Additional information on data protection

I. Introduction

Banco Santander, S.A. (hereinafter, “Banco Santander”), as owner and editor of the website https://registration.santanderibc.com/ (hereinafter, “the Website”), is in full compliance with personal data protection regulation, including the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, “the GDPR”). Hence, the data provided by interested parties (hereinafter, the “Users”) on the Website will be processed according to the guarantees and obligations provided by law.

In accordance with current regulation, Banco Santander has taken the necessary technical and organizational measures to ensure the appropriate level of security and avoid the loss, misuse, alteration, unauthorized access to, and theft of, the data provided by the Users. Furthermore, Banco Santander will hereby fulfil its duty of keeping the personal data provided by the Users secret and confidential.

The Users are required to disclose their personal data in order to sign up to, and attend in-person, the International Banking Conference in person on 4 November 2025 at the Santander Group City in Boadilla del Monte, Madrid, Spain (hereinafter, the “Event”).

II. Who is responsible for processing the Users’ data?

Below are the details of the data processor:

• Identity: Banco Santander S.A., bearing tax ID number A-39000013

• Contact information:

• Address: Avenida de Cantabria s/n, Ciudad Financiera, Edificio Arrecife Planta 1, 28660, Boadilla del Monte, Madrid
• Email: privacidadcomunicacionymarketingcorporativo@gruposantander.com

III. Who is the Data protection officer and how can they be contacted?

The Data protection officer is in charge of enforcing the GDPR and making sure the personal data provided by the Users remain protected.

To contact the Data protection officer, the Users can send a message to privacidad@gruposantander.es.

IV. What are our purpose and legitimacy for processing Users’ personal data?

1. User registration and in-person attendance at the Event. Banco Santander will use the Users’ data to register them as attendees and track their attendance. The legal basis for processing their data is an agreement between Banco Santander and the User.

2. Electronic sending of information about the Event. Banco Santander will utilize Users’ data to send information about the Event and make invitations to future iterations thereof. The sending of such communications to the Users is legitimized by Banco Santander’s own lawful interest. Should the User consent to having their data retained for 18 months to receive invitations to future iterations of the Event, the legal basis for processing such data will be the User’s consent.

3. Sending of questionnaires about the Event. Banco Santander will send Users a questionnaire after the Event has ended to garner their opinion about it. Answers are voluntary. The sending of such communications to the Users is legitimized by Banco Santander’s own lawful interest.

4. Recording of Event sessions and use thereof on www.santander.com and social media. Banco Santander will record the Event for the sole purpose of displaying and divulging images publicly for informational purposes on its website and social media and for internal use. The legal basis for processing that data is Banco Santander’s own legitimate interest as the organizer of the Event.

5. Audience participation at the Event. During the Event’s sessions, platforms will be open in order to ask speakers questions, take part in voting and communicate privately with other registered attendees. The legal basis for processing data is an agreement between Banco Santander and the User.

V. What personal data will be processed?

For the activities mentioned herein, we will request identification, contact and other professional details. They will be recorded and linked to a username and password that Users have to attend sessions. Furthermore, we can also process the Users’ image, voice, opinions and comments. These data are collected for the processing purposes stated in the previous question.

VI. How long will we keep personal data?

The personal data we receive will be kept for the duration of the Event, provided that the Users do not request that they be erased, whereby the data will be blocked for a period of three (3) years and subsequently erased.

VII. Will data be disclosed?

In regard to the disclosure of data, we hereby inform that the Users’ personal information will not be disclosed to third parties nor subject to international transfers to third countries or international organizations. However, images from the Event, in which personal information will be strictly incidental, may be released.

VIII. What are the Users’ rights when providing data?

Users may exercise their right to access, rectify or erase their personal data; their right of restriction of processing, or their right to object to the processing of their personal data; to request the portability of their personal data; and prevent their personal data from being subject to automated individual decisions if they send written notification by email to privacidadcomunicacionymarketingcorporativo@gruposantander.com or by post to Avenida de Cantabria s/n, Ciudad Financiera, Edificio Arrecife Planta 1, 28660, Boadilla del Monte, Madrid.

Users may raise queries regarding the processing of their personal data in writing to the Banco Santander Data protection officer at privacidad@gruposantander.es.

Notwithstanding any other administrative or legal recourse, the Users can always file a complaint with the Agencia Española de Protección de Datos (Spanish data protection authority) at www.aepd.es, especially where they have not obtained satisfaction upon exercising their rights.