Specific privacy notice – EBA e-services

We process your personal data based on Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Union institutions and bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (hereinafter "the Regulation"). We provide you with the information that follows based on Articles 15 and 16 of the Regulation.

Who is the controller?

European Banking Authority represented by the Executive Director, Adam Farkas. For more information on the EBA please consult our website: https://eba.europa.eu.

What personal data do we process and who can access it?

Personal data we process

The EBA processes personal data provided to the EBA during the registration process for the e-service such as extranet, training activities, alerts, newsletters, consultation forms, and general inquiries forms.

1. Extranet

In order to register as a public users you will have to provide us with personal data (mandatory fields): name, email address, user type, organisation, country and you may provide us with further personal data that are included in optional fields: phone number and postal address.

In order to register as an extranet users you will have to provide as with personal data (mandatory fields): name, work domain, email address, organisation, position, country and phone number. You may provide us with further personal data that are included in optional fields: mobile phone and the postal address.

The same type of personal data is requested when you wish to subscribe for alerts and the newsletters. Regarding the alerts, the users can opt for "News & Press", "Consultations", "Careers", "Procurement" and "Final Q&As". The information is kept as long as the subscription exists. The users can unsubscribe.

2.Training (including online training)

For the purpose of trainings the EBA collects the following personal data: email, first name, last name, name of the organisation, and dietary preferences.

The online training team collects personal details of the participants (i.e. email address, phone number, organisation, professional role, previous experience with online courses, etc.) via a registration form hosted on the EBA extranet. Based on the information collected, accounts to the online learning management system are then created. Sometimes, participants are enabled to create their own accounts on the learning management system. Such details as their email address, name and organization are then requested.

3.Consultation forms

If you wish to participate in a specific consultation organised by the EBA you will be required to provide the following personal data: name of the organisation, email address, contact name and phone number. In addition, the user has to choose whether his/her comments shall be disclosed, by ticking "yes" or "no". All these fields are mandatory.

4.General inquiries forms

Should you wish to launch an inquiry with the EBA via the EBA inquiry form, you will need to provide us with your name and email address. The users have the possibility to choose the type of inquiry and to describe the inquiry. All requests are submitted to info[at]eba.europa.eu and dealt with having in mind The European Code of Good Administrative Behaviour published by the EU Ombudsman.

Who can access it?

1.Extranet

For the extranet, administrators with the ‘communications team' role and designated individuals representing our third party IT maintenance provider (European Dynamics) can access this information.

2.Training (including online training)

Only designated EBA staff who are in charge of the EBA training have direct access to your personal data. They may provide some of those data, as name, surname to the trainers and to the reception staff and staff members who are in charge of your registration once you arrive at the premises where the training takes place.

3.Consultation forms

The respective EBA policy experts working on the topic which is subject to the consultation will have access to some of your personal data, especially name and the legal entity or organisation you are working for.

4.General inquiries forms

The EBA Communications team is managing info[at]eba.europa.eu and has access to this data. They may provide some of your personal data to EBA staff members who will be contributing on the response to your inquiry.

For what purpose do we process your personal data?

1.Extranet

We process your personal data to link the created account to its specific user, in order to allow subscription to notifications, and to control and safeguard the access to information published on extranet.

2.Training (including online training)

We process your personal data for registration purposes, and should the training require testing, also for evaluating and communicating to you your test results.

3.Consultation forms

The input is used to finalise specific tasks entrusted with the EBA by Union law. Consultations are regarded as an important instrument that ensures that the EBA works in a transparent manner and engages with all relevant stakeholders who are providing their feedback as a part of our public hearings.

4.General inquiries forms

When flagging a problem or raising a question, the users identify themselves. The data is used only to respond your inquiries.

What is the legal basis for processing your personal data?

Your consent given during the registration process for the EBA's e-service [e.g. extranet] in compliance with Article 5(1)(d) of the Regulation. In compliance with Article 7(3) of the Regulation you may withdraw your consent at any time by contacting the DPO of the EBA (see section on contact details below).

 

Where did we get your personal data?

The personal data is provided by the user in all instances.

How long do we keep your personal data?

1.Extranet

The EBA keeps your personal data for as long as the account is active (i.e. until deletion of your account by the EBA). Your account is deleted following your request within a maximum of 3 working days.

2.Training (including online training)

We keep your personal data on the Extranet for as long as the training cycle lasts, maximum 1 year. However the registration form is kept by our Finance Unit for auditing purposes and will be destroyed after 7 years.

The Online training team collects and keeps the participants' personal details for the duration of the registration process (i.e. 5-6 weeks). Personal data (i.e. name, email address and organisation) are stored in the learning management system for as long as it is needed (i.e. as long as the account is active).

3.Consultation forms

The data is stored for10 years.

4.General inquiries forms

We keep the email with the requests for public records for as long as it is necessary in order to comply with the Principle of Good Administration.

What are your rights regarding your personal data?

You have the right of access to your personal data and to relevant information concerning how we use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. We will consider your request, take a decision and communicate it to you.

You can send your request to the EBA by post in a sealed envelope or via email (see section on contact details below).

You have the right to lodge a complaint.

If you have any remarks or complaints regarding the way we process your personal data, we invite you to contact the DPO of the EBA (see section on contact details below).

You have, in any case, the right to lodge a complaint with the EDPS as a supervisory authority: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en.

Contact details for enquiries regarding your personal data

Should you wish to contact the EBA, we encourage you to do so by email: info[at]eba.europa.eu by stating in the subject "Data Protection enquiry".

If you wish to contact the DPO of the EBA personally, you can send an e-mail to dpo[at]eba.europa.eu or a letter to the postal address of the EBA marked for the attention of the DPO of the EBA.

The postal address of the EBA is: DEFENSE 4 – EUROPLAZA

20 Avenue André Prothin CS 30154

92927 Paris La Défense CEDEX

You can also find contact information on the EBA's website: https://eba.europa.eu/contacts.