Reporting persons who manage the business of financial holding companies Information on data processing
The Deutsche Bundesbank processes personal data to the extent necessary to fulfil its legal obligations. These data include data that the Deutsche Bundesbank has collected about you. With a view to providing details on data processing, notifying you of your rights and complying with its requirement to provide information pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR), the Deutsche Bundesbank hereby informs you of the following:
1. Contact address
Deutsche Bundesbank
Wilhelm-Epstein-Straße 14
60431 Frankfurt am Main
Postfach 10 06 02
60006 Frankfurt am Main
Telefon: +49 69 9566-0
Fax: +4969 9566-3077
E-Mail: info@bundesbank.de
2. Purpose of processing
To review whether the person concerned is trustworthy, has the necessary professional qualifications, and can dedicate sufficient time to performing their functions.
3. Legal basis for data collection
Section 24(3a) of the Banking Act (Kreditwesengesetz) in conjunction with Section 16(2) and Section 5 et seq. of the Reports Regulation (Anzeigeverordnung).
4. Categories of personal data processed
The categories of personal data processed are as follows:
Names, date of birth, addresses, contact details, information on personal trustworthiness, information on professional qualifications/career, information on other positions, information on time commitment.
5. Intention to transmit personal data to recipients in a third country or to an international organisation
It is not the intention of the Deutsche Bundesbank to transmit your data to a recipient in a third country (countries outside the European Union and the European Economic Area) or to an international organisation.
6. Data recipients
Your data are processed within the Deutsche Bundesbank by the responsible members of staff. Furthermore, in the context of cooperation on supervisory activities, the data are transmitted to the Federal Financial Supervisory Authority (BaFin) and, where appropriate, to the European Central Bank (ECB).
7. Duration of data retention
10 years
8. Your rights as the data subject
You, as the data subject, have the right of access (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restriction of processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR) and the right to object (Article 21 of the GDPR). You also have the right to lodge a complaint with the competent supervisory authority, the Federal Commissioner for Data Protection and Freedom of Information.
9. Existence of automated decision-making (including profiling)
No automated decision-making takes place.
10. Source of personal data
Where data are not collected by you as the requesting party, the data source is the reporting institution or a person authorised to represent the institution.
11. Basis for the provision of your data and consequences of failure to provide personal data
Section 24(3a) and (3) of the Banking Act and Section 5 et seq. of the Reports Regulation.
Provision of data is mandatory. The culpable breach of notification obligations constitutes an administrative offence carrying a fine of up to €100,000 (Section 56(2) number 1 letter (f) and (6) number 4 of the Banking Act). In individual cases, a breach of reporting requirements may also give rise to measures pursuant to Section 36(2) of the Banking Act.