Data protection

Privacy Statement for the processing of personal data related to fee collection

  1. Data protection legal framework applicable to the European Central Bank

    The European Central Bank (ECB) processes personal data related to fee collection subject to EU data protection law. (Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (Regulation 2018/1725) (OJ L 295, 21.11.2018, p. 39).)

  2. The European Central Bank as controller of processing personal data

    The ECB is the controller for the processing of personal data related to fee collection. The ECB’s Directorate General Corporate Services/Finance is responsible for that processing.

  3. Purpose of processing personal data by the European Central Bank

    Personal data are processed to manage communication related to the annual supervisory fees, i.e. to calculate and levy annual SSM supervisory fees as provided for in Article 30 of Council Regulation (EU) No 1024/2013 (SSM Regulation - Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63).).

  4. Lawfulness of the European Central Bank’s data processing operations

    The processing of personal data for the purpose referred to in Section 3 is necessary within the meaning of Article 5(1)(a) and (b) of Regulation (EU) 2018/1725, in conjunction with Article 30 of the SSM Regulation and Regulation (EU) No 1163/2014 of the European Central Bank (ECB/2014/41 - Regulation (EU) No 1163/2014 of the European Central Bank of 22 October 2014 on supervisory fees (OJ L 311, 31.10.2014, p. 23).).

  5. Categories of personal data processed by the European Central Bank

    The ECB processes the following personal data:

    • full name
    • job title
    • organisational unit
    • business correspondence address and e-mail address
    • business telephone and fax number
    • signature of authorised persons
  6. Access to personal data processed by the European Central Bank

    Personal data are stored in a secure and password protected IT system. Only a limited number of ECB staff members with a responsibility to perform tasks necessary to levy the annual supervisory fees have access to this system. A limited number of ECB staff of the ECB’s Internal Audit function who are involved in audits or conduct specific inquiries related to fee collection may further process some personal data.

    The ECB will share the personal data only on a need-to-know basis with national competent authorities, national resolution authorities and the Single Resolution Board.

  7. Retention period

    The ECB retains personal data for as long as they are required for the purpose of levying annual supervisory fees. In particular, personal data can be managed directly by the data subject (the contact person). The data shall: (a) remain in the ECB’s online portal for as long as the contact person is responsible for the fee collection of their institution, and (b) be updated and overwritten with new information provided by the contact person. Any changes in this respect should be communicated to the ECB without delay so that the database is updated in a timely manner.

  8. Your rights as a data subject

    You have the right to access your personal data and correct any inaccurate or incomplete data. You also have (with some limitations) the right to the following:

    • delete your personal data
    • restrict or object to the processing of your personal data in line with the Articles 19, 20 and 23 of Regulation (EU) 2018/1725
  9. Contact Information in case of queries and requests

    You can exercise your rights by emailing us at SSM-fee-enquiries@ecb.europa.eu. For all queries relating to personal data protection, please contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu.

    Moreover, the ECB has provided you as data subjects with direct access to your personal data stored in its IT system via the online portal after login with a user ID and a password. Data subjects can at any time modify their personal data – except for their fee debtor name and the fee debtor number. Information on how to modify the fee debtor name is contained in this document: process for fee debtor nomination. Questions can be addressed to SSM-fee-enquiries@ecb.europa.eu.

  10. Addressing the European Data Protection Supervisor

    If you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.

  11. Changes to this Privacy Statement

    This Privacy Statement may be changed to take into account new legal developments.