Privacy Statement to ECC IT Tool
European Consumer Centres’ Network (ECC-Net)
ECC-Net Case Handling IT tool
This privacy statement explains how the European Consumer Centres (ECCs) which are members of the European Consumer Centres’ Network (ECC-Net) handle personal data of consumers who address the Centres with requests for information and who seek assistance in the treatment of a complaint or the settlement of a dispute with a trader in another EU Member State or in Norway or Iceland. The measures taken to protect the collected personal data are explained.
I. Aim and actors of ECC-Net
ECC-Net aims to promote consumer confidence by advising citizens on their rights as consumers and providing easy access to redress, in cases where the consumer has purchased something in another country to his/her own (cross-border). ECCs provide consumers with a wide range of services, from providing information on their rights to giving advice and assistance to their cross-border complaints and informaiing about the available resolution of disputes. They also advise on out-of-court-settlement procedures (ADR) for consumers throughout Europe and provide consumers with easy and informed access to such procedures, when an agreement could not be reached directly with the trader where an applicable ADR is available.
To enable ECC-Net to provide the above mentioned services to the citizens, an IT tool, the ECC-Net Case Handling IT tool, is used to collect and handle the necessary data. The IT tool is operated by the European Commission. In this respect, personal data is collected and processed from the consumers.
The European Consumer Centres collect this information on the basis of Action 9 (in the Annex) of Decision no 20/2004/EC of the European Parliament and of the Council of 8 December 2003 establishing a general framework for financing Community actions in support of consumer policy for the years 2004 to 2007 (OJ L5 of 09/01/2004).
The collection and processing of the above personal data through the ECC-Net Case Handling IT tool follows the provisions of Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by Community institutions and bodies and on the free movement of such data and more specifically article 5, Paragraph (a and b).
II. Which personal information do we collect, for what purpose and through which technical means?
A. Identification Data which are entered in the ECC-Net Case Handling IT tool
ECC-Net collects personal data that identifies who you are when you, as consumer, request information or when you seek assistance in the treatment of a complaint or the settlement of a dispute with a trader in a EU Member State which is not your own country or in Norway or Iceland. The ECC which you contact collects all or part of the following personal data: your name, address, contact details including your telephone, fax, e-mail, gender and language.
Where available, documents in support of the case may also be collected.
B. Technical information
All data is entered by the European Consumer Centres into the ECC-Net Case Handling IT tool on behalf of the Health and Consumer Protection Directorate General of the European Commission. The application is hosted on servers situated in the Informatics Directorate-General of the European Commission.
No personal data is stored in any cookies or log files created on the IT tool.
III. Who has access to your information and to whom is it disclosed?
In order for ECC-Net to provide an efficient service, it is important that specific case related data including personal data are made available to the ECCs. Access to personal data is granted only to the two European Consumer Centres, located in the countries of the consumer and the trader, which assist the consumer to resolve his/her cross-border complaint or dispute, or, in the case of information requests, only to the Centre which answers the request for information. Furthermore, case related data including personal data is available to the Controller in the European Commission’s Directorate-General ‘Health and Consumer Protection’, and to European Commission staff working under the instructions of the Controller, to enable them to carry out quality control checks of the ECC-Net service provided and for network and database management tasks including block/delete of personal data on justified request by the consumers. All personal data collected will only be used to the extent necessary to carry out the above mentioned tasks.
In the case of a cross-border complaint or dispute with a trader, the ECC which you as consumer have contacted enters your information into the ECC-Net Case Handling IT tool. This information is then transmitted through the IT tool to the ECC in the country of the trader who is the subject of your complaint. The staff members of both ECCs use the information to assist you to resolve your case, if required by directly contacting the trader. If the latter is the case, your information will be transmitted to the trader.
In the case of an information request, the ECC enters your personal data into the ECC-Net Case Handling IT tool in order to process your request. In such cases, no information will be transmitted to other bodies.
IV. How do we protect and safeguard your information?
Your information is held in a secure system the operations of which are covered by the European Commission's security decisions and provisions established by its Directorate of Security for this kind of servers and services. The system is protected by nominative UserId/Passwords and an additional digit pass. The digit pass is a unique 12-character key generated by the system for each ECC center. It represents an additional level of security and works as follows: After the first authentication with a valid login/password, the IT tool prompts the user to enter a 3-character combination which the system selects at random from the 12-character key. This 3-character combination is different for each access to the application.
V. How can you verify, modify or delete your information?
Consumers can verify and modify their personal data. They can also introduce a request to block or delete their personal data from the ECC-Net Case Handling IT tool. Requests to block or delete personal data will be processed within a 2 month period. Such requests can be made to the European Consumer Centre with which they have been in contact or to the European Commission using the below mentioned functional mailboxes and contact numbers:
European Consumer Centre Iceland
functional mailbox: ena @ ena.is
Directorate-General Health and Consumer Protection of the European Commission
functional mailbox: sancoB5@ec.europa.eu
telefax:+32 2 292.13.66
VI. How long do we keep your data?
All personal data shall be kept in the IT tool as long as follow-up actions are necessary, and for a maximum of one year after the query has been closed. After this period, all personal data will be erased. Case information may be kept in anonymous form for statistical purposes.
VII. Contact Information
If you have questions or complaints about the use of your personal information, you should, in the first instance, contact the ECC with which you have been in contact. If you have further complaints, you should contact the European Commission. The respective addresses to be used are indicated under point V.
Complaints, in case of conflict on the processing of personal data, can be addressed to the European Data Protection Supervisor (http://www.edps.eu.int ).
European Consumer Centre Iceland.