Transparency

Breach reporting relating to supervised activities

Purpose

  • Processing of breach reports about alleged infringements committed by institutions supervised by the Banco de España;
  • Processing of breach reports concerning unauthorized or unregistered institutions carrying out business activities legally restricted to institutions supervised by the Banco de España or using commercial names which may only be legally used by institutions supervised by the Banco de España.

Legal basis

Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller pursuant to:

  • Law 39/2015, of 1 October, on the regulation of the administrative procedure applicable to public institutions;
  • Law 10/2014, of 26 June, on the regulation, supervision and solvency of credit institutions;
  • Royal Decree-Law 19/2018, of 23 November, on payment service providers and other urgent financial measures.

Categories of data subjects

Breach reporters

Categories of personal data

  • Identification data: Nama, surname, ID number, date of birth 
  • Contact data: Phone number, postal address
  • Other data included in the breach report

Retention period

Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.

Security measures

Security measures provided for in Annex II of Royal Decree 3/2020, of 8 January, which regulates the National Security Scheme in the field of Electronic Administration.

Recipients

  • Courts of Justice
  • Other competent public authorities
  • ECB

International transfer of data

N/A

Data controller

Banco de España
NIF: Q2802472G

Data Protection Officer

Division of Governance and Transparency
Contact formOpens in a new window

Exercise of rights and complaints

You can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at our Privacy Policy