1. Introduction

This privacy statement explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes personal data, Regulation (EC) N°45/2001 , of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, is applicable.

This privacy statement concerns processing the data necessary for the proper functioning of the European Investment Project Portal (EIPP). The EIPP has been created by the European Commission on the basis of Regulation (EU) 2015/1017 of the European Parliament and of the Council of 25 June 2015 on the European Fund for Strategic Investments, the European Investment Advisory Hub and the European Investment Project Portal and amending Regulations (EU) No 1291/2013 and (EU) No 1316/2013 – the European Fund for Strategic Investments (OJ L 169, 1.7.2015, p. 1). Commission Implementing Decision (EU) 2016/1942 of 4 November 2016 (OJ L 299, 5.11.2016, p. 86), as amended by Commission Implementing Decision (EU) 2017/919 of 29 May 2017 (OJ L 139, 30.5.2017, p. 78) sets out technical specifications of the EIPP as a transparent database of current and potential investment projects in the European Union.

2. Why do we process your data?

Purpose of the processing operation:

Operational staff in charge of the practical organisation of the functioning of the EIPP, supervised by the Head of Unit ECFIN.DDG2.03 (referred to hereafter as Data Controller), collects and uses your personal information with the sole purpose to support and contribute to the management of the EIPP according to Article 15 of Regulation 2015/2017 and Commission Implementing Decision (EU) 2016/1942, as amended.

Lawfulness of the processing operation:

The data processing is considered lawful because it is necessary for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Communities. More specifically, in order to allow for a proper functioning of the EIPP as a publicly available web portal of investment projects, which acts as a platform to promote projects to potential investors worldwide, in accordance with Regulation 2015/2017 and Commission Implementing Decision (EU) 2016/1942. EIPP’s main goal is to catalyse and accelerate the development and the fruition of investment projects in the Union, and through this, to contribute to higher employment and economic growth, as described in Section 1 of the Annex to Commission Implementing Decision (EU) 2016/1942.

3. Which data do we collect and process?

The personal data collected and further processed are:

  • names of natural persons,
  • email addresses of potential investors and project promoters,
  • additional information can be voluntarily provided in the mini biography of natural persons (this feature of the EIPP is purely optional).

4. How long do we keep your data?

We keep the data only for the time necessary to fulfil the purpose of collection or further processing. Personal data related to a project promoter or investors are retained in the service in charge for 2 years following an explicit request for removal or an automatic removal of the project from the Portal.

5. How do we protect your data?

All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors: the operations of which abide by the European Commission’s security decision of 16 August 2006 [C (2006) 3602] concerning the security of information systems used by the European Commission;

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of Directive 95/46/CE.

6. Who has access to your data and to whom is it disclosed?

Access to your data is provided to authorised staff specified below according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

  1. Staff of operational units of the European Commission dealing with the implementation of the EIPP and services charged with a monitoring or inspection task in application of Union law (e.g. internal control, internal audit).
  2. Staff of the EU Institutions and representatives of Member States dealing with the implementation of the EIPP in line with Article 15 of Regulation 2015/2017.
  3. Staff of OLAF, IDOC and the Legal Service of the Commission as well as staff of other DG (SG and DG BUDG) upon request necessary in the context of official investigations or for audit purposes.

7. What are your rights and how can you exercise them?

According to Regulation (EC) n°45/2001, you are entitled to access your personal data and rectify, block or delete it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the data controller, or in case of conflict the Data Protection Officer and if necessary the European Data Protection Supervisor using the contact information given at point 8 below.

8. Contact information

If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:

The Data Controller:

  • European Commission, Directorate General for Economy and Finance (ECFIN), Head of Unit DDG2.03
  • +352 4301-1
  • EIPP@ec.europa.eu

The Data Protection Officer (DPO) of the Commission: DATA-PROTECTION-OFFICER@ec.europa.eu

The European Data Protection Supervisor (EDPS): edps@edps.europa.eu.

9. Where to find more detailed information

The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link: http://ec.europa.eu/dpo-register

This specific processing has been notified to the DPO with the following reference: DPO-3919-ECFIN.