The European Central Bank (ECB) processes personal data related to fee collection subject to EU data protection law. (Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39))
The ECB is the controller for the processing of personal data related to fee collection. The ECB’s Directorate General Corporate Services/Directorate Finance is responsible for that processing.
Personal data are processed to manage communication related to the annual supervisory fees, i.e. to calculate and levy annual SSM supervisory fees as provided for in Article 30 of the SSM Regulation (Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63)).
The processing of personal data for the purpose referred to in point 3 above is necessary within the meaning of Article 5(1)(a) and (b) of Regulation (EU) 2018/1725, in conjunction with Article 30 of the ECB Regulation on supervisory fees (Regulation (EU) No 1163/2014 of the European Central Bank of 22 October 2014 on supervisory fees (ECB/2014/41) (OJ L 311, 31.10.2014, p. 23)).
The ECB processes the following personal data:
Personal data are stored in a secure, password protected IT system. Only a limited number of ECB staff members responsible for performing tasks necessary to levy annual supervisory fees have access to this system. In addition, a limited number of staff members in the ECB’s Directorate Internal Audit who are involved in audits or conduct specific inquiries related to fee collection may process some personal data.
The ECB may also share personal data with national competent authorities, national resolution authorities and the Single Resolution Board on a need-to-know basis.
The ECB retains personal data for as long as they are required for the purpose of levying annual supervisory fees. Personal data can be managed directly by the data subject (the contact person). The data shall (a) remain in the ECB’s online portal for as long as the contact person is responsible for the collection of fees from their institution, and (b) be updated and overwritten with new information provided by the contact person. Any changes in this respect should be communicated to the ECB without delay and the database will be updated in a timely manner.
You have the right to access your personal data and correct any inaccurate or incomplete data. You also have (with some limitations) the right to:
You can exercise your rights by emailing us at SSMfirstname.lastname@example.org. For all queries relating to personal data protection, please contact the ECB’s Data Protection Officer at email@example.com.
Moreover, the ECB has provided you as data subjects with direct access to your personal data stored in its IT system via the online portal after login with a user ID and a password. Data subjects can at any time modify their personal data – except for their fee debtor name and the fee debtor number. Information on how to modify the fee debtor name is contained in the FAQ: How can I provide our fee debtor contact details?. Questions can be addressed to SSMfirstname.lastname@example.org.
If you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.
This privacy statement may be changed to take into account new legal developments.