Cookies Use Policy

1. Entity responsible

By way of this notice, Banco Santander S.A., a company registered at the Bank of Spain under registration number 0049, with registered offices at Santander, Paseo de Pereda, 9-12 and the Tax ID Number A-39000013 owner of this website www.santanderx.com (the “Bank” or the “Editor” indistinctly), informs the users of the website (the “Website” and the “Users” or the “User” respectively) about its Cookie Policy, so that they are aware of the cookies that will be used while browsing through the Website and can give their consent to them.

2. What are cookies?

Cookies can be defined as any type of data storage and retrieval device used in the terminal equipment of a user (computer/smartphone/tablet) when browsing the Internet with the purpose of storing information and retrieving information that has already been stored.

Cookies can be installed either directly by the websites visited by the user or by third parties to which the website is related, giving the website knowledge of their activities on the site or on others to which this website is related, for example: the location from which users access the site, connection time, the device used (fixed or mobile), the operating system and browser used, the pages most frequently visited, the number of clicks and data concerning the user's behaviour on the Internet.

For more information on how websites and apps use cookies, click here: https://www.allaboutcookies.org.

3. Personal data protection?

Under certain circumstances, the use of data storage and retrieval devices on recipients' terminal equipment, such as cookies, may involve the processing of personal data. Such data processing shall be deemed legitimate on condition that the users of the Website have given their consent after having been provided with clear and comprehensive information on the use of this data, in particular on the purposes of the data processing, as regards the protection of personal data.

For these purposes, it should be noted that the Cookies Policy (hereinafter, 'Cookies Policy') is complemented by the Privacy Policy of this Website.

4. Types of cookies used

This website uses the following types of cookies:

4.1 Technical and strictly necessary cookies

These are cookies inserted by the Publisher that are necessary for the proper functioning of the website or to provide a service requested by the user. In this regard, personalisation or preference cookies are considered necessary in order to remember information so that the user can access the service with certain characteristics that may differentiate their experience from that of other users, such as, for example, the language or the number of results to be shown in a search.

Technical cookies include, for example, user interface customisation cookies, cookies used by the Publisher to control traffic and data communication, session identification cookies, cookies used to share content on social media, etc.

Pursuant to Art. 22.2 of the LSSI (Information Society Services and Electronic Commerce Act), users do not have to give their consent for them to be used.

The table below provides more in-depth information about these types of cookies:

ACCOUNT HOLDER (GUEST) NAME PURPOSE USEFUL LIFE

santanderx.com

eupubconsent

The IAB Europe Transparency and Consent Framework uses this cookie to store user consent for data collection. The cookie contains an encrypted consent string that participating providers can read to determine the user's consent.

7,979 years

santanderx.com

nlbi_XXXXXXX

Incapsula DDoS Protection and Web Application Firewall: Load balancing cookie, to ensure that requests from a customer are sent to the same origin server.

Session

santanderx.com

_dc_gtm_UA-xxxxxxxx

This cookie is associated with websites that use Google Tag Manager to load other scripts and codes on a page. When used, it may be considered essential as without it other scripts may not function properly. At the end of the name is a unique number that is also an identifier for an associated Google Analytics account.

A few seconds

santanderx.com

OptanonConsent

 

This cookie is set by OneTrust's cookie compliance solution. It stores information about the categories of cookies used by the website and whether visitors have given or withdrawn their consent to use each category. In this way, website owners can prevent cookies of the individual categories from being set in users' browsers if they have not consented to it. The cookie has a normal lifetime of one year so that returning visitors to the website can remember their preferences. It does not contain any information that can identify the site visitor.

One year

santanderx.com

visid_incap_XXXXXX

Incapsula DDoS Protection and Web Application Firewall: cookie used to link certain sessions to a specific visitor (visitor representing a specific computer). To identify customers who have already visited Incapsula.

One year

santanderx.com

OptanonAlertBoxClosed

This cookie is set by websites using certain versions of OneTrust's cookie compliance solution. It is installed after visitors have seen a cookie information notice and in some cases only when they actively close the notice. It enables the website to display the message to a user no more than once. This cookie lasts for one year and does not contain any personal information.

One year

santanderx.com

incap_ses_*

Incapsula DDoS Protection and Web Application Firewall: cookie used to link HTTP requests to a specific session (AKA visit). Reopening the browser and accessing the same site are recorded as different visits. To maintain existing sessions (i.e., session cookie).

Session

sso.santanderx.com

AUTH_SESSION_ID_LEGACY

This is a cookie used to keep the user logged in across multiple sessions.

Session

santanderx.com

su-header

This cookie allows the website to know if the user has logged in, and to update the header accordingly across all website environments.

A few seconds

sso.santanderx.com

KC_RESTART

The cookie is used to recreate the authentication flow when the browser's root session has expired.

Session

sso.santanderx.com

KEYCLOAK_3P_COOKIE_SAMESITE

It is used exclusively by the JS adapter to determine whether the browser supports third-party cookies. It does not contain any sensitive data.

A few seconds

sso.santanderx.com

KEYCLOAK_IDENTITY_LEGACY

This is a cookie used to keep the user logged in across multiple sessions.

A few seconds

sso.santanderx.com

KEYCLOAK_LOCALE

This cookie allows the user's preferred regional settings to be applied if a user instance is available.

Session

www.google.com

_GRECAPTCHA

Cookie used by the GOOGLE RECAPTCHA service in the forms to avoid SPAM.

Six months


4.2 Analytical/performance cookiess

These cookies may be first-party or third-party cookies and enable the Publisher to monitor and analyse the behaviour of users when they browse the Website or use its services. These allow the Publisher to know which pages are the most and least visited, how visitors browse the site and also to analyse browsing, allowing the Publisher to make improvements based on the analysis of this usage information. The information handled does not allow the user to be identified uniquely.

Among the analytical cookies used on this Website are GOOGLE ANALYTICS cookies. GOOGLE ANALYTICS is a web analytics service provided by Google Ireland. In particular, the use of Google Analytics allows the Publisher to monitor how visitors use the Website, compile reports and help improve the Website.

If you consent to the installation of web analytics or performance cookies on your device, please note that GOOGLE ANALYTICS cookies will be installed. The installation of these cookies may result in Google Ireland making international data transfers to the United States, which may, in very isolated and specific cases, involve access to the data by US authorities for investigative and national security purposes. However, as part of our high standards of privacy compliance, we inform you that we have signed with Google Ireland and their subcontractors in the United States the Standard Contractual Clauses approved by the European Commission on 4 June 2021 as a mechanism of guarantee recognised by the GDPR with the aim of preserving the security of the data that may be the subject of an international transfer. We also take additional measures to protect the confidentiality and integrity of personal information.

The table below provides more in-depth information about these types of cookies:

ACCOUNT HOLDER (GUEST) NAME PURPOSE USEFUL LIFE  

santanderx.com

_hjSession_xxxxxx

A cookie containing the current session data. This ensures that subsequent requests within the session window will be attributed to the same Hotjar session.

A few seconds

 

santanderx.com

_gclxxxx

Google conversion tracking cookie

Three months

 

santanderx.com

_gid

This is a cookie used by Google Analytics that enables the unique visitor tracking function. The first time a user accesses the website through a browser, this cookie will be installed. When this user re-enters our website with the same browser, the cookie will recognise the user as the same user. Google Analytics will only treat the user as a new user if the user changes browser. Used to compile information on statistics for the use of the website without personally identifying visitors.

One day

 

sso.santanderx.com

_hjIncludedInPageviewSample

This cookie is set to determine whether the visitor is included in the data sample defined by the page view limit for the site.

A few seconds

 

santanderx.com

_gat_UA-

This is a cookie used by Google Analytics to compile anonymous traffic data. They contain a unique visitor ID, time and information on the visit, including references. The real data on the visit is recorded on the Google server. In this way, Google provides reports that help to analyse how visitors use websites, including references, ranging from user experience to measuring the impact of SEO and advertising. Ultimately, it is used to limit the amount of data recorded by Google on high-traffic websites.

A few seconds

 

santanderx.com

_hjAbsoluteSessionInProgress

This cookie is used by HotJar to detect a user's first pageview session. This is a True/False indicator set by the cookie.

A few seconds

 

santanderx.com

_hjSessionUser_xxxxxx

Hotjar cookie that is set when a user first views a page with the Hotjar script. It is used to store the Hotjar user ID that exists only for that page in the browser. This ensures that the behaviour is associated with the same user ID on subsequent visits to the same website.

One year

 

santanderx.com

_hjFirstSeen

Identifies the first session of a new user on a website and indicates whether Hotjar is seeing this user for the first time.

A few seconds

 

santanderx.com

_ga

This cookie is used to distinguish unique users by assigning a randomly generated number as a customer identifier. It is included in every page request of a website and is used to calculate visitor, session and campaign data for website analytics reports. By default it expires after two years, although this can be adjusted by website owners.

Two years

 

santanderx.com

_hjTLDTest

When the Hotjar script is run, we try to determine the most generic cookie path to use, rather than the hostname of the page. This is done so that cookies can be shared across subdomains (if applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substrings until it fails. After this test, the cookie is deleted.

Session

 

script.hotjar.com

_hjIncludedInSessionSample

This cookie is set to determine whether the visitor is included in the data sample defined by the page view limit for the site.

A few seconds

 


4.3 Advertising/targeting cookies

These are cookies that store information on user behaviour obtained through the continuous observation of their browsing habits or their behaviour when using the services of the website, which enables the creation of a specific profile for displaying advertising in accordance with this profile. They also allow the Publisher to make improvements based on the analysis of the data. The information handled does not allow the user to be identified uniquely. They may be placed on the website either by the Publisher or by a third party.

The table below provides more detailed information on these cookies

FIRST-PARTY

ACCOUNT HOLDER (GUEST) NAME PURPOSE USEFUL LIFE

santanderx.com

_fbp

This cookie is used by Facebook to deliver a range of advertising products, such as real-time offers from external advertisers.

Three months

 

THIRD-PARTY

ACCOUNT HOLDER (GUEST) NAME PURPOSE USEFUL LIFE

linkedin.com

lang

This domain is owned by LinkedIn. It usually acts as a third-party host when website owners have placed one of its content sharing buttons on their website, although its content and services can be embedded in other ways. Although these buttons add functionality to the website on which they are placed, cookies are set regardless of whether or not the visitor has an active LinkedIn profile, or has accepted its terms and conditions.

Session

ads.linkedin.com

lang

This domain is owned by LinkedIn. This subdomain is connected to LinkedIn's marketing services that allow website owners to understand the types of users on their website based on LinkedIn profile data, in order to improve targeting.

Session

linkedin.com

bcookie

This domain is owned by LinkedIn. It usually acts as a third-party host when website owners have placed one of its content sharing buttons on their website, although its content and services can be embedded in other ways. Although these buttons add functionality to the website on which they are placed, cookies are set regardless of whether or not the visitor has an active LinkedIn profile, or agrees to its terms and conditions. For this reason, it is primarily classified as a tracking/targeting domain.

Two years

youtube.com

VISITOR_INFO1_LIVE

This cookie is used as a unique identifier to track video viewing.

One day

twitter.com

personalization_id

This domain is owned by Twitter. Its main business activity is: Social network services. When Twitter acts as a third-party host, it collects data through a variety of plugins and integrations, which are primarily used for tracking and targeting.

Two years

www.linkedin.com

bscookie

This domain is owned by LinkedIn, the business networking platform. It usually acts as a third-party host when website owners have placed one of its content sharing buttons on their website, although its content and services can be embedded in other ways. Although these buttons add functionality to the website on which they are placed, cookies are set regardless of whether or not the visitor has an active LinkedIn profile, or agrees to its terms and conditions. For this reason, it is primarily classified as a tracking/targeting domain.

Two years

linkedin.com

UserMatchHistory

This domain is owned by LinkedIn, the business networking platform. It usually acts as a third-party host when website owners have placed one of its content sharing buttons on their website, although its content and services can be embedded in other ways. Although these buttons add functionality to the website on which they are placed, cookies are set regardless of whether or not the visitor has an active LinkedIn profile, or agrees to its terms and conditions. For this reason, it is primarily classified as a tracking/targeting domain.

One month

doubleclick.net

test_cookie

This domain is owned by Doubleclick (Google). Its main business activity is the exchange of real-time advertising offers from Google.

A few seconds

youtube.com

YSC

YouTube is a Google-owned platform for hosting and sharing videos. YouTube collects user data through videos embedded on websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors on a wide range of its own and other websites.

Session

linkedin.com

lidc

This domain is owned by LinkedIn, the business networking platform. It usually acts as a third-party host when website owners have placed one of its content sharing buttons on their website, although its content and services can be embedded in other ways. Although these buttons add functionality to the website on which they are placed, cookies are set regardless of whether or not the visitor has an active LinkedIn profile, or agrees to its terms and conditions. For this reason, it is primarily classified as a tracking/targeting domain.

One day

linkedin.com

li_gc

This domain is owned by LinkedIn, the business networking platform. It usually acts as a third-party host when website owners have placed one of its content sharing buttons on their website, although its content and services can be embedded in other ways. Although these buttons add functionality to the website on which they are placed, cookies are set regardless of whether or not the visitor has an active LinkedIn profile, or agrees to its terms and conditions. For this reason, it is primarily classified as a tracking/targeting domain.

Two years

linkedin.com

AnalyticsSyncHistory

This domain is owned by LinkedIn, the business networking platform. It usually acts as a third-party host when website owners have placed one of its content sharing buttons on their website, although its content and services can be embedded in other ways. Although these buttons add functionality to the website on which they are placed, cookies are set regardless of whether or not the visitor has an active LinkedIn profile, or has accepted its terms and conditions. For this reason, it is primarily classified as a tracking/targeting domain.

One month

doubleclick.net

IDE

This domain is owned by Doubleclick (Google). Doubleclick's main business activity is the exchange of real-time advertising.

One day

youtube.com

CONSENT

YouTube is a Google-owned platform for hosting and sharing videos. YouTube collects user data through videos embedded on websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors on a wide range of its own and other websites.

17 year

t.co

muc_ads

This is a cookie that collects information in order to personalise advertising content on Twitter.

Two years

5. What is the legal grounds for the use of cookies?

Except in the case of strictly necessary technical cookies that do not require the User's informed consent to be used, the Publisher will only install cookies on the User's computer with the User's prior informed consent. In this regard, users may give their consent either by clicking on the 'Accept all cookies' button or by adjusting the settings for those cookies that the user freely chooses to accept via the cookie settings panel that the Publisher has made available to them when they first access the Website or App.

6. Can you withdraw your consent?

Once the cookies have been installed, users may withdraw their consent and delete them at any time. To do so, users can:

Use the content and privacy settings available in the browser you are using to browse the website. The following are some examples of procedures for withdrawing consent and deleting cookies, depending on the browser used:

Reconfigure the cookies accepted via the cookie settings panel that the Publisher makes available to you at all times and which you can access via the following link.

7. Update to the Cookies Policy and contacts

This Cookies Policy may change depending on the cookies used. In the event that new types of cookies are included for which informed consent is required, the Publisher will duly inform the User and seek their consent.

Without prejudice to the previous paragraph, the Publisher recommends that you review this policy each time that you access our website so that you are properly informed about how and for what purpose we use cookies and are aware of any changes in the type of data collected.

If the User has any questions about the Website's Cookie Policy, they can contact the Publisher via the following Contact form, indicating 'Cookies Policy' in the subject field.