Privacy statement for the processing of personal data related to fee collection
Data protection legal framework applicable to the European Central Bank
The European Central Bank (ECB) processes personal data related to fee collection subject to EU data protection law. (Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39))
The European Central Bank as controller of processing personal data
The ECB is the controller for the processing of personal data related to fee collection. The ECB’s Directorate General Corporate Services/Directorate Finance is responsible for that processing.
Purpose of processing personal data by the European Central Bank
Personal data are processed to manage communication related to the annual supervisory fees, i.e. to calculate and levy annual SSM supervisory fees as provided for in Article 30 of the SSM Regulation (Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions (OJ L 287, 29.10.2013, p. 63)).
Lawfulness of the European Central Bank’s data processing operations
The processing of personal data for the purpose referred to in point 3 above is necessary within the meaning of Article 5(1)(a) and (b) of Regulation (EU) 2018/1725, in conjunction with Article 30 of the ECB Regulation on supervisory fees (Regulation (EU) No 1163/2014 of the European Central Bank of 22 October 2014 on supervisory fees (ECB/2014/41) (OJ L 311, 31.10.2014, p. 23)).
Categories of personal data processed by the European Central Bank
The ECB processes the following personal data:
- full name
- job title
- organisational unit
- business correspondence address and e-mail address
- business telephone and fax number
- signature of authorised persons
Access to personal data processed by the European Central Bank
Personal data are stored in a secure, password protected IT system. Only a limited number of ECB staff members responsible for performing tasks necessary to levy annual supervisory fees have access to this system. In addition, a limited number of staff members in the ECB’s Directorate Internal Audit who are involved in audits or conduct specific inquiries related to fee collection may process some personal data.
The ECB may also share personal data with national competent authorities, national resolution authorities and the Single Resolution Board on a need-to-know basis.
The ECB retains personal data for as long as they are required for the purpose of levying annual supervisory fees. Personal data can be managed directly by the data subject (the contact person). The data shall (a) remain in the ECB’s online portal for as long as the contact person is responsible for the collection of fees from their institution, and (b) be updated and overwritten with new information provided by the contact person. Any changes in this respect should be communicated to the ECB without delay and the database will be updated in a timely manner.
Your rights as a data subject
You have the right to access your personal data and correct any inaccurate or incomplete data. You also have (with some limitations) the right to:
- delete your personal data
- restrict or object to the processing of your personal data in line with the Articles 19, 20 and 23 of Regulation (EU) 2018/1725
Contact information for queries and requests
You can exercise your rights by emailing us at SSMemail@example.com. For all queries relating to personal data protection, please contact the ECB’s Data Protection Officer at firstname.lastname@example.org.
Moreover, the ECB has provided you as data subjects with direct access to your personal data stored in its IT system via the online portal after login with a user ID and a password. Data subjects can at any time modify their personal data – except for their fee debtor name and the fee debtor number. Information on how to modify the fee debtor name is contained in the FAQ: How can I provide our fee debtor contact details?. Questions can be addressed to SSMemail@example.com.
Addressing the European Data Protection Supervisor
If you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.
Changes to this privacy statement
This privacy statement may be changed to take into account new legal developments.
Find out more about related content
Contact the fees teamSSMfirstname.lastname@example.org
European Central Bank
60640 Frankfurt am Main