Introduction

The European Ombudsman is committed to protecting your personal data and to respecting your privacy. The Ombudsman collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

1. What personal data does the European Ombudsman process?

• First name
• Job title
• Organisation
• Audio and/or visual data (like images and voice recordings)

2. Why and how does the European Ombudsman process these personal data?

The European Ombudsman produced a series of videos aimed at raising awareness about the office’s mandate, about how it can help citizens, as well as to bring to the public’s attention the work done in some key areas.

The videos show the faces behind the work of the institution, showcase the cooperation with other EU institutions to improve the EU administration, and highlight its relationship with the public - both as complainants and potential complainants, and as beneficiaries of a more efficient and transparent EU administration.

3. What are the legal bases and need for processing these data?

The processing of personal data is linked to the communication and promotion of the Ombudsman’s activities (including with photos and audio-visual recordings), which are necessary for the functioning of the Ombudsman, as mandated by the Treaties. These provisions are Article 11 of the Treaty on European Union and Article 15 of the Treaty on the Functioning of the European Union.

Consequently, those processing operations are lawful under Article 5(1)(a) of Regulation (EU) 2018/1725 (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body).

 4. Who is responsible for processing the data?

The European Ombudsman is responsible for data processing, as well as the Commission that published the video on its audiovisual portal.

5. Who has access to your personal data and to whom is it disclosed?

Audio-video recordings are used for communication purposes on the Ombudsman’s website and its social media channels (Twitter, Instagram, YouTube, LinkedIn, Mastodon, Peertube), as well as on the Commission’s audio-visual portal. Anybody watching the videos via any of these platforms will have access to such data.

6. How long do we keep the data?

The audio-visual material will be kept for the time necessary to fulfil the purpose for which it was recorded (promote the mandate and activities of the European Ombudsman) and it may also be archived at a later stage for permanent preservation for historical purposes to document, preserve, and make the history and audio-visual heritage of the European Ombudsman and the European Union publicly available.

If you are a rights holder and you wish to have your data removed from the audio-visual material, we invite you to contact the European Ombudsman (see heading 8 of this privacy statement: ‘What are your rights and how can you exercise them?).

7. How do we protect and safeguard your personal data?

In order to protect your personal data, the Ombudsman has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, and alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed.

8. What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, and to object to its processing, as well as the right to data portability. You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) of Regulation (EU) 2018/1725 on grounds relating to your particular situation.

You can object to the processing of your personal data at any time by notifying the data controller at eo-socialmedia@ombudsman.europa.eu. This objection to the processing will not affect the lawfulness of the processing carried out before your request.

You can exercise your rights by contacting the data controller or, in case of conflict, the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor.

Their contact information is given under heading 9 of this privacy statement. Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e., their Record reference(s) as specified under heading 10 below) in your request.

9. Who to contact in case of queries or complaints concerning data protection issues?

- Data controller

If you would like to exercise your rights under Regulation (EU) 2018/1725, if you have comments, questions, or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller, the European Ombudsman at eo-socialmedia@ombudsman.europa.eu.

-  The Data Protection Officer (DPO) of the European Ombudsman

You may contact the Data Protection Officer (DPO-Euro-Ombudsman@ombudsman.europa.eu) about issues related to the processing of your personal data under Regulation (EU) 2018/1725.

- The European Data Protection Supervisor (EDPS)

You have the right of recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the data controller.

10. Where to find more detailed information

The Ombudsman’s Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the European Ombudsman, which have been documented and notified to them. You may access the register via the following link: https://www.ombudsman.europa.eu/en/dataprotection. This specific processing operation has been included in the DPO’s public register with the following Record reference: 02/2023