Skip to main content

Europe Direct data protection privacy statement

Processing operation: Europe Direct Contact Centre

Data Controller: Directorate-General for Communication, Directorate B, Unit COMM.B.2

Record reference: DPR-EC-00080

Introduction

The European Commission (hereafter ‘the Commission’) is committed to protect your personal data and to respect your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

The information in relation to the management of the EUROPE DIRECT Contact Centre, undertaken by Directorate-General for Communication, Directorate B, Unit B.2 (COMM.B.2) is presented below.

Why and how do we process your personal data?

Purpose of the processing operation: to facilitate the operation and management of the EUROPE DIRECT Contact Centre (EDCC). The EDCC processes your personal information in order to provide you with direct, personalised answers to general questions related to the activities of the European Union.

When lodging an enquiry, you can also subscribe to the EDCC mailing list service which distributes information about the activities of the European Union.

Your enquiries may be lodged via phone, email or an instant messaging app. In the case of use of an instant messaging app, your enquiry will be transmitted to the EDCC without the use of any intermediary software. Questions via instant messaging apps are handled in the same way as phone calls and emails – that is, the IT system of the EDCC will store the same data under the same conditions.

Your personal data will not be used for an automated decision-making, including profiling.

On what legal ground(s) do we process your personal data?

We process your personal data, because:

(a) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body;

(b) The processing of personal data linked to EUROPE DIRECT Contact Centre is necessary for the management and functioning of the Commission, as mandated by the Treaties, and more specifically Article 5 of TEU, Article 13 TEU and Articles 244-250 TFEU, and in accordance with Article 1 and Article 11 of TEU. 

(c) Supporting communication activities of EUROPE DIRECT Contact Centre (such as providing general information for citizens on Union activities, to increase the visibility of the work of the Union institutions, the decisions taken and the stages in the building of Europe) is a task resulting from the Commission’s prerogatives at institutional level, as provided for in Article 58(2) of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/ 2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (OJ L 193, 30.7.2018, p. 1). 

(d) You have given consent to the processing of your personal data for one or more specific purposes;

On the basis of your consent, the EDCC provides the reply to your enquiry (via phone, e-mail or instant messaging app). Your consent is provided on a voluntary basis and exclusively through web forms available on the EDCC website.
 
When lodging an enquiry, you can also subscribe to the EDCC mailing list service which distributes information about the activities of the European Union. In order to subscribe to the EDCC mailing list, please tick: "I authorise the European Commission to add my e-mail to the Europe Direct mailing list" available on the enquiry form.

Which personal data do we collect and further process?

The provision of certain personal data is mandatory in order for the Europe Direct Contact Centre to be able to reply to your question:

  • name and surname
  • contact details (e-mail address, nationality, country of residence)
  • preferred and alternative contact languages

Depending on the type of enquiry, more specific personal data (e.g. telephone number or instant messaging account name and technical account ID, depending on the channel you use) or facts related to your question (e.g. an EU programme you take part it) may be requested.

If you use instant messaging, the app may store or transmit some metadata for the company that owns the app (Meta). This is a known feature of the app that cannot be excluded by the available technology.

For the air passenger rights web form the following supplementary mandatory fields apply:

  • operating airline
  • country where the incident occurred
  • information about whether a complaint has been lodged already
  • type and description of the incident
  • optional field: date of journey

For the rail passenger rights web form the following supplementary mandatory fields apply:

  • operating railway company
  • country where the incident occurred
  • information about whether a complaint has been lodged already
  • type and description of the incident
  • optional field: date of incident

For the Research Enquiry Service (RES) web form the following supplementary mandatory fields apply:

  • information about where one learned about the RES web form
  • program area

For the Europass web form:

  • optional information about the time and technical circumtances for technical problems.

You are encouraged not to give sensitive personal information as part of your enquiry, for example about your personal health or financial situation. 

How long do we keep your personal data?

The Data Controller only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing.
 
Personal data provided to the EDCC will be stored for as long as follow-up actions to the enquiries are necessary as well as for their related management, treatment of complaints, quality control and statistics. All personal data will be deleted from the EDCC databases at the latest 3 (three) years from the date of submission of an enquiry.

How do we protect and safeguard your personal data?

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are either stored on the servers of the European Commission or of its contractors, all within the EU. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of the General Data Protection Regulation in the EU Member States (‘GDPR’ Regulation (EU) 2016/679). 

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

Who has access to your personal data and to whom is it disclosed?

Access to the personal data is provided to the authorised personnel of the European Commission and its contractors responsible for carrying out this processing operation according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
 
Mandated staff of the Directorate-General for Communication has full access to the EDCC database and the EDCC mailing list necessary to facilitate the information requests.
 
Mandated staff of other European Commission services has partial or limited access to the EDCC database necessary to facilitate specific information requests received by the EDCC.

Mandated staff of other EU institutions (Citizens' Enquiry Unit (Ask EP) of the European Parliament) has partial or limited access to the EDCC database necessary to facilitate specific information requests received by the EDCC.
 
Mandated staff of the Commission processors and external contractors may be provided with the information necessary to facilitate information requests and to provide required logistical and organisational support.

What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725. As regards this processing operation, you can exercise the following rights:

  • the right to access your personal data (Article 17 of Regulation (EU) 2018/1725);
  • the right to rectification in the case that your personal data is inaccurate or incomplete (Article 18 of Regulation (EU) 2018/1725);
  • the right to erasure of your personal data (Article 19 of Regulation (EU) 2018/1725);
  • where applicable, the right to restrict the processing of your personal data (Article 20 of Regulation (EU) 2018/1725);
  • the right to data portability (Article 22 of Regulation (EU) 2018/1725);
  • and the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a).

If you have provided your consent the Directorate-General for Communication, Directorate B, Unit B.2. for the present processing operation, you can withdraw it at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn your consent.

You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Section 9.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. Record reference(s) as specified under Section 10) in your request.

Contact information

The Data Controller

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller, Directorate-General for Communication, Unit B.2. (COMM-ED-CC@ec.europa.eu)

The Data Protection Officer (DPO) of the Commission

You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

Where to find more detailed information?

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him/her.  You may access the register via the following link: http://ec.europa.eu/dpo-register.


This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-00080