Glossary of terms

In case you have any doubts about the terms used in our Privacy and Personal Data Processing Policy, we have included this glossary below:


Your information may be "anonymised" so that this information no longer identifies or relates to you or any identified or identifiable individual. Sometimes this is the best way to ensure confidentiality.

Further information can be found in Recitals 26, 57 and Art. 11 of the GDPR.

Anonymous (data converted into)

See anonymise.

Automated decisions

These are decisions taken without human involvement, i.e. based solely on automated processing, including profiling. If they have legal implications or have a similar significant effect, then they are only possible if they are based on the conclusion or execution of a contract, authorised by law or based on your consent.

Further information can be found in Art. 22 GDPR and Recitals 71 and 72 GDPR, among others.

Commercial communications

This is any form of communication aimed at promoting, directly or indirectly, the image or the goods or services of a company, organisation or person carrying out a commercial, industrial, artisanal or professional activity.

Further information can be found in the Annex and content of Law 34/2002 of 11 July.

Consent of the data subject

This is one of the possible grounds for processing your data. Remember that your consent will be a freely given, specific, informed and unambiguous indication of your will, by which you agree to the processing of data, either by a statement or a clear affirmative action.

Further information can be found in, among others, Recitals 32, 42 and Art. 7 GDPR.


When two or more controllers jointly determine the purposes and means of the data processing, they are referred to as co-controllers for the data processing. For example, this happens in the area of Common Insurance Industry Information Systems, where several insurers would be jointly liable for your data.

Further information can be found by consulting Art. 26 GDPR.

Common Insurance Industry Information Systems

These are Common Insurance industry files, provided for in the Law, and regulated by a Code of Conduct approved by the Spanish Data Protection Agency, promoted by UNESPA (Spanish Insurance Company Association). You can check this code at

Línea Directa has adhered to compliance with this code of conduct in accordance with the information provided in the Privacy and Personal Data Processing Policy, and is therefore the co-controller for the data in the files adhered to, together with other insurers.

To exercise your data protection rights regarding the data contained in the Common Insurance Industry Information Systems, you may contact TIREA, Ctra. Las Rozas a El Escorial Km 0,3 Las Rozas 28231 MADRID.

Further information on data protection can be found on the UNESPA websites ( y TIREA (

Further information can be found in Art. 99.7 of Law 20/2015, of 14 July, on the organisation, supervision and solvency of insurance and reinsurance companies.

Data Blocking

Article 32 of Organic Law 3/2018 of 5 December stipulates that data must be blocked, legally, when its deletion or rectification is appropriate and your data will only be retained therefore to be made available to Public Authorities, Judges and Courts and so that this entity may address any liability arising from processing during the limitation period. Furthermore, at Línea Directa Aseguradora, we try to implement restrictions or voluntary blocking of data prior to the blocking ordered by law, so that the information is accessed by the fewest number of people possible and only for certain purposes.

Further information can be found in Art. 5.1.c) GDPR.

Data Controller

In this case the data controller is Línea Directa Aseguradora, as it is the entity who, alone or together with others, determines the purposes and means of the data processing. In some of the data processing it acts individually, in others as "co-controller".

Further information can be found in the analysis of the term Co-controller, and in Art. 4.7 GDPR.

Data minimisation

The data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Further information can be found in Art. 5.1.c) and 25, as well as in Recitals 156, GDPR, among others.

Data Processing

Art. 4.2 GDPR defines it as any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data processor

Sometimes it is necessary to engage with third parties who specialise in providing certain services, sharing your information with them solely for the purpose of providing that service. These third parties will be data processors, subject to contracts and other safeguards to ensure the confidentiality of your information.

Further information can be found in Art. 4.8 and 28 GDPR.

Data Protection Officer (DPO)

This is the person at Línea Directa Aseguradora who is responsible for safeguarding your privacy and supervising compliance with regulations. You can consult your entry at and contact our DPO in the manner indicated in the privacy policy.

Further information can be found in Arts. 37 to 39 GDPR.

Data quality

The accuracy of the information is one of the principles that requires data to be kept accurate and, if necessary, updated.

Further information can be found in Art. 5.1.d) GDPR.

Data segmentation

Segmenting data consists of grouping data according to certain common aspects, such as the same postcode, the same age, etc., in order to ensure, for example, that information is sent solely to the geographical area predetermined by the chosen postcode, by the selected age, etc., something which improves efficiency and better adapts any action to a specific spectrum of people, while avoiding fatigue when targeting others.

DGT files

The Directorate General of Traffic allows us to check the technical data of the vehicle to be insured, such as the displacement or the chassis number, among others, and which enables us to complete the information for the insured object. Sometimes you can also request access to other DGT databases, where you can obtain data such as the number of points associated with your driving licence, so that you can have access to certain promotions and discounts.

Legitimate interest

This is one of the possible grounds of legitimacy that allows the processing of data, according to Art. 6.1.f) GDPR, which states that information may be processed for the purposes of the legitimate interests pursued by the data controller or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, taking into account the reasonable expectations of the data subjects based on their relationship with the controller.

Recitals 47 and 48 GDPR refer to numerous examples.

Profiling, profiles

Art. 4.4 GDPR defines 'profiling' as any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's professional performance, financial situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Further information can be found in Art. 22 GDPR and Recitals 71 and 72, GDPR, among others.


A process whereby your information cannot be linked to or identified with you, unless additional information is held to reverse the process, provided that such additional information is held separately and is subject to technical and organisational measures in order to ensure that personal data are not attributed to an identified or identifiable individual.

Further information can be found in recitals 26, 28, 29, among others, and in Arts. 4.5, 25 and 32 GDPR.

Pseudonymised (data)

Information that has undergone a pseudonymisation process.

Publicly accessible sources

Art. 14.2.f) GDPR refers to publicly accessible sources as possible origins of the data, such as, for example, a website that is accessible without restrictions, certain directories, etc.; or in short, files that can be viewed by any person, without there being any regulation prohibiting this or without any requirement other than, where appropriate, the payment of a fee.

Further information on their use can be found, for example, in 58 bis of Organic Law 5/1985 of 19 June 1985.

Publicly available data

See publicly available sources.

Real Estate Cadastre

The Real Estate Cadastre is an administrative register under the authority of the Spanish Tax Authority and Public Service, and which describes any real estate that is rural or urban or with any other special characteristics. It is regulated by the Consolidated Text of the Real Estate Cadastre Law (Texto Refundido de la Ley del Catastro Inmobiliario). Registration is compulsory and free of charge. Some of its information is publicly accessible, so it can be very useful to complete and review the insured object or the circumstances of the insured object, as is the case in household policies where a dwelling is described.

Solvency, solvency files

Credit files store data on the fulfilment or non-fulfilment of monetary obligations, such as the payment or non-payment of debts. Their use is presumed to be lawful, for example, to set the premium for an insurance policy at the time of taking out or renewing an insurance policy.

Further information can be found in Art. 20 of Organic Law 3/2018, of 5 December.

Transfer of data outside the European Economic Area

The regulations allow you to rely on your own or third party means or instruments, located in countries with adequate legislation that guarantees the protection of your data, such as Spain, countries of the European Economic Area, or with data transfer to third countries when there is a European Commission Decision that establishes this. Apart from these situations, it will always be necessary to have adequate instruments and safeguards in place.

Further information can be found in Articles 44 and following GDPR, as well as in the following link
Icono facebook   Icono twitter