Privacy policy

What information is outlined in this Privacy Policy?

This Privacy Policy informs the User about how Banco de España collects, processes and protects the personal data provided through the website www.bde.esOpens in a new window and other sites that are accessed through said domain (hereinafter, the “Website”), as well as through any other form or channel of communication established by Banco de España. Personal data is understood to be all information on a natural person which identifies or allows, either directly or indirectly, to determine their identity.

The User must carefully read this Privacy Policy, which has been written in clear and simple language, in order to comprehend and determine, freely and voluntarily, if they wish to provide their personal data to Banco de España.

The User can click on the following link to access the Record of Processing Activities of Banco de EspañaOpens in a new window where they will find updated and detailed information on each of the uses that their personal data is put to, their goals and legal grounds for processing, the categories of personal data to be processed and the involved persons. They will also find information on the categories of recipients to whom their data might be disclosed, where appropriate, along with indications if this data is transferred to international recipients outside the European Economic Area.

Who is the Data Controller responsible for personal data processing?

The Data Controller responsible for processing the personal data provided by the User through the Website and all other mentioned channels is BANCO DE ESPAÑA, with the NIF (Spanish Tax Identification Number) Q2802472G, registered address at Calle Alcalá Nº 48, 28014, Madrid, Spain, and telephone number 913 385 000.

In case of doubts regarding the processing of their personal data by Banco de España, the User can contact the Data Protection Officer by filling out the following contact formOpens in a new window, or in writing to the registered address of Banco de España, marked “for the attention of the Data Protection Officer”.

Why we use your personal data?

Each personal data processing activity carried out by Banco de España has its own purposes, which may be consulted at the following link to the Record of Processing Activities of Banco de EspañaOpens in a new window.

Banco de España also uses cookies in order to create statistical reports regarding User habits when accessing and using the Website, in accordance with the following Cookies PolicyOpens in a new window.

Why is personal data processing legal?

In accordance with their purpose, the legal grounds for personal data processing activities carried out by Banco de España may be one or more of the following:

  • To fulfil a legal duty, to fulfil a mission carried out in the public interest, or when exercising public powers conferred on Banco de España, in cases where data processing is necessary to execute the duties, competences and powers legally assigned to Banco de España. In general, the data processing activities carried out by Banco de España are needed to fulfil the legal duties and competences conferred on it, among others, by the following legally binding rules:
    • Law 13/1994 of 1 June, on the Autonomy of Banco de España.
    • Law 44/2002 of 22 November, on Measures for Reforming the Financial System.
    • Law 10/2014 of 26 June, on the administration, supervision and solvency of credit institutions.
    • Royal Decree-Law 19/2018 of 23 November, on payment services and other urgent financial measures.
  • The existence of a contractual or pre-contractual relation, in cases where data processing is necessary to execute contractual relations or to apply pre-contractual measures requested by the User.
  • The User’s consent, in cases where applicable, such as data processing as a result of subscribing to newsletter mailing lists. This consent may be withdrawn at any time, although this withdrawal shall not affect the lawfulness of processing carried out before the withdrawal of consent.

You can consult the legal grounds for each personal data processing activity carried out by Banco de España in the following link to the Record of Processing Activities of Banco de EspañaOpens in a new window.

With what recipients do we share your personal data?

Generally, personal data which is subject to processing will only be shared with third parties in order to fulfil a legal duty. Notwithstanding this, your personal data may be shared with organisations or third-parties that provide services to Banco de España, and whose services are required to fulfil the aforementioned ends.

The recipients mentioned in this section may be located inside or outside the European Economic Area. In the latter case, the international transfer of data shall be legally authorised.

You can consult the recipients of your data for each personal data processing activity carried out by Banco de España in the following link to the Record of Processing Activities of Banco de EspañaOpens in a new window.

How long do we keep your personal data?

The personal data of the User will be kept for as long as is necessary to fulfil the goal for which they were collected and to determine the possible responsibilities derived from said goal and from processing the data. In legally established cases, the law on archiving and Spanish documentary heritage will be applicable.

What are your legal rights with regard to data protection?

The User can revoke all given consent and exercise their rights of access to, rectification or erasure of personal data; their right to data portability, their right to limit and object to data processing. When in accordance with the applicable regulations on personal data protection, they can refuse to be subject to decisions based solely on the automated processing of their data.

In order to do so, they must present or send an application signed by the data subject, with an attached copy of their DNI (National Identity Card) or equivalent proof of identity, and specifying the right or rights they wish to exercise, in the following form for exercising your rightsOpens in a new window or in writing to the “Data Protection Officer” at Banco de España, Calle Alcalá Nº 48, 28014, Madrid, Spain.

If the User considers Banco de España to have violated their rights with regard to personal data protection, they can (i) lodge a complaint -prior to filing a complaint with the Agencia Española de Protección de Datos (Spanish Data Protection Agency)- with the Data Protection Officer of Banco de España by the following contact formOpens in a new window, or in writing to the “Data Protection Officer” at Banco de España, Calle Alcalá Nº 48, 28014, Madrid, Spain; or (ii) directly file a complaint with the Agencia Española de Protección de Datos (Spanish Data Protection Agency www.aepd.esOpens in a new window).

How do we secure your personal data?

User personal data shall be processed, at all times, under absolute confidentiality, and maintaining due secrecy with regard to them, in accordance with the provisions of all applicable laws. All technical and organisational measures that guarantee the security of their data and avert its alteration, loss or unauthorised access or processing shall be adopted, taking into account the state of the technology, the nature of the stored data and the risks to which they are exposed. Banco de España especially applies, among others, security measures that are laid out in the Esquema Nacional de Seguridad (National Security Framework).

Is it compulsory to provide personal data?

The data requested by Banco de España is, in general, compulsory (unless otherwise indicated) in order to fulfil the goals of each activity that requires data processing. Therefore, if the data is not provided, or incorrectly provided, these goals cannot be fulfilled. This does not affect the free viewing of the Website contents.

What are the responsibilities with regard to the provided personal data?

The User:

  • Guarantees that the data provided to Banco de España is accurate, exact, complete and updated. For these purposes, the User is responsible for the veracity of the communicated data and they will update this data, so that it reflects their current situation.
  • Will be held responsible for false, excessive or inexact information provided through the Website, and for the direct or indirect damages that this may cause to Banco de España, or to third parties.
  • Demonstrates, when providing third-party data, that they have their consent, if need be, and commits to transferring to the data subject, the information contained in this Privacy Policy, thereby exempting Banco de España from all responsibility in this regard. Nevertheless, Banco de España can carry out checks required to verify that this has been done, adopting due diligence measures, in accordance with the regulations on data protection.

Banco de España will ensure the correct use of the personal data of minors, guaranteeing compliance with all applicable laws, by means of all reasonable measures. Nevertheless, Banco de España shall not be held responsible for personal data provided by minors below the legally stipulated minimum age according to existing laws, who consent to the processing of their data without the prior consent of their parents, tutors or legal guardians.

Last updated: March 2020