Data protection in the European Consumer Centres Network

This privacy statement explains the reason for  the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

  • This privacy statement explains the reason for  the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

    The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes your personal data, Regulation (EU) 2018/1725 [1], of the European Parliament and of the Council of 23 October 2018 protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, is applicable.

    ECC-Net aims to promote consumer confidence by advising citizens on their rights as consumers and providing easy access to redress, in cases where the consumer has purchased something in another country to his/her own (cross-border). ECCs provide consumers with a wide range of services, from providing information on their rights to giving advice and assistance to their cross-border complaints and informing about the available resolution of disputes. They also advise on out-of- court-settlement procedures (ADR) for consumers throughout Europe and provide consumers with easy and informed access to such procedures, when an agreement could not be reached directly with the trader and where an applicable ADR is available.

    To enable ECC-Net to provide the above mentioned services to the citizens, an IT Tool, ECC-Net 2, is used to collect and handle complaints and the necessary data including your personal data. The IT tool is operated by the European Commission.

    The collection and processing of the above personal data through ECC-Net 2 follows the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

  • Purpose of the processing operation: Head of Unit E.3: Consumer Enforcement and Redress, Directorate-General for Justice and Consumers, European Commission (referred to hereafter as Data Controller) collects and uses your personal information to assist the work of the European Consumer Centres.

    The aim of the European Consumer Centres’ Network (ECC-Net) is to provide consumers with information and advice on their rights, and assist them with the handling of their cross-border complaints and disputes within the EU/EEA, so that consumers can take full advantage of the internal market.

    In order to fulfil their role, ECC-Net 2 is used by the ECCs to process relevant data, insofar and as long as necessary, for one or more of the following purposes:

    • to enable communication between the ECC and the consumer
    • to facilitate the assessment of a request
    • to attempt resolving complaints or disputes, whether directly with the trader complained about, or through an ADR entity
    • to enable consumers to follow up the status of their requests
    • to provide anonymised statistics, including on suspected infringements

    ECC-Net 2 falls under the following legal basis / lawfulness:

    Regulation (EU) No 254/2014 of the European Parliament and of the Council of 26 February 2014 on a multi-annual consumer programme for years 2014-20 and repealing Decision No 1926/2006/EC and, more specifically, articles 2 and 3(1)(c) and (d) of this Regulation.

    Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market and, in particular, article 21.

    Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR) and, more specifically, article 14 of the Directive.

    Regulation (EU) 2017/2394 of the European Parliament and of the Council  of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 and, in particular, article 27(1).

    Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

    Having regard to article Having regard of article 5 of the aforesaid Regulation (EU) 2018/1725, the data processing is considered lawful because it is necessary to meet the requirements of the legal instruments mentioned above, and to ensure compliance of the Commission with its legal obligations

  • We collect data about the following type of users:

    • Consumers in the European Union, Norway and Iceland who approach ECCs for information and assistance (Consumers);
    • Contact persons for the traders in the European Union, Norway and Iceland involved in consumer complaints or disputes (Trader representatives);
    • Contact persons in ADR entities (ADR representatives);

    The personal data collected and further processed are:

    a) For Consumers:

    (i)   The data processed are:

    • Name of the consumer/reporter;
    • Address;
    • Post code;
    • Country of residence;
    • Telephone;
    • E-mail;
    • Gender;
    • Communication language;
    • Summary/Description of the request

    (ii)   Further personal data upon explicit consent may be collected if necessary for handling the complaint such as bank details.

    b) For Trader representatives:

    Data from individual trader’s representatives is rarely store in the system but, when processed may include:

    • Name of the trader’s representative;
    • Professional address;
    • Post code;
    • Country;
    • Professional Telephone;
    • Professional email;

    c) For ADR representatives:

    Data from individual trader’s representatives is rarely store in the system but, when processed may include:

    • Name of the ADR’s representative;
    • Professional address;
    • Post code;
    • Country;
    • Professional Telephone;
    • Professional email;
  • Personal data of the consumers, traders’ and ADRs’ representatives shall be kept as long as a case remains open, and no longer than one year after it has been closed. This is to allow follow-up if there are new developments after the closure of the case. Once the retention period expires, the information is anonymised and only kept for statistical purposes

  • All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors; the operations of which abide by the European Commission Decision (EU,Euratom) 2017/46 of 10 January 2017 on the security of information systems used by the European Commission;

    The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from legislation

  • To resolve your request it may subsequently be shared, with your express consent, with the ECC where the trader is based or, where appropriate, with relevant bodies such as an ADR entity or a National Enforcement Body (NEB).

    Shared requests may result in contact with the trader. When such contact is made, your data may be shared too insofar as necessary to resolve the request;

    Access to your data is provided to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

    The authorised staff are the Case handlers in the European Consumer Centres and the European Commission staff charged with product or business management of ECC-Net2.

    Norway and Iceland are EEA/EFTA countries and members of the European Consumer Centres Network.

  • According to Regulation (EU) 2018/1725, you are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete.  You can exercise your rights by contacting the European Consumer Centre with which you have been in contact or the data controller, or in case of conflict the Data Protection Officer of the Commission and if necessary the European Data Protection Supervisor using the contact information given at point 8 below.

  • If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the European Consumer Centre with which you have been in contact or the Data Controller using the following contact information:

    European Consumer Center Finland

    Milla lahtinen

    The Data Controller:

    Head of Unit E.3: Consumer Enforcement and Redress
    Directorate-General for Justice and Consumers
    European Commission

    e-mail: JUST-E3@ec.europa.eu
    Telefax:+32 2 2989432

    The Data Protection Officer (DPO) of the Commission: DATA-PROTECTION-OFFICER@ec.europa.eu

    The European Data Protection Supervisor (EDPS): edps@edps.europa.eu.

  • The Data Protection Officer of the Commission publishes the register of all operations processing personal data.

    This specific processing has been notified to the DPO with the following reference: DPO-2984.1