Abrir menú Cerrar menú
Sede electrónica CNMV

16/09/2025 8:52

CNMV’s Virtual Office
Data Protection / Coockies

Data protection

Personal data protection

In compliance with the current personal data protection legislation, and more specifically with the General Data Protection Regulation REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to personal data processing and on freedom of circulation of such data, repealing Directive 95/46/EC), set out below is information on the Personal Data Protection Policy of the Spanish National Securities Market Commission.

Holders of the personal data to be processed, in their capacity as data subjects, are recommended to read this information carefully each time they access this website so that they are aware of all matters related to the processing of personal data that may be provided through the website as well as through any other means or form provided for said purpose.

The Data Protection Policy hereby disclosed to the data subject implies compliance by the Spanish National Securities Market Commission with its obligation to inform them, in accordance with the principle of transparency, of the circumstances and conditions of the processing carried out by the Spanish National Securities Market Commission of the personal data that the data subject provides through the forms made available on the website and any other data that may be provided through any other means or platform, as well as the rights corresponding to the data subject. For further information, please visit the data protection section in the following link CNMV - Data Protection.

Data controller

The data controller is the Spanish National Securities Market Commission, with Tax Identification Number (CIF) Q-2891005-G, address at Calle Edison nº 4, 28006 Madrid, telephone number: 915851500.

Contact with the Data Protection Officer: according to the procedure described below under the “Data subject’s rights” section.

Purpose of personal data processing

The purpose of data processing corresponds to each of the processing activities carried out by the Spanish National Securities Market Commission in order to comply with the legally established obligations incumbent upon it, as well as the processing and management of requests, claims, complaints, enquiries, staff selection processes, subscription to education programmes, news, publications, official announcements, regulations, relations with suppliers, statistical reports regarding access habits and the activity carried out by the data subject on the Spanish National Securities Market Commission’s website.

Legal basis

The data subject’s personal data is processed in order to comply with legal obligations incumbent upon the Spanish National Securities Market Commission, fulfil tasks carried out in the public interest or in the exercise of the public powers conferred on it, as well as when the purpose of the processing requires their consent, which must be given by means of a clear affirmative action.

Confidentiality

Personal data that may be collected directly from the data subject shall be treated confidentially and used for the purposes of the corresponding processing activity carried out by the Spanish National Securities Market Commission, adopting for this purpose the necessary technical and organisational measures to guarantee the security of their data and prevent its alteration, loss or unauthorised access, taking into consideration the state of technology, nature of the data stored and risks to which they are exposed.

Obligation to provide data

Unless otherwise stated on the forms on the website to which the data subject has access to, the data requested in the aforementioned forms is mandatory and strictly necessary to comply with the purposes established therein. Consequently, refusal to fill or incorrect completion of such forms will render impossible for the purposes pursued by said forms and requested by the data subject to be met.

Data retention

The personal data provided will be kept for the time necessary to fulfil the purpose for which it is collected and to determine any potential liabilities that may arise from such purpose, in addition to the periods established in the archives and documentation regulations.

Communication of data

In general, personal data will not be disclosed to third parties, unless there is a legal obligation which may include disclosure to administrative or judicial authorities, the Public Prosecutor's Office, the European Securities and Markets Authority (ESMA), other regulators and supervisors, Parliamentary Research Committees, and the Investor Guarantee Fund.

Personal data may only be disclosed to companies that provide services to the Spanish National Securities Market Commission under commission contracts entered into for the purposes of the maintenance and proper functioning of the services and activities of the Spanish National Securities Market Commission.

In the event that the recipients indicated in this paragraph are located outside the European Economic Area, international data transfers shall be duly legitimised.

Rights of the data subject

The data subject, in accordance with data protection regulations and with the requirements, purposes and limits established therein, may exercise the following rights before the Spanish National Securities Market Commission:

  • Request that their data be deleted when its collection and processing is carried out on the basis of the data subject’s consent. The Spanish National Securities Market Commission, in accordance with the provisions of data protection regulations, may not process requests for the deletion of data when such data has been obtained and processed in compliance with a legal obligation or to fulfil a task carried out in the public interest or in the exercise of public powers conferred on the Spanish National Securities Market Commission.
  • Obtain confirmation of the processing of their data that is carried out.
  • Access their personal data.
  • Correct data they consider inaccurate or incomplete.
  • Withdraw consent they have previously granted. When the processing of the data subject’s data by the Spanish National Securities Market Commission is based on the consent given by them, data subjects may withdraw their consent at any time, without this affecting the lawfulness of the processing previously carried out. Consents obtained for the aforementioned purposes are independent, for which reason data subjects may revoke only one of them without affecting the others.
  • Request the limitation of their data when any of the conditions established in the data protection regulations are met.
  • Request the portability of their data, through the method and under the terms established in the data protection regulations.
  • Object to the processing of their data when any of the conditions established in the data protection regulations are met.
  • Not be subject to a decision based solely on automated processing of their data.

In order to exercise said rights, the data subject must download the corresponding form through the following link, fill and sign it, attaching a copy of their Spanish national identity document (DNI) or any other document proving their identity, and send it to “Data Protection” by post to the CNMV's address or via the CNMV’s Virtual Office.

In the event that the data subject considers that the Spanish National Securities Market Commission has infringed their rights to the protection of their personal data, they may file a complaint with the Spanish Data Protection Agency.

Without prejudice to the foregoing, the data subject may also, prior to filing a complaint with the Spanish Data Protection Agency, contact the Spanish National Securities Market Commission’s data protection officer by downloading the corresponding form through the following link, filling, signing and attaching a copy of their Spanish national identity document (DNI) or any other document proving their identity, and sending it to the “Data Protection Officer”, by post to the CNMV's address or via the CNMV’s Virtual Office..

Cookies

In order to provide the best service and to facilitate its use, the Spanish National Securities Market Commission’s website uses cookies (files stored on the device of the persons accessing certain websites for the purpose of storing and retrieving information on the browsing carried out from that device) for technical purposes and to the extent necessary for the correct functioning and visualisation of the website by the user.

The cookies used on the CNMV’s website are first-party cookies. They have a temporary, limited duration and are used to customise browsing experience, as well as to identify and retrieve users registered in the subscription section for “Public communications by entities” (with no personal data) as well as users accessing the Virtual Office.

  • Language cookies: these cookies are used to retrieve the language used by users in their last visit to the CNMV’s Portal or the Virtual Office, such that, in subsequent visits, the website is displayed in such language without requiring user interaction.
  • User session cookies:in order to keep users identified during the creation and modification process of the subscription section for “Public communications by entities" and when accessing the CNMV’s Virtual Office, these cookies are generated each time users log in. In the case of subscriptions for "Public communications by entities" the e-mail data entered is stored and when users access the CNMV Virtual Office, date, time and identifier of the session are stored. Such settings can be deleted by clicking the “Log off” option, in which case, next time users log in, they must be identified via the “Login” option.
  • ID Cookies:in the “IPP” procedure (“Interim Financial Reports” procedure for issuers of securities admitted to trading) on the CNMV’S Virtual Office, the Tax ID Number (CIF), type and name of the firm, contact e-mail address, User ID and Tax ID Number of the person associated with the User ID to login are stored, as they are necessary for such procedure.
  • Customisation cookies:They allow the user to access the service with certain predefined characteristics depending on specific criteria in the user's terminal such as, for example, the type of browser through which the service is accessed, the regional configuration from where the service is accessed, the accessibility settings configured by the user, etc.

Furthermore, in order to access the CNMV’s Virtual Office, the use of cookies on the browser must be enabled. In the case of the “Interim Financial Reports” procedure for issuers of securities admitted to trading, users must accept the terms of use of cookies.

Browsers usually allow users to configure the cookies they wish to accept. Generally, such options are available on the “Preferences” or “Settings” section of the browser menu bar. For example:

  • Chrome: Settings – Show advanced settings – Privacy – Content settings (for further information, please visit Google support or go to the “Help” section of the browser).
  • Firefox: Tools – Options – Privacy – History - Custom Settings (for further information, please visit Mozilla support or go to the “Help” section of the browser).
  • Internet Explorer: Tools – Internet Options – Privacy – Settings (for further information, please visit Microsoft support or the “Help” section of the browser).
  • Safari: Preferences – Security (for further information, please visit Apple support or the “Help” section of the browser).
  • Opera: Settings - Privacy and Security (for further information, please go to the “Help” section of the browser).
  • Edge: Settings – View advanced settings - Cookies.