The present Privacy Statement describes how the European Ombudsman protects your personal data when you reply to an Ombudsman consultation, and where, as such, the Ombudsman acts as the data controller. This statement also sets out what rights you have as a data subject.

In particular, it explains the reason for collecting and processing the data; the way the Ombudsman collects, handles and ensures protection of the data provided; and what rights contributors may exercise in relation to their data.

1. What personal data will the European Ombudsman process?

Contributors complete the contact form on the European Ombudsman's website, which directs contributions to the dedicated consultation mailbox. Contributions can also be sent by letter or email. The relevant staff in the European Ombudsman’s office process the contributions.

The European Ombudsman may contact contributors to request clarifications and/or to disseminate the results of the consultation/inquiry. The contact details of the person responsible for the inquiry are provided in the invitation to respond to the consultation.

The personal data collected and further processed are data necessary for participation in the consultation, as follows: first name, surname, email, job description, and the preferred language for further correspondence, other language one would accept an answer in, and content (for the most part, the views of the individual or organisation on the topic).

2. Why does the European Ombudsman process these personal data?

The European Ombudsman wishes to give the public and interested stakeholders the opportunity to express their views in the context of strategic inquiries and initiatives that would benefit from external input and may therefore launch public consultations.

3. What is the legal basis and necessity for processing this data?

The legal basis for this processing operation is Article 11 TEU.

Personal data are processed in accordance with Regulation 2018/1725 on the protection of natural persons with regard to the processing of personal data by the EU institutions, bodies, offices and agencies. Processing is necessary for the performance of a task carried out in the public interest (Article 5(1)(a) of Regulation 2018/1725).

4. Who is responsible for processing the data?

The European Ombudsman’s Information and Communication Technologies (ICT) Sector manages the data submitted to the website. The European Ombudsman staff responsible for carrying out pubic consultations and authorised staff, on a ‘need-to-know’ basis, will further process the data submitted by contributors.

5. Who will be the recipients of the data?

European Ombudsman staff responsible for carrying out this processing operation have access to your personal data; as well as other authorised European Ombudsman staff on a ‘need-to-know’ basis.

As part of the inquiry procedure, the European Ombudsman forwards to the relevant EU institution, body, office or agency all the contributions received. In the interests of transparency, the European Ombudsman makes public contributions received to a consultation.

When contributing to a consultation, you are required to identify yourself and the organisation on whose behalf you are contributing. Anonymous contributions to consultations are not accepted. This is to avoid misuse.

In the interest of transparency, the European Ombudsman makes public contributions she has received in reply to a public consultation. Your personal data will not made public. You should avoid including unnecessary personal data in your contributions, notably personal data of third parties. If such data are included, they will be redacted from the version that is made public.

6. How long will the data be kept?

Contributions are stored in the relevant case-file in line with the retention policy of the Ombudsman's case management system for a period of ten years after the case is closed^[2]. This includes basic personal information (first names, surnames, e-mail address), language preferences and the replies. Contributions are archived according to the Ombudsman's policy on archiving^[3].

7. How do we protect your data?

The electronic data is stored on the European Ombudsman’s servers. This data is protected by numerous security measures set up by the European Ombudsman’s Information and Communication Technologies sector to protect the integrity and confidentiality of the Institution's electronic property.

Access to personal data is protected through the management of access rights, which are strictly limited and based on the ‘need to know’-principle.

Email addresses are never made public, but they are stored and may be used by the European Ombudsman for correspondence related to the reply provided.

8. What are your rights and how can you exercise them?

When contributing to a consultation, you can choose whether your personal data should be published or not on our website.

You also have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access your personal data and to rectify them in case your personal data are inaccurate or incomplete. Under certain conditions, you have the right to erase your personal data, to restrict the processing of your personal data and the right to object to the processing of your personal data.

The European Ombudsman will reply to your requests as soon as possible and within one month at the latest.

Finally, you have the right of recourse at any time to the European Data Protection Supervisor if you consider that the European Ombudsman has infringed your rights under Regulation 2018/1725 because of the processing of your personal data.

9. Who to contact in case of queries or complaints concerning data protection issues?

At any time, you may send data protection related questions concerning the European Ombudsman’s public consultations, to the following address: EO@ombudsman.europa.eu

You also may contact the Data Protection Officer of the European Ombudsman at the following address: DPO-Euro-Ombudsman@ombudsman.europa.eu

You may lodge a complaint with the European Data Protection Supervisor at any time at the following address: EDPS@edps.europa.eu

 

 

[2] See: https://www.ombudsman.europa.eu/en/document/en/70850.

[3] See: https://www.ombudsman.europa.eu/en/document/en/70850.