Any personal data collected by the European Ombudsman shall be processed pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

Only two services available on this website currently require personal data to be supplied by the user:

(1) If a user wishes to submit an electronic message to the institution, he/she can do so by completing an online form. The form requires the user to supply a surname, first name and e-mail address. Once submitted, the form is transmitted by e-mail to the relevant person or service in the Ombudsman's office. The form's contents are not stored in a database of the Ombudsman's website nor made available to the Ombudsman and her staff in any form other than the above-mentioned e-mail.

(2) If a user wishes to submit a complaint to the Ombudsman by using the online complaint form, he/she must first create a user account. The user must provide a valid e-mail address and choose a password. Once the account has been activated, the user can create a draft complaint, modify previously created draft complaints, submit a complaint, or view complaints that he/she has already submitted. The user account details, as well as the contents of all complaints created by the user, are stored in a database. Only the user himself/herself can access the complaints in the database, by using the password that they have chosen. The European Ombudsman and her staff have access to neither the user passwords nor the complaints contained in the database. When a user submits a complaint, the database generates an e-mail which is transmitted to the relevant service in the Ombudsman's office.

The data collected shall be processed solely for the purpose intended and clearly specified. The data subject shall have the right of access to his/her personal data and the right to rectify any such data that is inaccurate or incomplete. Please note that in some cases restrictions under Article 25 of the Regulation may apply. Should the data subject have any queries concerning the processing of his/her personal data, he/she should address them to the entity acting as data controller. The data subject shall have right of recourse at any time to the European Data Protection Supervisor.

The website of the European Ombudsman sometimes provides links to other internet sites. Since the Ombudsman has no control over such sites, we suggest that you review their privacy policies.

EU Institutions must keep a central Register of records of personal data processing activities (Article 31 of Regulation 2018/1725). The records contain information such as the purpose of the processing, the categories of personal data processed, the data subjects' rights, and the contact details of the Ombudsman's Data Protection Officer.