Back

Cybersecurity assessment and control procedure

Purpose

  • Detection, analysis and handling of events relating to access to and use of Banco de España's information systems by individuals
  • Carrying out security audits: ethical hacking, vulnerability analysis
  • Activities related to awareness plans
  • Prevention and investigation of breaches by individuals of the regulations applicable to Banco de España, including, employment regulations

Legal basis

  • Compliance with a legal obligation to which the controller is subject pursuant to:
    1. Directive (UE) 2016/1148 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union
    2. Royal Decree-Law 12/2018, of 7 September, on network and information systems security.
  • Performance of a contract to which the data subject is party.

Categories of data subjects

  • Employees
  • Students/trainees
  • Other staff providing services to Banco de España
  • Visitors using Banco de España’s information systems

Categories of personal data

  • Identification data: Name, surname, ID number, user code, personal register number, electronic signature
  • Contact data: E-mail
  • Professional and academic data: Administrative unit
  • Technological data: IP address, logs, etc.

Retention period

Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.

Security measures

In accordance with the First Additional Provision of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, the security measures implemented at Banco de España correspond to those provided for in the National Security Scheme.

Recipients

  • Courts of Justice
  • Other competent public authorities

International transfer of data

N/A

Data controller

Banco de España
NIF: Q2802472G

Data Protection Officer

Contact formOpens in new window

Exercise of rights and complaints

You can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at our Privacy Policy

Previous Current account operations... Next Direct account operations a...