European Central Bank - eurosystem
European Central Bank - eurosystem
Search
Mogućnosti pretraživanja
Početna stranica Mediji Objašnjenja Istraživanje i publikacije Statistika Monetarna politika €uro Plaćanja i tržišta Zapošljavanje
Prijedlozi
Razvrstaj po:
Nije dostupno na hrvatskom jeziku.

Privacy statement for the Eurosystem Collateral Management System

The Eurosystem Collateral Management System (ECMS) is a unified system for managing the mobilisation of assets used as collateral in Eurosystem credit operations. The ECMS is available through the Eurosystem single market infrastructure gateway. Together with other TARGET Services that the Eurosystem offers, the ECMS ensures that cash, securities and collateral flow freely across Europe. The ECB provides the “ECMS Coordination Desk”, which ensures that the euro area national central banks (NCBs) can interact swiftly on all day-to-day ECMS-related matters that need to be dealt with jointly at the operational level.

What is our legal framework?

All personal data are processed in accordance with European Union data protection law. For the NCBs and any authorised financial institution participating in the ECMS, the data are processed in line with Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (GDPR). For the ECB, the data are processed in line with Regulation (EU) 2018/1725, i.e. the Data Protection Regulation for EU institutions, bodies, offices and agencies (EUDPR).

Why do we process personal data?

Personal data are processed in accordance with the GDPR and EUDPR for the following purposes:

  • to authenticate the identities of ECMS users and manage access to the ECMS Graphical User Interface;
  • to facilitate the coordination tasks of the ECMS Coordination Desk which require the storage and maintenance of (i) the lists of names and contact details of ECMS National Service Desk managers and ECMS National Crisis managers, and (ii) the associated distribution lists.

Although it is not standard market practice, it is possible that other personal data may be included in the free text field of mobilisation instructions from ECMS counterparties, central securities depositories or triparty agents.

If a duly authorised authority, e.g. a law enforcement agency or the judiciary, makes a legitimate request for access to ECMS data, access may be given to personal data if they are in the collateral instruction.

What is the legal basis for processing your personal data?

Your personal data are processed by the ECB and euro area NCBs under Article 22 of the Protocol on the Statute of the European System of Central Banks and of the European Central Bank, and in accordance with Article 6(1) point (e) of the GDPR (in relation to euro area NCBs) and Article 5(1) points (a), (b) and (c) of the EUDPR (in relation to the ECB).

These provisions stipulate that personal data may be processed if necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or for the fulfilment of contractual obligations.

Who is responsible for processing your personal data?

Under Article 26 of the GDPR and Article 28 of the EUDPR, the ECB and NCBs are joint controllers of the personal data of ECMS users and any personal data incidentally included in the free text field of an instruction. The responsibilities of the joint controllers are laid down in a joint controllership arrangement.

The ECB is the controller for the personal data processed by the ECMS Coordination Desk, i.e. the lists of names and contact details of ECMS National Service Desk managers and ECMS National Crisis managers.

Data subjects may exercise their rights under Articles 15 to 18 of the GDPR and Articles 17 to 20 of the EUDPR by contacting any of the joint controllers.

Who will be the recipients of your personal data?

The recipients of personal data (including entities with access to your personal data) are the joint controllers (or their participants) who process the data in accordance with their internal organisational rules.

The ECMS Coordination Desk will receive the names and contact details of ECMS National Service Desk managers and ECMS National Crisis managers, as well as the aforementioned distribution lists which are stored and managed locally by the ECB.

What categories of personal data are collected?

The ECMS processes system identification data of ECMS users, such as unique user references, login usernames and distinguished name certificates, as well as their activities, which are recorded in the system logs.

The categories of personal data collected in connection with the tasks of the ECMS Coordination Desk include the names and contact details of all ECMS National Service Desk managers and ECMS National Crisis managers.

Personal data of other data subjects might be included in the free text field of a settlement instruction and thereby received by the ECMS.

Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

The ECB does not foresee any transfers of your personal data to third countries or international organisations. However, your personal data might exceptionally be processed in third countries/international organisations based on the derogations for specific situations set out in Article 50(1) of the EUDPR.

How long will the Joint Controllers keep personal data?

Your personal data are stored within the ECMS for a maximum of ten years in the legal archive as legal evidence and for fiscal purposes, as required by the relevant national laws and regulations, before being deleted.

Personal data included in the contact and distribution lists managed by the ECMS Coordination Desk are stored locally by the ECB for a maximum of ten years, in accordance with the ECB’s Filing and Retention Plan.

What are your rights?

You have the right to access your personal data and correct any data that are inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or restrict the processing of your personal data in line with the GDPR or the EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) of the EUDPR. Other joint controllers may restrict such rights in accordance with Article 23(1) of the GDPR.

In line with Article 26(1) and (3) of the GDPR and Article 28(1) and (3) of the EUDPR, you can exercise your rights in respect of and against each of the joint controllers.

Who can you contact for queries or requests?

You can exercise your rights by contacting any of the joint controllers through the points of contact that are mentioned on their respective websites. The joint controllers may ask you to complete a form to clarify your request.

For all queries relating to the processing of your personal data by the ECB, you can directly contact MIP‑Compliance@ecb.europa.eu or the ECB’s Data Protection Officer at dpo@ecb.europa.eu.

Addressing the European Data Protection Supervisor, supervisory authority concerned or national supervisory authority

If you consider that your rights under the GDPR or EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint at any time with: