Privacy

The privacy statement of the European Consumer Centre consists of two parts; part one is about processing personal data via the IT tool and the second part is about processing personal data via our website.

The European Consumer Centres (hereinafter ECCs) and the European Commission (hereafter ‘the Commission’) are committed to protect your personal data and to respect your privacy.

ECCs work together to provide consumers with information and advice on their rights and assist them with cross-border complaints and disputes within the EU/EEA, so that consumers can take full advantage of the internal market.

ECCs collect and further processes personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data,.

The European Commission is the civil service of the European Union. Within this organisation, the Consumer Enforcement and Redress Unit (unit B3) in DG JUST is responsible for providing the case handling IT tool and supporting its use in the handling of consumer queries made to ECCs. In providing the tool, this unit works with DIGIT, a directorate general that provides IT services within the Commission. Unit B3 is the owner of the tool and is responsible for its strategic development and supporting its users, DIGIT is responsible for technical functioning and infrastructural support.

The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reasons for the processing of your personal data, the way the Commission and the ECC collect, handle, and ensure protection of the personal data you have provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer, and the contact details of both the European Data Protection Supervisor as well as the national supervisory authority.

#privacystatement

Purposes of the data processing

This section describes the purposes of the processing by the ECCs and by the European Commission. The ECCs and the European Commission are joint controllers for the processing.

To fulfil their role, ECCNET2 is used by the ECCs to process relevant data, insofar and as long as necessary, for one or more of the following purposes:

• to enable communication between the ECC and the consumer
• to facilitate the assessment of a request
• to attempt resolving complaints or disputes, whether directly with the trader complained about, or through an Alternative
• Dispute Resolution entity or “ADR” entity (this is an impartial organisation that tries to resolve consumer disputes)
• to enable consumers to follow up the status of their requests
• to create aggregated statistics, including on suspected infringements

Further information on ECC-Net can be found on European Consumer Centres Network - European Commission 

The European Commission

The European Commission provides ECCNET2, the case handling IT tool used by all ECCs. The Commission processes relevant data, insofar and as long as necessary, for one or more of the following purposes:

• to support users of the IT tool in ECCs in its optimal use (monitoring, training, and support)
• to maintain, develop and troubleshoot the case handling IT tool used by the ECCs
• to create anonymised statistics, including on suspected infringements

Your personal data will not be used for any automated decision-making including profiling.

#processing-data-why-and-how

We process your personal data on three legal grounds: based on your consent (when you seek help from an ECC) and when processing is necessary for the performance of a task carried out in the public interest. For secondary purposes, the ECCs process data based on the necessity for their legitimate business interest.

To answer your questions or handle your complaint, the processing of your data is based on your consent.

For other purposes mentioned above, including the creation of anonymised statistics, maintenance, development and troubleshooting of the IT tool, and providing support and training to the ECC users, the European Commission relies on the necessity for the performance of a task carried out in the public interest -or in the exercise of official authority vested in the Union institution or body (Art 5(1) a of Regulation (EU) 2018/1725.

For secondary data processing, such as the creation of aggregated national statistics or the use of local productivity software, the ECCs rely on the necessity for their legitimate business interest (Art 6(1) e of Regulation (EU) 2016/679).

The network has a legal basis in the following legal instruments:

Regulation (EU) 2021/690 of the European Parliament and of the Council of 28 April 2021 establishing a programme for single market, competitiveness of enterprises, including small and medium-sized enterprises, including small and medium-sized enterprises, the area of plants, animals, food and feed, and European statistics (Single Market Programme) and repealing Regulations (EU) No 99/2013, (EU) No 1287/2013, (EU) No 254/2014 and (EU) No 652/2014 and, more specifically, articles 3(2)(d), Art 8(2)(b)  and 9(5) of this Regulation.

Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market and, in particular, article 21.

Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR) and, more specifically, article 14 of the Directive.

Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 and, in particular, article 27(1).

#processing-data-legal-grounds

To carry out this processing operation, the European Commission collects personal data from the following categories of data subjects:  

• Consumers
  Consumers in the European Union, Norway, Iceland and other countries who approach ECCs for information and assistance.
• Trader representatives
  Contact persons for the traders in the European Union, Norway and Iceland involved in consumer complaints or disputes.
• ADR representatives
  Contact persons in ADR entities
  The ECCs and Commission do not knowingly collect or process data from minors.

The personal data collected and further processed may include:

Consumers

• Name of the consumer/reporter
• Address
• Postcode
• Country of residence
• Telephone
• Email
• Gender
• Communication language
• Summary/Description of the request

Further personal data may be collected if provided by the consumer as necessary for handling the complaint.

Trader representatives

Data from individual trader's representatives is rarely stored in the system but, when processed may include:

• Name of the trader's representative
• Professional address
• Postcode
• Country
• Professional Telephone
• Professional email

ADR Representatives

Data from individual ADR representatives is rarely stored in the system but, when processed may include:

• Name of the ADR's representative
• Professional address
• Postcode
• Country
• Professional Telephone
• Professional email

The provision of the abovementioned data is mandatory to allow us to handle your question of complaint. If you do not provide your personal data, we will not be able to respond to you.

The Commission as provider of the IT tool has access to your file along with the ECC or ECCs that are directly involved in handling your query.

#which-data-do-we-collect-and-process

Personal data of the consumers, traders' and ADRs' representatives shall be kept as long as a case remains open, and for three years after after a case has been closed. This is to allow follow-up if there are new developments after the closure of the case. Once the retention period expires, all personal data relating to that case will be automatically deleted from the IT tool and only anonymous statistical information is retained. This deletion occurs by the full deletion of contents of all fields where personal data can be entered or stored. If personal data are retained by the joint controller in another context apart from the IT tool (e.g. in emails pertaining to the case), the joint controller must delete these data after the closure of the case, never exceeding the 3 year retention period in the IT tool.

#how-long-do-we-keep-your-personal-data

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of the European Commission, or on the servers of ECC offices or their host organisation of ECCs. Storage on host organisation servers may occur on mail servers and in the mail clients of the ECC offices or their host organisation, and (temporarily) in other Office productivity tools for text processing.

To protect your personal data, the Commission and ECCs have put in place several technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

#how-do-we-protect-and-safeguard-your-data

Access to your personal data is provided to the Commission staff responsible for carrying out this processing operation and to authorised staff of your ECC (case handlers) according to the “need to know” principle.  This means that only staff who have a compelling purpose for having access to your data will have access. Such staff abide by statutory, and additional confidentiality requirements.

To resolve your request, it may subsequently be shared, with your express consent, with the authorised staff (case handlers) at the ECC where the trader is based or, where appropriate, with relevant public or private bodies such as an ADR entity or a National Enforcement Body (NEB).

Shared requests may result in contact with the trader. When such contact is made, your data may be shared too insofar as necessary to resolve the request.

The European Commission does not transfer personal data via the IT tool to subprocessors outside of the European Economic Area (EEA). The Commission uses on-premise servers to host the tooling designed by external parties.

The European Commission will not provide access to the data to any third party, except if required by law.

#who-has-access-to-your-data

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular, the right to access your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.

You have consented to provide your personal data to your ECC and to the European Commission, directorate-General Justice and Consumers, Directorate E: Consumers Directorate, Unit E3 “Consumer Enforcement and Redress”.

You can withdraw your consent at any time by notifying the Data Controller. For consumers that have lodged a query with an ECC, the data controller to be notified is the ECC where the query was lodged. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the Data Controller whom you originally contacted (the ECC), or in case of a conflict, the Data Protection Officer supervising your local ECC. If you wish, you may alternatively contact the European Data Protection Supervisor (contact details under Section 9 below) although your primary point of contact is the national ECC where you filed a complaint, and its Data Protection Officer.

If you wish to exercise your rights in the context of one or several specific processing operations, please provide a specific description of the data in your request.

#what-are-your-rights-and-how-can-you-exercise-them

Two joint data controllers

If you would like to exercise your rights under Regulation (EU) 2018/1725 or under Regulation (EU) 2016/679, if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please contact the relevant Data Controller. Normally, this would be the ECC that you have contacted:

• European Consumer Centre Netherlands
  functional mailbox: @email 
  telephone: +31 (0)30 - 232 64 40

Alternatively, you may contact the data controller below,

• Unit E3 “Consumer Enforcement and Redress”, 
  Consumer Directorate, Directorate-General Justice and Consumers
  E-mail: @email 

The Data Protection Officer (DPO) of the Commission

You may contact the Data Protection Officer DATA-PROTECTION-OFFICER@ec.europa.eu with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor @email if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

#contact-information

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register

This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-01406.

#where-to-find-more-detailed-information

Privacy sensitive data or personal data are processed via the website www.eccnederland.nl. The European Consumer Centre of The Netherlands (hereafter: ECC The Netherlands) attaches great importance to the careful treatment of these personal data. Personal data are processed and secured by us with the utmost care. When processing data, we comply with the requirements set by the privacy legislation. That means, among other things, that:

• in this privacy statement we clearly state the purpose for which we are processing personal data;
• we never collect more personal data than is necessary for the purposes described in this privacy statement;
• we first ask for explicit permission to process your personal data in cases where your consent is required;
• we take appropriate security measures to protect your personal data and also require parties that process personal data on our orders to do the same;
• we respect your right to request that your personal data be provided to you for inspection, correction or removal.

ECC The Netherlands is responsible for data processing. In this privacy statement we explain what personal data we collect and use and for what purpose. This privacy statement was last updated on the 6th April, 2018.

Changes to this privacy statement

We reserve the right to make changes to this privacy statement. We recommend you check this privacy statement regularly to stay informed of these changes.

#data-collection-website

When you use our website, we obtain certain data from you. We only keep and use the personal data provided directly by you in the context of your request, or where it is clear this has been provided to us to be processed.

In principle, you can use our website without providing personal data. On specific pages of the website, however, you will be asked to provide personal data. The data we can collect on these pages are:

• first and last name
• gender
• place of residence
• telephone number
• e-mail address

The information above is used solely for the following purposes.

#use-of-personal-data

Our website offers you the opportunity to ask questions through a contact form, which asks you to enter certain details so your question can be handled. The details you send us are saved as long as, depending on the nature of the form, is necessary for a complete response to and treatment thereof.

#contact-form

We provide a newsletter with which we want to inform interested parties about our services. Every newsletter contains a link with which you can easily unsubscribe. Your e-mail address will only be added to the list of subscribers with your permission.

#digital-newsletter

ECC The Netherlands evaluates its services every year to improve the quality and effectiveness. As part of this, once a year we invite all visitors who have supplied their e-mail address, to participate in a customer satisfaction survey. It is completely up to you whether you cooperate or not. The customer satisfaction survey is completely anonymous. The results of the survey are not shared with third parties.

#customer-satisfaction-survey

On the website you can use a search field, and you will then be shown relevant pages or content based on the information you have entered. On the basis of statistics, we can take inventory of topics that are popular and tailor our content accordingly.

#search-field

See our cookie statement for more information.

#cookies

We take appropriate security measures to limit the abuse of and unauthorized access to personal data. Specifically, ECC The Netherlands has taken the following measures:

• We make use of secure connections (SSL/TLS) to protect all information between you and our website when you enter personal data.

#security-website

The personal data described above will be stored for up to 1 year after you have provided us with the data. This will differ only if it is necessary to keep the data longer to provide the service you have requested to you, or if there is a statutory obligation that requires longer storage.

#retention-period

This privacy statement does not apply to third party websites that are connected to our service by means of links. We cannot guarantee that these third parties handle your personal data in a trustworthy or secure manner. We encourage you to read the privacy statement of these websites before using these websites.

#third-party-websites

For questions about our privacy policy or questions regarding the inspection of and changes to (or removal of) your personal data, feel free to contact us at any time using the contact details below.

You may also send us a request to inspect, change or delete this data. You may send this to communicatie@eccnederland.nl. In addition, you may submit a data export request for data that we process for you, or give a warranted indication that you want us to curb the processing of personal data. If the information concerned is not correct, you can request that we change the data or have them removed. To prevent abuse, we may ask you to appropriately identify yourself.

#inspection-of-changes-to-your-personal-data

Of course, we are happy to help with any complaints you may have concerning the processing of your personal data. The privacy legislation also gives you the right to lodge a complaint with the Personal Data Authority against the processing of your personal data.

European Consumer Centre The Netherlands

• Moreelsepark 1, 3511 EP Utrecht
• @email
• 030 - 232 64 40

#personal-data-authority

The European Consumer Centre is careful when it comes to providing reliable and up-to-date information to visitors to this website. However, it cannot guarantee that this information is always error-free, complete and up-to-date. Therefore, no rights can be derived from the information on this website as well as any advice - by e-mail or on pages of this website.

Furthermore, the European Consumer Centre accepts no liability for damage resulting from inaccuracies or incompleteness in the information provided, nor for damage resulting from problems caused by, or inherent to the dissemination of information via the internet, such as malfunctions or interruptions of or errors or delay in the provision of information or services by the European Consumer Centre or by you.

#disclaimer