Privacy Statement relating to public procurement procedures
Document - Date Friday | 22 November 2019
This privacy statement explains the reason for the processing, the way the European Ombudsman collects, handles and ensures protection of all personal data provided, how that information is used and what rights the data subjects may exercise in relation to their data.
The controller is the European Ombudsman. The joint controller is the European Commission (for ABAC, a financial and accounting application set up by the Commission to monitor the execution of its budget and to prepare its accounts).
1. What personal data will the European Ombudsman process?
Personal data of tenderers, contractors and candidates, of their staff or subcontractors, which may include:
- Identification data: Name, surname, passport number, or ID number;
- Contact details (e-mail address, business telephone number, mobile telephone number, fax number, postal address, company and department, country of residence, website address);
- Certificates for social security contributions and taxes paid, extract from judicial records;
- Financial data: bank account reference (IBAN and BIC codes), VAT number;
- Declaration on honour that tenderers are not in one of the exclusion situation referred to in articles 136 and 141 of the Financial Regulation
- Form regarding the absence of conflicts of interest for staff members of the EU institutions or bodies, as well as experts involved in the selection process.
2. Why does the European Ombudsman process these personal data?
Personal data is collected and further processed for the purpose of the management and administration of procurement procedures by the European Ombudsman.
3. What are the legal bases and necessity for processing this data?
The legal basis for the processing operations on personal data is Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, in particular Articles 160-179.
The processing is necessary on the basis of Articles 5 1(a), (b) and c) of the Regulation (EU) 1725/2018.
4. Who is responsible for processing the data?
The European Ombudsman is responsible for processing the data. Data is processed more specifically by the Unit Personnel, Administration and Budget (PAB).
5. Who will be recipients of the data?
The European Ombudsman, the Secretary General, members of the evaluation committee (if applicable); staff responsible for managing contracts within the relevant unit; staff responsible for managing tenders and contracts in the PAB Unit. Transfer of personal data are possible to third countries or to international organisations.
6. How long will the data be kept?
Files relating to tender procedures, including personal data, are retained in the service in charge of the procedure until it is finalised, and in the PAB Unit for a period of 7 years following the signature of the contract. Extracts from the judicial records are kept for 2 years after the end of the relevant procedure. However, tenders from unsuccessful tenderers are kept for 5 years following the signature of the contract.
7. How do we protect the data subject’s data?
Paper files are stored in locked cupboard by the responsible units. The electronic files are stored on servers with access rights limited to the relevant staff members of the Units involved in the procedure (namely, the PAB Unit and the Unit that will actually use the contract).
Evaluation Committee members have access to the files for the purpose of the evaluation and are informed that they should not keep copies after completion of the evaluation process.
Contractual clauses ensure that the contractor processes personal data of EO staff on the Ombudsman’s instructions only (data protection clauses added to the contract of services/furniture and to the General conditions of the contact).
In case of transfers of personal data to third countries or international organisations, the contract signed between the Ombudsman and the successful tenderer provides for standard contractual clauses ensuring that personal data are processed in accordance with the rules binding on EU institutions.
8. What are your rights and how can you exercise them?
You have a right to request access to your own personal data. You have also a right to request rectification of any incomplete or inaccurate data concerning you without delay. The right to rectify data can only apply to factual data processed within the relevant procurement procedure. This right can only be exercised up to the closing date for submission of tenders. However, inaccurate identification data may be rectified at any time during and after the procurement procedure by sending an e-mail to firstname.lastname@example.org.
The European Ombudsman will reply to your requests as soon as possible and within one month at the latest.
9. Who to contact in case of queries or complaints concerning data protection issues?
At any time, you may send data protection related questions concerning public procurements procedure to the European Ombudsman, at the following address: email@example.com
1 avenue du Président Robert Schuman
F-67001 Strasbourg Cedex
You also may contact the Data Protection Officer of the European Ombudsman at the following address: DPO-Euro-Ombudsman@ombudsman.europa.eu
You may lodge a complaint with the European Data Protection Supervisor at any time at the following address: EDPS@edps.europa.eu
 OJ L 193 of 30.7.2018, p.1.