Privacy Statement

he personal data statement includes the purpose of processing, how we collect, handle, and ensure the protection of all personal data provided, how this information is used, and the rights you can exercise regarding your data (right of access, etc.).

The European institutions are committed to protecting and respecting your personal data. Since this service collects and processes your personal data, Regulation (EC) No. 45/2001 of the European Parliament and of the Council of 18 December 2000, concerning the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, applies.

The ECC Network aims to promote consumer trust by advising citizens on their rights as consumers and providing easy access to redress mechanisms in cases where a consumer has purchased something from a country other than their own (cross-border). The ECCs offer consumers a wide range of services, from providing information about their rights to advising on cross-border complaints and offering information about dispute resolution. ECCs also provide advice on Alternative Dispute Resolution (ADR) methods for consumers across Europe and ensure easy and informed access to such procedures when direct agreements with traders cannot be reached, provided an ADR entity is available.

To enable the ECC Network to provide the above services to citizens, an IT tool called ECC-Net 2 is used for the collection and handling of complaints and the necessary data, including your personal data. The IT tool is operated by the European Commission.

The collection and processing of the aforementioned personal data through ECC-Net 2 follow the provisions of Regulation (EC) No. 45/2001 of the European Parliament and of the Council of 18 December 2000, concerning the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, specifically under Article 5, points (a) and (b).

Purpose of Processing:
The Head of Unit 3 (Unit 3: Enforcement and Redress of Consumers), Directorate-General for Justice and Consumers, European Commission (hereinafter referred to as the Data Controller) collects and uses your personal data to assist the work of the European Consumer Centres (ECCs).

The aim of the European Consumer Centres Network (ECC-Net) is to provide consumers with information and advice about their rights and to assist them in handling cross-border complaints and disputes within the EU/EEA so that consumers can fully benefit from the internal market.

To fulfill its role, ECC-Net 2 is used by ECCs to process relevant data, as necessary, for one or more of the following purposes:

To facilitate communication between the ECCs and the consumer.
To enable the evaluation of a request.
To attempt to resolve complaints or disputes, either directly with the trader concerned or through Alternative Dispute Resolution (ADR) entities.
To allow consumers to track the status of their requests.
To provide anonymized statistics, including on alleged infringements.

More information about the ECC Network (ECC-Net) can be found [here](insert link).

Legal Basis of ECC-Net 2:

ECC-Net 2 operates under the following legal frameworks:

Regulation (EU) No. 254/2014 of the European Parliament and of the Council of 26 February 2014 on a multiannual consumer program for 2014–2020, repealing Decision No. 1926/2006/EC, particularly Articles 2 and 3 Paragraph 1, points (c) and (d).
Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market, particularly Article 21.
Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes, amending Regulation (EC) No. 2006/2004 and Directive 2009/22/EC, specifically Article 14.
Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws, repealing Regulation (EC) No. 2006/2004, particularly Article 27(1).
Regulation (EC) No. 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by Community institutions and bodies and on the free movement of such data.

Under Article 5 of the aforementioned Regulation (EC) No. 45/2001, data processing is deemed lawful because it is necessary to meet the requirements of the aforementioned legal acts and ensure the Commission’s compliance with its legal obligations.

We collect data from the following users:

Consumers from the EU, Norway, and Iceland who contact ECCs for information and assistance (Consumers).
Company representatives in the EU, Norway, and Iceland involved in consumer complaints or disputes (Company Representatives).
Contact points for Alternative Dispute Resolution (ADR) entities (ADR Representatives).
The personal data collected and further processed are as follows:

a) For Consumers:
(i) The collected data includes:

Full name of the consumer
Address
Postal code
Country of residence
Telephone number
Email address
Gender
Preferred communication language
Summary/description of the request
(ii) Additional personal data may be collected if necessary for handling the complaint, subject to explicit consent, such as bank details.

b) For Company Representatives:
Data from company representatives is rarely stored in the system, but during processing, the following may be included:

Name of the company representative
Business address
Postal code
Country
Company telephone number
Business email address
c) For ADR Representatives:
Data from ADR representatives is rarely stored in the system, but during processing, the following may be included:

Name of the ADR representative
Business address
Postal code
Country
Company telephone number
Business email address

The personal data of consumers, company representatives, and ADR representatives will be retained for as long as the case remains open and no longer than three years after its conclusion. This retention period allows for the possibility of new developments arising after the case is closed.

After the retention period has elapsed, the data will be anonymized and kept solely for statistical purposes.

All data in electronic form (emails, documents, data uploads, etc.) is stored either on the servers of the European Commission or with external contractors, whose operations comply with the European Commission’s Security Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of information systems used by the European Commission (C/2016/8998).

Contact Information

To resolve your request, it must be shared, with your explicit consent, with the ECC where the trader is based or, where applicable, with relevant organizations such as the ADR entity or the national enforcement body.

Information requests may require contact with the trader. In such cases, your data may be shared as necessary to resolve the request.

Access to your data is provided to authorized personnel on a "need-to-know" basis. This personnel complies with legal provisions and, where required, additional confidentiality agreements.

Authorized personnel includes:

Case handlers at the European Consumer Centres.
Officials of the European Commission responsible for managing ECC-Net2 products or operations.

Norway and Iceland are EEA/EFTA countries and members of the European Consumer Centres Network. Transfers between ECCs in the EU and ECCs in Norway or Iceland are therefore considered transfers under Article 8 of Regulation No. 45/2001.

Under Regulation (EC) No. 45/2001, you have the right to access your personal data and to correct and/or block it if the data is inaccurate or incomplete.

You can exercise your rights by contacting:

The European Consumer Centre with which you had been in contact,
The Data Controller, or
In case of a conflict, the Commission’s Data Protection Officer or, if necessary, the European Data Protection Supervisor.

Contact details for these entities are provided in Section 8 below.

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular, the right to access your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.

You have consented to provide your personal data to your ECC and to the European Commission, directorate-General Justice and Consumers, Directorate E: Consumers Directorate, Unit E3 “Consumer Enforcement and Redress”.

You can withdraw your consent at any time by notifying the Data Controller. For consumers that have lodged a query with an ECC, the data controller to be notified is the ECC where the query was lodged. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the Data Controller whom you originally contacted (the ECC), or in case of a conflict, the Data Protection Officer supervising your local ECC. If you wish, you may alternatively contact the European Data Protection Supervisor (contact details under Section 9 below) although your primary point of contact is the national ECC where you filed a complaint, and its Data Protection Officer.

If you wish to exercise your rights in the context of one or several specific processing operations, please provide a specific description of the data in your request.

If you have comments, questions, concerns, or complaints regarding the collection and use of your personal data, you can contact the European Consumer Centre you engaged with or the Data Controller using the following contact details:

European Consumer Centre Cyprus
Email: ecccyprus@meci.gov.cy
Phone: +357 22867177
Fax: +357 22200975

European Commission
Head of Unit E.3: Consumer Enforcement and Redress
Directorate-General for Justice and Consumers
Email: JUST-E3@ec.europa.eu

Commission Data Protection Officer (DPO): DATA-PROTECTION-OFFICER@ec.europa.eu
European Data Protection Supervisor (EDPS): edps@edps.europa.eu

This processing has been reported to the DPO with the following reference: DPO 3984-1.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Privacy Statement

Contact

Complaint Form