- Processing of breach reports about alleged infringements committed by institutions supervised by the Banco de España;
- Processing of breach reports concerning unauthorized or unregistered institutions carrying out business activities legally restricted to institutions supervised by the Banco de España or using commercial names which may only be legally used by institutions supervised by the Banco de España.
Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller pursuant to:
- Law 39/2015, of 1 October, on the regulation of the administrative procedure applicable to public institutions;
- Law 10/2014, of 26 June, on the regulation, supervision and solvency of credit institutions;
- Royal Decree-Law 19/2018, of 23 November, on payment service providers and other urgent financial measures.
Categories of data subjects
Categories of personal data
- Identification data: Nama, surname, ID number, date of birth
- Contact data: Phone number, postal address
- Other data included in the breach report
Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.
Security measures provided for in Annex II of Royal Decree 3/2020, of 8 January, which regulates the National Security Scheme in the field of Electronic Administration.
- Courts of Justice
- Other competent public authorities
International transfer of data
Banco de España
Data Protection Officer
Division of Governance and Transparency
Exercise of rights and complaints