Right of access

PrintPDF

Under Article 36 of the Europol Regulation^[1] , any individual is entitled to obtain information on whether personal data relating to him or her are processed by Europol. There is no charge for exercising this right.

Type of information

Europol shall provide the requester with the following information:

confirmation as to whether or not data related to him or her are being processed;
information on at least the purposes of the processing operation, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed;
an indication of the legal basis for processing the data;
the envisaged period for which the personal data will be stored;
the existence of the right to request from Europol rectification, erasure or restriction of processing of personal data concerning the data subject.

The requester has the right to receive in an intelligible form the data undergoing processing and any available information as to Europol’s sources.

According to Article 36 (6) of the Europol Regulation, the provision of information in response to any request may be refused or restricted if such refusal or restriction constitutes a measure that is necessary in order to:

enable Europol to fulfil its tasks properly;
protect security and public order or prevent crime;
guarantee that any national investigation will not be jeopardised; or
protect the rights and freedoms of third parties.

How to exercise your right of access

According to Article 36 (3) of the Europol Regulation, you can exercise your right of access by making a request to the authority appointed for that purpose in the Member State of your choice. Your request will then be sent to Europol without delay and in any case within one month of receipt.

After receiving the request, Europol should provide you with an answer without undue delay and in any case within three months of receiving it from the national authority.

Where to direct a request for access

To exercise your right of access you should send a written request for access to one of the following competent authorities listed below. You may choose to which of these authorities to make your request to. The right of access will be exercised in accordance with the law of the Member State in which that authority is located

National Competent Authorities
Austria	Bundesministerium für Inneres Herrengasse 7 1010 Wien Österreich Fax: +43 1 531 26 108613 E-mail: post@bmi.gv.at
België/Belgique	Controleorgaan op de politionele informatie/Organe de contrôle de l’information policière Leuvenseweg/Rue de Louvain 48 1000 Brussel/Bruxelles België/Belgique Tel: +32 2 549 94 20 Fax: +32 2 549 94 49 E-mails: info@controleorgaan.be / info@organedecontrole.be Website: https://www.controleorgaan.be / https://www.organedecontrole.be
Bulgaria	Ministry of Interior 29, Shesti Septemvri Str. 1000 SOFIA Tel: +359 2 9825 000 E-mail: int.14@mvr.bg Website: https://www.mvr.bg
Croatia	Ministry of the Interior Ulica grada Vukovara 33 HR - 10 000 Zagreb E-mail: pitanja@mup.hr Website: www.mup.hr
Cyprus	Cyprus Police E.U.&I.P.C.D., Police Headquarters Fax: +357 22 607 894 E-mail: euipcd@police.gov.cy
Czech Republic	Policie České republiky Policejní prezidium ČR Strojnická 27 or Pošt. schr. 62/OKFK, 170 89 - PRAGUE - 7 Fax: 974 863 814 E-mail: odhal@mvc.cz
Danmark	Rigspolitichefen Afdeling A - Polititorvet 14 1780 København Danmark Fax: +45.3319 3218 E-mail: dt@datatilsynet.dk
Estonia	Europol National Unit Intelligence Management Bureau Intelligence Management and Investigation Department Police and Border Guard Board Tööstuse 52, 10411 Tallinn Estonia Tel: +372 612 3000 E-mail: europol@politsei.ee or ppa@politsei.ee Website: https://www.politsei.ee/en/
Finland	Central Criminal Police Jokiniemenkuja 4 PL 285 FIN-01301 Vantaa Suomi/Finland E-email: kirjaamo.keskusrikospoliisi@poliisi.fi
France	Commission Nationale de l'Informatique et des Libertés (CNIL) 3 Place de Fontenoy TSA 80715 - 75334 Paris CEDEX 07 France Tel: +33 1 53 73 22 22 Fax: +33 1 53 73 22 00 Website: http://www.cnil.fr
Germany	Bundeskriminalamt - SIRENE Deutschland - Thaerstraße 11 D-65193 Wiesbaden Deutschland E-mail: petenten@bka.bund.de
Greece	Ministry of Interior Hellenic Police HQ International Police Cooperation Division Europol National Unit 4, P. Kanellopoulou Street 101 77, Athens, Greece Tel.: +30210 69 842 86, Fax: +30210 69 842 33 E-email: europol@police.gr
Hungary	National Police Headquarters International Law Enforcement Cooperation Centre Address: H-1139 Budapest, Teve u. 4-6 Postal address: H-1903 Budapest, Pf.: 314/15. Tel: +36 1 443 5596 Fax: +36 1 443 5815 E-mail: nebek@nebek.police.hu Website: http://www.police.hu
Ireland	Europol National Unit Liaison & Protection Garda Headquarters Phoenix Park Dublin 8 Telephone: +353 1 666 0000 Website: http://www.garda.ie
Latvia	Data State Inspectorate Blaumana str. 11/13-15 LV 1011 Riga Tel: +371 6722 3131 Fax: +371 6722 3556 E- email: info@dvi.gov.lv Website: http://www.dvi.gov.lv/
Lithuania	International Liaison Office of Lithuanian Criminal Police Bureau, Saltoniskiu St. 19 LT-08105 Vilnius Tel.: +370 5 2719900 Fax.: +370 52719924 E-mail: trv@policija.lt Website: www.policija.lt
Luxembourg	Commission Nationale pour la Protection des Données 1, avenue du Rock'n'Roll L-4361 Esch-sur-Alzette Tel. +352 2610 60 1 Fax +352 2610 60 29 E-mail: info@cnpd.lu Website: http://www.cnpd.lu
Malta	The Data Protection Officer Legal Unit Police Headquarters St. Calcedonius Square Floriana FRN 1530 Tel: +35621224001 E-mail: dpu.police@gov.mt Website: www.pulizija.gov.mt
Nederland	Politie / Landelijke Eenheid Dienst Landelijke Informatie Organisatie T.a.v. de privacyfunctionaris Postbus 100 3970 AC Driebergen Nederland E-mail: jz.le@politie.nl
Poland	Komenda Główna Policji Biuro Międzynarodowej Współpracy Policji ul. Puławska 148/150 02-624 Warsaw Tel: +48 22 601 23 72 E-mail: bmwp.kgp@policja.gov.pl
Portugal	Polícia Judiciária (PJ) Lisboa E-mail: Epd-dpo@pj.pt
Romania	Center for International Police Cooperation 1-5 Calea 13 Septembrie, Bucharest, 5th District Romania Tel.: +40 21 315 96 26, +40 21 314 05 40, +40 21 314 00 25 Fax: +40 21 314 12 66, +40 21 312 36 00 E-mail: ccpi@mai.gov.ro Website: www.politiaromana.ro/ccpi.htm
Slovenia	Policija, Ministrstvo za notranje zadeve Štefanova 2 1501 - LJUBLJANA Fax: +386 1 428 4733 E-mail: gp.policija@policija.si Website: https://www.policija.si
Slovak Republic	Ministerstvo Vnútra Slovenskej Republiky Pribinova 2 81272 - BRATISLAVA Fax: +421 2 5094 4397 Website: http://www.minv.sk
Spain	División de Cooperación Internacional, Dirección General de la Policía C/Julián González Segador s/n 28043 Madrid España Fax: +34 91 447 10 92 E-mail: ciudadano@agpd.es Website: http://www.agpd.es
Sweden	Swedish Police Authority PO Box 12256 S-102 26 Stockholm Sverige E-mail: registrator.kansli@polisen.se Or contact directly the Data Protection Officer E-mail: dataskyddsombud@polisen.se
United Kingdom	National Crime Agency Public Information Compliance Unit PO Box 8000 London SE11 5EN United Kingdom Email: picuenquiries@nca.x.gsi.gov.uk Website: www.nationalcrimeagency.gov.uk

How to exercise your right to rectification, erasure and restriction

Under Article 37 of the Europol Regulation any data subject having already accessed personal data concerning him or her, processed by Europol, have the right to request Europol, through the authority appointed for that purpose in the Member State of his or her choice, to rectify personal data concerning him or her held by Europol if they are incorrect or to complete or update them and have the right to request Europol to erase personal data relating to him or her if they are no longer required for the purposes for which they are collected or are further processed. That authority shall refer the request to Europol without delay and in any case within one month of receipt.

Europol shall inform you in writing without undue delay, and in any case within three months of receipt of a request, that data concerning you have been rectified, erased or restricted.

Within three months of receipt of your request, Europol shall inform you in writing of any refusal of rectification, erasure or restricting, of the reasons for such a refusal and of the possibility of lodging a complaint with the EDPS and of seeking a judicial remedy.

Europol’s tasks

According to Article 36 (5) Europol shall consult the competent authorities of the Member States and the provider of the data concerned prior taking a decision regarding your request for access.

A decision on access to personal data shall be conditional on close cooperation between Europol and the Member States and the provider of the data directly concerned by the access of the data subject to such data.

If a Member State or the provider of the data objects to Europol's proposed response, it shall notify Europol of the reasons for its objection. Europol shall take the utmost account of any such objection.

Europol shall subsequently notify its decision to the competent authorities concerned and to the provider of the data.

Europol shall restrict rather than erase personal data if there are reasonable grounds to believe that erasure could affect the legitimate interests of the data subject. Restricted data shall be processed only for the purpose that prevented their erasure.

If personal data held by Europol have been provided to it by third countries, international organisations or Union bodies, have been directly provided by private parties or have been retrieved by Europol from publicly available sources or result from Europol's own analyses, Europol shall rectify, erase or restrict such data and, where appropriate, inform the providers of the data.

If personal data held by Europol have been provided to Europol by Member States, the Member States concerned shall rectify, erase or restrict such data in collaboration with Europol, within their respective competences. If incorrect personal data have been transferred by another appropriate means or if the errors in the data provided by Member States are due to faulty transfer or transfer in breach of this Regulation or if they result from data being input, taken over or stored in an incorrect manner or in breach of this Regulation by Europol, Europol shall rectify or erase such data in collaboration with the provider of the data concerned. In the above-mentioned cases, all addressees of the data concerned shall be notified forthwith. In accordance with the rules applicable to them, the addressees shall then rectify, erase or restrict those data in their systems.

Right to lodge a complaint with the EDPS

Under Article 47 of the Europol Regulation, you have the right to lodge a complaint with the European Data Protection Supervisor (EDPS)^[2] if you consider that the processing by Europol of personal data relating to you does not comply with the Europol Regulation.

Where a complaint relates to a decision taken on the right of access or right to rectification, erasure or restriction, the EDPS shall consult the national supervisory authorities of the Member State that provided the data or the Member State directly concerned. In adopting his or her decision, which may extend to a refusal to communicate any information, the EDPS shall take into account the opinion of the national supervisory authority.

Where a complaint relates to the processing of data provided by a Member State to Europol, the EDPS and the national supervisory authority of the Member State that provided the data.

shall, each acting within the scope of their respective competences, ensure that the necessary checks on the lawfulness of the processing of the data have been carried out correctly.
Where a complaint relates to the processing of data provided to Europol by Union bodies, third countries or international organisations, or of data retrieved by Europol from publicly available sources or resulting from Europol's own analyses, the EDPS shall ensure that Europol has correctly carried out the necessary checks on the lawfulness of the processing of the data.

Right to a judicial remedy against the EDPS

According to Article 47 of the Europol Regulation any action against a decision of the EDPS shall be brought before the Court of Justice of the European Union.

Other rights

Under Article 42(4) of the Europol Regulation, you have the right to request the national supervisory authority to verify the legality of any transfer or communication to Europol of data concerning you in any form and of access to those data by the Member State concerned. That right shall be exercised in accordance with the national law of the Member State in which the request is made.

^[1]Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA, OJ L 135, 24.5.2016, p. 53–114.

^[2]EDPS postal address: Rue Wiertz 60, B-1047 Brussels, Belgium E-mail | Website

Target groups

Functions

Data Protection Function (DPF)

European Data Protection Supervisor (EDPS)