Personal data are stored in the Corporate Credit Register (CCR) in order to:
- provide credit institutions and leasing companies with information that enables them to properly assess the risks associated with their borrowers;
- provide the National Bank of Belgium (NBB), as the competent supervisory authority, with information it needs to properly assess risks to the financial sector;
- provide the NBB with data it needs to conduct scientific or statistical activities or carry out other activities pursuant to the Act of 22 February 1998 on the tasks and organisation of the National Bank of Belgium, such as monetary policy and other policies;
- allow the European Central Bank (ECB) to monitor the financial stability of the euro area, in accordance with ECB Regulation (EU) No 2016/867 of 18 May 2016 on the collection of granular credit and credit risk data (the “AnaCredit Regulation”). The AnaCredit project is intended to provide the ECB with a database of detailed information on individual bank loans across the euro area.
No commercial use
The NBB only shares the data contained in the CCR as stipulated in the Act of 28 November 2021 on the organisation of a Corporate Credit Register (Article 10). Under no circumstances will the data collected be used by the NBB for commercial purposes.
The NBB is the controller of the personal data recorded in the CCR for purposes of:
- the receipt of data from credit institutions and leasing companies,
- the organisation and storage of data,
- the use of data within the limits of the law,
- the communication or disclosure of data in cases where this is permitted by law, and
- the protection, deletion or destruction of personal data under the conditions stipulated by law.
The retention period for data kept in the CCR is stipulated in Article 12 of the Act of 28 November 2021.
Data subject rights
Persons whose data are recorded in the CCR are informed of the processing of their personal data by way of an express mention to this effect in the loan, credit or leasing agreement.
Data subjects can:
- consult, free of charge, their personal data in the CCR;
- request that credit institutions and leasing companies rectify data in the CCR which the data subject can demonstrate are inaccurate; credit institutions and leasing companies are required by law to rectify incorrect data (the NBB does not make changes to the information stored in the CCR);
- contact the Data Protection Authority if they believe that the processing of their data violates the personal data protection and privacy legislation.
Data protection officer
The NBB has a data protection officer (DPO).
You can contact the DPO, for example, to exercise your rights or if you have questions about the protection of your personal data.
National Bank of Belgium
c/o Data Protection Officer
de Berlaimontlaan 14
The NBB processes personal data in accordance with Belgian and European legislation:
- Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR);
- the Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data;
- the Act of 28 November 2021 on the organisation of a Corporate Credit Register, which entrusts management of the CCR to the National Bank of Belgium; and
- the Royal Decree of 27 December 2021 on the functioning of the Corporate Credit Register (CCR).