This privacy statement explains how the European Commission ensures the protection of personal data when consulting citizens and stakeholders in the policy and law-making process.
- how data is collected
- how the protection of all personal data provided is ensured
- how the information is used
- what rights you may exercise in relation to your data (e.g. the right to access, rectify, block)
This statement applies to the various consultation and feedback mechanisms the Commission offers to citizens and stakeholders to enable them to express their views on EU laws and policies at different stages throughout the decision-making cycle. These are accessible via the Commission Europa webpage 'Contribute to EU law making'.
3. Why do we process your data?
The objective of the various consultation and feedback mechanisms is to receive views and evidence from citizens and stakeholders and for these contributions to feed into EU policy and law–making. For the sake of transparency, to which the Commission is fully committed, the contributions received will be published on dedicated pages on the Commission's Europa site.
4. Which data do we collect and process
We collect and further process personal data that is necessary for participation in a particular consultation or to provide feedback, such as name/ surname/ profession/ country of residence/ e-mail address. The processing of personal data linked to the organisation of the consultation and feedback mechanisms is necessary for the management and functioning of the Commission, as mandated by the Treaties, and more specifically in articles 5 and 13 of the TEU and Articles 244 – 250 of the TFEU, and in accordance with Article 1 and Article 11 of the TEU.
5. How do we protect your data?
All data in electronic format (e-mails, documents, uploaded batches of data, etc.) are stored either on the servers of the European Commission or those of its contractors. These are managed according to the European Commission’s security rules for these kinds of servers and services as established by the Directorate Security of the Directorate-General for Human Resources and Security.
The contributor can expressly request not to make his/her personal data public.
Regulation (EC) 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data applies.
6. How is your information treated and who is it disclosed to?
Unless you opted for 'anonymous' publication of your contribution, your name and country of residence and, where applicable, the organisation or business on whose behalf you respond will be published on the Commission's Europa site together with your contribution.
Database access to personal data is provided to authorised staff according to the 'need to know' principle. Staff are bound by statutory, and when required, additional confidentiality agreements.
Contributions and your personal data submitted through the 'lighten the load - have your say' feedback tool may be transmitted to the members of the REFIT platform. The platform aims to conduct an ongoing dialogue with Member States and stakeholders on improving EU legislation and is part of the Commission's Regulatory Fitness and Performance Programme.
7. What happens if public access to your contribution (including personal data) is requested under Regulation 1049/2001?
Contributions, including personal data provided, may be subject to a request for access to documents under Regulation (EC) No 1049/2001 regarding public access to European Parliament, Council and Commission documents. Such requests are subject to a case-by-case analysis in order to assess if the exceptions defined in Article 4 of the Regulation apply. The assessment takes into account the legitimate interests of the contributor and the latter's justifications of non-disclosure. Where disclosure of the non-public contribution, or parts of it, would undermine the protection of one of the interests referred to in Regulation 1049/2001, such as the commercial interests of a natural or legal person, the institutions shall refuse access to the (relevant parts of the) contribution.
These provisions apply to all contributions and personal data submitted, including to those for which the author requested anonymous publication.
8. How can you verify, modify or delete your information?
According to Regulation 45/2001, you are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the Commission via the Data Controller, or in case of conflict the Data Protection Officer, and, if necessary, the European Data Protection Supervisor. The contact information is provided below (see point 10).
9. How long do we keep your data?
Personal data will remain in the database until the results have been completely analysed. Contributions will be rendered anonymous when they have been usefully exploited, and at the latest after 5 years from the end of the consultation or feedback mechanism to which they were submitted.
10. Contact information
The Data Controller: SG-CONSULTATION-DATA-CONTROLLER@ec.europa.eu
The Data Protection Officer of the Commission: DATA-PROTECTION-OFFICER@ec.europa.eu
The European Data Protection Supervisor (EDPS): firstname.lastname@example.org