Financial IT innovation projects (Sandbox)

Purpose

  • (i) Conduct a prior evaluation of applications for technological innovation projects applicable to the financial system submitted by promoters for access to the controlled testing environment.
  • (ii) To sign and execute the testing protocol with the promoters of projects that receive a favorable prior evaluation.
  • (iii) Supervise, in a controlled environment, the testing of projects that provide a technology-based innovation applicable to the financial system and manage their exit and eventual access gateway to the activity of art.18 of Law 7/2020.
  • (iv) Respond to queries made by promoters regarding the delivery of documentation for projects that receive a favorable pre-assessment.
  • (v) Respond to queries on technological innovation applied to the provision of financial services (art. 20 of Law 7/2020).

Legal basis

  • Performance of a contract to which the data subject is a party, for the processing activity for the purpose (ii).
  • Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller pursuant to Law 7/2020, of 13 November, for the transformation of the financial system, for the processing activity for the purposes (i), (iii), (iv) and (v)

Categories of data subjects

  • Participants, natural persons or representatives of participating legal entities.
  • Promoters, as well as their representatives and contact persons, third parties collaborating with the promoters, provided they are natural persons.
  • Natural persons or representatives of legal entities carrying out consultations within the framework of Article 20 of Law 7/2020.

Categories of personal data

  • Identification details: Name, surname, ID number.
  • Contact details: E-mail, postal address, telephone.
  • Professional and academic data: Professional position, company, representation details.
  • Economic and financial data: Financial information of the participants derived from the tests carried out in the sandbox.
  • Personal characteristics data: Nationality and age.
  • Technological data: IP address, logs, etc.

Retention period

Data shall be retained for the time necessary to fulfil the purpose for which they were collected and to allocate any liability arising from said purpose and from the processing of the data.

Security measures

In accordance with the First Additional Provision of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights, the security measures implemented at Banco de España correspond to those provided for in the National Security Scheme.

Recipients

  • Sandbox supervisory authorities (CNMV and DGSFP)
  • Spanish Data Protection Authority (AEPD)
  • SEPBLAC
  • Other competent public authorities, including authorities of other Member States participating in cross-border tests
  • Courts of Justice

International transfers of data

N/A

Data controller

Banco de España
NIF: Q2802472G

Data Protection Officer

Contact formOpens in new window

Exercise of rights and complaints

You can check whether it is mandatory for you to provide your personal data, as well as the procedure to exercise your rights, withdraw your consent if applicable and lodge a complaint before the Data Protection Officer or the Spanish Data Protection Agency at our Privacy Policy

Previous Financial Education Plan (F... Next Foreign transactions and se...