Privacy Policy

Banco Galicia S.A. ("Banco Galicia," "we," "us," or "our") is committed to protecting the privacy and security of your personal and financial information. This Privacy Policy explains how we collect, use, store, share, and protect information obtained through Galicia Banco Online and other Banco Galicia services. This policy applies to all customers and visitors accessing Banco Galicia platforms and services.

1. Information We Collect

1.1 Personal Identification Information

When you establish a relationship with Banco Galicia or access Galicia Banco Online, we collect personal identification information including:

• Full legal name, date of birth, and place of birth
• Government-issued identification numbers (DNI, passport, CUIL/CUIT)
• Residential address, mailing address, and contact information (phone, email)
• Nationality, citizenship status, and residency information
• Employment information, occupation, and income details
• Photographs and biometric data (for identity verification purposes)

1.2 Financial Information

Banco Galicia collects comprehensive financial information necessary for providing banking services through Galicia Banco Online:

• Account numbers, balances, and transaction histories
• Credit and debit card information
• Loan and credit facility details
• Investment holdings and portfolio information
• Payment and transfer instructions
• Credit history and creditworthiness assessments
• Tax identification information and tax residency status

1.3 Technical and Usage Information

When you access Galicia Banco Online, we automatically collect technical information about your device and usage patterns:

• IP address, device identifiers, and operating system information
• Browser type, version, and language settings
• Access times, dates, and duration of Galicia Banco Online sessions
• Pages viewed, links clicked, and features accessed
• Geographic location data (country, city, timezone)
• Cookies and similar tracking technologies data

1.4 Communication Records

Banco Galicia maintains records of communications between you and our institution, including phone conversations, emails, chat messages, correspondence, and in-person interactions at branches. These records may be monitored and recorded for quality assurance, training, compliance, and security purposes.

2. How We Use Your Information

Banco Galicia uses collected information for the following purposes:

Purpose Category	Specific Uses
Account Management	Opening accounts, processing transactions, maintaining account records, providing statements, managing Galicia Banco Online access
Service Delivery	Executing payments, transfers, investments; processing loan applications; delivering banking products; providing customer support
Security & Fraud Prevention	Verifying identity, detecting suspicious activity, preventing fraud, protecting accounts, monitoring transactions, investigating security incidents
Legal Compliance	Meeting regulatory obligations, complying with court orders, preventing money laundering, reporting suspicious activities, maintaining required records
Risk Management	Assessing creditworthiness, managing lending risks, evaluating account activity, preventing losses, enforcing terms and conditions
Communications	Sending account notifications, transaction confirmations, service updates, security alerts, regulatory notices, marketing materials (with consent)
Product Development	Improving Galicia Banco Online features, developing new services, conducting market research, analyzing customer preferences

3. Information Sharing and Disclosure

3.1 Permitted Disclosures

Banco Galicia may share your information in the following circumstances:

• With Service Providers: We engage third-party service providers to perform functions on behalf of Banco Galicia (payment processors, technology vendors, data analytics firms). These providers are contractually obligated to maintain confidentiality and use information only for specified purposes.
• Within Banco Galicia Group: Information may be shared among Banco Galicia affiliates and subsidiaries for internal administrative purposes, consolidated risk management, and cross-selling of products (where permitted by law and with your consent).
• With Regulatory Authorities: Banco Galicia discloses information to the Banco Central de la República Argentina (BCRA), tax authorities, financial intelligence units, and other regulatory bodies as required by law.
• For Legal Proceedings: We may disclose information in response to court orders, subpoenas, legal processes, or to establish, exercise, or defend legal rights.
• With Your Consent: Banco Galicia may share information with third parties when you provide explicit consent for specific purposes.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, customer information may be transferred to successor entities, subject to continued privacy protection.

3.2 Restrictions on Disclosure

Banco Galicia does not sell, rent, or trade customer information to third parties for their marketing purposes. We maintain strict controls over information sharing and limit disclosures to circumstances described in this Privacy Policy or as required by Argentine law.

4. Data Security Measures

Banco Galicia implements comprehensive security measures to protect your information from unauthorized access, disclosure, alteration, or destruction:

• Encryption: All data transmitted through Galicia Banco Online is protected using 128-bit SSL encryption. Stored data is encrypted using Advanced Encryption Standard (AES) protocols.
• Access Controls: Employee access to customer information is restricted based on job function and subject to strict authentication requirements. Access logs are maintained and regularly audited.
• Network Security: Banco Galicia maintains firewalls, intrusion detection systems, and continuous security monitoring to protect against cyber threats.
• Physical Security: Data centers and facilities housing customer information are protected by physical security measures including access controls, surveillance, and environmental protections.
• Security Testing: Regular penetration testing, vulnerability assessments, and security audits are conducted by independent security firms to identify and remediate potential weaknesses.
• Incident Response: Banco Galicia maintains incident response protocols to quickly detect, contain, and respond to security breaches affecting customer information.

5. Your Privacy Rights

Under Argentine data protection law, you have the following rights regarding your personal information:

• Right of Access: You may request confirmation of whether Banco Galicia processes your personal data and obtain a copy of such data.
• Right of Rectification: You may request correction of inaccurate or incomplete personal information maintained by Banco Galicia.
• Right of Suppression: You may request deletion of your personal information in certain circumstances (subject to legal retention requirements).
• Right to Object: You may object to processing of your information for certain purposes, including direct marketing.
• Right to Data Portability: You may request transfer of your data to another financial institution in a structured, commonly used format.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time (without affecting prior processing).

To exercise these rights, contact Banco Galicia's Data Protection Officer at privacy@bancogalicia.com.ar or visit any Banco Galicia branch with valid identification. We will respond to your request within the timeframe required by Argentine law (typically 10 business days).

6. Cookies and Tracking Technologies

Galicia Banco Online uses cookies and similar technologies to enhance user experience, maintain session security, and analyze platform usage:

• Essential Cookies: Required for Galicia Banco Online functionality, including session management, authentication, and security features. These cookies cannot be disabled without affecting platform operation.
• Performance Cookies: Collect anonymous information about how visitors use Galicia Banco Online, helping us improve user experience and identify technical issues.
• Functional Cookies: Remember your preferences and settings to provide personalized features and enhanced functionality.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may limit Galicia Banco Online functionality. Banco Galicia does not use third-party advertising cookies on our digital banking platform.

7. Data Retention

Banco Galicia retains customer information for periods required by Argentine banking regulations and internal policies:

• Account records: Minimum 10 years after account closure (as required by BCRA regulations)
• Transaction records: Minimum 10 years from transaction date
• Identification documentation: Duration of customer relationship plus 10 years
• Communication records: Typically 5-7 years depending on content and purpose
• Technical logs: Variable retention periods based on security and operational requirements

After retention periods expire, Banco Galicia securely disposes of information through approved destruction methods ensuring data cannot be reconstructed or accessed.

8. International Data Transfers

Banco Galicia primarily stores and processes customer information within Argentina. In certain circumstances, information may be transferred to service providers located in other jurisdictions for legitimate business purposes (such as cloud hosting or specialized technical services).

Any international transfers comply with Argentine data protection law requirements, including ensuring adequate protection through contractual safeguards, standard data protection clauses, or transfers to jurisdictions recognized as providing adequate data protection by the DNPDP.

9. Children's Privacy

Galicia Banco Online is not intended for individuals under 18 years of age. Banco Galicia does not knowingly collect personal information from minors without parental consent. If we become aware of inadvertent collection of information from minors, we will take steps to delete such information promptly.

Banking services for minors are provided through specialized accounts requiring parental or guardian authorization and oversight in accordance with Argentine law.

10. Changes to Privacy Policy

Banco Galicia may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or service offerings. Material changes will be communicated through Galicia Banco Online, email notifications, or notices at Banco Galicia branches.

The "Last Updated" date at the top of this policy indicates when it was most recently revised. Continued use of Galicia Banco Online following policy updates constitutes acceptance of the revised policy. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your information.

11. Third-Party Links

Galicia Banco Online may contain links to third-party websites or services not operated by Banco Galicia. This Privacy Policy does not apply to third-party sites, and Banco Galicia is not responsible for their privacy practices. We encourage you to review privacy policies of any third-party sites you visit.

12. Regulatory Compliance

Banco Galicia's privacy practices comply with:

• Argentine Personal Data Protection Act (Law 25,326)
• DNPDP Regulations and Resolutions
• BCRA Banking Secrecy Regulations
• Anti-Money Laundering Laws (Law 25,246)
• Consumer Protection Laws (Law 24,240)
• Financial Information Secrecy Law (Law 21,526)

Banco Galicia is registered with the National Registry of Data Bases (RNBD) maintained by the DNPDP for all personal data processing activities.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or Banco Galicia's data protection practices, contact:

• Data Protection Officer
• Email: privacy@bancogalicia.com.ar
• Phone: +54-11-4321-5678
• Mail: Data Protection Department, Banco Galicia S.A., Av. Corrientes 1234, C1043 Buenos Aires, Argentina

You also have the right to lodge a complaint with the National Directorate for Personal Data Protection (DNPDP) if you believe Banco Galicia has violated your privacy rights.