The Deposit Guarantee Fund, in the exercise of its tasks to guarantee the repayment of deposits held with its member credit institutions or under its financial assistance for the implementation of resolution action as required by law, processes the collected personal data in compliance with the principles and rules stemming from European and Portuguese legislation on personal data protection, particularly Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter GDPR).
The Deposit Guarantee Fund complies with the principles of lawfulness, fairness and transparency, of collection for specified, explicit and legitimate purposes, of minimisation, of accuracy and of security and integrity of the information collected.
It adopts the technical and organisational measures needed for personal data processing in order to fully enforce data protection laws.
Processing of personal data
The Deposit Guarantee Fund handles the strictly necessary personal data categories, appropriate and relevant to the pursuit of the public interest attributed to it by law, within the scope of its powers as a public authority or in compliance with a public obligation.
Therefore, it handles the personal data of its Management Committee, Secretary-General, the Banco de Portugal’s staff which provide its technical and administrative services, and also handles personal data based on agreements entered into directly, namely with service providers.
The Deposit Guarantee Fund stores the data for the time strictly necessary to achieve the purposes that justified its collection.
Sharing and transfer of personal data
Given that, by law, the Banco de Portugal is responsible for providing the technical and administrative services required for the regular operation of the Deposit Guarantee Fund, the latter shares all information with the central bank.
The Fund also shares data with other public entities, including courts, the Public Prosecutor’s Office, the Tax and Customs Authority, and the Social Security Institute, among others.
By law, it may also share data, under its cooperation duty, with other deposit guarantee schemes in the European Union.
The Deposit Guarantee Fund may transfer data to third-country schemes and international organisations that guarantee equivalent data protection conditions.
It may also transfer data to service providers acting exclusively under its guidance and complying with equivalent technical and organisational measures.
Rights of the data subjects and Data Protection Officer
The Deposit Guarantee Fund provides the data subjects under the legal terms adequate means to exercise their rights of information and complaint, and access to, rectification, limitation or erasure of personal data.
The Deposit Guarantee Fund’s Data Protection Officer monitors compliance of personal data processing with the GDPR and other EU data protection provisions, communicates with the data subjects and cooperates with the Comissão Nacional de Proteção de Dados (CNPD – the Portuguese Data Protection Authority), working as a point of contact between the latter and former in regard to personal data processing matters. To exercise their rights, data subjects may contact Deposit Guarantee Fund’s Data Protection Officer, by one of the following means:
- E-mail: email@example.com
- Postal address: Gabinete de Proteção de Dados do Banco de Portugal, Rua do Comércio, 148, 1100-150 Lisbon
Control of the Deposit Guarantee Fund’s activity
The Deposit Guarantee Fund’s activity in the field of data protection and processing may be subject to complaint to the CNPD or to judicial appeal.