Purpose
- Handling and management of reports of alleged breaches of organisational and disciplinary rules by entities subject to supervision by the Banco de España.
- Handling and management of reports in relation to institutions which, without being duly authorised or registered in the official registers, carry out activities legally reserved for institutions supervised by the Banco de España or use names reserved for the latter.
Legal basis
The processing is necessary for the compliance of a legal obligation provided for in the following regulations:
- Law 39/2015, of 1 October, on the common administrative procedure for public administrations.
- Law 10/2014, of 26 June, on the regulation, supervision and solvency of credit institutions.
- Royal Decree Law 19/2018 of 23 November 2018 on payment services and other urgent financial measures.
- Law 2/2023, of February 20, regulating the protection of people who report on regulatory violations and the fight against corruption.
Categories of data subjects
- Breach reporters in the case of natural persons or, where appropriate, their legal representatives.
- Breach reporters in the case of natural persons.
- Other natural persons whose personal data could be included in the reported information.
Categories of personal data
- Identification data: Name, surname, NIF or equivalent and signature.
- Contact details: e-mail address, postal address and telephone number.
- Professional and academic data: Position held, entity to which they belong.
Retention period
Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.
Security measures
In accordance with the First Additional Provision of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, the security measures implemented at Banco de España correspond to those provided for in the National Security Scheme.
Recipients
- European Central Bank, only in case of consent of the breach reporter.
- Judges, courts and other competent bodies or authorities, only if the disclosure is necessary for the fulfilment of a legal obligation or for the verification and analysis of the reported facts.
International transfer of data
N/A
Data controller
Banco de España
NIF: Q2802472G
Data Protection Officer
Exercise of rights and complaints
You can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at our Privacy Policy