Data protection

Introduction

European Institute for Gender Equality (EIGE) is highly committed to best practices in protecting the personal data it collects and further processes. Data protection is a fundamental right, protected not only by national legislation, but also by European Law (for example, under Article 8(1) of the Charter of Fundamental Rights of the EU).

What is personal data?

A number of EIGE’s activities involve the collection and processing of personal data, for instance as part of the recruitment procedures, payment of salaries or reimbursements, contractual arrangements with suppliers, organisation of events, or dealing with public requests for information, amongst many more.

Processing of such personal data is done in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data. This regulation aims to protect the rights and freedoms of individuals, in particular their right to the protection of their personal data.

What is personal data?

Any information relating to an identified or identifiable person is considered to be a personal data (for a full definition see Article 3) of the Regulation (EU) 2018/1725). It is important to note that, where the ability to identify an individual depends partly on the data held and partly on other information (not necessarily data), the data held will still be “personal data”.

The categories of personal data are broadly drawn so that, for example, personal data are considered to be telephone numbers, addresses, financial information, photographs, satellite images, car registrations, ID numbers, e-mail addresses, health records, etc. Personal data can be contained in computer files (e.g. in databases, on the Internet or other closed networks) or in paper records.

What legal bases justify the processing of your personal data?

In most of the situations, EIGE processes your personal data for the performance of a task carried out in the public interest, for compliance with a legal obligation, or based on your consent. Other legal bases might apply, though. Detailed information on the legal basis is always provided in the applicable data protection notice.

Who has access to your personal data?

Access to personal data is, in principle, and unless otherwise stated, provided to authorised staff of EIGE who is responsible for carrying out the processing operation and according to the ‘need to know’ principle. Such staff abide by statutory confidentiality obligations. The Agency will not make personal data available to the public, unless the party concerned has given his or her express statement of consent.

How long do we keep your data?

For each processing operation there is a defined retention period that specifies the period for which your personal data are kept. Depending on the processing operation, the retention period can vary. The exact retention period is specified in the applicable data protection notice.

What are your rights?

Regulation (EU) 2018/1725 grants you, as data subject, the possibility to exercise the following rights:

to be informed of the processing operations (Articles 15 and 16);to access, rectify, erase the data (Articles 17-19);
to restrict the processing and to be notified regarding rectification or erasure of personal data or restrictions of processing (Articles 20-21);
to data portability (Article 22);
and to object an automated individual decision-making (Article 24).

The exercise of these rights is free. However, where requests are manifestly unfounded or excessive, EIGE may refuse to act on the request. Should this be the case, you will be informed accordingly.

To exercise any of these rights, please send your request by email or by post in a sealed envelope. See contacts below. You should make clear in your request what right(s) you are exercising.

You must also provide a copy of an identification document, for example an ID card or passport. The following data should be visible: name, identification number, country of issue, period of validity, and date of birth. Any other data (e.g., photo or signature) may be blacked out. We will use these data exclusively to verify your identity. Once your request has been dealt with, we will securely destroy the document. In principle, we will not accept any other means of evidence of your identity. Should you wish to propose alternatives, we will assess their adequacy on a case-by-case basis.

In addition to the above rights, you are also entitled to submit a complaint with the European Data Protection Supervisor in case you feel EIGE has infringed provisions of Regulation (EU) 2018/1725 when processing your personal data (Article 63). You will find more information on this on the EDPS website.

Finally, Regulation (EU) 2018/1725 still grants you the right to receive to an effective judicial remedy and to receive compensation for any infringement of this Regulation (Articles 64-65).

Investigations by the DPO

EIGE’s Data Protection Officer (DPO) may, at the request of any individual, investigate matters and occurrences directly relating to his/her tasks. Should you wish to avail of this opportunity, please send your request for an investigation to dpo@eige.europa.eu.

The DPO will send an acknowledgement of receipt within 15 working days and will verify whether the request falls under the DPO's responsibility and whether or not it shall be treated as confidential.

The DPO will report back to the person who commissioned the investigation no later than three months following receipt of the request, unless in the case of obvious misuse of this right, in which case no report will be done. This deadline may, however, be suspended until the DPO has obtained any information deemed necessary to conclude the investigation.

Processing of personal data within Access to Documents’ Requests

Personal data that appear in the documents requested may be disclosed to the public following an assessment under Regulation (EC) No 1049/2001, read in conjunction with Article 9 of Regulation (EU) 2018/1725. If you reside outside the EU and the European Commission grants you access to documents, personal data included in these documents will only be disclosed to you if such transfer fulfils the conditions of Chapter V of the Regulation (EU) 2018/1725 on international transfers of personal data. Data subjects have the right to be informed about the recipients of the data (if any), and whether the personal data is intended to be transferred to a third country or international organisation.

Who should you contact for more information about the processing of your personal data by the Institute?

If you feel that your personal data are being misused by EIGE, or their processing is otherwise not compliant with Regulation (EU) 2018/1725, please contact us so that we can take action. You can either use the contacts provided for in the specific data protection notices (below) or send your query / request to our postal address:

European Institute for Gender Equality
Gedimino pr. 16,
LT-01103 Vilnius,
Lithuania

Should you prefer, you may also contact the Institute's DPO at dpo@eige.europa.eu.

Data Protection Register

According to Article 31 of Regulation (EU) 2018/1725, EIGE has a legal obligation to keep a register of all personal data processing operations which have been notified to the Data Protection Officer (DPO). The register aims at ensuring transparency to the public and it is accessible to any interested person.

Processing records