Public procurement proceedings


  • Management and processing of public tenders
  • Accounting, tax and administrative management arising from public procurement proceedings
  • Control of expenses and investments associated with procurement proceedings
  • Processing of the annual declaration of transactions with third parties
  • Compliance with tax obligations
  • Compliance with AML/CFT obligations

Legal basis

  • Compliance with a legal obligation to which the controller is subject pursuant to:
    • (i) Law 9/2017, of 8 November on Public Sector Contracts.
    • (ii) Law 25/2013, of 27 December, on the promotion of electronic invoicing and the creation of the accounting register of invoices in the public sector.
    • (iii) Law 10/2010, of 28 April, on the prevention of money laundering and terrorism financing.
    • (iv) Law 12/2003, of 21 May 2003, on the prevention and blocking of the terrorism financing.
    • (v) Law 58/2003, of 17 December, on General Taxation.
    • (vi) Organic Law 6/198, of 1 July 1985, on the Judicial Authority.
  • Performance of a contract to which the data subject is party.

Categories of data subjects

  • Tenderers and suppliers who are natural persons.
  • Legal representatives, contact persons and employees of tenderers and suppliers.
  • Applicants requiring access to administrative procurement files.
  • Taxpayers in respect of whom information requests may be received.
  • Customers of goods and services whose data may be included in bidders' references.
  • Banco de España employees whose data are published in compliance with transparency obligations.

Categories of personal data

  • Identification data: Name, surname, ID number, signature
  • Contact data: Phone number, postal address, e-mail
  • Professional and academic data: Education background, professional position, representation and power of attorney data
  • Economic data: Invoicing data and salary (in tender procedures when there are subcontracted staff)
  • Personal characteristics data: Nationality
  • Data relating to the commission of criminal and administrative offences

Retention period

Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.

Security measures

Security measures provided for in Annex II of Royal Decree 3/2020, of 8 January, which regulates the National Security Scheme in the field of Electronic Administration.


  • Citizens through the Public Sector Procurement Platform
  • Credit institutions
  • Interested parties (to challenge the proceeding)
  • Tax Administration
  • Social security institutions
  • Spanish AML/CFT supervisor (Sepblac)
  • Court of Auditors
  • Courts of Justice
  • Other competent public authorities

International transfer of data


Data controller

Banco de España
NIF: Q2802472G

Data Protection Officer

Division of Governance and Transparency
Contact formOpens in a new window

Exercise of rights and complaints

You can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at our Privacy Policy