Data protection

Protection of your personal data

Table of Contents

  1. Introduction
  2. Why do we process your data?
  3. Which data do we collect and process?
  4. How long do we keep your data?
  5. How do we protect your data?
  6. Who has access to your data and to whom is it disclosed?
  7. What are your rights and how can you exercise them?
  8. Contact information
  9. Where to find more detailed information
 

Introduction

This privacy statement explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes your personal data, Regulation (EC) N°45/2001 , of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, is applicable.[1].

The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes your personal data, Regulation (EC) N°45/2001 , of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, is applicable.

To enable ECC-Net to provide the above mentioned services to the citizens, an IT Tool, ECC-Net 2, is used to collect and handle complaints and the necessary data including your personal data. The IT tool is operated by the European Commission.

The collection and processing of the above personal data through ECC-Net 2 follows the provisions of Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by Community institutions and bodies and on the free movement of such data and more specifically article 5, Paragraph (a and b).

 

2. Why do we process your data?

Purpose of the processing operation: Head of Unit E.3: Consumer Enforcement and Redress, Directorate-General for Justice and Consumers, European Commission (referred to hereafter as Data Controller) collects and uses your personal information to assist the work of the European Consumer Centres.

The aim of the European Consumer Centres’ Network (ECC-Net) is to provide consumers with information and advice on their rights, and assist them with the handling of their cross-border complaints and disputes within the EU/EEA, so that consumers can take full advantage of the internal market.

In order to fulfil their role, ECC-Net 2 is used by the ECCs to process relevant data, insofar and as long as necessary, for one or more of the following purposes:

  • to enable communication between the ECC and the consumer
  • to facilitate the assessment of a request
  • to attempt resolving complaints or disputes, whether directly with the trader complained about, or through an ADR entity
  • to enable consumers to follow up the status of their requests
  • to provide anonymised statistics, including on suspected infringements

Further information on ECC-Net can be found on https://ec.europa.eu/info/live-work-travel-eu/consumers/resolve-your-consumer-complaint/european-consumer-centres-network_en

ECC-Net 2 falls under the following legal basis / lawfulness

Regulation (EU) No 254/2014 of the European Parliament and of the Council of 26 February 2014 on a multi-annual consumer programme for years 2014-20 and repealing Decision No 1926/2006/EC and, more specifically, articles 2 and 3(1)(c) and (d) of this Regulation.

Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market and, in particular, article 21.

Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR) and, more specifically, article 14 of the Directive.

Regulation (EU) 2017/2394 of the European Parliament and of the Council  of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 and, in particular, article 27(1).

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by Community institutions and bodies and on the free movement of such data.

Having regard to article 5 of the aforesaid Regulation (EC) 45/2001, the data processing is considered lawful because it is necessary to meet the requirements of the legal instruments mentioned above, and to ensure compliance of the Commission with its legal obligations.

 

3. Which data do we collect and process?

We collect data about the following type of users:

  • Consumers in the European Union, Norway and Iceland who approach ECCs for information and assistance (Consumers);
  • Contact persons for the traders in the European Union, Norway and Iceland involved in consumer complaints or disputes (Trader representatives);
  • Contact persons in ADR entities (ADR representatives);

The personal data collected and further processed are:

a) For Consumers:

(i) The data processed are:

  • Name of the consumer/reporter;
  • Address;
  • Post code;
  • Country of residence;
  • Telephone;
  • E-mail;
  • Gender;
  • Communication language;
  • Summary/Description of the request

Further personal data upon explicit consent may be collected if necessary for handling the complaint such as bank details.

b) For Trader representatives:

Data from individual trader's representatives is rarely store in the system but, when processed may include:

  • Name of the trader´s representative;
  • Professional address;
  • Post code;
  • Country;
  • Professional Telephone;
  • Professional email;

C) For ADR representatives:

Data from individual trader's representatives is rarely store in the system but, when processed may include:

  • Name of the ADR's representative;
  • Professional address;
  • Post code;
  • Country;
  • Professional Telephone;
  • Professional email;

4. How long do we keep your data?

Personal data of the consumers, traders' and ADRs' representatives shall be kept as long as a case remains open, and no longer than one year after it has been closed. This is to allow follow-up if there are new developments after the closure of the case. Once the retention period expires, the information is anonymised and only kept for statistical purposes.

 

5. How do we protect your data?

All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors; the operations of which abide by the European Commission’s security decision of 16 August 2006 [C(2006) 3602] concerning the security of information systems used by the European Commission;

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of Directive 95/46/CE

 

6. Who has access to your data and to whom is it disclosed?

To resolve your request it may subsequently be shared, with your express consent, with the ECC where the trader is based or, where appropriate, with relevant bodies such as an ADR entity or a National Enforcement Body (NEB).

Shared requests may result in contact with the trader. When such contact is made, your data may be shared too insofar as necessary to resolve the request;

Access to your data is provided to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

The authorised staff are the Case handlers in the European Consumer Centres and the European Commission staff charged with product or business management of ECC-Net2.

Norway and Iceland are EEA/EFTA countries and members of the European Consumer Centres Network. Transfer between ECCs in the EU and the ECCs in Norway or Iceland is therefore considered an Article 8 transfer in the meaning of the Regulation No 45/2001.

 

7. What are your rights and how can you exercise them?

According to Regulation (EC) n°45/2001, you are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the European Consumer Centre with which you have been in contact or the data controller, or in case of conflict the Data Protection Officer of the Commission and if necessary the European Data Protection Supervisor using the contact information given at point 8 below.

 

8. Contact information

If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the European Consumer Centre with which you have been in contact or the Data Controller using the following contact information:

European Consumer Centre  Iceland

[email protected]

545-1200 (ext. 3)

The Data Controller

Head of Unit E.3: Consumer Enforcement and Redress

Directorate-General for Justice and Consumers

European Commission

e-mail: [email protected]
Telefax:+32 2 2989432

The Data Protection Officer (DPO) of the Commission: [email protected]

The European Data Protection Supervisor (EDPS): [email protected].

 

9. Where to find more detailed information?

The Data Protection Officer of the Commission publishes the register of all operations processing personal data. You can access the register on the following link: http://ec.europa.eu/dpo-register

 

[1]  Regulation (EC) N° 45/2001 (OJ L8 of 12/01/2001).