BANK OF SLOVENIA GENERAL PRIVACY STATEMENT
(Latest update: 10 July 2018)
This privacy statement explains how the Bank of Slovenia processes individuals’ personal data that it obtains from entities who:
- are users of services that the Bank of Slovenia provides for clients,
- supply the Bank of Slovenia with goods, works or services on the basis of a contract,
- are supervised entities or other obliged entities in connection with which the Bank of Slovenia exercises powers and authorisations as a holder of public authorisations on the basis of applicable regulations,
- send the Bank of Slovenia individuals’ personal data on another basis (for example queries and complaints that the entities address to the Bank of Slovenia)
(hereinafter: a counterparty).
When processing personal data, the Bank of Slovenia attends to the protection of the privacy of individuals, and undertakes to process personal data in accordance with fair information practices and applicable legislation on personal data protection.
When processing personal data, the Bank of Slovenia acts in accordance with the principles of Article 5 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: the GDPR) and other applicable regulations in this area.
This statement is a supplement to the Privacy Statement for Employees of the Bank of Slovenia and the Privacy Statement for the Selection of Candidates for Employment and Internship, and does not prejudice them.
CATEGORIES OF PERSONAL DATA
The personal data of individuals is any information that allows for the direct or indirect identification of the individual, or is related to an identified or identifiable individual.
For the purposes of providing services, supplying goods, executing works or exercising public authorisations, from counterparties the Bank of Slovenia obtains the following data, in particular but not exclusively, on individuals who are related to a counterparty:
- identification data (e.g. name and surname, date of birth, tax number, personal ID number [EMŠO], photograph, signature),
- data in connection with the employment of an individual (position, contact information in the position such as email and telephone number),
- data on legal proceedings and other proceedings in which the individual is involved that affect the relationship of the individual or counterparty with the Bank of Slovenia,
- data for the assessment of conflicts of interest (data on previous employment and professional activities, personal relationships, financial assets and debts, and other circumstances that could entail grounds for the occurrence of a conflict of interest for the Bank of Slovenia that could hinder or prevent the attainment of the objectives of the specific contractual relationship),
- data in connection with facts and circumstances concerning an identified or identifiable individual as a perpetrator, applicant or participant in communications with the Bank of Slovenia (although not data transmitted or obtained within the framework of administrative, supervisory or misdemeanours proceedings conducted by the Bank of Slovenia),
- data in connection with the fulfilment of requirements, rights and obligations binding on the individual in relation to the Bank of Slovenia.
In general, the special categories of data referred to in Article 9 of the GDPR (i.e. personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union, genetic data or biometric data for the purpose of the unique identification of an individual, data in connection with health or data in connection with an individual’s sex life or sexual orientation) are neither collected from counterparties by the Bank of Slovenia, nor processed by it. Please do not send us such data, unless expressly requested in writing to do so by the Bank of Slovenia in the particular instance (e.g. biometric data for the purposes of uniquely identifying an individual).
The Bank of Slovenia obtains personal data from individuals related to a counterparty at meetings, in written enquiries, electronic communications and other communications undertaken between the Bank of Slovenia and the counterparty in connection with the performance of a signed contract (or during the signing of a contract), in the fulfilment of legal obligations to which they are subject, in the exercise of public authorisations and the public interest, in the protection of the individual’s vital interests, and on the basis of consent.
The Bank of Slovenia may obtain the personal data of an individual, if the data is sent to us:
- by a counterparty, in respect of individuals related to it (e.g. its employees, members of management bodies, shareholders, external contractors),
- by a court or other public authority or holder of public authorisations in the execution of their legal obligations or public authorisations and powers pursuant to law, including requirements to submit information, the execution of enforcement and other official actions,
- by the individual data subject himself/herself,
- by the applicant within the framework of an enquiry or a report of a breach addressed to the Bank of Slovenia,
- by another person on the basis of a request by the Bank of Slovenia, when the law stipulates that the Bank of Slovenia obtains the data, or when the data is sent to it by certain controllers at their own initiative, or
- from publicly available databases and from publications of information that is provided by the individual, a counterparty or a third party, or is otherwise publicly available.
USE OF PERSONAL DATA
The Bank of Slovenia processes the personal data of individuals who are related to a counterparty, in particular but not exclusively:
- to ensure the processing of personal data for the purposes of meeting the obligations imposed on the Bank of Slovenia by regulations (e.g. tax regulations, employment regulations, regulations on administrative proceedings and operations),
- to verify the identity of signatories and the authenticity of signatures on documents that the Bank of Slovenia exchanges with the counterparty,
- to communicate with the authorised representatives of the counterparty in the conclusion or performance of a contract for services or a contract for goods, or in connection with the exercise of its powers,
- to respond to enquiries and requests addressed to the Bank of Slovenia by competent authorities in connection with the conclusion or performance of a contract for services or a contract for goods, or in connection with the exercise of its powers,
- to inform the counterparty of new features and changes in connection with services provided by and powers exercised by the Bank of Slovenia,
- to conduct controls and audits of its operations in connection with the provision of services, the supply of goods or the exercise of powers, for the purposes of ensuring compliance with the contractual and legal requirements binding on the Bank of Slovenia, and planning risk management measures,
- to conduct analysis and to plan improvements and changes in connection with its operations and the exercise of powers.
DISCLOSURE OF DATA
The Bank of Slovenia may disclose/transmit personal data in the following limited and imperative circumstances for lawful purposes to:
- subcontractors, tenderers and suppliers that provide services for lawful purposes on our behalf;
- any recipient if so required of us, for example on the basis of applicable legislation or a court order;
- any recipient on the basis of the individual’s consent; or
- any recipient on justified imperative grounds of urgency, such as in the event of life-threatening circumstances.
In the event of the transfer of personal data to third countries or international organisations, the Bank of Slovenia is required to protect the privacy and confidentiality of the transferred personal data. As a central bank, the Bank of Slovenia is a part of the European System of Central Banks1, therefore your personal data may also be transferred outside Slovenia when the bank is carrying out tasks as a member of this system pursuant to the Treaty on the Functioning of the European Union, the Statute of the ESCB and of the ECB or the Bank of Slovenia Act. During such transfers we will ensure the appropriate protection of personal data.
The Bank of Slovenia implements security measures to protect personal data against loss, abuse, unauthorised access, disclosure, alteration and destruction. It has adopted relevant technical and organisational measures to protect the information systems in which personal data is stored. Our employees who handle personal data are required to protect the confidentiality of personal data, and mechanisms have been put in place to identify and sanction any breaches.
When selecting providers of services that include personal data processing on behalf of the Bank of Slovenia, the Bank of Slovenia carries out due diligence and requires that they provide for adequate technical and organisational security measures to protect data on employees.
If you know of any grounds for believing there to be a threat to the security of personal data processing at the Bank of Slovenia, please inform us of these grounds without delay (the contact information is cited below in the CONTACT US section).
Personal data is stored in a form that permits identification of the data subjects for no longer than is stipulated by applicable regulations binding on the Bank of Slovenia, or no longer than is necessary for the purposes for which the personal data is being processed.
The Bank of Slovenia takes account of the following criteria in determining the period for the storage of personal data:
- the duration of the contractual or other relationship between the Bank of Slovenia and the counterparty or individual,
- the period in which legal remedies may be pursued in connection with circumstances concerning the specific legal relationship with the Bank of Slovenia,
- legal requirements with regard to the storage of specific data, including requirements with regard to the determination and storage of archival materials.
Any individual wishing to exercise the right of access to his/her own personal data, the right to rectification or erasure (right to be forgotten), the right to restriction of processing or the right to data portability guaranteed to individuals by the GDPR may contact the Bank of Slovenia with his/her request or queries (in the manner stated in the CONTACT US section).
In handling a request or query concerning the personal data of an identified individual, we will request proof of identity from the individual and proof of the entitlement to make the request in question.
MONITORING OF COMMUNICATIONS
When individuals communicate with the Bank of Slovenia by telephone or electronically (e.g. online applications, email, text messages), the messages and communications may be recorded and stored for the purposes of confirming the existence of the communications and verifying compliance with applicable regulations and requirements in the area of personal data protection.
PERSONAL DATA SENT VIA THE BANK OF SLOVENIA WEBSITE
You may have dealings with the Bank of Slovenia online either via the contact form, or via the news subscription service. In these services you are required to provide certain personal data necessary for the provision of the service itself. The personal data provided will be used only as long as necessary for attaining the purpose for which it was sent.
The website includes links to other websites over which the Bank of Slovenia has no control and for which it therefore does not assume any liability; however, we advise users to be aware of these websites’ privacy policies.
A cookie is a small data-containing text file sent by the server to the browser on your computer. On the www.bsi.si portal we only use our own session cookies, which are deleted when you close your browser.
The cookies are used for the following purposes:
- carrying out user authentication in the use of online applications,
- ensuring the correct flow of requests and information between servers and endpoints,
- playing back multimedia content, and
- customising settings to the user’s preferences.
You can disable the downloading of cookies in your browser’s settings. In this event we cannot guarantee you that all features of the website will function correctly on your computer. Cookie disabling procedures vary between browsers. Instructions can be found in the Help menu or a similar menu in your browser.
Servers automatically record information sent by your browser whenever you visit our website. These server logs contain information such as the date and time of your visit, your IP address, and browser type and language. This information does not tell us who you are and does not reveal any other personal data. The Bank of Slovenia uses the data collected to produce aggregate statistics on website usage.
The Bank of Slovenia, of Slovenska cesta 35, 1505 Ljubljana, Slovenia, is a controller of personal data, and processes individuals’ personal data in accordance with this statement.
If you have any queries in connection with personal data processing at the Bank of Slovenia, or if you think that your personal data is not being handled in accordance with applicable legislation and this statement, you can contact the data protection officer at the Bank of Slovenia:
- by ordinary post, addressed to Bank of Slovenia, Slovenska cesta 35, 1505 Ljubljana, Slovenia, with the inscription “FAO: data protection officer”, or
- by email to firstname.lastname@example.org.
If you oppose specific processing of your personal data, the Bank of Slovenia will endeavour to find a reasonable solution that is mutually acceptable. Notwithstanding the above, individuals who believe that the Bank of Slovenia is unlawfully processing their personal data may lodge a complaint with the Information Commissioner of the Republic of Slovenia.
These may be sent by email to email@example.com, or by ordinary post to: Republika Slovenija, Informacijski pooblaščenec, Zaloška 59, 1000 Ljubljana, Slovenia.
1 The European System of Central Banks (ESCB) comprises the European Central Bank and the national central banks of all EU Member States: Nationale Bank van België/Banque Nationale de Belgique, Bulgarian National Bank, Česká národní banka, Danmarks Nationalbank, Deutsche Bundesbank, Eesti Pank, Bank of Ireland, Bank of Greece, Banco de España, Banque de France, Hrvatska narodna banka, Banca d’Italia, Central Bank of Cyprus, Latvijas Banka, Lietuvos bankas, Banque centrale du Luxembourg, Magyar Nemzeti Bank, Central Bank of Malta, De Nederlandsche Bank, Oesterreichische Nationalbank, Narodowy Bank Polski, Banco de Portugal, Banca Naţională a României, Banka Slovenije, Národná banka Slovenska, Suomen Pankki – Finlands Bank, Sveriges Riksbank, and Bank of England.