The Agency processes personal data collected according to the provisions of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.
ACER only processes personal data for the performance of tasks carried out in the public interest in accordance with European Union law or whilst legitimately exercising the official authority vested to the Agency. Furthermore, the processing of personal data is lawful as a part of a legal or contractual obligation or when the data subject concerned has given his or her unambiguous consent.
The Agency will not process personal data for marketing or commercial purposes.
The Agency's supervisory authority, in terms of processing personal data, is the European Data Protection Supervisor (EDPS). The EDPS is responsible for the monitoring of European Union institutions, agencies and bodies and their compliance with data protection rules, ensuring that the rights to privacy and data protection are respected.
The Agency appointed a Data Protection Officer (DPO) to ensure, in an independent manner, the internal application of data protection requirements.
The DPO's main functions are to:
ACER has the legal obligation to keep a register of all personal data processing operations which have been notified to the Data Protection Officer (DPO). The register aims at ensuring transparency to the public and it is accessible to any interested person. The register contains the following information:
For further information regarding processing operations at ACER, please contact the DPO.
ACER processes any individual's personal data in compliance with the Regulation (EC) No 1725/2018.
The data privacy notices (DPN) describe the Agency's policies and practices regarding collection and use of personal data on different operations: