You are here:
  1. Home
  2. Data protection

Data protection

Introduction

Data protection is a fundamental right, protected not only by national legislation, but also by European Union law. At FRA, we are responsible for the personal data that we collect and process.

The processing of an individual’s personal data carried out by the European Agency for Fundamental Rights (FRA) is performed in compliance with Regulation 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

What types of personal data do we collect?

The personal data that the Agency collects and processes relates to you as a natural person. The personal data collected can be classified into two types.

Mandatory personal data: This refers to the personal data necessary for the performance of the tasks carried out in the public interest that were conferred on the Agency or for compliance with a legal obligation to which the Agency is subject to. Some examples include your name, address, your CV when applying for a job or traineeship at the Agency, or when submitting a tender linked to a published procurement procedure.

Non-mandatory personal data: This refers to personal data processed based on consent only. Examples include your dietary and mobility requirements when attending an event organised by the Agency, your phone number, fax number or email address when you choose to make them publicly available. Additionally, your information might be processed when you choose to participate in the surveys undertaken by the Agency.

Access to these data will be restricted to authorised staff of the Agency, and we will request your consent to make them available to the general public.

Purpose of the processing

Whenever personal data is processed, it is essential that the data subject (the person whose personal data are collected, held or processed) knows for which purposes the data is being collected. According to Article 4 Paragraph a) of the Regulation, personal data "must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes."

Moreover, personal data must be adequate, relevant, and not excessive in relation to the purpose and kept for no longer than is necessary for the purposes for which they were collected.

In this regard, the Agency informs you through a privacy notice linked to the specific processing operation. A number of those privacy notices are listed below.

What are the legal bases for which we process your personal data?

The Agency collects and processes your personal data, primarily, in compliance with Article 5.1(a), (b) and (d) of the EU Data Protection Regulation 2018/1725:

  • for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body;
  • for compliance with a legal obligation to which the Agency is subject to.
  • the processing is based on consent.

In very specific circumstances, another legal basis based on Article 5 of Regulation 2018/1725 might apply.

The processing of personal data by the Agency is not only governed by the Regulation 2018/1725, but also by specific legal instruments, such as implementing rules, internal rules and information is provided to you via the means of a privacy notice.

Who has access to your personal data?

The general public has access to data in relation to information that is considered to be of public interest. Indeed, the Agency has a legal obligation to make such data public. Such examples can include the names of its Management Board members.

Access to your personal data is limited to the Agency’s staff. The Agency will not make personal data available to the public, unless the party concerned has given his or her express statement of consent. The consequence being that certain personal data provided by you as an applicant or as representative of an organisation, for which publication is not a legal obligation (e.g. phone, fax number or email address), may only be accessible to the public if consent is given and provided that the Agency’s IT systems can support it.

How long do we keep your data?

For each processing operation there is a defined retention period that specifies the period for which the personal data is kept. Depending on the processing operation the retention period can vary. For example, in the case of surveys the retention period might be a few months where in the case of financial transactions it can be up to 10 years. The exact retention period is specified in the privacy notice of the processing operation.

What measures do we have to protect and safeguard your information?

The Agency takes the protection of your personal data very seriously, and therefore applies adequate organisational, technical and security measures to protect it. Some examples of these measures are:

  • A username and password are required in order to access FRA’s IT systems;
  • Authentication and authorisation for the IT systems are based on roles and anonymous access at server level is not permitted;
  • The Agency’s datacenter is physically protected;
  • Network security is configured to prevent external threats from accessing the Agency’s infrastructure;
  • Confidentiality and data protection clauses are signed by service providers to ensure compliance with security rules and the data protection regulation.

What are your rights to manage your personal data?

As a data subject you have the right to access, rectify and, where processed on the basis of your consent, transfer your data to another controller at any time. You may also request the erasure of your data under certain conditions. Moreover, you also have the right to object to and restrict certain processing of your data.

We will review your requests and grant your rights provided that certain conditions are met. You also have the right to recourse to the European Data Protection Supervisor.

For more information please read the specific privacy notice that specifies in detail your data protection rights and how to exercise them.

How to contact us?

You can contact us for any aspect regarding your personal data, by sending a written request to the FRA as the data controller responsible for your information, or to the FRA Data Protection Officer as follows:

By post:
Robert Jan Uhl,
Data Protection Officer,
FRA,
Schwarzenbergplatz 11,
AT-1040 Vienna,
Austria.

By e-mail:
dpo@fra.europa.eu

If you feel your request was not responded adequately by the data controller and/or the DPO, you can lodge a complaint with the European Data Protection Supervisor.

Privacy notices:

Downloads

Publication date: 10 August 2012

Privacy notice - Organisation of events (148.65 KB)

Publication date: 03 October 2019

Privacy Notice - events organised by the Agency which are live streamed (187.07 KB)

Publication date: 10 August 2012

Privacy notice - Procurement procedures and contract management (101.19 KB)

Publication date: 20 March 2017

Privacy notice - Call for participation in the Fundamental Rights Platform (80.96 KB)

Publication date: 18 July 2018

Privacy notice - FRA consultations with organisations registered in the Fundamental Rights Platform database (143.06 KB)

Publication date: 17 June 2013

Privacy Notice - Expert meetings (96.93 KB)

Publication date: 14 December 2012

Privacy notice - CCTV system data (89.13 KB)

Publication date: 04 October 2013

Privacy Notice - Access to documents (92.58 KB)

Publication date: 23 March 2018

Privacy notice - Selection procedure for traineeships (154.2 KB)

Publication date: 06 March 2014

Privacy notice - Handling of data stored in the Agency contact database (89.46 KB)

Publication date: 26 March 2014

Privacy Statement - Health data (87.6 KB)

Publication date: 27 October 2017

Privacy Notice - Building access data (91.96 KB)

Publication date: 05 December 2017

Privacy Notice - FRA website and web services (230.31 KB)

Publication date: 21 June 2018

FRF news privacy notice (107.79 KB)

Publication date: 03 September 2018

Privacy notice - FRP consultation with organisatons registered in the Fundamental Rights Platform (FRP) database on the topic of civil society space (46.8 KB)

Publication date: 04 February 2019

Privacy Notice - Selection procedures for TAs CAs and SNEs (155.6 KB)

Publication date: 26 April 2019

Privacy notice - Registration of incoming emails and letters (FRA Infobox) (175.08 KB)

Publication date: 31 May 2019

Privacy notice - Bodies of the Agency (MB, EB, SC) (677.9 KB)

Publication date: 14 July 2020

Record of proccessing activity - Bodies of the Agency (MB, EB, SC) (294.9 KB)

Publication date: 05 June 2019

Privacy Notice - Stakeholder Consultation on Director’s Note 2021 (343.19 KB)

Publication date: 13 June 2019

Privacy notice - FRA consultations with civil society organisations under Art. 10 FRA Founding Regulation (135.35 KB)

Publication date: 24 June 2019

Privacy notice - Access to FRA survey data through UK Data Service (172.04 KB)

Publication date: 24 June 2019

Privacy notice - FRA e-Media Toolkit (201.63 KB)

Publication date: 24 June 2019

Privacy notice - Access to FRA survey data through GESIS data archive (171.92 KB)

Publication date: 04 July 2019

Privacy Notice - Roma stakeholders contact list (182.9 KB)

Publication date: 19 July 2019

Privacy Notice - Organisation of 5th IPCAN Seminar (633.09 KB)

Publication date: 04 September 2019

Privacy notice - Facial recognition technology experts meeting 19-20 September 2019 (554.15 KB)

Publication date: 07 October 2019

Privacy Notice - Presentation of the Fundamental Rights Report 2019 - Rome 24-10-2019 (266.94 KB)

Publication date: 25 October 2019

Privacy Notice - Visit to Dutch National Police The Hague 20-21 November 2019 (168.25 KB)

Publication date: 25 October 2019

Privacy Notice - Human Rights Cities expert meeting Brussels 28 Nov 2019 (250.52 KB)

Publication date: 06 February 2020

Privacy notice - Research project on Presumption of innocence: procedural rights in criminal proceedings (261.71 KB)

Publication date: 30 April 2020

Privacy notice - Consultation on the framework of commitments for human rights cities organised by the FRA (519.89 KB)

Publication date: 04 June 2020

Privacy notice - Cisco Webex Meetings (188.35 KB)

Publication date: 04 June 2020

Privacy notice - Provision of services for the Mid-term review of the FRA Strategy 2018-2022 (242.9 KB)

Publication date: 13 January 2020

Privacy notice - FRA-Equinet joint EU Charter of Fundamental Rights workshop, 25-26 February 2020 (721.31 KB)

Publication date: 04 June 2020

Privacy notice - Stakeholder consultation via online survey or telephone interviews for evaluation of FRA projects (226.99 KB)

Publication date: 14 July 2020

Privacy notice - Psycho-socio support service FRA staff (704.7 KB)

Publication date: 14 July 2020

Record of proccessing activity - Psycho-socio support service FRA staff (808.15 KB)