Data protection privacy
In order to carry out its duties towards European citizens, we may collect personal information (“personal data”), which is gathered and treated in full compliance with Regulation (EU) 2018/1725, “the Regulation”.
What is the relevant legislation?
Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data was published in the Official Journal of the European Union on 21 November 2018 and entered into force on 11 December 2018.
Decision of the Bureau of the European Parliament of 17 June 2019 on the implementing rules relating to Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by the Union Institutions, Bodies, Offices and Agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
What does personal data mean?
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
The websites of the European Parliament collect a few personal data. Some are mandatory, due to the technologies behind the Internet, some are necessary for the proper functioning of our websites, some are shared voluntary by you via our consent banner or dedicated forms. Only a few pages invite you to enter personal data in order to deliver specific services or to answer dedicated requests. In such cases a dedicated privacy statement always informs you about, inter alia, the purpose of processing your personal data, the legal base, the categories of data collected, and foremost about your rights and whom to contact in case you wish to exercise these rights. For example, the page Citizens' Enquiries Unit (Ask EP) includes a contact tab, which activates an on-line form. On that form, you are asked, at the minimum, to indicate (compulsory fields) your surname, forename, country of residence and email address, as well as, possibly, your gender, address, age, profession and nationality. Once sent, the form is forwarded by email to the appropriate department so that it can meet your needs in the best possible way.
The European Parliament ensures data gathered is processed solely for intended and clearly stated purposes, and not reused for any other aim.
We disclose personal information to third parties only when it is necessary for the purposes specified and only to the categories of the recipients identified. We do not divulge any personal data for direct marketing purposes and undertake to take appropriate security measures to safeguard these data from misuse by third parties.
The websites of the European Parliament may provide links to other internet sites. Since the European Parliament has no control over such sites, we suggest you to review their own privacy policies.
All citizens have the right to obtain access to the personal data held by the European Parliament about them and to request its rectification or erasure, or restriction of processing or, where applicable, the right to object to processing or the right to data portability. Where the processing is based on their consent or explicit consent, they also have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You also have the right to lodge a complaint with the European Data Protection Supervisor (EDPS), which is the data protection authority for all the European Union institutions, bodies and agencies. One of its tasks is to handle complaints and conduct inquiries.
Data Protection Officer of the European Parliament (DPO)
The Data Protection Officer of the European Parliament is responsible for monitoring the application of the Regulation within the institution.
Any service of the European Parliament that uses information which identifies individuals is covered by this Regulation and is required to notify the European Parliament Data Protection Officer of any operation in which personal data is processed (gathering, consultation, forwarding, organisation, etc.).
These operations are described in dedicated records stored in the “Data Protection Register of Records of data processing operations in the European Parliament”, which is publicly available on internet. Any citizen may access and consult these records in the language in which the information was entered. Any person concerned may exercise the rights conferred by the Regulation based on the information contained in these records.
European Data Protection Supervisor (EDPS)
The European Data Protection Supervisor (EDPS) is the data protection authority for all the European Union institutions, bodies and agencies.
One of its tasks is to handle complaints and conduct inquiries. The Data Protection Supervisor will welcome and process your complaint.