Authorisations, fit and proper assessments and senior officers’ register

Purpose

Processing of authorisations of supervised institutions, fit and proper assessments and registrations with the Senior Officers Register in accordance with the applicable regulations.

Legal basis

Performance of a task carried out in the public interest or in the exercise of official authority vested in the Banco de España pursuant to:

  • Law 10/2014, of 26 June, on the regulation, supervision and solvency of credit institutions
  • Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions
  • Regulation (EU) No 468/2014 of the European Central Bank of 16 April 2014 establishing the framework for cooperation within the Single Supervisory Mechanism between the European Central Bank and national competent authorities and with national designated authorities (SSM Framework Regulation)
  • Law 13/1989, of 26 May, on Credit Cooperatives
  • Law 1/1994, of 11 March, on the legal statute of mutual guarantee institutions
  • Law 5/2015, of 27 April, on the promotion of business financing
  • Royal Decree-Law 19/2018, of 23 November, on payment services and other urgent financial measures
  • Law 21/2011, of 26 July, on electronic money
  • Law 2/1981, of 25 March 1981, on the Regulation of the Mortgage Market
  • Law 5/2019, of 15 March, regulating real estate credit contracts
  • Law 13/1996, of 30 December 1996, on tax, administrative and social measures
  • Law 26/2013, of 27 December, on savings banks and banking foundations.
  • Law 10/2010, of 28 April, on prevention of money laundering and terrorist financing

Categories of data subjects

  • Legal representatives
  • Contact persons
  • Senior Officers undergoing suitability assessment
  • Offending subjects unfit to hold senior positions
  • Promoters
  • Shareholders with significant holdings
  • People with whom the institution has close ties
  • Persons without a position registrable in the Senior Officers’ Register who must be registered in order to record the annotation of disqualification ordered by a Court or Tribunal
  • Providers engaged in exchange services between virtual currencies and fiat currencies as well as custodian wallet providers

Categories of personal data

  • Identification details: complete name, ID number or equivalent
  • Contact details: email address, postal address, personal address for notification purposes, phone number
  • Academic and professional details: professional background, corporate position and, where applicable, registration as a self-employed worker
  • Economic and financial details: remuneration, bank accounts and transactions, financial information
  • Other personal characteristics: nationality, date and place of birth
  • Other details: data relating to the commission of administrative offenses, existence of relevant criminal and/or enforcement investigations, debarments, disqualifications

For verification purposes, the identifying data and those related to the commission of criminal offenses of the subjects shall be consulted and compared with those held by other Public Administrations through the Administration's data intermediation platform.

Retention period

Data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.

Security measures

In accordance with the First Additional Provision of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, the security measures implemented at Banco de España correspond to those provided for in the National Security Scheme.

Recipients

  • ECB
  • European Supervision Authorities (EBA, ESMA, EIOPA and jointly referred as ESAs) through the fit and proper information exchange system. For more information, please read the privacy statement of the ESAs information system.pdf File PDF: Opens in new window (180 KB)
  • Spanish Stock Exchange Commission (CNMV)
  • Courts of Justice
  • Other competent public authorities

International transfers of data

National competent authorities outside the EEA for important reasons of public interest (article 49.1.d) of the GDPR)

Data controller

  • Regarding data processing activities which are necessary for the procedures carried out within the framework of the Single Supervisory Mechanism (SSM), the Banco de España and the European Central Bank are joint controllers. The essential elements of the joint controllership agreement shall be published at European Central Bank Privacy Statement in relation to SSMOpens in new window
  • Regarding data processing activities carried out by Banco de España outside the framework of the SSM and other specific processing activities provided for in the applicable Spanish regulations and in the SSM joint controllership agreement, the Banco de España is an independent data controller.

Data Protection Officer

Banco de España:
Contact formOpens in new window

European Central Bank:
dpo@ecb.europa.eu Send email: Opens in new window

Exercise of rights and complaints

  • Regarding processing activities where Banco de España is data controller, you can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at Banco de España Privacy Policy
  • Regarding processing activities where the European Central Bank is jointcontroller, you can check this information at European Central Bank Privacy Statement in relation to SSMOpens in new window
Previous Processing of rights and qu... Next Social benefits for employe...