Personal data protection

about us

ECDC is committed to user privacy.

The protection of individuals with regard to the processing of personal data by ECDC is based on Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 as implemented at the Centre by the Decisions of the Director of 5 June 2007 and of 23 September 2008.

This general policy that likewise already covers the European Union’s family of institutional websites, within the domain, is also applicable to ECDC.

Although you can browse through most of the ECDC website without giving any information about yourself, in some cases personal information is required in order to provide the e-services you request. Pages that require such information treat it according to the policy described in the Regulation mentioned above.

In this respect:

  • For each specific e-service, a controller determines the purposes and means of the processing of personal data and ensures conformity of the specific e-service with the privacy policy. ECDC’s Data Protection Officer ensures that the provisions of both the Regulation and and the implementing decisions at the Centre are applied and advises controllers on fulfilling their obligations (see art. 24 of the Regulation and art. 3 and 4 of the Decision of 23 September 2008).
  • For all EU Institutions and bodies, the European Data Protection Supervisor will act as an independent supervisory authority (see art. 41 to 48 of the Regulation).
  • The ECDC website provides links to third party sites. Since we do not control them, we encourage you to review their privacy policies.


What is an e-service?

An e-service on this website is a service or resource made available on the Internet in order to improve the communication between citizens and businesses on the one hand and ECDC on the other hand.

Three types of e-services are or may be offered by ECDC:

  • Information services that provide users with easy and effective access to information, thus increasing transparency and understanding of the activities of ECDC.
  • Interactive communication services that allow better contacts with ECDC’s target public thus facilitating consultations, and feedback mechanisms, in order to contribute to the shaping of policies, activities and services of ECDC.
  • Transaction services that allow access to all basic forms of transactions with ECDC, e.g. procurement, financial operations, recruitment, event enrolment, etc.

Basic principles

As a general principle, ECDC only processes personal data for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Communities, on the basis of the relevant legislation or in the legitimate exercise of official authority vested in the Centre or in a third party to whom the data are disclosed.

All processing operations of personal data are duly notified to ECDC's Data Protection Officer and, if the case arises, to the European Data Protection Supervisor.

The Centre guarantees that the information collected is processed and/or accessed only by the members of its staff responsible for the corresponding processing operations.

Unless specified differently in the Data Protection Register, all natural persons providing personal information to the Centre by means of paper or electronic form are deemed to have unambiguously given their consent for the subsequent processing operations in application of article 5(d) of Regulation 45/2001.

Data subjects have the right to access and rectify their data on written request to be addressed to the Centre.

Data subjects may at any time consult ECDC's Data Protection Officer ( or have recourse to the European Data Protection Supervisor.

How are data processed by ECDC?

Further information on how your data are processed by ECDC may be found on the relevant section of the ECDC website. In particular, the following information will be included:

  • What information is collected, for what purpose and through which technical means: ECDC collects personal information exclusively to the extent necessary to fulfil a specific purpose. The information will not be re-used for an incompatible purpose. To whom your information is disclosed. ECDC will only disclose information to third parties if that is necessary for the fulfilment of the purpose(s) identified above and to the mentioned (categories of) recipients. ECDC will not divulge your personal data for direct marketing purposes.
  • How you can access your information, verify its accuracy and, if necessary, correct it: As a data subject you also have the right to object to the processing of your personal data on legitimate compelling grounds except when it is collected in order to comply with a legal obligation, or is necessary for the performance of a contract to which you are a party, or is to be used for a purpose for which you have given your unambiguous consent.
  • How long your data is kept: ECDC only keeps the data for the time necessary to fulfil the purpose of collection or further processing.
  • The security measures taken to safeguard your information against possible misuse or unauthorised access.
  • A point of contact if you have queries or complaints: ECDC's Data Protection Officer:

How do we treat e-mails you send us?

Some pages on the ECDC website have a link to our contact mailboxes, which activates your e-mail software and invites you to send your comments. When you send such a message, your personal data is collected only to the extent necessary to reply. If the management team of the mailbox is unable to answer your question, it will forward your e-mail to another service. If you have any questions about the processing of your e-mail and related personal data, do not hesitate to include them in your message.

Page last updated 30 May 2017