Privacy statement on the processing of personal data in the context of the SFTDS project

The National Bank of Belgium as controller of processing personal data

The National Bank of Belgium (NBB) is responsible for processing personal data together with the European Central Bank (ECB) and six other National Central Banks (NCBs) (Banque de France, Nederlandsche Bank, Deutsche Bundesbank, Banca d'Italia, Banco de España en Banque Centrale du Luxembourg) within the framework of the Securities Financing Transactions Data Store project (SFTDS). A memorandum of understanding has been signed between these parties, in accordance with their joint controllership in this project, governing the relevant responsibilities in the context of processing personal data and corresponding requests. The Directorate General Macroprudential Policy & Financial Stability is responsible for the processing of data within the ECB

Purposes for processing personal data

The Securities Financing Transactions Data Store (SFTDS) is a joint project between ECB and the previously indicated seven NCBs that implements a single SFT data store. This joint database will enhance the capabilities for market finance monitoring and financial stability analysis.

While the occurrence of personal data in individual SFTs is highly unlikely, it cannot however be fully ruled out that the data store may contain personal data. Securities Financing Transactions (SFTs) are typically conducted by financial corporations and to a lesser degree by non-financial corporations. It may be possible though that an individual person would conduct an SFT, as indicated in the SFTR (Regulation (EU) 2015/2365); see Article 3(5)(a) explicitly referring to “natural persons”.

Whereas corporations should be identified by a Legal Entity Identifier (LEI), they could in exceptional cases be reported under a Bank Identifier Code (BIC) or client ID. In case of a natural person, a client ID shall be used. In the unlikely case that a natural person’s name is reported directly or a code is used that allows for identification of a person, this information would be included in SFTDS. The data store will receive and retain all the granular raw data contained in the files compiled by Trade Repositories and therefore may contain such personal information.

Legal basis of processing operations

The NBB processes personal data to perform tasks that are of public interest or that are carried out in the exercise of official authority, in accordance with Art. 6 Paragraph 1 Letter e GDPR in conjunction with Article 127 Paragraph 5 of the Treaty on European Union in conjunction with Article 5 of the ESCB Statute, Article 12 (2) and (3) of Regulation (EU) 2015/2365 (SFT Regulation) and Delegated Regulation (EU) 2019/357.

Categories of data processed

The NBB processes the following personal data:

  • Client ID which could in theory contain personal details (such as name, address)
  • Financial details of a financial transaction related to a data subject which have been obtained from designated Trade Repositories pursuant to Article 12(2) of the SFTR Regulation (EU) 2015/2365

Recipients of the personal data

The recipients of the data are designated staff members from the NBB, as well as from the other SFTDS member entities.

Time limits for storing personal data

The personal data are stored for a maximum of five years and are deleted or properly anonymised thereafter.

Data subject rights

You have the right to access your personal data and correct any data that are inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and the right to restrict or object to the processing of your personal data in line with the relevant provisions of Regulation (EU) 2018/1725.

Contact Information in case of queries and requests

You can exercise your rights by contacting [email protected] or the ECB’s Data Protection Officer at [email protected].