The User can click on the following link to access the Record of Processing Activities of Banco de España where they will find updated and detailed information on each of the uses that their personal data is put to, their goals and legal grounds for processing, the categories of personal data to be processed and the involved persons. They will also find information on the categories of recipients to whom their data might be disclosed, where appropriate, along with indications if this data is transferred to international recipients outside the European Economic Area.
Who is the Data Controller responsible for personal data processing?
The Data Controller responsible for processing the personal data provided by the User through the Website and all other mentioned channels is BANCO DE ESPAÑA, with the NIF (Spanish Tax Identification Number) Q2802472G, registered address at Calle Alcalá Nº 48, 28014, Madrid, Spain, and telephone number 913 385 000.
In case of doubts regarding the processing of their personal data by Banco de España, the User can contact the Data Protection Officer by filling out the following contact form, or in writing to the registered address of Banco de España, marked “for the attention of the Data Protection Officer”.
Why we use your personal data?
Each personal data processing activity carried out by Banco de España has its own purposes, which may be consulted at the following link to the Record of Processing Activities of Banco de España.
Why is personal data processing legal?
In accordance with their purpose, the legal grounds for personal data processing activities carried out by Banco de España may be one or more of the following:
- To fulfil a legal duty, to fulfil a mission carried out in the public interest, or when exercising public powers conferred on Banco de España, in cases where data processing is necessary to execute the duties, competences and powers legally assigned to Banco de España. In general, the data processing activities carried out by Banco de España are needed to fulfil the legal duties and competences conferred on it, among others, by the following legally binding rules:
- Law 13/1994 of 1 June, on the Autonomy of Banco de España.
- Law 44/2002 of 22 November, on Measures for Reforming the Financial System.
- Law 10/2014 of 26 June, on the administration, supervision and solvency of credit institutions.
- Royal Decree-Law 19/2018 of 23 November, on payment services and other urgent financial measures.
- The existence of a contractual or pre-contractual relation, in cases where data processing is necessary to execute contractual relations or to apply pre-contractual measures requested by the User.
- The User’s consent, in cases where applicable, such as data processing as a result of subscribing to newsletter mailing lists. This consent may be withdrawn at any time, although this withdrawal shall not affect the lawfulness of processing carried out before the withdrawal of consent.
You can consult the legal grounds for each personal data processing activity carried out by Banco de España in the following link to the Record of Processing Activities of Banco de España.
With what recipients do we share your personal data?
Generally, personal data which is subject to processing will only be shared with third parties in order to fulfil a legal duty. Notwithstanding this, your personal data may be shared with organisations or third-parties that provide services to Banco de España, and whose services are required to fulfil the aforementioned ends.
The recipients mentioned in this section may be located inside or outside the European Economic Area. In the latter case, the international transfer of data shall be legally authorised.
You can consult the recipients of your data for each personal data processing activity carried out by Banco de España in the following link to the Record of Processing Activities of Banco de España.
How long do we keep your personal data?
The personal data of the User will be kept for as long as is necessary to fulfil the goal for which they were collected and to determine the possible responsibilities derived from said goal and from processing the data. In legally established cases, the law on archiving and Spanish documentary heritage will be applicable.
What are your legal rights with regard to data protection?
The User can revoke all given consent and exercise their rights of access to, rectification or erasure of personal data; their right to data portability, their right to limit and object to data processing. When in accordance with the applicable regulations on personal data protection, they can refuse to be subject to decisions based solely on the automated processing of their data.
In order to do so, you may submit an application via the procedure recorded in our e-portal, properly evidencing your identity, either in person, by post or by electronic means.
If the User considers Banco de España to have violated their rights with regard to personal data protection, they can (i) lodge a complaint -prior to filing a complaint with the Agencia Española de Protección de Datos (Spanish Data Protection Agency)- with the Data Protection Officer of Banco de España by the following contact form, or in writing to the “Data Protection Officer” at Banco de España, Calle Alcalá Nº 48, 28014, Madrid, Spain; or (ii) directly file a complaint with the Agencia Española de Protección de Datos (Spanish Data Protection Agency www.aepd.es).
How do we secure your personal data?
User personal data shall be processed, at all times, under absolute confidentiality, and maintaining due secrecy with regard to them, in accordance with the provisions of all applicable laws. All technical and organisational measures that guarantee the security of their data and avert its alteration, loss or unauthorised access or processing shall be adopted, taking into account the state of the technology, the nature of the stored data and the risks to which they are exposed. Banco de España especially applies, among others, security measures that are laid out in the Esquema Nacional de Seguridad (National Security Framework).
Is it compulsory to provide personal data?
The data requested by Banco de España is, in general, compulsory (unless otherwise indicated) in order to fulfil the goals of each activity that requires data processing. Therefore, if the data is not provided, or incorrectly provided, these goals cannot be fulfilled. This does not affect the free viewing of the Website contents.
What are the responsibilities with regard to the provided personal data?
- Guarantees that the data provided to Banco de España is accurate, exact, complete and updated. For these purposes, the User is responsible for the veracity of the communicated data and they will update this data, so that it reflects their current situation.
- Will be held responsible for false, excessive or inexact information provided through the Website, and for the direct or indirect damages that this may cause to Banco de España, or to third parties.
Banco de España will ensure the correct use of the personal data of minors, guaranteeing compliance with all applicable laws, by means of all reasonable measures. Nevertheless, Banco de España shall not be held responsible for personal data provided by minors below the legally stipulated minimum age according to existing laws, who consent to the processing of their data without the prior consent of their parents, tutors or legal guardians.
Last updated: November 2020