Back

Records of data processing activities

Proceedings handled by the Legal Department

Purpose

  • (i) Processing of administrative and judicial files and appeals.
  • (ii) Management and handling of official letters and requests for information from public administrations.
  • (iii) Management and handling of enquiries, applications and requests for information from citizens and/or legitimate interested parties.
  • (iv) Notification of facts that could constitute a public offence.
  • (v) Participation in monitoring committees for agreements signed with public administrations, public bodies and public law entities.

Legal basis

  • The data subject's consent for the processing of his or her personal data for the purpose (i), when the purpose of the judicial appeal is risk reports from the Central Risk Information Centre (CIR).
  • The processing linked to purposes (i), (ii), (iii) and (iv) is necessary for compliance with legal obligations applicable to the data controller, regulated in the following regulations:
    • Law 39/2015, of 1 October, on the Common Administrative Procedure for Public Administrations.
    • Law 40/2015, of 1 October, on the Legal Regime of the Public Sector.
    • Organic Law 6/1985, of 1 July 1985, on the Judiciary.
    • Law 58/2003, of 3 December, General Taxation.
    • Law 29/1998, of 13 July 1998, regulating Contentious-Administrative Jurisdiction.
    • Law 36/2011, of 10 October, regulating Social Jurisdiction.
    • Law 1/2000, of 7 January, on Civil Procedure.
    • Organic Law 2/1986, of 13 March 1986, on Security Forces and Corps.
    • Royal Legislative Decree 8/2015, of 30 October, approving the revised text of the General Law on Social Security.
    • Royal Decree of 14 September 1882 approving the Criminal Procedure Act.
  • The processing linked to purpose (v) is necessary for the performance of a task carried out in the public interest or the exercise of public powers vested in the data controller, as regulated in the following legislation:
    • Law 13/1994, of 1 June 1994, on the Autonomy of the Banco de España.
    • Law 10/2014 of 26 June 2014 on the regulation, supervision and solvency of credit institutions.
  • The processing linked to purpose (iii) is necessary for the satisfaction of legitimate interests pursued by a third party.

Categories of data subjects

  • Citizens interested in administrative procedures and other formalities.
  • Legal representatives of the above and of interested legal entities.
  • Current and retired employees of the Banco de España.
  • Employees and public officials.
  • Administrative and management positions in supervised institutions.
  • Suppliers.

Categories of personal data

  • Identification data: Name, surname, NIF or equivalent, image/voice, social security/mutuality number, signature.
  • Contact details: Telephone number, postal address, e-mail address.
  • Academic and professional data: Training, representation or power of attorney data, qualifications, position held, job evaluations.
  • Economic and financial data: Transactions of goods and services, commercial information, salary, account information and other products.
  • Personal characteristics data: age, date and place of birth, nationality.
  • Data relating to the commission of criminal and administrative offences for the management of criminal prosecution and contentious-administrative proceedings of a sanctioning nature, in compliance with the obligations provided for in Organic Law 6/1985, of 1 July, on the Judiciary and in Law 29/1998, of 13 July, regulating the Contentious-Administrative Jurisdiction.
  • Special category data: Trade union membership and position, health in processes of employee incapacity, pursuant to the provisions of Article 9.2.b) of the GDPR (processing necessary for the performance of obligations and the exercise of specific rights of the data controller or the data subject in the field of labour law and social security and protection).

Retention period

Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.

Security measures

Security measures provided for in Annex II of Royal Decree 3/2020, of 8 January, which regulates the National Security Scheme in the field of Electronic Administration.

Recipients

  • Tax Administration
  • Interested parties
  • Notaries, lawyers and attorneys
  • Social Security institutions
  • European Union institutions
  • Spanish AML/CFT supervisor (Sepblac)
  • Court of Auditors
  • Courts of Justice
  • Other competent public authorities

International transfer of data

N/A

Data controller

Banco de España
NIF: Q2802472G

Data Protection Officer

Division of Governance and Transparency
Contact formOpens in new window

Exercise of rights and complaints

You can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at our Privacy Policy

Previous Procurement and payment pro... Next Financial IT innovation pro...