Purpose
- Management and operation -in euros and foreign currency- of current accounts opened at the Bank of Spain by their holders, including the maintenance of deposits held by the Public Administration and financial institutions, as well as those of employees.
- Prevention of fraudulent transactions in credit transfers settled through STEP2.
Legal basis
- Performance of a contract to which the data subject is party concerning the management and operation of current accounts of employees.
- Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller concerning the management and operation of current accounts of credit institutions and public administrations pursuant to:
- Law 13/1994, of 1 June, on the Autonomy of Banco de España.
- Law 10/2010, of 28 April, on prevention of money laundering and terrorist financing.
- Ley 58/2003, of 17 December, on general taxation.
- Legitimate interest of account holders and recipients of cross-border credit transfers in respect of processing linked to the prevention of fraudulent transactions
Categories of data subjects
- Owners of current accounts, including Banco de España employees
- Legal representatives
- Attorneys/Authorized persons by the owners of current accounts
- Transfer receivers
Categories of personal data
- Identification data: Name, surname, ID or equivalent, user code
- Contact data: Phone number, e-mail, postal address
- Professional data: position and name of employer
- Financial and economic data: Account number and transactional data
- Technological data: IP address
- Others: data concerning administrative fines, signatures
Retention period
Personal data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.
Security measures
In accordance with the First Additional Provision of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, the security measures implemented at Banco de España correspond to those provided for in the National Security Scheme.
Recipients
- Payment service providers
- Legitimate interested parties
- Financial market infrastructures (TARGET, Swift, clearing houses…)
- EBA Clearing (only in the context of fraud prevention)
- Auditors
- Courts of Justice
- Other competent public authorities, including AML and tax authorities
International transfer of data
No recurrent or ongoing international transfers are foreseen.
However, in the event that it is necessary to process a transfer or a collection and payment order addressed to an entity located in a jurisdiction outside the EEA that does not have an adequacy decision from the European Commission, there might be a extraordinary transfer based on derogation 49.1(b) of the GDPR.
Data controller
Banco de España
NIF: Q2802472G
Data Protection Officer
Exercise of rights and complaints
You can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at our Privacy Policy