
Privacy protection
Banka Slovenije General Privacy Statement
(Last update: 3 December 2024)
This privacy statement explains how, as a data controller, Banka Slovenije processes data subjects’ personal data that it obtains from entities who:
are users of services that Banka Slovenije provides for customers,
supply Banka Slovenije with goods, works or services on the basis of a contract,
are supervised entities or other obliged entities in connection with which Banka Slovenije exercises powers and authorisations as a holder of public authorisations on the basis of applicable regulations,
send Banka Slovenije data subjects’ personal data on another basis (for example queries and complaints that the entities address to Banka Slovenije, job applications, participation in meetings),
(hereinafter: a counterparty).
The personal data of data subjects is any information that allows for the direct or indirect identification of the natural person (data subject), or is related to an identified or identifiable natural person. When processing personal data, Banka Slovenije attends to the protection of the privacy of data subjects, and undertakes to process personal data in accordance with fair information practices and applicable legislation in the area of personal data protection, in particular Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: the GDPR) and the Personal Data Protection Act (the ZVOP-2).
As a rule Banka Slovenije neither collects nor processes the special categories of personal data referred to in Article 9 of the GDPR (i.e. personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation).
Please do not send us such data, unless expressly requested in writing to do so by Banka Slovenije in the particular instance (e.g. biometric data for the purposes of uniquely identifying a natural person).
Information sources
Banka Slovenije may obtain personal data if the data is sent to us:
by a counterparty, in respect of data subjects related to it (e.g. its employees, members of management bodies, shareholders, external contractors),
by a court or other public authority or holder of public authorisations in the execution of their legal obligations or public authorisations and powers pursuant to law, including requirements to submit information, the execution of enforcement and other official actions,
by the individual data subject themselves,
by the applicant or whistleblower within the framework of an enquiry or a whistleblowing report addressed to Banka Slovenije,
by another person on the basis of a request by Banka Slovenije, when the law stipulates that Banka Slovenije obtains the data, or when the data is sent to it by certain controllers at their own initiative, or
from publicly available databases and from publications of information that is provided by the data subject, a counterparty or a third party, or is otherwise publicly available, provided that there is an appropriate legal basis for the processing of such data.
Use of personal data
Banka Slovenije processes the personal data of data subjects who are related to a counterparty, in particular but not exclusively:
to ensure the processing of personal data for the purposes of meeting the obligations imposed on Banka Slovenije by regulations (e.g. tax regulations, employment regulations, regulations on administrative proceedings and operations),
to verify the identity of signatories and the authenticity of signatures on documents that Banka Slovenije exchanges with the counterparty,
to communicate with the authorised representatives of the counterparty in the conclusion or performance of a contract for services or a contract for goods, or in connection with the exercise of its powers,
to respond to enquiries and requests addressed to Banka Slovenije by competent authorities in connection with the conclusion or performance of a contract for services or a contract for goods, or in connection with the exercise of its powers,
to inform the counterparty of new features and changes in connection with services provided by and powers exercised by Banka Slovenije,
to conduct controls and audits of its operations in connection with the provision of services, the supply of goods or the exercise of powers, for the purposes of ensuring compliance with the contractual and legal requirements binding on Banka Slovenije, and planning risk management measures,
to conduct analysis and to plan improvements and changes in connection with its operations and the exercise of powers.
Disclosure of data
Banka Slovenije may disclose/transmit personal data in the following limited and imperative circumstances for lawful purposes to:
subcontractors, tenderers and suppliers that provide services for lawful purposes on our behalf;
other recipients, if so required of us by applicable legislation or a court order;
any recipient on the basis of the data subject’s consent; or
any recipient on justified imperative grounds of urgency, such as in the event of life-threatening circumstances.
In the event of the transfer of personal data to third countries or international organisations, Banka Slovenije is required to protect the privacy and confidentiality of the transferred personal data. As a central bank, Banka Slovenije is a part of the European System of Central Banks, and may therefore transfer personal data that is being processed in connection with the performance of Eurosystem tasks to other central banks and supervisory authorities in Eurosystem countries, when this is necessary for the performance of the tasks of Banka Slovenije as part of the aforementioned system pursuant to the Treaty on the Functioning of the European Union, the Statute of the ESCB and of the ECB, or the Bank of Slovenia Act. During such transfers we will ensure the appropriate protection of the personal data.
Data protection
Banka Slovenije takes security measures to protect personal data against loss, abuse, unauthorised access, disclosure, alteration and destruction. It has adopted relevant technical and organisational measures to protect the information systems in which personal data is stored. Our employees who handle personal data are required to protect the confidentiality of personal data, and mechanisms have been put in place to identify and sanction any breaches.
When selecting providers of services that include personal data processing on behalf of Banka Slovenije, Banka Slovenije carries out due diligence and requires that adequate technical and organisational security measures for data protection be maintained at the contractor.
If you know of any grounds for believing there to be a threat to the security of personal data processing at Banka Slovenije, please inform us of these grounds without delay (the contact information is cited below in the CONTACT US section).
Data storage
Personal data is stored in a form that permits identification of the data subjects for no longer than is stipulated by applicable regulations binding on Banka Slovenije, or no longer than is necessary for the purposes for which the personal data is being processed.
Banka Slovenije takes account of the following criteria in determining the period for the storage of personal data:
the duration of the contractual or other relationship between Banka Slovenije and the counterparty or data subject,
the period in which legal remedies may be pursued in connection with circumstances concerning the specific legal relationship with Banka Slovenije,
legal requirements with regard to the storage of specific data, including requirements with regard to the determination and storage of archival materials.
Rights of data subjects
Any data subject wishing to exercise the right of access to their own personal data, the right to rectification or erasure (right to be forgotten), the right to restriction of processing or the right to data portability guaranteed to data subjects by the GDPR may contact Banka Slovenije with their request or queries (in the manner stated in the CONTACT US section).
In handling a request or query concerning the personal data of an identified data subject, we will request proof of identity from the data subject and proof of the entitlement to make the request in question.
Contact us
Banka Slovenije, of Slovenska cesta 35, 1505 Ljubljana, Slovenia, is a controller of personal data, and processes data subjects’ personal data in accordance with this statement.
If you have any queries in connection with personal data processing at Banka Slovenije, or if you think that your personal data is not being handled in accordance with applicable legislation and this statement, you can contact the data protection officer at Banka Slovenije:
by ordinary post, addressed to Banka Slovenije, Slovenska cesta 35, 1505 Ljubljana, Slovenia, with the inscription “FAO: data protection officer”, or
by email to [email protected].
If you oppose specific processing of your personal data, Banka Slovenije will endeavour to find a reasonable solution that is mutually acceptable.
Notwithstanding the above, data subjects who believe that Banka Slovenije is unlawfully processing their personal data may lodge a complaint with the supervisory authority, namely the Information Commissioner of the Republic of Slovenia. The complaint may be sent by email to [email protected], or by ordinary post to: Republic of Slovenia, Information Commissioner, Dunajska cesta 22, 1000 Ljubljana.