Banco de Portugal, in exercising its powers and competences as the national monetary, statistical, macroprudential, supervisory, resolution and payment system oversight authority, processes personal data in accordance with the principles and rules arising from European and Portuguese legislation on personal data protection, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
Banco de Portugal respects the principles of lawfulness, fairness and transparency, of collection for specified, explicit and legitimate purposes, of data minimisation, of accuracy and of security and integrity of information.
Banco de Portugal adopts the technical and organisational measures needed for personal data processing in order to fully respect data protection laws.
Processing of personal data
Banco de Portugal processes strictly necessary, adequate and relevant personal data categories, limited to what is necessary for the achievement of public interest purposes as provided for by law, under its powers as a public authority or in compliance with a legal obligation.
Banco de Portugal also processes personal data in the context of contracts, for instance, with its staff or with service providers.
Banco de Portugal preserves the data for as long as strictly necessary for the purposes for which they are processed.
Sharing and transfer of personal data
As a member of the European System of Central Banks, Banco de Portugal shares information with the European Central Bank and other central banks within the system.
Within the framework of the European systems for financial supervision and bank resolution and of the Banking Union, Banco de Portugal shares information with other members thereof, including its counterpart authorities, the European Central Bank/Single Supervisory Mechanism, the Single Resolution Board/Single Resolution Mechanism, the European supervisory and resolution authorities and the European Systemic Risk Board.
Banco de Portugal may also share data, according to the law, under its duty of cooperation with national supervisory authorities, national resolution authorities and other public entities, including the courts, the Public Prosecutor's Office, the tax and customs authority and social security, among others.
Banco de Portugal may transfer data to third country counterpart authorities and international organisations that offer guarantees ensuring a level of data protection equivalent to that ensured by Banco de Portugal.
Banco de Portugal may also transfer data to service providers that act exclusively under its guidance and that implement technical and organisational measures equivalent to those binding Banco de Portugal.
Rights of the data subjects and Data Protection Officer
Banco de Portugal provides the data subjects, pursuant to the applicable law, adequate means to exercise their rights of information, access, rectification, complaint, limitation or erasure of personal data.
Banco de Portugal's Data Protection Officer monitors compliance of personal data processing with the General Data Protection Regulation and other EU data protection provisions, communicates with the data subjects and cooperates with the Comissão Nacional de Proteção de Dados (CNPD – the Portuguese Data Protection Authority), working as a point of contact between the latter and the former in regard to personal data processing matters. To exercise their rights, data subjects may contact Banco de Portugal's Data Protection Officer, by the following means:
- By e-mail: firstname.lastname@example.org
- By post:
Gabinete de Proteção de Dados do Banco de Portugal
Rua do Comércio, 148
Control of Banco de Portugal's activity
Banco de Portugal's activity in the field of data protection and processing may be subject to complaint before the CNPD or to judicial appeal, under the general terms.