Politica in materia di privacy
This privacy statement provides information about the processing and the protection of your personal data.
Information system of commercial designations of fishery and aquaculture products
Directorate-General for Maritime Affairs and Fisheries (DG MARE), Directorate A: Maritime Policy and Blue Economy, Unit A4 Economic Analysis, Markets and Impact Assessment
Introduction
The European Commission (hereafter ‘the Commission’) is committed to protect your personal data and to respect your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).
This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.
The information in relation to processing operation “Information system of commercial designations of fishery and aquaculture products” is presented below.
Why and how do we process your personal data?
Pursuant to Article 37 of Regulation (EU) No 1379/2013 of the European Parliament and of the Council of 11 December 2013 on the common organisation of the markets in fishery and aquaculture products, Member States shall draw up and publish a list of the commercial designations accepted in their territory, together with their scientific names. The Commission has set up an information system gathering all the commercial designations recognised in the EU and other useful information, such as scientific names, production methods and catch areas.
The website of the information system allows anyone who is interested to contact DG MARE Unit A.4 to:
- ask general questions on any topic relating to commercial designations and related issues;
- provide suggestions for improvement of the website; or
- report an error or bug.
In the framework of these contacts personal data are collected and processed in order to respond to the questions, suggestions or error/bug reports.
In addition, personal data are collected only for the purpose of web analytics in view of assessing and improving the relevant website. Personal data are not be used for automated decision making/profiling.
On what legal ground(s) do we process your personal data
Processing the above-mentioned personal data is necessary for the performance of a task carried out in the public interest in accordance with Article 5(1)(a) of Regulation (EU) 2018/1725, in particular Article 37 and 42 of Regulation (EU) No 1379/2013 on the common organisation of the markets in fishery and aquaculture products (OJ L 354, 28.12.2013, p. 1), Article 10 TEU and Article 15 TFEU.
Which personal data do we collect and further process?
In order to carry out the processing operation DG MARE A.4 collects the name, e-mail address, text of the query, and profile of the person (like consumer, academic, importer, public administration, etc.) filling out/sending the query. Providing the profile is optional. The data are saved on the mailbox of Unit MARE A.4. Access is limited to members of the unit who are working on commercial designations.
In the event that the contractor must process personal data, this may only be done under the supervision of the data controller, in particular with regard to the purposes of the processing, the categories of data that may be processed, the recipients of the data and the means by which the data subject may exercise its rights. The contractor must adopt appropriate technical and organisational security measures giving due regard to the risks inherent in the processing and to the nature of the personal data concerned in order to:
- prevent any unauthorised person from gaining access to
computer systems processing personal data, and especially:
- unauthorised reading, copying, alteration or removal of storage media;
- unauthorised data inputting, as well as any unauthorised disclosure, alteration or erasure of stored personal data;
- unauthorised use of data-processing systems by means of data transmission facilities;
- ensure that authorised users of a data-processing system can access only the personal data to which their access right refers;
- record which personal data have been communicated, when and to whom;
- ensure that personal data being processed on behalf of third parties can be processed only in the manner prescribed by the contracting authority;
- ensure that, during communication of personal data and transport of storage media, the data cannot be read, copied or erased without authorisation;
- design its organisational structure in such a way that it meets data protection requirements (Source: Arts II.9.4 to II.9.6 of the contract).
The contractor is involved in the following cases:
- when the members of DG MARE’s unit responsible for the information system and mailbox need specific information or clarifications from the contractor in order to answer a received question;
- when suggestions for improvement of the website are received;
- when an error or bug is reported.
In these cases, DG MARE’s unit members may, at their discretion and when deemed necessary, forward the request/message (including the personal data contained in it) to the contractor.
How long do we keep your personal data?
The Data Controller, i.e. DG MARE A.4, only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing, namely for at most 12 months after the final communication with the person who sent the query as specified in the relevant Record.
How do we protect and safeguard your personal data?
All personal data in electronic format (e-mails) are stored either on the servers of the European Commission or of its contractors. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.
The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of the General Data Protection Regulation in the EU Member States (‘GDPR’ Regulation (EU) 2016/679).
In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
Who has access to your personal data and to whom is it disclosed?
Access to your personal data is provided to the Commission staff responsible for carrying out this processing operation and to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
More specifically, access to data is limited to members of DG MARE A.4 who are working on commercial designations. They may collect the name, e-mail address, text of the query, and profile of the person (like consumer, academic, importer, public administration, etc.) filling out/sending the query. These data may be received by the contractor when DG MARE A.4 (the data controller) considers that it is required for an adequate treatment of the query.
The information we collect will not be given to any third party. The exact role of the contractor is explained in the section Which personal data do we collect and further process?
What are your rights and how can you exercise them?
You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, rectify or erase your personal data and the right to restrict the processing of your personal data. Where applicable, you also have the right to object to the processing or the right to data portability.
You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a).
You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given in the section below.
Contact information
The Data Controller
If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller, DG MARE/A.4: mare-commercial-designations@ec.europa.eu.
The Data Protection Officer (DPO) of the Commission
You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.
The European Data Protection Supervisor (EDPS)
You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.
Where to find more detailed information?
The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: https://ec.europa.eu/dpo-register.
This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-01189.1.
Documenti correlati
Condividi questa pagina