Privacy statement – access to documents - European Commission
Skip to main content
European Commission logo
enen

Privacy statement – access to documents

1. Introduction

The European Commission is committed to protect your personal data and to respect your privacy. The European Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

This privacy statement concerns the processing of personal data by the European Commission when handling initial and confirmatory requests for access to documents lodged under Regulation (EC) No 1049/2001 and the Detailed Rules for the application of Regulation (EC) No 1049/2001, annexed to the Commission Decision (EU) 2024/3080 of 4 December 2024 establishing the Rules of Procedure of the Commission and amending Decision C(2000) 3614 (available at http://data.europa.eu/eli/dec/2024/3080/oj) (hereafter ‘Detailed Rules for the application of Regulation 1049/2001’), undertaken by the unit ‘Transparency, Document Management & Access to Documents’ in the Secretariat-General (corporate Data Controller on behalf of the European Commission) and by the units responsible for dealing with initial requests for access to documents in the competent Commission department or service (de facto Data Controller on behalf of the European Commission).

2. Why and how do we process your personal data?

The European Commission collects and uses your personal data in order to handle  requests for access to documents lodged under Regulation (EC) No 1049/2001 within the prescribed legal deadlines and to establish an annual statistical report as required by Article 17(1) of the latter regulation. 

Pursuant to Article 2(1) of Regulation (EC) No 1049/2001, ‘any citizen of the Union, and any natural or legal person residing or having its registered office in a Member State has a right of access to documents’. This right is further reaffirmed in Article 1 of the Detailed Rules for the application of Regulation 1049/2001 [1]. In order to determine your eligibility under Regulation (EC) No 1049/2001 and to handle your request for access to documents, we require certain personal data to be provided. Furthermore, certain processing of personal data contained in the documents to be disclosed is necessary to provide public access to a register of documents, as required by Article 11 of the latter regulation. 

The personal data may be processed for the purpose of following up on an inquiry by the European Ombudsman, the European Court of Auditors or in case of EU Court of Justice court proceedings.

Your personal data will not be used for an automated decision-making including profiling.

You can submit your requests for access to documents of the European Commission in two ways, which will have an impact on the way we process your personal data.

2.1. Submitting the requests via the online portal  

The European Commission Request a Commission document’ online portal (hereafter: ‘the portal’) allows you to submit requests for access to documents of the European Commission under Regulation (EC) No 1049/2001.

In order to submit a request via this portal, it is necessary to have an ‘EU Login’ account, which is an authentication service for a wide range of European Commission information systems and services. 

If the applicant already has an EU login account, they can log in with existing credentials. If the applicant does not have an EU login account, they will be prompted to create it when clicking on ‘Submit a request’ or ‘Create an account’ button on the home page of the portal.

When creating the EU login account the applicant indicates their name, surname and e-mail address. The applicant manages name and surname via the EU login account. For further information on the processing of your personal data specific to ‘EU Login’, please refer to the privacy notice of ‘EU Login’ and its record of processing (reference number in the  DPO public register: DPR-EC-03187). Identity and Access Management Service (IAMS), with reference number in the DPO public register DPR-EC-08606, provides EU Login with the necessary information to create EU Login accounts.

When the user logs in with their EU login account on the portal for the first time, the portal automatically creates a linked account (hereafter: ‘access-to-document account’). The access-to-document account reuses the name, surname and e-mail address from EU login account but allows the applicant to add and manage additional personal data such as the profile of the applicant, phone number, postal address, EU country of nationality, legal representative and organisation.  The applicant manages these data via the access-to-document account management space (available when clicking on the ‘Logged in’ button on the top of any page on the portal). Modifications made in the EU Login account concerning name and surname are automatically reflected on the access-to-document account.

2.1.1. Submitting initial requests via the portal

When submitting the first initial request via the portal, in addition to name, surname, and e-mail address (linked to the EU login account), the applicant is requested to indicate his/her EU country of nationality and postal address, unless they already specified them in their access-to-document account. 

The applicant is also requested to check the correctness of all his personal data and rectify it if needed before submitting a new initial request.

The postal address and EU country of nationality are now required for all initial requests submitted via the portal to ensure compliance with legal obligations, including correct application of the Data Protection Regulation (EU) 2018/1725 (‘EU DPR’). 

Moreover, in line with Article 1 of the Detailed Rules for the application of Regulation 1049/2001, the postal address and EU country of nationality are required for all applicants when submitting a request for access to documents, regardless of the mode of submission in order to demonstrate their eligibility under Regulation (EC) No 1049/2001.

Under these Detailed Rules for the application of Regulation 1049/2001, only citizens of the Union and natural or legal persons residing or having their registered office in a Member State enjoy a right of access to Commission documents, therefore the provision of EU country of nationality and postal address are compulsory for all applicants. 

The Commission does not start handling the initial request until the postal address and EU country of nationality are provided.

The Commission may request proof of EU country of nationality or residence in order to verify the eligibility under Regulation (EC) No 1049/2001.

Replies to initial requests are sent electronically via the portal (accessible under ‘Reply to initial request’ tab).

2.1.2. Submitting confirmatory requests for initial requests submitted via the online portal

The applicant can ask for a review of the Commission reply to the initial request by submitting a confirmatory request for access to documents, in accordance with Article 7(2) of Regulation (EC) No 1049/2001, either:

a) via the ‘Ask for a review’ button on the relevant request page on the portal; 

b) via e-mail or mail. E-mail and postal address to which the applicant can send a confirmatory request are indicated in the Commission reply to the initial request.

Replies to confirmatory requests are sent electronically via the portal (under the tab ‘Reply to confirmatory request’).

If the applicant explicitly requests that they do not wish to receive the reply to the confirmatory request via the portal but only via other means, the Commission will send the reply in a manner that guarantees legal certainty as of the date of notification of the reply (e.g. by post or by e-mail).

2.2. Submitting the request via e-mail or mail

If the applicant submits the request via e-mail or mail they need to indicate their name, surname, EU country of nationality, e-mail address (only for requests sent via e-mail) and postal address.

In line with Article 1 of the Detailed Rules for the application of Regulation 1049/2001, the postal address and EU country of nationality are required for all applicants when submitting a request for access to documents, regardless of the mode of submission in order to demonstrate their eligibility under Regulation (EC) No 1049/2001, including correct application of the EU DPR. 

The Commission does not start handling the initial request until the postal address and EU country of nationality are provided.

The Commission may request proof of EU country of nationality or residence in order to verify the eligibility under Regulation (EC) No 1049/2001. 

Moreover, the postal request is required in order:

  1. Firstly, to obtain legal certainty as regards the date you received the Commission reply to your request which may include sending the reply via post or other means that provide the necessary legal guarantees regarding  the date of notification of the reply.
  2. Secondly, to know whether you are resident in the EU/EEA, and, if not, in which third country you are residing, so that data protection rules are correctly applied to any personal data that may be contained in documents to which you request access. The Data Protection Regulation (EU) 2018/1725 provides for different rules depending on whether the recipient of personal data is established in the EU/EEA or elsewhere. 
  3. Thirdly, to apply correctly Regulation (EC) No 1049/2001. Article 4(1)(b) of that Regulation refers to the protection of the privacy and integrity of the individual and has to be applied in line with the EU DPR;
  4. For security reasons, to ensure the authenticity and integrity of the request and the related correspondence, particularly where sensitive information or documents may be involved.

For requests submitted in this way, the Commission will send the reply to an initial request in a manner that guarantees legal certainty concerning the date of notification of the reply (e.g. by post or by email).

If the request was submitted via e-mail or mail, the applicant can submit the confirmatory request in accordance with Article 7(2) of Regulation (EC) No 1049/2001 via e-mail or mail. The e-mail and postal address to which the confirmatory request can be sent are indicated in the Commission reply to the initial request. 

The Commission will send the reply to a confirmatory request in a manner that guarantees legal certainty as of the date of notification of the reply (e.g. by post or by email).

The European Commission processes your personal data, because:

  • processing is necessary for the performance of a task carried out in the public interest (Article 5(1)(a) of Regulation (EU) 2018/1725); and
  • processing is necessary for compliance with a legal obligation to which the European Commission is subject (Article 5(1)(b) of Regulation (EU) 2018/1725).

The basis for the processing referred to in Article 5(1)(a) of Regulation (EU) 2018/1725 has been laid down in the following Union law: 

  • Article 15(3) of the Treaty on Functioning of the European Union;
  • Regulation (EC) n° 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145 of 31 May 2001, p. 43); 
  • Detailed Rules for the application of Regulation (EC) No 1049/2001.

In particular, the processing of the requested personal data is necessary for the handling of the access to documents request and to notify the reply to you. 

The processing of your personal data is also necessary for compliance with the legal obligations set out in Article 9(3) and Article 9(5) of the Detailed Rules for the application of Regulation (EC) No 1049/2001.

According to Article 9(3) of the Detailed Rules for the application of Regulation (EC) No 1049/2001, postal address and country of residence are required in order to verify your eligibility under Regulation 1049/2001. Only citizens of the EU or natural and legal persons residing or having their registered offices in a Member State are eligible under the Regulation. 

According to Article 9(5) of the Detailed Rules for the application of Regulation (EC) No 1049/2001, replies and decisions to applications submitted outside of the EASE Portal shall be sent by e-mail, with the exception of certain cases. 
cases. The processing of personal data is necessary to reply to such requests.

Furthermore, the processing of non-compulsory personal data you provide in your request for access to documents (see section 4 below) or in the portal is based on your consent in accordance with Article 5(1)(d) of Regulation (EU) 2018/1725. By providing this non-compulsory personal data in writing on a voluntary basis, the Commission considers that you are consenting to its processing in compliance with Regulation (EU) 2018/1725.

You can rectify or delete the optional personal data you have provided on your EASE account at any time. 

4. Which personal data do we collect and process?

The personal data collected and further processed are:

a) Personal data provided by the applicant when submitting the request:

i. Mandatory personal data:

- name and surname

- e-mail (for requests submitted via portal or e-mail)

- EU country of nationality (required for all requests in line with the Detailed Rules for the application of Regulation 1049/2001)

- postal address (required for all requests in line with the Detailed Rules for the application of Regulation 1049/2001 to ensure legal compliance, security and the correct application of relevant regulations)

ii. Optional personal data: phone number, organisation, legal representative, profile of the applicant.

b) Personal data of the applicant and of other individuals contained in the request, as well as in any other correspondence exchanged between the applicant and Commission (reply to the request, deadline extension letter, clarification request etc.)

c) Personal data contained in the documents requested if released under Regulation (EC) No 1049/2001

d) contact data of third-party representatives for third-party consultations

e) When there are reasonable doubts concerning the identity of the natural person making the request or his/her eligibility under Regulation (EC) No 1049/2001, the European Commission may ask the applicant to provide a copy of an identification or other relevant document (for example, a passport or identity card) in order to verify his/her identity or his/her eligibility under Regulation (EC) No 1049/2001, in the following exceptional circumstances:

  • where the documents concerned by the request contain the applicant’s own personal data and the applicant is granted individual access to such documents;
  • where there are legitimate reasons to consider that the right to access stemming from Regulation (EC) No 1049/2001 is being abused by that particular applicant.

The identification document or other relevant document proving applicant’s eligibility under Regulation (EC) No 1049/2001 should contain the applicant’s name and where relevant, information on EU country of nationality and his/her postal address (required for verification and security purposes), while any other data such as a photograph or any personal characteristics may be blacked out.

The proof of identity or of applicant’s eligibility under Regulation (EC) No 1049/2001 is deleted promptly after verification is completed.

5. How long do we keep your personal data?

The European Commission only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing, as set out below.

5.1. Personal data contained in documents, files and related metadata stored in HAN

All documents/correspondence (hereafter ‘documents’) exchanged between the Commission and the applicant, independently of the manner in which the applicant submits the requests, is registered in the Commission’s corporate document management system Hermes-Ares-NomCom (herafter ‘HAN’). This includes, for example, the initial request, acknowledgment of receipt, deadline extension letter, Commission reply to the initial request or closing letter, confirmatory request etc. HAN stores:

  1. Documents (including personal data). Documents related to the same case are grouped in the same folder called a ‘file’;
  2. Mandatory metadata accompanying documents and files (such as the author, addressee, title of the document/correspondence etc). 

5.1.1. Documents and files and the personal data contained in them 

As mentioned above, files are folders grouping documents related to the same case. The ‘administrative retention period’ is the period during which the European Commission departments are required to keep a file depending on its usefulness for administrative purposes and the relevant statutory and legal obligations. This period begins to run from the time when the file is closed.

At the initial stage, a file is considered closed when the Commission sends the reply to the initial request or a closing letter to the applicant, unless: 

  • The applicant has submitted a confirmatory application within 15 working days after the notification of the reply to the initial request (in such case, see confirmatory stage below);
  • The applicant has submitted a complaint with the European Ombudsman. In that case:
    • If the Ombudsman’s enquiry confirmed the Commission reply to the initial request and no follow-up is needed: the initial file is closed as of the date of the adoption of the Ombudsman’s decision;
    • If the Ombudsman’s enquiry found a maladministration: the initial file is closed as of the date when the Commission completed the follow-up requested by the Ombudsman.

At the confirmatory stage, a file is considered closed when the Commission sends the reply to the confirmatory request or a closing letter to the applicant, unless the applicant brought an action for annulment before the EU Court of Justice or submitted a complaint with the Ombudsman. In that case, the confirmatory file is closed either when: 

  • the decision is not challenged by the EU Court or the European Ombudsman; or
  • the European Commission completes the follow-up requested by the EU Court in its judgment or the Ombudsman.

This ‘administrative retention period’ of five years for initial and confirmatory files is based on the retention policy for European Commission files, governed by the common Commission-level retention list for European Commission files SEC(2022)400. It is a regulatory document in the form of a retention schedule that establishes the retention periods for different types of European Commission files. That list has been notified to the European Data Protection Supervisor.

The personal data in the case file of a request for access to documents is also kept for five years from the closure of the access to documents file since this period is necessary and proportional to the needs of the institution, namely for the purpose of following up on an inquiry by the European Ombudsman, the European Court of Auditors or in case of EU Court of Justice court proceedings. The five-year retention period enables subsequent requests sent by the same person to be handled efficiently. For example, applicants can and have come back to reference past cases which they submitted, and it is necessary for the institution to be able to keep their personal data for such a period of time to be able to identify and handle those cases.

After the five-years retention period expires, the initial and confirmatory files, as well as the personal data contained in them, are transferred to the Historical Archives of the European Commission for historical purposes. For further information regarding the processing for the European Commission’s Historical Archives, please refer to the processing operation 'Management and long-term preservation of the European Commission's Archives’ (registered in the public DPO register under reference number DPR-EC-00837). 

5.1.2. Metadata accompanying documents and files

Personal data in mandatory metadata in relation to any document stored in HAN are kept indefinitely. For further information on processing specific to the Commission’s document management system please refer to the processing operation ‘Management and (short- and medium-term) preservation of Commission documents` (reference number in the public DPO register: DPR-EC-00536).

5.2. Applicant’s personal data in the EU login account and access-to-document account

The EU login account and access to document account (see section 2.1.) stay active unless deleted by the applicant. In order to see what happens when you delete your account, see section 8.2.

5.3. Applicant’s personal data in the EASE IT System

IT system ‘Electronic Access to European Commission Documents’ (hereafter ‘EASE’) is used for handling requests for access to Commission documents. Apart from the case-related information (e.g. deadline, language of request etc.), it also stores applicant’s personal data such as name, surname, e-mail address, postal address, EU country of nationality, phone number, legal representative, organisation and profile. Depending on the manner in which the applicant submits the requests, different personal data of the applicant are provided and stored (see section 2 and 4 for more details).

Your personal data from the EASE system are deleted once the five-year retention period expires, and the file, as well as the personal data contained in it, is transferred to the Historical Archives (see section 5.1.1.). If the applicant has multiple files linked to their profile (e.g. if they use portal account to submit multiple requests), the applicant’s personal data from the EASE IT system are deleted as of the expiry of the five-year retention period of the file with the latest closing date. 

The retention period of five years of the applicant’s personal data stored in EASE IT system is necessary and proportional to the needs of the institution, namely for the purpose of following up on an inquiry by the European Ombudsman, the European Court of Auditors or in case of EU Court of Justice court proceedings. Furthermore, the five-year retention period of the applicant’s personal data enables subsequent requests sent by the same person to be handled efficiently. For example, applicants can and have come back to reference past cases which they submitted, and it is necessary for the institution to be able to keep their personal data for such a period of time to be able to identify and handle those cases.

5.4. Applicant’s personal data in the identification documents and other documents proving applicant’s eligibility under Regulation (EC) No 1049/2001

The use of information contained in an identification document of an applicant or other relevant document proving applicant’s eligibility under Regulation (EC) No 1049/2001(see section 4 above) is strictly limited: the data will only be used to verify the identity and/or eligibility of the applicant under Regulation (EC) No 1049/2001 and will not be stored for longer than necessary for this purpose.   

6. How do we protect your personal data?

All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors. Their operations abide by the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

The European Commission’s contractors are bound by a specific contractual clause for any processing operations of your personal data on behalf of the European Commission, and by the confidentiality obligations deriving from  the General Data Protection Regulation.

In order to protect your personal data, the European Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

7. Who has access to your personal data and to whom are they disclosed?

Access to your personal data is provided to the Commission staff responsible for carrying out this processing operation and to authorised staff according to the ‘need to know’ principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

Personal data that appear in the documents requested may be disclosed to the public following an assessment under Regulation (EC) No 1049/2001, read in conjunction with Article 9 of Regulation (EU) 2018/1725. If you reside outside the EU and the European Commission grants you access to documents, personal data included in these documents will only be disclosed to you if such transfer fulfils the conditions of Chapter V of the Regulation (EU) 2018/1725 on transfers of personal data to third countries or international organisations.

In addition to transmitting to the applicant the disclosed documents, the Commission also publishes them on the dedicated Request a Commission document’ online portal.

The personal information we collect on the applicants who request access to documents will not be given to any third party, except:

  • to the extent and for the purpose we may be required to do so by law; and
  • for the purpose of dispatching access-to-documents decisions of the European Commission by registered mail via the processor DHL International (established in Belgium) (for further information, see corresponding processing operation Traitement du courrier’ of the European Commission’s Office for Infrastructure and Logistics in Brussels, registered in the public DPO register under reference number DPR-EC-00884.

Pursuant to point (13) of Article 3 of Regulation (EU) 2018/1725, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The further processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Decisions of the European Commission pursuant to Regulation (EC) No 1049/2001 on confirmatory applications are adopted through Decide (the information system supporting the Commission decision-making process) and are made available on the European Commission’s (non-public) VISTA system. For information concerning the processing of personal data through the Decide and VISTA systems, please see the respective records of processing operations ‘DPR-EC-00107 Decide (information system supporting the Commission decision-making process’ and ‘DPR-EC-00914 VISTA system’. 

8. What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access your personal data and to rectify them in case your personal data are inaccurate or incomplete. Under certain conditions, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing of your personal data and the right to data portability. You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) on grounds relating to your particular situation.

Insofar the processing of your personal data is based on your consent (namely concerning non-mandatory personal data as described under sections 3 and 4 above) you can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under section 'Contact information' below.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified under section 10 ‘Where to find information that is more detailed’ below) in your request.

Your request as a data subject will be handled within one month. The period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

If you use the portal to submit requests (see section 2.1.) you have the following additional possibilities regarding your personal data:

8.1. Modifying personal data contained in accounts

In case you submitted a request via the portal account (see point 2.1), you can modify your personal data yourself at any time. As explained in section 2:

  • you can manage and edit your name and surname in the EU Login account;
  • you can manage your other personal data (postal address, EU country of nationality, phone number, organisation, legal representative, profile) in the ‘access-to-document’ account.

8.2. Deletion of accounts

If the applicant is using the portal to submit the request (see point 2.1), they have a possibility to delete their EU login or access-to-document account at any moment (see section 2.1. for more information about both accounts).

The applicant deletes the access-to-document account by clicking on ‘Delete my account’ button on the account management page on the portal.

The applicant deletes the EU login account on the EU login account management page. 

Deleting ‘access to document’ account does not automatically delete EU login account, which has to be done separately as this account can be used for a wide range of European Commission information systems. 

If you use EU Login for other information systems than access to documents, you should not delete your EU Login account as it will not only automatically delete the ‘access to document’ account but might also prevent you from further using other European Commission information systems.

Since the deletion of either of these two accounts entails the same consequences for applicant’s personal data processed under this processing operation, the following part refers only to ‘the account’, irrelevantly of which of these two accounts the applicant deletes. 

If the applicant deletes the account before the Commission has sent a reply to the request(s), the system will send a closing letter for all ongoing cases and the Commission will not send its reply to such request(s), in line with Terms and Conditions which the applicant accepts when submitting each initial request via the portal.

Concerning the applicant’s personal data contained in HAN (see section 5.1 above) and EASE IT system (see section 5.3 above), the following three scenarios are possible when the applicant deletes the account:

  1. The applicant deletes their account while no request has been submitted yet: 
    1. personal data are deleted from the EASE IT tool;
    2. Since no request has been submitted yet, there are no files (and therefore no personal data of the applicant) in HAN;
  2. The applicant has submitted one or more requests but has not received a  Commission reply to any request at the moment of the deletion of the account:
    1. personal data are deleted from the EASE IT tool;
    2. concerning the files and metadata stored in HAN, they continue to be handled in line with the Commission retention policy (as explained in section 5.1.) 
  3. The applicant has received the Commission reply to at least one of their requests at the moment of the deletion of the account: 
    1. personal data are not deleted from the EASE IT system. They are deleted after the expiry of the five years retention period of the corresponding file (as explained in section 5.3.); 
    2. concerning the files and metadata stored in HAN, they continue to be handled in line with the Commission retention policy (as explained in section 5.1.)

9. Contact information

  • The (corporate) Data Controller:

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the corporate Data Controller:

  • Secretariat-General
  • Unit C.1 – Transparency, Document Management & Access to Document
  • E-mail: Sg-acc-doc@ec.europa.eu
  • The Data Protection Officer (DPO) of the European Commission:

  You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

  • The European Data Protection Supervisor (EDPS):

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

10. Where to find information that is more detailed?

The Data Protection Officer of the European Commission publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register at the following link: https://ec.europa.eu/dpo-register/detail/DPR-EC-00793.6 . 

This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-00793.

[1] Commission Decision (EU) 2024/3080 of 4 December 2024 establishing the Rules of Procedure of the Commission and amending Decision C(2000) 3614  (OJ L, 2024/3080, 5.12.2024, ELI: http://data.europa.eu/eli/dec/2024/3080/oj).