European Central Bank - eurosystem
European Central Bank - eurosystem
Search
Search Options
Home Media Explainers Research & Publications Statistics Monetary Policy The €uro Payments & Markets Careers
Suggestions
Sort by
  • PRIVACY STATEMENT

Privacy statement for visits at the ECB

The European Central Bank (ECB) receives different kind of visitors: for individual visits, for group visits and lectures and for meetings and events.

When you sign up, or are signed up by an ECB staff member, for visits and lectures, the ECB collects the following data: first and last name of the visitor, start/end date and time of the visit, organisation (if applicable), e-mail address, type of visit and vehicle data (licence plate and vehicle model), if applicable.

On the day of the visit, visitors need to announce themselves at the Welcome/Reception Desk, where they need to show their valid identification document to receive their visitor badge. The visitor will be greeted at the Welcome/Reception Desk and accompanied throughout their visit in the building.

When registering for meetings and conferences, please find information about the processing of your personal data in the corresponding Privacy Statement.

For meetings and visits for the collaboration with and coordination of decision-making bodies, the processing of personal data is described in the respective Privacy Statement.

What is our legal framework?

All personal data are processed in accordance with European Union data protection law, as set out in Regulation (EU) 2018/1725 (EUDPR) of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

Why do we process personal data?

Personal data are processed for organisational purposes related to virtual and on-site activities: operational management (schedule and manage activities efficiently, provide adequate level of service) and communication (send confirmations, instructions, or follow-up information about the corresponding activities).

By attending an ECB activity, participants consent to having their photo taken and appearing in video and audio recordings, in addition to the publication of resulting media files on participants’ social media channels and digital platforms, on- and offline.

In case of ECB coverage on social media, please see our social media pages.

The ECB’s use of social media does not in any way imply an endorsement of individual social media sites or their privacy policies. The ECB recommends that users read the privacy policies of the sites, which explain their individual data collection and processing policies, use of data, user rights and the ways in which users can protect their privacy when using these services.

For on-site activities, personal data are processed in order to allow access to the ECB premises, for ensuring visitors’ security while on the premises, and to keep track of who is visiting the ECB’s premises. Personal data is also processed for managing physical security, in particular controlling access to the ECB’s premises and reconstructing events during security-related incidents as well as to support investigations.

Personal data will not be used further and will not be published internally (e.g. intranet) or externally (e.g. internet).

What is the legal basis for processing your personal data?

Your personal data are processed by the ECB:

  • in the performance of a task in the public interest, based on Article 5(1)(a) of Regulation (EU) 2018/1725 in conjunction with Article 11.6 of the Statute of the ESCB (for current ECB business activities) and with the House Rules of the European Central Bank, available in both English and German.
  • because you consented to this processing by providing the personal data requested. You may withdraw your consent at any time by contacting us as indicated below. All processing of your personal information will stop once you withdraw your consent; however, any processing that has already taken place remains lawful.

Who is responsible for processing your personal data?

The ECB is the controller for the processing of your personal data.

For individual visits the Security and Safety Division ssc@ecb.europa.eu is responsible for this processing. For group visits and lectures, Directorate-General Communications visitor.centre@ecb.europa.eu is responsible for this processing.

Who will be the recipients of your personal data?

The recipients of the data are the hosting staff member or the hosting business area, as well as the teams in the Directorate Administration responsible for event and contact management, including related activities such as processing of access badges and plausibility checks.

External security staff collect and handle personal data of the visitors for security purposes, prior to the entry to the ECB premises. External security staff should be interpreted as the services contracted by the ECB.

In the event of an investigation or a security incident, personal data may also be communicated to the other Directorates within the ECB, or to the competent authorities.

For group visits and virtual lectures, the recipients of the data are staff from the Public Communication Division in the Directorate General Communications. ADITO acts as the processor (see ADITO’s privacy statement).

What categories of personal data are collected?

The ECB processes the following personal data:

  • title, first and last name;
  • organisation (if applicable);
  • age group (corresponding to the majority of the group members);
  • contact details of the requester (email address, phone number);
  • place of residence (country, town/city);
  • disability-related information (if applicable)
  • vehicle registration (if applicable)
  • date and time of your scheduled visit or lecture
  • type of visit

To attend a virtual lecture or virtual guided visit, Microsoft Teams requires attendees to provide a first name and last name.

Microsoft’s privacy statement can be found here

On the day of the visit, the Security and Safety Division processes the following data:

  • pre-registered information will be checked against the visitor’s identification document;
  • the authenticity of the identification document is verified in a scanner;
  • the scanner collects information from the identification document (first and last name, date of birth, picture, number and type of identification document – passport or national ID Card) and transfers the data the ECB access control system. No other information is copied neither transferred from the identification document.

For further information about the processing of your personal data on the ECB access control system, please visit the Privacy statement for the ECB access control system (starting on page 3).

Please note that while on ECB premises, further personal data is collected and processed from you by the ECB’s video surveillance system. For more information, please refer to the ECB Video Surveillance Policy.

Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

The ECB does not foresee any transfer of your personal data to third countries or international organisations. However, your personal data might exceptionally be processed in third countries or by international organisations based on the derogations for specific situations set out in Article 50(1) EUDPR.

How long will the ECB keep personal data?

Personal data collected for the purposes of keeping track of individual visits to the ECB’s premises are stored for up to one year, and in ADITO, our database for tracking group visits, for up to 5 years, after which personal data is deleted. The retention period can be extended in case of security incidents or investigations.

Personal data collected for virtual activities are stored for a maximum of one month, before being deleted.

Please note that personal data may be held in the ECB’s archives in accordance with Decision (EU) 2023/1610 of the European Central Bank of 28 July 2023 establishing the historical archives of the European Central Bank.

What are your rights?

You have the right to access your personal data and correct any data that are inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with the Regulation (EU) 2018/1725. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.

Who can you contact for queries or requests?

You can exercise your rights by contacting the Security and Safety Division at ssc@ecb.europa.eu for individual visits related questions, or by contacting the Visitor Centre at visitor.centre@ecb.europa.eu for group visit and lecture, related questions. You can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu for all queries relating to your personal data.

Addressing the European Data Protection Supervisor

If you consider that your rights under the Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.