PROTECTION OF YOUR PERSONAL DATA
Table of Contents
- Introduction
- Why do we process your data?
- Which data do we collect and process?
- How long do we keep your data?
- How do we protect your data?
- Who has access to your data and to whom is it disclosed?
- What are your rights and how can you exercise them?
- Contact information
- Where to find more detailed information
1. Introduction
This privacy statement explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).
The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes your personal data, Regulation (EC) N°45/2001[1], of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, is applicable.
ECC-Net aims to promote consumer confidence by advising citizens on their rights as consumers and providing easy access to redress, in cases where the consumer has purchased something in another country to his/her own (cross-border).
ECCs provide consumers with a wide range of services, from providing information on their rights to giving advice and assistance to their cross-border complaints and informing about the available resolution of disputes.
They also advise on out-of- court-settlement procedures (ADR) for consumers throughout Europe and provide consumers with easy and informed access to such procedures, when an agreement could not be reached directly with the trader and where an applicable ADR is available.
To enable ECC-Net to provide the above mentioned services to the citizens, an IT Tool, ECC-Net 2, is used to collect and handle complaints and the necessary data including your personal data. The IT tool is operated by the European Commission.
The collection and processing of the above personal data through ECC-Net 2 follows the provisions of Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by Community institutions and bodies and on the free movement of such data and more specifically article 5, Paragraph (a and b).
2. Why do we process your data?
Purpose of the processing operation: Head of Unit E.3: Consumer Enforcement and Redress, Directorate-General for Justice and Consumers, European Commission (referred to hereafter as Data Controller) collects and uses your personal information to assist the work of the European Consumer Centres.
The aim of the European Consumer Centres’ Network (ECC-Net) is to provide consumers with information and advice on their rights, and assist them with the handling of their cross-border complaints and disputes within the EU/EEA, so that consumers can take full advantage of the internal market.
In order to fulfil their role, ECC-Net 2 is used by the ECCs to process relevant data, insofar and as long as necessary, for one or more of the following purposes:
- to enable communication between the ECC and the consumer
- to facilitate the assessment of a request
- to attempt resolving complaints or disputes, whether directly with the trader complained about, or through an ADR entity
- to enable consumers to follow up the status of their requests
- to provide anonymised statistics, including on suspected infringements
Further information on ECC-Net can be found on https://ec.europa.eu/info/live-work-travel-eu/consumers/resolve-your-consumer-complaint/european-consumer-centres-network_en
ECC-Net 2 falls under the following legal basis / lawfulness:
- Regulation (EU) No 254/2014 of the European Parliament and of the Council of 26 February 2014 on a multi-annual consumer programme for years 2014-20 and repealing Decision No 1926/2006/EC and, more specifically, articles 2 and 3(1)(c) and (d) of this Regulation;
- Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market and, in particular, article 21;
- Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR) and, more specifically, article 14 of the Directive;
- Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 and, in particular, article 27(1);
- Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by Community institutions and bodies and on the free movement of such data;
- Having regard to article 5 of the aforesaid Regulation (EC) 45/2001, the data processing is considered lawful because it is necessary to meet the requirements of the legal instruments mentioned above, and to ensure compliance of the Commission with its legal obligations.
3. Which data do we collect and process?
We collect data about the following type of users:
- Consumers in the European Union, Norway, Iceland and the United Kingdom who approach ECCs for information and assistance (Consumers);
- Contact persons for the traders in the European Union, Norway, Iceland and the United Kingdom involved in consumer complaints or disputes (Trader representatives);
- Contact persons in ADR entities (ADR representatives).
The personal data collected and further processed are:
a) For Consumers:
(i) The data processed are:
- Name of the consumer/reporter;
- Address;
- Post code;
- Country of residence;
- Telephone;
- E-mail;
- Gender;
- Communication language;
- Summary/Description of the request
(ii) Further personal data upon explicit consent may be collected if necessary for handling the complaint such as bank details.
b) For Trader representatives:
Data from individual trader’s representatives is rarely store in the system but, when processed may include:
- Name of the trader’s representative;
- Professional address;
- Post code;
- Country;
- Professional Telephone;
- Professional email;
c) For ADR representatives:
Data from individual trader’s representatives is rarely store in the system but, when processed may include:
- Name of the ADR’s representative;
- Professional address;
- Post code;
- Country;
- Professional Telephone;
- Professional email;
Access data
As the website operator or page provider, we collect data on access to the website according to our legitimate interest and store it as "server log files" on the website server. The following data is stored in this way:
- Page visited
- Time of access
- Amount of data sent in bytes
- Source/reference from which you arrived at the page
- Browser used
- Operating system used
- IP address used
Server log files are stored for a maximum of 6 month and then deleted. The data is stored for security reasons, for example to clarify cases of misuse. If data has to be deleted for evidentiary reasons, it cannot be deleted until the incident has been definitively clarified.
4. How long do we keep your data?
Personal data of the consumers, traders’ and ADRs’ representatives shall be kept as long as a case remains open, and no longer than one year after it has been closed. This is to allow follow-up if there are new developments after the closure of the case. Once the retention period expires, the information is anonymised and only kept for statistical purposes.
5. How do we protect your data?
All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors; the operations of which abide by the European Commission’s decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission (C/2016/8998).
The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of Directive 95/46/CE
6. Who has access to your data and to whom is it disclosed?
To resolve your request it may subsequently be shared, with your express consent, with the ECC where the trader is based or, where appropriate, with relevant bodies such as an ADR entity or a National Enforcement Body (NEB).
Shared requests may result in contact with the trader. When such contact is made, your data may be shared too insofar as necessary to resolve the request.
Access to your data is provided to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
The authorised staff are the Case handlers in the European Consumer Centres and the European Commission staff charged with product or business management of ECC-Net 2.
Norway and Iceland are EEA/EFTA countries and members of the European Consumer Centres Network. Transfer between ECCs in the EU and the ECCs in Norway or Iceland is therefore considered an Article 8 transfer in the meaning of the Regulation No 45/2001.
7. What are your rights and how can you exercise them?
According to Regulation (EC) n°45/2001, you are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the European Consumer Centre with which you have been in contact or the data controller, or in case of conflict the Data Protection Officer of the Commission and if necessary the European Data Protection Supervisor using the contact information given at point 8 below.
8. Contact information
If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the European Consumer Centre with which you have been in contact or the Data Controller using the following contact information:
- European Consumer Centre Luxembourg
271 route d’Arlon
L- 1150 Luxembourg
Mail: info@cecluxembourg.lu
Telefon: +352 26 84 64 1
Fax: +352 26 84 57 61
- The Data Controller
Head of Unit E.3: Consumer Enforcement and Redress
Directorate-General for Justice and Consumers
European Commission
Mail: JUST-E3@ec.europa.eu
Telefax: +32 2 2989432
- The Data Protection Officer (DPO) of the Commission:
Mail: DATA-PROTECTION-OFFICER@ec.europa.eu
- The European Data Protection Supervisor (EDPS)
Mail: edps@edps.europa.eu.
9. Where to find more detailed information?
The Data Protection Officer of the Commission publishes the register of all operations processing personal data. You can access the register on the following link: http://ec.europa.eu/dpo-register
This specific processing has been notified to the DPO with the following reference: DPO-3984.1.
[1] Regulation (EC) N° 45/2001 (OJ L8 of 12/01/2001).
Google Analytics*
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.
You can refuse the use of Google Analytics by clicking on the following link. An opt-out cookie will be set on the computer, which prevents the future collection of your data when visiting this website:
Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or at https://www.google.de/intl/en_uk/policies/. Please note that on this website, Google Analytics code is supplemented by “anonymizeIp” to ensure an anonymized collection of IP addresses (so called IP-masking).
(*Source: www.datenschutzbeauftragter-info.de)
European Consumer Centre Luxembourg
References and links
The European Consumer Centre has included links and references to other sites on the Internet on its website. The following applies to all these links and references: the European Consumer Centre has no influence whatsoever on the current and future design, content or authorship of the linked pages. Therefore, the European Consumer Centre hereby expressly distances itself from all contents of all linked/connected pages. Liability for illegal, incorrect or incomplete content and in particular for damages arising from the use or non-use of such information lies solely with the provider of the linked site and not with the European Consumer Centre, which merely refers to the respective publication via links.