Back

Securities Financing Transactions Data Store

Purpose

Implementing a single securities financing transactions (SFT) data store which enhances capabilities for market finance monitoring and financial stability analysis of the Eurozone.

Legal basis

Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller pursuant to the following regulations:

  • Treaty on the Functioning of the European Union in conjunction with the Protocol on the Statute of the European System of Central Banks and of the European Central Bank.
  • Regulation (EU) 2015/2365 on transparency of securities financing transactions and of reuse.
  • Commission Delegated Regulation (EU) 2019/357 with regard to regulatory technical standards on access to details of securities financing transactions.

Categories of data subjects

While, due to the nature of SFTs, the occurrence of personal data in individual SFTs is highly unlikely, there is a possibility that a natural person might conduct an SFT. Should that be the case, the category of data subjects are SFT participants.

Categories of personal data

In the unlikely event that personal data of natural persons acting as SFT participants are subject to processing:

  • Identification and contact data: client number (which might record the name or address of a natural person)
  • Financial data relating to a SFT

Source of data

The European Central Bank obtains the SFT information from the European Securities and Markets Authority, which in turn receives it from registered trade repositories.

Retention period

Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.

Security measures

Pursuant to the Memorandum of Understanding executed by the joint controllers (see “Joint Controllers” below), the ECB shall operate the IT infrastructure that hosts SFTDS and shall put in place the corresponding safeguards. The remaining joint controllers shall solely be responsible for the security of the personal data they access or download to their systems. 

To this end, the personal data accessed by the Banco de España or downloaded into its systems are subject to the security measures set out in the National Security Scheme. 

Recipients

Personal data shall not be transferred to other recipients that are not the joint controllers.

International transfer of data

N/A

Joint controllers

This processing activity is jointly controlled by the following institutions, which have executed a Memorandum of Understanding in compliance with Article 26 of the General Data Protection Regulation:

  • European Central Bank
  • Banco de España
  • Banque Nationale de Belgique
  • Deutsche Bundesbank
  • Banque de France
  • Banca d’Italia
  • Banque Centrale du Luxembourg
  • De Nederlandsche Bank

Data subjects’ rights

  • You may exercise your data protection rights concerning personal data processed by the Banco de España by submitting a request through the procedure indicated in our e-portalOpens in new window, properly evidencing your identity, either in person, by post or electronically. In any case, if you consider that your rights have been infringed by the Banco de España, you may file a claim with the Banco de España's Data Protection Officer or lodge a complaint directly with the Spanish Data Protection AuthorityOpens in new window.

  • You may exercise your data protection rights concerning the personal data included in the SFTDS stored by the European Central Bank, properly evidencing your identity, by contacting SFTDS-ECB-project-team@ecb.europa.eu Send email: Opens in new window. You have the right to lodge a complaint with the European Data Protection SupervisorOpens in new window at any time if you consider that your data protection rights have been infringed as a result of the processing of your personal data

Data Protection Officer

Exercise of rights and complaints

You can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at our Privacy Policy

Previous Resolution plans... Next Separate information on the...