Users may also access the Registro de Actividades de Tratamiento del Banco de España at the following link, where they will find updated and detailed information on each of the uses that their personal data is put to, their goals and legal grounds for processing, the categories of personal data to be processed and the involved persons. They will also find information on the categories of recipients to whom their data might be disclosed, where appropriate, along with indications if this data is transferred to international recipients outside the European Economic Area.
Who is the Data Controller responsible for personal data processing?
The Data Controller responsible for processing the personal data provided by the User through the Website and all other channels mentioned is BANCO DE ESPAÑA, with the NIF (Spanish Tax Identification Number) Q2802472G, registered address at Calle Alcalá nº 48, 28014, Madrid, Spain, and telephone number 913 385 000.
For any queries regarding the processing of personal data by Banco de España, the User may contact the Data Protection Officer by means of the following contact form, or by writing to the address of Banco de España, for the attention of the "Delegado de Protección de Datos” [Data Protection Officer], which may be submitted in person at any of the Registries of its head offices, through the Electronic Headquarters of Banco de España or by post addressed to Banco de España, C/Alcalá 48, 28014, Madrid, Spain (A/A: Delegado de Protección de Datos [Data Protection Officer]).
Why we use your personal data?
Each personal data processing activity carried out by Banco de España has its own purposes, which may be consulted at the following link to the Banco de España's Register of Processing Activities.
Why is personal data processing legal?
In accordance with their purpose, the legal grounds for personal data processing activities carried out by Banco de España may be one or more of the following:
- To fulfil a legal duty, to fulfil a mission carried out in the public interest, or when exercising public powers conferred on Banco de España, in cases where data processing is necessary to execute the duties, competences and powers legally assigned to Banco de España. Generally, the data processing activities carried out by Banco de España are needed to fulfil the legal duties and competences conferred on it by, among others, the following legally binding rules:
- Law 13/1994 of 1 June, on the Autonomy of Banco de España.
- Law 44/2002 of 22 November, on Measures for Reforming the Financial System.
- Law 10/2014 of 26 June, on the administration, supervision and solvency of credit institutions.
- Royal Decree-Law 19/2018 of 23 November on payment services and other urgent financial measures.
- The existence of a contractual or pre-contractual relation, in cases where data processing is necessary to execute contractual relations or to apply pre-contractual measures requested by the User.
- The User’s consent, in cases where applicable, such as data processing as a result of subscribing to newsletter mailing lists. This consent may be withdrawn at any time, although this withdrawal shall not affect the lawfulness of processing done before the withdrawal of consent.
- The satisfaction of the legitimate interests of third parties, only in those cases in which these interests prevail over the interests, rights and fundamental freedoms of the User.
You can consult the legal grounds for each personal data processing activity carried out by Banco de España in the following link to the Banco de España's Register of Processing Activities.
With which recipients do we share your personal data?
Generally, personal data which are subject to processing will only be shared with third parties in order to fulfil a legal duty. Notwithstanding this, your personal data may be shared with organisations or third-parties that provide services to Banco de España, and whose services are required for the aforementioned goals.
The recipients mentioned in this section may be located inside or outside the European Economic Area. In the latter case, the international transfer of data will be legally authorised.
You can consult the following link to the Banco de España's Register of Processing Activities for the recipients of your data and information on any international transfers carried out within the framework of the Banco de España's processing activities.
How long do we keep your personal data?
The personal data of the User will be kept for as long as is necessary to fulfil the goal for which they were collected and to determine the possible responsibilities derived from said goal and from processing the data. In legally established cases, the law on archiving and Spanish documentary heritage will be applicable.
What are your legal rights with regard to data protection?
The User's rights regarding the protection of personal data are the rights of access, rectification, erasure and portability of their data, of limitation and opposition to their processing, as well as the right not to be subject to decisions based solely on the automated processing of their data, which will be applicable in the cases provided for in the applicable regulations on the protection of personal data.
In order to exercise these rights before the Banco de España, the User may submit a request, providing proof of identity, by any of the means indicated in the following link to the procedure for exercising data protection rights in the E-Office.
However, in order to exercise rights over personal data contained in the Banco de España’s Central Credit Register (CCR), in application of its specific regime, the User must submit a request for a risk report to the CCR window or a claim for non-conformity with the data declared to the CCROpens in a new window, as appropriate.
In the event that the User considers that Banco de España has infringed their data protection rights, they may file a complaint with the Banco de España's Data Protection Officer, prior to filing a complaint with the Spanish Data Protection Agency. To do so, the User may submit a written statement setting out their complaint and the facts on which it is based, by any of the following means: (i) by filling in the following contact form, (ii) in person at any of the Banco de España's registry offices, (iii) through the Banco de España's Electronic Office or (iv) by post to Banco de España, C/Alcalá 48, 28014, Madrid, Spain (A/A: Delegado de Protección de Datos [Data Protection Officer]). For the processing of claims addressed to the Banco de España's Data Protection Officer, the identity of the claimant must be accredited.
Likewise, in the event that the User considers that Banco de España has infringed their data protection rights, they may file a complaint directly with the Spanish Data Protection Agency (www.aepd.es ).
How do we secure your personal data?
User personal data shall be processed, at all times, under absolute confidentiality and maintaining due secrecy with regard to them, in accordance with the provisions of all applicable laws. All technical and organisational measures that guarantee the security of their data and avert its alteration, loss or unauthorised access or processing will be adopted, taking into account the state of the technology, the nature of the stored data and the risks to which they are exposed.
Banco de España especially applies, among others, security measures that are laid out in the Esquema Nacional de Seguridad (National Security Framework).
Is it compulsory to provide personal data?
The data requested by Banco de España is, in general, compulsory (unless otherwise indicated) in order to fulfil the goals of each activity that requires data processing. Therefore, if the data is not provided, or incorrectly provided, these goals cannot be fulfilled. This does not affect the free viewing of the Website contents.
What are the responsibilities with regard to the provided data?
- Guarantees that the data provided to Banco de España is accurate, exact, complete and updated. For these purposes, the User is responsible for the veracity of the communicated data and they will update this data, so that it reflects their current situation.
- Will be held responsible for false, excessive or inexact information provided, and for the direct or indirect damages that this may cause to Banco de España, or to third parties.
Banco de España will ensure the correct use of the personal data of minors, guaranteeing compliance with all applicable laws, by means of all reasonable measures. Nevertheless, Banco de España shall not be responsible for personal data provided by minors below the legally stipulated minimum age according to existing laws, who consent to the processing of their data without prior consent of their parents, tutors or legal guardians.