When the EDPS processes your personal data

The EDPS, like other EU institutions, bodies, agencies and offices (EU institutions), may process your personal data (also known as personal information) for a number of reasons, from dealing with public requests for information, staff matters, visitor information to the handling of complaints, to name but a few.

All EU institutions, including the EDPS, are obliged to comply with the data protection law specifically applicable to them.

In this section of our website, you will find information on how the EDPS processes personal data, on your rights when the EDPS processes your personal data and on our Data Protection Officer (DPO) team.

The EDPS, as all the other EU institutions, must maintain a register  of records of activities under its responsibility involving processing (collection, storage, use etc.) of personal data.
The register has to be publicly accessible and must contain certain pieces of information explaining the purpose and conditions of the processing operations.

You can consult the register to understand how the EDPS processes personal data in the course of its activities.

For more information about how your personal data might be used when you visit this website, read our website data protection notice page. For more information about our use of cookies please go to our cookies page.

Your rights when we process your personal data

When your personal information is processed by the EDPS (or any EU institution), you have the right to know about it.

You have the right to access the information and have it rectified without undue delay if it is inaccurate or incomplete.

Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. Where applicable, you have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time, and the right to data portability. We will consider your request, take a decision and communicate it to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary.

You can request that we communicate, as possible, any changes to your personal data to other parties to whom your data have been disclosed.

You have also the right not to be subject to automated decisions (made solely by machines) affecting you, as defined by law.

You have, in any case, the right to have recourse to the EDPS as a supervisory authority.

You rights on your personal data are stated in Articles 17 to 24 of Regulation (EU) 2018/1725.

Please note that in some cases restrictions under Article 25 of the Regulation may apply.


How to exercise your data protection rights at the EDPS

If the EDPS is processing your personal data and you would like to exercise your data protection rights, please send us a written enquiry.

In principle, we cannot accept verbal enquiries (telephone or face-to-face) as we may not be able to deal with your request immediately without first analysing it and reliably identifying you.

You can send your request to the EDPS by post in a sealed envelope or use our contact form

Your request should contain a detailed, accurate description of the personal data you want access to. 

Where there are reasonable doubts regarding your identity, you might be asked to provide a copy of an identification document as a means to authenticate your identity. Should you provide a copy of your ID card or passport or any other document, personal details such as your name and address should be visible. Data such as photo and personal characteristics can be blacked out on the copy.

Our use of the information on your identification document is strictly limited: we will only use the data to verify your identity and will not store them for longer than needed for this purpose.