Personal data protection is a fundamental right in the European Union. Personal data is everything that identifies an individual, including names, telephone numbers, email addresses, date of birth, photographs, and other identifying information.

The EEA is committed to processing your personal data lawfully and according to Regulation (EU) 2018/1725 regarding the processing of personal data by European Union institutions, bodies, offices and agencies and the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

In order to ensure that the objective to protect your personal data is met and that the Agency complies with the above regulation, the Agency has adopted in May 2017 a policy on data protection and privacy of personal data, which is designed to inform all staff members about their obligations to protect the privacy of all individuals and the security of their personal data and on the associated processes and behaviour to follow within the Agency. In accordance with the provisions in Article 45(3) of Regulation (EU) 2018/1725, the Agency has also adopted further implementing rules concerning the data protection officer.

How we process your data

The EEA only processes personal data to perform tasks in the public’s interest and does not process personal data for marketing or commercial purposes. More specifically and according to the above regulation, personal data are:

  • processed lawfully, fairly and in a transparent manner in relation to the data subject (principle of ‘lawfulness, fairness and transparency’);
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (principle of ‘purpose limitation’);
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (principle of ‘data minimisation’);
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (principle of ‘accuracy’);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (principle of ‘storage limitation’);
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures (principle of ‘integrity and confidentiality’).

Exercise your rights

As a user, you have the right to be informed about how your personal data is used and the right to access and correct your own data. In some cases, you also have the right to object to data processing on legitimate grounds.

More information