*Automatic Telephone Call Recording Policy
Dear client and strategic partner,
At C1 Broker, we understand that trust is the foundation of any professional relationship. Therefore, we operate under principles of transparency, legal certainty, and responsibility in every interaction with our clients.
As part of our commitment to service quality and to the protection of both our clients and our team, certain telephone calls made or received may be recorded automatically.
This policy clearly explains why we carry out these recordings, what their legal basis is, and what safeguards we apply to protect personal data, all in accordance with Regulation (EU) 2016/679 (GDPR), Organic Law 3/2018, and other applicable Spanish regulations.
Call recording forms part of our comprehensive compliance framework, described in our Compliance Policy, as well as in our Privacy Policy and the corresponding Legal Notice.
Digital Compliance
We recognise the importance of ensuring that our clients’ information is protected at all times.
To this end, we have a dedicated Digital Compliance department whose objective is to ensure that our processes, technologies and communication systems — including the automatic recording of calls — comply with the highest standards of security, confidentiality and information integrity.
We are committed to remaining at the forefront of best practices in digital security and data protection, providing our clients with the peace of mind that their information is properly safeguarded.
On our website, you can find transparent and easily accessible detailed information about:
Legal Notice
Privacy Policy
Terms and Conditions
Cookies Policy
ARSOL Rights (Access, Rectification, Erasure, Objection and Restriction)
Customer Service Regulations (SAC)
Robinson List
Legal Consent
Our objective is not control, but rather legal certainty, proper contractual management and protection against potential incidents or disputes.
1. Regulatory Framework and Compliance Commitment
This Policy governs the processing of personal data arising from the automatic recording of telephone calls made or received by C1 Broker® within the exclusive framework of insurance contractual and pre-contractual management.
Recording is strictly limited to communications related to:
Formalisation of insurance contracts.
Policy amendments.
Claims management and processing.
Communications directly related to the insurance relationship.
No recordings are carried out outside the professional or contractual scope.
2. Purpose of the Processing
Processing is carried out in accordance with:
Regulation (EU) 2016/679 (GDPR)
Organic Law 3/2018 (LOPDGDD)
Spanish Constitution (Art. 18)
Workers’ Statute (Art. 20.3)
Article 89 LOPDGDD
Insurance sector regulations
C1 Broker® operates in line with the principles set out in Article 5 of the GDPR: lawfulness, fairness, transparency, data minimisation, purpose limitation, accuracy, storage limitation, and integrity and confidentiality.
3. Legal Basis for the Processing
3.1 Main legal basis
The processing is primarily based on Article 6.1.b GDPR (necessity for the performance of a contract or the implementation of pre-contractual measures).
Recording constitutes a necessary and proportionate means to:
Evidence contractual intent.
Ensure legal certainty.
Provide protection against claims.
3.2 Legitimate interest
Additionally, the processing is supported by Article 6.1.f GDPR with regard to:
Legal defence.
Fraud prevention.
Organisational protection.
C1 Broker® has carried out the corresponding Legitimate Interest Assessment (LIA) in accordance with the guidelines of the European Data Protection Board, concluding that the rights and freedoms of data subjects do not prevail.
3.3 Legal obligation
In certain cases, Article 6.1.c GDPR may apply when recording is necessary to comply with legal obligations.
3.4 Not based on consent
The processing is not based on consent, as it is necessary for contractual management.
4. Prior Information and Transparency
The following data may be processed:
Identification data.
Contact details.
Economic and financial data.
Contractual information.
Claims-related data.
Within the context of claims management, health-related data may be processed where necessary for insurance handling. In such cases, processing is based on Article 9.2.f GDPR (establishment, exercise or defence of legal claims) and the applicable sector regulations.
No biometric data processing or voice analysis for unique identification purposes is carried out.
This Policy supplements such information in accordance with the layered information model provided for in Article 11 LOPDGDD.
This processing forms part of the general framework described in our:
5. Proportionality and Limitation
Recording:
Is automatic but limited to the contractual scope.
Is not used for indiscriminate monitoring.
Is not used for automated profiling.
Is not intended for systematic evaluation of work performance.
Access to recordings is restricted to authorised personnel based on functional necessity criteria
6. Retention of Recordings
Recordings will be retained in accordance with the principle of storage limitation set out in Article 5.1.e of Regulation (EU) 2016/679.
In particular:
During the term of the contractual relationship, where the recording is linked to the formalisation, amendment or performance of an insurance contract.
After the termination of the contract, for a maximum period of five (5) years, in accordance with Article 1964 of the Spanish Civil Code, for the purpose of addressing potential contractual or non-contractual liabilities, unless a different legal retention period applies under specific regulations.
Once the indicated periods have elapsed:
Recordings will be blocked where appropriate, in accordance with Article 32 of Organic Law 3/2018.
They will subsequently be securely deleted, ensuring their irreversible destruction or removal.
Early deletion for technical reasons
Without prejudice to the above, C1 Broker® may proceed with the early deletion of certain recordings when, for technical, operational or storage system maintenance reasons, it becomes necessary to optimise available capacity, provided that:
There is no ongoing administrative or judicial procedure or claim.
The need for retention for evidentiary purposes is not reasonably foreseeable.
There is no specific legal obligation to retain the data.
In all cases, any early deletion will be carried out in compliance with the principles of proportionality, data minimisation and purpose limitation, ensuring that recordings necessary for legal defence or compliance with legal obligations are not deleted.
The indefinite retention of recordings is expressly prohibited.
7. Security, Access Control and Integrity of Recordings
In compliance with Article 32 of Regulation (EU) 2016/679, and in application of the principle of integrity and confidentiality set out in Article 5.1.f GDPR, C1 Broker® – WISEG MEDIACIÓN DE SEGUROS, S.L. implements appropriate technical and organisational measures designed to ensure a level of security appropriate to the risk.
In particular, recordings are protected through:
Encryption of information both in transit and at rest.
Access control systems based on professional roles and profiles.
Access logs (auditable logs) enabling traceability of queries, downloads and playbacks.
Technical mechanisms ensuring the integrity, authenticity and immutability of recordings.
Internal digital custody and document management protocols.
Recordings may be used as evidence in administrative, arbitration or judicial proceedings where necessary for the defence of rights or legitimate interests, guaranteeing at all times their authenticity, integrity and digital chain of custody.
Restricted access and legitimate use
Access to recordings is strictly limited to expressly authorised personnel, based on professional necessity criteria linked to the purposes described in this Policy.
Any access, consultation, reproduction, download or disclosure of recordings without justified and documented cause is expressly prohibited. Exploratory or unauthorised access constitutes an internal infringement and may give rise to disciplinary measures in accordance with applicable labour regulations, without prejudice to any legal liabilities that may arise.
Technical Supervision and System Auditing
The recording and storage systems used by C1 Broker® are subject to periodic technical supervision, including:
Review of security measures.
Verification of access controls.
Assessment of contractual compliance by technology providers acting as data processors in accordance with Article 28 GDPR.
Analysis of risks associated with the processing.
C1 Broker® carries out reasonable and proportionate checks aimed at ensuring the confidentiality, integrity, availability and resilience of the systems supporting the recordings, in application of the accountability principle set out in Article 24 GDPR.
Absence of automated decision-making and biometric technologies
C1 Broker® – WISEG MEDIACIÓN DE SEGUROS, S.L. does not use biometric voice recognition systems, automated emotion analysis, automatic transcription tools for profiling purposes, or artificial intelligence technologies intended to make automated individual decisions based on recordings.
Recordings are processed exclusively by authorised personnel and for contractual, organisational and legal defence purposes, without any automated processing that produces legal effects or significantly affects data subjects, in accordance with Article 22 of Regulation (EU) 2016/679.
8. Processing in the Employment Context
Data subjects may exercise the following rights:
Access (including the request for a copy of the recording where applicable).
Rectification.
Erasure.
Restriction of processing.
Objection.
The provision of a copy will be subject to identity verification and to the protection of the rights of third parties who may have participated in the conversation.
Data subjects may also lodge a complaint with the Spanish Data Protection Agency (AEPD).
9. Data Subject Rights
Data subjects may exercise the rights recognised in Articles 15 to 22 of Regulation (EU) 2016/679, and in the applicable Spanish regulations, including:
Right of access.
Right to rectification.
Right to erasure.
Right to restriction of processing.
Right to object.
Requests must be addressed to C1 Broker® – WISEG MEDIACIÓN DE SEGUROS, S.L. through the channels indicated in the Privacy Policy.
Right of access to recordings
Where the right of access relates to a call recording, C1 Broker® may:
Provide a copy of the recording when the requester was a participant in the conversation.
Adopt the necessary technical measures to protect the rights and freedoms of third parties who may have participated in the call.
Where appropriate, provide a partial transcript or relevant extract instead of the full recording, if necessary to safeguard third-party data or legitimate interests.
The provision of a copy will be subject to:
Prior verification of sufficient identity.
Assessment of potential impact on third-party rights.
Verification that no legal limitations apply.
Limitations and Balancing Test
The exercise of the right of access shall not adversely affect the rights and freedoms of other data subjects, in accordance with Article 15.4 GDPR.
In particular, recordings will not be provided where:
There is an ongoing judicial or administrative procedure and disclosure may affect legal defence.
Non-separable personal data of third parties would be compromised.
Legal obligations exist that prevent their disclosure.
In such cases, a reasoned response will be provided in accordance with Article 12 GDPR.
Response Time
C1 Broker® will respond to requests within a maximum period of one (1) month from receipt, which may be extended in the case of complex requests in accordance with Article 12.3 GDPR.
10. Data Processors and Transfers
Technology providers act as data processors in accordance with Article 28 GDPR.
In the event of international transfers, the safeguards provided for in Articles 44 et seq. GDPR will apply, including standard contractual clauses or adequacy decisions where appropriate.
11. Restrictive Interpretation Clause
This Policy does not authorise processing activities other than those expressly described. Any additional use will require a specific legal assessment in accordance with the GDPR.
12. Regulatory Framework and Legal References
This Policy is based on the current regulations on data protection and employment relations. You may consult the official texts of the following provisions:
📘 Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR)
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX:32016R0679📄 Article 6 GDPR – Lawfulness of processing
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX:32016R0679#d1e1883-1-1📄 Article 13 GDPR – Information to be provided to the data subject
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX:32016R0679#d1e2174-1-1📄 Article 32 GDPR – Security of processing
https://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX:32016R0679#d1e2663-1-1📘 Organic Law 3/2018 (LOPDGDD)
https://www.boe.es/buscar/act.php?id=BOE-A-2018-16673📄 Article 89 LOPDGDD – Recording systems in the workplace
https://www.boe.es/buscar/act.php?id=BOE-A-2018-16673#a89📘 Workers’ Statute
https://www.boe.es/buscar/act.php?id=BOE-A-2015-11430📄 Article 20.3 Workers’ Statute – Employer monitoring powers
https://www.boe.es/buscar/act.php?id=BOE-A-2015-11430#a20
13. C1 Broker Compliance Tools
14. Legitimate Interest Assessment (LIA)
C1 Broker® – WISEG MEDIACIÓN DE SEGUROS, S.L. has carried out the corresponding Legitimate Interest Assessment (LIA) in accordance with Article 6.1.f GDPR and the guidelines of the European Data Protection Board, ensuring that the processing does not override the fundamental rights and freedoms of data subjects.
15. Change Control and Regulatory Oversight
Any modification to the purposes of processing, incorporation of new technologies, expansion of the scope of recording, or substantial change in the systems used will require prior legal assessment by the compliance body of C1 Broker® – WISEG MEDIACIÓN DE SEGUROS, S.L.
Such modifications will be duly documented and reflected through the formal update of this Policy.