ECC Net Privacy Policy
About this policy
ECC-Net aims to promote consumer confidence by advising citizens on their rights as consumers and providing easy access to redress, in cases where the consumer has purchased something in another country to his/her own (cross-border). ECCs provide consumers with a wide range of services, from providing information on their rights to giving advice and assistance on their cross-border complaints and informing them about the resolutions available to them. When an agreement cannot be reached with the business, they provide consumers with easy and informed access to out-of- court-settlement procedures (Alternative Dispute Resolution/ADR).
To enable ECC-Net to provide the above services to consumers, an IT tool called ECC-Net 2, is used to collect and handle complaints and the necessary data, including your personal data. ECC-Net 2 is operated by the European Commission.
When collecting and processing the above personal data through ECC-Net 2, the provisions of Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals for the processing of personal data by Community institutions and bodies and on the free movement of such data and more specifically article 5, Paragraph (a and b) apply.
Why do we process your data?
Head of Unit E.3: Consumer Enforcement and Redress, Directorate-General for Justice and Consumers, European Commission (referred to hereafter as the Data Controller) collects and uses relevant personal information.
ECC-Net 2 is used to process this data, to the extent and for as long as necessary, for one or more of the following purposes:
- enable communication between the ECC and the consumer;
- facilitate the assessment of a request;
- attempt to resolve complaints or disputes, either directly with the business complained about or through an ADR entity;
- enable consumers to track the status of their requests;
- provide anonymised statistics, including suspected violations.
Further information about ECC-Net can be found on their website.
ECC-Net 2 falls under the following legal basis /lawfulness:
- Regulation (EU) No. 254/2014 of the European Parliament and of the Council of 26 February 2014 on the multiannual consumer program for the years 2014-20 and repealing Decision No. 1926/2006/EC and, more specifically, Articles 2 and 3(1)(c) and (d) of this Regulation. Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market, and in particular Article 21.
- Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market and, in particular, article 21.
- Directive 2013/11/EU of the European Parliament and of the Council of 21 May 2013 on alternative dispute resolution for consumer disputes and amending Regulation (EC) No. 2006/2004 and Directive 2009/22/EC (Directive on Consumer ADR) and, more specifically, Article 14 of the Directive.
- Regulation (EC) No 2006/2004 and Directive 2009/22/EC (Directive on consumer ADR) and, more specifically, article 14 of the Directive.
- Regulation (EU) 2017/2394 of the European Parliament and of the Council of 12 December 2017 on cooperation between national authorities responsible for the enforcement of consumer protection laws and repealing Regulation (EC) No 2006/2004 and, in particular, article 27(1).
- Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by Community institutions and bodies and on the free movement of such data.
Based on Article 5 of Regulation (EC) 45/2001, the data processing is considered lawful because it is necessary to comply with the requirements of the legal instruments mentioned above and to ensure that the European Commission fulfils its legal obligations.
Whose data do we collect?
ECCs, including ECC Ireland, collect data about the following type of users:
- Consumers – in the European Union, Iceland, Norway and the UK who approach ECCs for information and assistance.
- Trader representatives – contact persons for businesses in the European Union, Norway and Iceland involved in consumer complaints or disputes.
- ADR representatives – contact persons in ADR entities.
What data do we collect and process?
Consumers
- Name of the consumer/reporter
- Address
- Postal code
- Country of residence
- Telephone number
- Gender
- Communication language
- Summary/Description of the request
- Further personal data upon explicit consent may be collected if necessary for handling the complaint such as bank details.
Trader representatives
Data from individual trader’s representatives is rarely stored in ECC-Net 2 but, when processed may include:
- Name of the trader’s representative
- Professional address
- Postal code
- Country
- Professional telephone
- Professional email
- ADR representatives
ADR representatives
Data from ADR representatives is rarely store in the system but, when processed may include:
- Name of the ADR’s representative
- Professional address
- Postal code
- Country
- Professional Telephone
- Professional email
How long do we keep your data?
Personal data of consumers, trade representatives and ADR representatives will be kept for as long as a case is open, and no longer than one year after the case has been closed. This is done to enable follow-up if there are new developments after the case has been closed. Once the retention period has expired, the information is anonymised and only kept for statistical purposes.
How do we protect your data?
All data in electronic form (emails, documents, uploaded batches of data, etc.) are stored on the servers of either the European Commission or its contractors, the operations of which comply with the security decision of the European Commission of 16 August 2006 [C(2006) 3602] on the security of information systems used by the European Commission.
The Commission’s contractors are bound by a specific contractual clause for any processing of your data on behalf of the Commission, and by the confidentiality obligations derived from the transposition of Directive 95/46/EC.
Who has access to your data?
To resolve your question or complaint it may be shared – following your express consent – with the ECC where the business is based or, where appropriate, with relevant bodies such as an ADR entity or a National Enforcement Body (NEB).
Shared requests may result in an ECC contacting a business in relation to your complaint. If such contact is made, your data may also be shared with the business to the extent that is necessary to resolve your question or complaint.
Access to your data is provided to authorised staff on a “need to know” basis. Such staff comply with statutory rules, and when required, with additional confidentiality agreements.
The authorised staff are the Case handlers in the European Consumer Centres and the European Commission staff responsible for product or business management of ECC-Net2. Norway and Iceland are EEA/EFTA countries and members of the European Consumer Centres Network. Transfer between ECCs in the EU and the ECCs in Norway or Iceland is therefore considered an Article 8 transfer in the meaning of the Regulation No 45/2001.
What are your rights and how can you exercise them?
According to Regulation (EC) 45/2001, you have the right to access your personal data and you can request that we amend the accuracy or completeness of your personal data, restrict the processing of your personal data or seek deletion of your data.
You can exercise your rights by contacting:
- the European Consumer Centre you have had contact with or
- the data controller which is the Head of Unit E.3: Consumer Enforcement and Redress.
Contact information
European Consumer Centre Ireland
Bloom House, Railway Street, Dublin 1, D01 C576
Email: info@eccireland.ie
Head of Unit E.3: Consumer Enforcement and Redress
Directorate-General for Justice and Consumers
European Commission
Email: JUST-E3@ec.europa.eu
Who can you make a complaint to?
We hope you are satisfied with our use of your data. In the event of a conflict, you can make a complaint to the Commission Data Protection Officer and, if necessary, the European Data Protection Supervisor , by using the contact information you will find in point 8 below.
- the European Consumer Centre you have had contact with or
- the Commission Data Protection Officer or
- the European Data Protection Supervisor or
Contact information
European Consumer Centre Ireland
Bloom House, Railway Street, Dublin 1, D01 C576
Email: info@eccireland.ie
The Data Protection Officer (DPO) of the European Commission:
Email: DATA-PROTECTION-OFFICER@ec.europa.eu
The European Data Protection Supervisor (EDPS):
Email: edps@edps.europa.eu.
Where can you find out more details?
The European Commission’s Data Protection Officer publishes a list of all activities involving the processing of personal data. You can access the list on the European Commission website.