Search Options
Home Media Explainers Research & Publications Statistics Monetary Policy The €uro Payments & Markets Careers
Suggestions
Sort by
  • PRIVACY STATEMENT

Privacy statement for the ECB Identity Portal

What is our legal framework?

All personal data are processed in accordance with European Union data protection law, that is to say in line with Regulation (EU) 2018/1725 (‘EUDPR’).

Why do we process personal data?

Personal data are processed for:

  • the identification of users interacting with the ECB via the ECB Identity Portal to access underlying applications; and
  • the maintenance and safeguarding of the security and integrity of the ECB’s services (log data).

What is the legal basis for processing your personal data?

Your personal data are being processed by the ECB because you consented to the processing by providing the personal data requested. You can withdraw your consent at any time by deleting your account. All processing of your personal information will stop once you withdraw your consent; however, any processing that has already taken place remains lawful.

The ECB processes the personal data (which has been obtained by the organisation for which you are registered on the basis of Article 5(1)(a) Regulation (EU) 2018/1725).

Who is responsible for processing your personal data?

The ECB is the controller for the processing of your personal data. The Division Digital Security Services in the Directorate General Information Systems (DG-IS/DSS) is responsible for this processing. These data are processed on behalf of the ECB by the secure third-party provider OneWelcome. For further information please consult the OneWelcome’s privacy policy.

Who will be the recipients of your personal data?

The recipients of your personal data (including entities who have access to that personal data) are:

  • the ECB Support Center and ECB staff dealing with services leveraging the ECB Identity Portal to manage access in general, for data processed for the identification of users interacting with the ECB via the ECB Identity Portal to access underlying applications; and
  • the DG-IS/DSS team, for data processed maintenance and safeguarding of the security and integrity of the ECB’s services.

What categories of personal data are collected?

The ECB processes the following personal data:

  • First name
  • Last name
  • Email
  • Phone number
  • Company ID (if required)
  • Organisational affiliation
  • Connection information (e.g. IP address, browser information, etc.)

Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

Your personal data might exceptionally be processed in third countries/international organisations based on the derogations for specific situations set out in Article 50(1) EUDPR.

How long will the ECB keep personal data?

Your personal data will be stored for a maximum of two years from the conclusion of the respective interaction with the ECB before being destroyed and/or deleted in an appropriate manner.

What are your rights?

You have the right to access your personal data and correct any data that is inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data or to restrict the processing of your personal data in line with the EUDPR. [The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.]

Who can you contact for queries or requests?

You can exercise your rights by contacting the DG-IS Service Desk at [email protected]. You can also directly contact the ECB’s Data Protection Officer at [email protected] for all queries relating to your personal data.

Addressing the European Data Protection Supervisor

If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.