Privacy statement for the registration of contacts with market participants

What is our legal framework?

All personal data are processed in accordance with European Union data protection law, as set out in Regulation (EU) 2018/1725 (EUDPR).

Why do we process personal data?

Personal data are processed in the context of interaction with ECB representatives from the Directorate General Market Operations, whether by phone, email or in person. Personal data are also processed for organising meetings with ECB representatives. The data are collected for information management by the ECB, for contact management and to satisfy the ECB’s security requirements for entering ECB buildings.

What is the legal basis for processing your personal data?

Your personal data are processed by the ECB:

• in the performance of a task carried out in the public interest, based on Article 5(1)(a) EUDPR, in conjunction with Article 3.3 of the ESCB Statute on the organisation of ESCB meetings, workshops, seminars and other formats that contribute to a smooth conduct of policies for its information sharing, coordinating nature and conduct.
• because you consented to this processing by providing the personal data requested. You may withdraw your consent at any time by contacting us as indicated below. All processing of your personal information will stop once you withdraw your consent; however, any processing that has already taken place remains lawful.

Who is responsible for processing your personal data?

The ECB is the controller for the processing of your personal data. The Directorate General Market Operations is responsible for this processing. ADITO acts as a processor or sub-processor of personal data. It will process personal data only on documented instructions from the ECB (see ADITO’s privacy statement).

Who will be the recipients of your personal data?

The recipients of your personal data (including entities with access to the personal data) will be members of staff in the Directorate General Market Operations, relevant external staff and dedicated expert staff from other divisions, as well as internal and external security personnel at the ECB.

The recipients of the data will be staff responsible for information and contact management, including related activities such as processing access badges and plausibility checks.

What categories of personal data are collected?

The ECB processes the following personal data, collected via registration forms and email correspondence relating to the organisation of a meeting:

• Title
• First and last name
• Function
• Organisation
• Email address
• Telephone, mobile phone number
• Postal address
• Nationality

Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

The ECB does not foresee any transfer of your personal data to third countries or international organisations. However, your personal data might exceptionally be processed in third countries or by international organisations based on the derogations for specific situations set out in Article 50(1) EUDPR.

How long will the ECB keep personal data?

Your personal data will be stored for a maximum of five years before being deleted.

Please note that personal data may be held in the ECB’s archives in accordance with Decision (EU) 2023/1610 of the European Central Bank of 28 July 2023 establishing the historical archives of the European Central Bank.

What are your rights?

You have the right to access your personal data and correct any data that are inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with the EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.

Who can you contact for queries or requests?

You can exercise your rights by contacting the Directorate General Market Operations at ecb.money.market@ecb.europa.eu. You can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu for all queries relating to your personal data.

Addressing the European Data Protection Supervisor

If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.