Gäller ditt klagomål en EU-institution eller ett EU-organ?
- EN English
Financial transactions in the European Ombudsman’s Office (ABAC)
Dataskyddsombudets dokumentation - Datum Måndag | 12 oktober 2020
1. Last update of this record: 12/04/2024
2. Reference number: 18/2020
Ares registration number: Ares(2024)4403751
3. Name and contact details of the controller: European Ombudsman, 1 avenue du President Robert Schuman, CS 30403, 67001 Strasbourg Cedex
Contact of the responsible department:
Directorate for Administration- Finance and budget team-
e-mail: EOinvoice@ombudsman.europa.eu
4. Contact details of the Data Protection Officer:
Dpo-Euro-Ombudsman@ombudsman.europa.eu
5. Name and contact details of the processor: N/A
6. Name and contact details of the joint controller(s):
European Commission (EC)
- DG “BUDGET” which manages ABAC, the accounting system set up by the EC and used by the EO to monitor the execution of its budget and to prepare its accounts and
- DG “DIGIT” which implements and maintains ABAC.
Contact: DIGIT-SYSPER2@ec.europa.eu
7. Purpose(s) of the processing: The purpose of this process is to monitor the execution of the EO budget and to prepare its accounts.
Short description: All transactions are supported by ABAC.
The financial transactions are composed of:
- budgetary commitments: the transaction by which the EO earmarks funds to cover one or more future expense and recorded in ABAC;
- payments that consist in transferring a financial amount to an external provider (ex: tenderers) or a staff member’s bank account;
- transfers between budget lines (if applicable).
8. Description of the categories of data subjects and of the categories of personal data:
- Categories of data subjects: every individual/contractor who receives a payment from the EO: staff members from the EO Office (officials, temporary and contract agents, seconded national experts and trainees); external suppliers, tenderers.
- Data categories: All data is kept in ABAC
- Name, first name;
- Gender, nationality, title, function;
- Contact information (e-mail address, business telephone number, mobile telephone number, postal address, company and department, country of residence, internet address);
- Bank account reference (IBAN and BIC codes),
- VAT number;
- National insurance number;
- ID card/Passport number and personal number;
- Place and date of birth
- Other personal data contained in CVs (expertise, technical skills and languages professional experience including details on current and past employment).
9. Time limit for keeping the data and, where possible, for erasure:
Files relating to financial transactions are to be retained in the archives for a period of 5 years following the discharge of the financial exercise. The discharge of the financial exercise is generally signified 2 years after the financial year, for a total of 7 years for holding the personal data;
- Until the end of a possible audit if it started before the end of the above period.
Once the legal deadline has expired, the files are deleted
10. Recipients of the data
The EO and the Secretary General (if applicable) / Directorate for Administration- as authorising Officers, the Head of Finance and Budget team and the staff members dealing with ABAC (operational initiating agents and ex-ante controllers), Heads of teams concerned by the financial procedure, the ABAC system’s operators at the EC.
11. Are there any transfers of personal data to third countries and/or to International Organisations?: N/A
12. General description of security measures:
Data are stored in the EC data centre in Luxembourg and are therefore protected by a number of measures introduced by the DG DIGIT to protect the integrity and confidentiality of the EC electronic products. Access to personal data is protected by means of access rights, which are strictly limited in accordance with the "need to know" principle and are based on the duties entrusted to access holders.
Paper files are kept in locked cupboards in the offices of the staff members from the Finance sector. Electronic files are stored in a specific folder on the file system and only accessible to the Director for Administration and the Head of the Budget and Finances Team.
13. Information on how data subjects can exercise their rights of access and rectification, and where applicable, of erasure, restriction and data portability:
Data subjects have the right to access their personal data and to rectify them in case their personal data are inaccurate or incomplete. Where applicable, they have the right to erase their personal data and to restrict the processing of their personal data. They have the right to object to the processing of their personal data, which is lawfully carried out pursuant to Article 5(1)(a) on grounds relating to their particular situation. They may ask the EO information concerning the processing of their personal data by e-mail (EOinvoice@ombudsman.europa.eu). Requests from data subjects will be dealt within one month. They may also contact the Data Protection Officer any time: dpo-eo-ombudsman@ombudsman.europa.eu.
If they wish to complain about the Ombudsman’s handling of their personal data, they may contact the European Data Protection Supervisor: www.edps.europa.eu]
Privacy Statement relating to the financial transactions in the European Ombudsman’s Office
This privacy statement explains the reason for the processing, the way the European Ombudsman (EO) collects, handles and ensures protection of all personal data provided, how that information is used and what rights the data subjects may exercise in relation to their data.
The controller is the EO. The joint controller is the European Commission (EC)- Directorate General (DG) “BUDGET” which manages ABAC, the accounting system set up by the EC and used by the EO to monitor the execution of its budget and to prepare its accounts; and DG “DIGIT” which implements and maintains ABAC.
1. What personal data will the EO process?
We process the following personal data of every individual/contractor who receives a payment from the EO: staff members from the EO Office (officials, temporary and contract agents, seconded national experts and trainees); external suppliers, tenderers:
• Name, first name;
• Gender, nationality, title, function;
• Contact information (e-mail address, business telephone number, mobile telephone number, postal address, company and department, country of residence, internet address);
• Bank account reference (IBAN and BIC codes),
• VAT number;
• National insurance number;
• ID card/Passport number and personal number;
• Place and date of birth.
• Other personal data contained in CVs (expertise, technical skills and languages professional experience including details on current and past employment).
2. Why does the EO process this personal data?
The purpose of this process is to monitor the execution of the EO budget and to prepare its accounts.
3. What are the legal bases and necessity for processing this data?
The processing of the data is based on the Financial Regulation and its implementing rules.
Processing is necessary for the performance of a task carried out in the public interest, for compliance with a legal obligation to which the controller is subject and for the performance of a contract to which the data subject is party in order to take steps at the request of the data subject prior to entering into a contract (article 5(1) a, b and c of Regulation 2018/1725).
4. Who is responsible for processing the data?
Data is processed by the Directorate of Administration- - Finance and Budget team.
5. Who will be recipients of the data?
The EO, the Secretary General, the Director for Administration, the Head of Finance and Budget team and the staff members dealing with ABAC (operational initiating agents and ex-ante controllers), Heads of teams concerned by the financial procedure and the ABAC system’s operators at the EC.
6. How long will the data be kept?
Files relating to financial transactions are to be retained in the archives
- for a period of 5 years following the discharge of the financial exercise. The discharge of the financial exercise is generally signified 2 years after the financial year, for a total of 7 years for holding the personal data;
- until the end of a possible audit if it started before the end of the above period.
Once the legal deadline has expired, the files are deleted.
7. How do we protect your data?
Data are stored in the EC data centre in Luxembourg and are therefore protected by a number of measures introduced by the DG DIGIT to protect the integrity and confidentiality of the EC electronic products. Access to personal data is protected by means of access rights, which are strictly limited in accordance with the "need to know" principle and are based on the duties entrusted to access holders.
Paper files are kept in locked cupboards in the offices of the staff members of the Finance sector. Electronic files are stored in a specific folder on the file system and only accessible to the Director for Administration and the Head of the Budget and Finances Team.
8. What are your rights and how can you exercise them?
You have the right of access to your own personal data and to relevant information concerning how the EO uses it.
You have also a right to request rectification of any incomplete or inaccurate data concerning you. You can rectify identification data at any time. You have a right to object to the use of your data by the EO on grounds relating to your particular situation, at any time. Under certain conditions, you have the right to ask that the EO deletes your personal data or restrict its use.
The EO will reply to your requests as soon as possible and within one month at the latest.
9. Who to contact in case of queries or complaints concerning data protection issues?
At any time, you may send data protection related questions concerning the management of financial transactions at the EO, at the following address:
European Ombudsman
1 avenue du Président Robert Schuman
CS 30403
F-67001 Strasbourg Cedex
You also may contact the Data Protection Officer of the EO office at the following address: DPO-Euro-Ombudsman@ombudsman.europa.eu
You may lodge a complaint with the European Data Protection Supervisor at any time at the following address: EDPS@edps.europa.eu