Privacy Policy


In accordance with the provisions of:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Hereinafter “GDPR”.
  • Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights.
  • Law 34/2002, of 11 July, on information society services and electronic commerce.
  • Royal Decree 1720/2007, of 21 December, approving the Regulation implementing Organic Law 15/1999, of 13 December, on the protection of personal data.
  • Royal Decree-Law 3/2020 of 4 February on urgent measures transposing into Spanish law various European Union directives in the areas of public procurement in certain sectors; private insurance; pension plans and funds; taxation and tax litigation.

PIB Group España Correduría de Seguros y Reaseguros, S.A.U (hereinafter, the Company or PIB Group España) has prepared this privacy policy with the intention of informing you that your personal data will be processed in the sense provided, inter alia, in Article 4.2 of the aforementioned GDPR. Data processing means any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Likewise, the Company will update the privacy policy on this website in accordance with legal and jurisprudential developments in this area.

Data controller and contact details

The data controller is PIB Group España Correduría de Seguros y Reaseguros, S.A.U, a company which is part of PIB Group Limited, registered in England and Wales, with company number 09900466, and registered office at Rossington’s Business Park, West Carr Road, Retford, Nottinghamshire, DN22 7SW.

In order to preserve the privacy of your personal data and to ensure that it is processed appropriately, the Company has appointed a Data Protection Officer, whose responsibility is to oversee the implementation of the Company’s personal data protection policies. In view of the above, you may contact the Customer Service Department of the data controller by calling freephone 933.065.353 or by sending an e-mail to the following address: provided that your query is related to the privacy in the processing of your personal data.

Purpose of the processing of personal data

The Company processes your information in order to manage the complete execution of the intermediation contract and, in particular, to ensure the maintenance of the relationship established between you and the insurer; to provide advice and information on the conditions of insurance contracts and financial products; to provide assistance in the event of a claim; to send commercial communications about insurance and/or financial products brokered by the Company (the user may at any time express his/her opposition to receiving commercial communications); and to comply with the legal requirements regarding the prevention, investigation and discovery of fraud and money laundering.

It is for the above reasons that failure to provide the required information will make it impossible to sign the intermediation contract. If necessary, we will record your voice to maintain the quality of the service and as evidence in and out of court. All of the above legitimises the processing in accordance with the provisions of article 6.1.b) of the RGPD.

Legitimation for data processing.

The processing of the personal data provided by the user is based on the following legal bases that legitimise the same:

  • The contracting of services from the Company and the execution of the professional assignment requested the terms and conditions of which will be made available to the user prior to an eventual contracting. In order to carry out the professional relationship requested the interested party is obliged to provide his/her data.
  • Free, specific, informed and unequivocal consent, since after reading this Privacy Policy the user is informed and, if he/she agrees, can accept it by means of a declaration or a clear affirmative action, such as ticking a box provided for this purpose.

In the event that the interested party does not provide the aforementioned data or if they are erroneous or inaccurate, we will not be able to attend to their request, making it impossible to provide them with the information requested or to carry out the contracting of the services. Therefore, the data controller, the Company, shall be exonerated from any liability that may arise from the non-execution of the professional assignment or from the consequences that may arise from this inaccurate or erroneous information.

  • Compliance with a legal obligation applicable to the controller.

Processing shall also be legitimate where processing is necessary for the protection of the vital interests of the data subject or of another natural person; where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and where processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.

Transfer of personal data.

The Company may transfer your personal data to companies in the same group, in order to internally manage the service provided and to maintain the contractual relationship. This transfer is covered by the legitimate interest by virtue of the provisions of recital 48 of the RGPD, so it will not be necessary to obtain your express consent for this operation.

Likewise, in accordance with the provisions of article 99.1 of Law 20/2015, of 14 July, on the regulation, supervision and solvency of insurance and reinsurance companies, the Company may transfer the Client’s personal data to the insurance company, solely for the purposes of guaranteeing the full performance of the insurance contract and compliance with the obligations established in said Law and its implementing provisions. They will also be provided to the insurance companies selected by you on the occasion of requests for quotations. In the event of non-payment, your data may be provided to solvency service providers, courts or tribunals if required to do so.

International data transfers

PIB Group España, as part of the PIB Group Limited group of companies is an organisation operating in different countries and may transfer certain personal information about you to other jurisdictions to be processed for the purposes described above in this policy.  In particular, the Company may make such transfers to provide, administer and manage the services provided to you and to improve the efficiency of business operations. The Company will take appropriate steps to ensure that such transfers comply with all applicable data protection laws and regulations.

In the case of transfers of personal data to countries outside the European Economic Area for the fulfilment of the legitimate purposes described in this Privacy Policy, such transfers may be made both to countries that the European Commission (hereinafter “EC”) considers to offer adequate data protection safeguards and to countries that are not subject to an adequacy decision, provided that they comply with the provisions of the regulations.

Therefore, where the Company transfers personal data to countries that are not subject to an adequacy decision, e.g. the United States, PIB Group España will implement appropriate safeguards and controls as described in the GDPR. Where transfers are made within the PIB Group Limited group of companies, they will be covered by agreements based on the “EC” standard contractual clauses. Where transfers are outside the Group companies or to third parties who help provide our products and services, such as international brokers or surveyors, we will obtain contractual commitments from them using the standard “EC” clauses or certification schemes to protect your personal information.

If you would like more information about whether your personal data is disclosed to recipients abroad, please contact us at

Commercial communications

The Company will process your personal data for the purpose of sending commercial communications about insurance and/or financial products brokered by this or other companies in the “PIB Group Limited” group, provided that they are similar to the products already contracted by you. In accordance with the above, the Brokerage is entitled to process the data for this purpose on the basis of legitimate interest. However, you may at any time oppose the sending of such communications, without this opposition in any case limiting the performance of the main contract.

Customer profiling

In order to improve the performance of our services, we draw up a commercial profile of our customers, including automated profiling, based on the information provided, which enables us to offer you insurance and/or financial products and services in accordance with your interests.

Retention, cancellation and deletion of personal data

We inform you that the personal data you provide to the Company will be kept for the duration of the contract and will be cancelled on expiry and/or closure of open claims. They will therefore be kept for as long as the purpose for which they were collected subsists. They will be blocked and kept during the period of prescription of the actions that may arise from the contractual relationship subscribed by you.

Likewise, where the deletion results from the exercise of the right to object in accordance with article 21.2 of the GDPR, the Company may retain the data identifying the data subject necessary to prevent future processing for direct marketing purposes.

Due diligence in the management of personal data

The Company complies with the legal security measures for the protection of personal data and has taken all reasonable measures in accordance with current technical knowledge to prevent the loss, misuse, alteration, unlawful intrusion and theft of the personal data provided. In any case, you should be aware that the Internet is not a totally secure and/or impregnable medium.

Rights you may exercise in relation to the processing of your personal data

You have the right to withdraw your consent at any time, provided that the processing is not necessary for the performance of the contract. The withdrawal of consent shall not affect the lawfulness of the processing based on the consent prior to its withdrawal.

You may exercise the following data protection rights:

Of access: the right to contact the data controller to find out whether or not it is processing your personal data and to obtain information in this regard.

Of rectification: You are supposed to obtain the rectification of your personal data that are inaccurate or incomplete.

Deletion or “to be forgotten”: Data subjects may request that the Company deletes their personal data when: (i) the personal data is no longer necessary in relation to the purposes for which it was originally collected, (ii) when you withdraw your consent (if the data processing is based on consent), (iii) you have successfully exercised your right to object, (iv) when your personal data has been unlawfully processed, and (v) when the Company has to comply with a legal obligation.

Limitation: You may request the limitation of the processing of your personal data by the controller where the following conditions are met: (i) where you contest the accuracy of your personal data, within a period that allows the controller to verify it, (ii) where you have objected to the controller’s processing of your personal data on the grounds of legitimate or public interest, pending verification of the alleged grounds, (iv) where the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the formulation, exercise or defence of claims, (v) where the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the formulation, exercise or defence of claims, (vi) where the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the formulation, exercise or defence of claims.

Right to portability: The right to receive information about the automated processing of your personal data in a structured, commonly used, machine-readable and interoperable format and to transmit it to another data controller, provided that the processing is legitimate on the basis of consent or within the framework of the performance of a contract.

This right may not apply where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority vested in the controller.

Through the Company’s data protection delegate, who can be contacted at the following e-mail address: indicating your identification details, or by post at Calle Aribau 200 – 3PL, 08036. Barcelona.
Similarly, before the Company can provide you with information or facilitate the exercise of your rights, it may have to carry out various tasks to verify your identity or other details necessary to be able to respond appropriately to your request. We will contact you within a maximum period of 30 days from the date of your request.

As a last resort, and in the event that you do not agree with the exercise of your rights, you may request information and/or file a complaint with the Spanish Data Protection Agency, located at Jorge Juan street, nº 6, 28001 Madrid”.

By using this website you agree that we may place cookies on your device, as described in the “Cookies Policy” section.