Privacy and data protection
The policy on "protection of individuals with regard to the processing of personal data by the Community institutions" is based on Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000.
This general policy covers the European Union's family of institutional websites, within the eu domain and including those of the European Investment Bank.
Although you can browse through most of these websites without giving any information about yourself, in some cases, personal information is required in order to provide the e-services you request.
In this respect:
- Within each Institution, a Data Protection Officer ensures that the provisions of the Regulation are applied and advises controllers on fulfilling their obligations (see art. 24 of the Regulation);
- For all the Institutions, the European Data Protection Supervisor will act as an independent supervisory authority (see art. 41 to 45 of the Regulation).
What is an e-service?
An e-service on EIB website is a service or resource made available on the Internet in order to improve the communication between citizens and businesses on the one hand and the European Institutions on the other hand.
Three types of e-services are or will be offered by EIB websites:
- Information services that provide citizens, media, business, administrations and other decision makers with easy and effective access to information, thus increasing transparency and understanding of the policies and activities of the EU;
- Interactive communication services that allow better contacts with citizens, business, civil society and public actors thus facilitating policy consultations, and feedback mechanisms, in order to contribute to the shaping of policies, the activities and the services of the EU;
- Transaction services that allow access to all basic forms of transactions with the EU, e.g. procurement, financial operations, recruitment, event enrolment, acquisition or purchase of documents etc.
- What information is collected, for what purpose and through which technical means the EU collects personal information exclusively to the extent necessary to fulfil a specific purpose. The information will not be re-used for an incompatible purpose;
- To whom your information is disclosed. The EU will only disclose information to third parties if that is necessary for the fulfilment of the purpose(s) identified above and to the mentioned (categories of) recipients. The EU will not divulge your personal data for direct marketing purposes;
- How you can access your information, verify its accuracy and, if necessary, correct it. As a data subject you also have the right to object to the processing of your personal data on legitimate compelling grounds except when it is collected in order to comply with a legal obligation, or is necessary for the performance of a contract to which you are a party, or is to be used for a purpose for which you have given your unambiguous consent;
- How long your data is kept. The EU only keeps the data for the time necessary to fulfil the purpose of collection or further processing;
- What are the security measures taken to safeguard your information against possible misuse or unauthorised access;
- Whom to contact if you have queries or complaints.
Many web pages on EIB websites have a "Contact" button, which activates your e-mail software and invites you to send your comments to a specific functional mailbox.
When you send such a message, your personal data is collected only to the extent necessary to reply. If the management team of the mailbox is unable to answer your question, it will forward your e-mail to another service. You will be informed, via e-mail, about which service your question has been forwarded to.
If you have any questions about the processing of your e-mail and related personal data, do not hesitate to include them in your message.
In the context of the implementation of Regulation (EC) 45/2001 concerning the protection of individuals with regard to the processing of personal data by Community institutions and bodies, the Management Committee of the European Investment Bank adopted 10 September 2009, implementing rules concerning the Bank’s Data Protection Officer (DPO). These rules clarify the tasks and responsibilities of the DPO, as well as the role of data controllers and the rights of data subjects.