any changes in the type of data collected.
If the User has any queries concerning the Portal’s Cookies Policy, they may contact the Publisher by sending an email to: privacidadcomunicacionymarketingcorporativo@gruposantander.com stating “Cookies Policy” in the subject line.