One of your rights under EU law is that you must be informed when your personal data - also known as personal information - is processed (collected, used, stored) by any organisation including one of the EU institutions. You also have the right to know the details and purpose of that processing.
Here we provide you with some general information. Specific information about the processing associated with this website is contained in our Register.
The EDPS website is our most important communication tool. Here we communicate our work such as our Opinions, data protection news and information about data protection rights to the general public as well as our more expert audiences.
Some of the services offered on our website require the processing of your personal data. In such cases, links are available on those pages directing you to the specific information about the processing contained in the relevant data protection notices in our Register.
Visit the Data Protection Officer at the EDPS page on this website for more information on your rights.
Cookies are short text files stored on a user’s device (such as a computer, tablet or phone) by a website.
Cookies are used for the technical functioning of a website or for gathering statistics.
Cookies are also typically used to provide a more personalised experience for a user for example, when an online service remembers your user profile without you having to login.
When you visit our website, we may collect some data on your browsing experience such as your IP address, the EDPS page you visited, when you visited and the website page you were redirected from.
This information is used to gather aggregated and anonymous statistics with a view to improving our services and to enhance your user experience.
When you visit the EDPS website, we will keep the browser history of your visit for a maximum of 13 months. This information will then be deleted.
The collection, aggregation and anonymising operations are performed in the data centre of the European Commission under adequate security measures.
Should you wish to opt your data out of our anonymised, aggregated statistics, you can do so on our cookies page.
Visit our cookies page for more information about the types of cookies this website uses.
We use social media to present our work through widely used and contemporary channels.
Our use of social media is highlighted on this website.
For instance, you can watch EDPS videos, which we upload to our YouTube page and follow links from our website to Twitter and LinkedIn.
Cookies are not set by our display of social media buttons to connect to those services when our website pages are loaded on your computer (or other devices) or from components from those services embedded in our web pages.
Each social media channel has their own policy on the way they process your personal data when you access their sites. For example, if you choose to watch one of our videos on YouTube, you will be asked for explicit consent to accept YouTube cookies; if you look at our Twitter activity on Twitter, you will be asked for explicit consent to accept Twitter cookies; the same applies for LinkedIn.
If you have any concerns or questions about their use of your personal data, you should read their privacy policies carefully before using them.
The EDPS mobile app does not collect any of your personal information. We only use the IP address to count how many people have used the app and we will not use it in any other way.
Please note that the only means to download the app is to use the Google Play store or the Apple store. They collect personal data according to the privacy policies on their websites. The EDPS does not endorse or take responsibility for their processing of your personal information.
To investigate complaints submitted to the EDPS in line with Regulation (EC) No 45/2001 (OJ L 8/1, 12.01.2001, the Regulation). Complaints against Europol will be investigated in line with Regulation (EU) 2016/794. We will only use your personal data for the investigation of the complaint submitted.
We process the personal data submitted by complainants as well as data submitted by the accused EU institution, body or agency. This will include names, contact details as well as the content of the allegations (insofar as the latter qualify as personal data).
Within the EDPS, the case file containing your personal data is accessible to relevant members of EDPS staff. All access to case files is logged.
Please note that it will be necessary to inform the institution against which you have complained about the nature of the complaint and in most cases, who lodged it, so they may receive some personal data from us where necessary.
Your data may be transferred to third parties, including national supervisory authorities, only where necessary to ensure the appropriate investigation or follow up of your complaint.
Any summary that is made public of this or other cases or other communication outside the parties of the procedure will be anonymised.
You are entitled to access the personal data the EDPS holds about you and to have them rectified where necessary. In certain cases, you also have the right to have your data blocked or erased or to object to their processing. For more information, please see Articles 13 to 19 of the Regulation.
To exercise any of these rights, please contact us using our contact form. We will reply within three months. Please note that in some cases restrictions under Article 20 of the Regulation may apply.
We keep the case file of our investigation - including your personal data - for up to ten years after the closure of the case. For complaints judged to be inadmissible, we keep the case file for up to five years after closure. This is without prejudice to possible longer conservation for the purpose of ongoing legal proceedings linked to the complaint.
The EDPS' tasks to hear and investigate complaints are set out in Regulation (EC) No 45/2001, specifically in Articles 32(2) (complaints by data subjects), 33 (complaints by Union staff), 46(a) (duty to hear complaints), 47 (investigation powers), 30 and 31 (obligation for controllers to cooperate and to react to allegations). For complaints against Europol in its core business activities, the applicable provisions are Articles 43(2)(a) (duty to hear complaints), 43(4) (investigation powers) and 47 (right to complain) of Regulation (EU) 2016/794. The processing is necessary for the EDPS to fulfil the tasks attributed to it by Union legislation (Article 5(a) of the Regulation).
The controller for this processing operation is the EDPS. Please mention the case number of your complaint. You can contact us as follows:
You can also contact the DPO of the EDPS: firstname.lastname@example.org.
The EDPS has produced a mobile app to enhance public access to the most relevant Data Protection Reform texts. Our goal is to keep this information as complete and accurate as possible. However EDPS cannot guarantee that the App will work as expected in all circumstances and on all platforms. If errors or incompatibilities are brought to our attention, we will make the necessary corrections without delay.
The EDPS Twitter account is managed by the EDPS Information and Communication Sector and is used for information purposes only.
The EDPS follows some Twitter users. However, being followed by the EDPS does not imply endorsement of any kind. The EDPS reserves the right to not reply individually to messages or comments received on Twitter.