1. Last update of this record: 24 October 2024

2. Reference number: 4/2019

Ares registration number: Ares(2024)5037370

3. Name and contact details of the controller:

European Ombudsman, 1 avenue du Président Robert Schuman, CS 30403, F-67001 Strasbourg Cedex- E-mail: eoprocurement@ombudsman.europa.eu

Responsible department: Directorate for Administration of the European Ombudsman- Budget and Finance Team

4. Name and contact details of the Data Protection Officer:

Ms Francesca PAVESI- Deputy DPO: Mr Nicholas HERNANZ

E-mail: Dpo-Euro-Ombudsman@ombudsman.europa.eu

5. Name and contact details of the processor: N/A

6. Name and contact details of the joint controller(s):

The European Commission- DG BUDGET- manages ABAC (financial and accounting application set up by the Commission, to monitor the execution of its budget and to prepare its accounts)

7. Purpose(s) of the processing: management and administration of procurement procedures by the European Ombudsman.

The legal basis is Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union (“Financial Regulation”), in particular Articles 160-179.

8. Description of the categories of data subjects and of the categories of personal data:

Categories of data subjects: the data subjects may include

• tenderers, contractors and candidates who submit an offer as well as their staff or subcontractors;
• EO staff members who perform tasks in procurement procedures or act as authorising officers;
• staff of other institutions or bodies participating in tender procedures on which the EO took the lead;
• external experts assisting the EO office with procurement procedures, in particular in the evaluation phase (if applicable).

Categories of personal data: Personal data of tenderers, contractors and candidates, of their staff or subcontractors, which may include:

• Identification data: Name, surname, passport number, or ID number;
• Function;
• Contact details (e-mail address, business telephone number, mobile telephone number, fax number, postal address, company and department, country of residence, website address);
• Certificates for social security contributions and taxes paid, extract from judicial records;
• Financial data: bank account reference (IBAN and BIC codes), VAT number;
• Declaration on honour that tenderers are not in one of the exclusion situation referred to in articles 136 and 141 of the Financial Regulation
• form regarding the absence of conflicts of interest for staff members of the EU institutions or bodies, as well as experts involved in the selection process.

9. Time limit for keeping the data and, where possible, for erasure:

Files relating to tender procedures, including personal data, are kept in the service in charge of the procedure until it is finalised, and in the archives of the Budget and Finance Team for a period of 7 years following the signature of the contract. Extracts from the judicial records are kept for 2 years after the accomplishment of the relevant procedure.

Tenders from unsuccessful tenderers are kept for 5 years following the signature of the contract. Files are kept until the end of a possible audit if one started before the end of the above period. After the relevant detention periods expire, the files are deleted.

10. Recipients of the data:

The European Ombudsman, the Secretary General, the Director for Administration, members of the evaluation committee (if applicable); staff responsible for managing contracts within the relevant unit (Operational Initiating Agent, Heads of teams  concerned by the procurement procedure) staff responsible for managing tenders and contracts in the, Budget and Finance Team, the European Commission ABAC system’s operators.

11. Are there any transfers of personal data to third countries and/or to International Organisations?

Possible transfer- In this case, the contract signed between the Ombudsman and the successful tenderer provides for standard contractual clauses ensuring that personal data are processed in accordance with the rules binding on EU institutions.

12. General description of security measures:

Paper files are stored in locked cupboard by the responsible departments. The electronic files are stored on servers with access rights limited to the relevant staff members of the teams involved in the procedure (namely, the Budget and Finance Team and the team that will actually use the contract).

Evaluation Committee members have access to the files for the purpose of the evaluation and are informed that they should not keep copies after completion of the evaluation process.

Contractual clauses ensure that the contractor processes personal data of EO staff on the Ombudsman’s instructions only (data protection clauses added to the contract of services/furniture and to the General conditions of the contact).

13. Information on how data subjects can exercise their rights of access and rectification, and where applicable, of erasure, restriction and data portability:

You may ask us information concerning our processing of your personal data by e- mail to the functional mailbox (eoprocurement@ombudsman.europa.eu).

If we are processing your personal data, we will provide you with a copy of the data undergoing processing, also by e-mail, as quickly as possible.

Requests from data subjects will be dealt within one month.

You may also contact our Data Protection Officer any time:

dpo-euro-ombudsman@ombudsman.europa.eu.

If you wish to complain about the Ombudsman’s handling of your personal data, you may contact the European Data Protection Supervisor: www.edps.europa.eu

Privacy Statement relating to public procurement procedures

This privacy statement explains the reason for the processing, the way the European Ombudsman collects, handles and ensures protection of all personal data provided, how that information is used and what rights the data subjects may exercise in relation to their data.

The controller is the European Ombudsman. The joint controller is the European Commission (for ABAC, a financial and accounting application set up by the Commission to monitor the execution of its budget and to prepare its accounts).

1. What personal data will the European Ombudsman process?

In order to manage our procurement procedures, in line with the EU Financial Regulation, we have to process some personal data about you. A procurement procedure is a process that leads to the conclusion of a public contract, by which a public authority (in this case, the European Ombudsman) purchases a service, goods or works. Public contracts are provided for the institution in exchange for remuneration.

We will process the personal data of tenderers, contractors and candidates, of their staff or subcontractors, which may include contact and identification details, social and tax certificates, financial and bank details, declarations of honours or forms about conflicts of interest.

2. Why does the European Ombudsman process these personal data?

Personal data is collected and further processed for the purpose of the management and administration of procurement procedures by the European Ombudsman.

3. What are the legal bases and necessity for processing this data?

The legal basis for the processing operations on personal data is Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union^[1], in particular Articles 160-179.

The processing is necessary on the basis of Articles 5 1(a), (b) and c) of the Regulation (EU) 1725/2018.

4. Who is responsible for processing the data?

The European Ombudsman is responsible for processing the data. Data is processed more specifically by the Directorate for Administration- Finance and Budget team.

5. Who will be recipients of the data?

The European Ombudsman, the Secretary General, members of the evaluation committee (if applicable); staff responsible for managing contracts within the relevant unit; staff responsible for managing tenders and contracts in the Directorate for Administration- Finance and Budget team. Transfer of personal data are possible to third countries or to international organisations.

6. How long will the data be kept?

Files relating to tender procedures, including personal data, are retained in the service in charge of the procedure until it is finalised, and in the Directorate for Administration- Finance and Budget team for a period of 7 years following the signature of the contract. Extracts from the judicial records are kept for 2 years after the end of the relevant procedure.

However, tenders from unsuccessful tenderers are kept for 5 years following the signature of the contract.

7. How do we protect the data subject’s data?

Paper files are stored in locked cupboard by the responsible teams. The electronic files are stored on servers with access rights limited to the relevant staff members of the Units involved in the procedure (namely, the Directorate for Administration- Finance and Budget team and the team that will actually use the contract).

Evaluation Committee members have access to the files for the purpose of the evaluation and are informed that they should not keep copies after completion of the evaluation process.

Contractual clauses ensure that the contractor processes personal data of EO staff on the Ombudsman’s instructions only (data protection clauses added to the contract of services/furniture and to the General conditions of the contact).

In case of transfers of personal data to third countries or international organisations, the contract signed between the Ombudsman and the successful tenderer provides for standard contractual clauses ensuring that personal data are processed in accordance with the rules binding on EU institutions.

8. What are your rights and how can you exercise them?

You have a right to request access to your own personal data. You have also a right to request rectification of any incomplete or inaccurate data concerning you without delay. The right to rectify data can only apply to factual data processed within the relevant procurement procedure. This right can only be exercised up to the closing date for submission of tenders. However, inaccurate identification data may be rectified at any time during and after the procurement procedure by sending an e-mail to eoprocurement@ombudsman.europa.eu

The European Ombudsman will reply to your requests as soon as possible and within one month at the latest.

9. Who to contact in case of queries or complaints concerning data protection issues?

At any time, you may send data protection related questions concerning public procurements procedure to the European Ombudsman, at the following address: eoprocurement@ombudsman.europa.eu

European Ombudsman

1 avenue du Président Robert Schuman CS 30403

F-67001 Strasbourg Cedex

You also may contact the Data Protection Officer of the European Ombudsman at the following address: DPO-Euro-Ombudsman@ombudsman.europa.eu

You may lodge a complaint with the European Data Protection Supervisor at any time at: www.edps.europa.eu

 

[1] OJ L 193, 30.7.2018, p. 1–222.