corporate_banner_en

Privacy Statement for Investigations

The EU bank at a glance
EFSI
Some dates and figures
EIB Group impact: Boosting GDP and jobs
Governance and structure
Shareholders
Statutory bodies
Board of Governors
Ethics and Compliance Committee
Appointment Advisory Committee
Board of Directors
Board Committee on Staff Remuneration and Budget
Board Committee on Risk Policy
Board Committee on Equity Participation Policy
Management Committee
Audit Committee
Control and evaluation
Organisation structure
Corporate responsibility
Providing finance
Borrowing
Reporting on sustainability
Internal Commitment
Compliance
Tax good governance
Complaints and investigations
Complaints Mechanism overview
What we do
The complaints process
Submit a complaint
Frequently Asked Questions
Complaints
Investigating Prohibited Conduct
How to report Prohibited Conduct
Exclusion
Part of the EU family
Tackling global challenges together
Together on forced displacement and migration
Together on infrastructure
Partners
National Promotional Banks
Civil society
Events
Consultations
Key policies and standards
Contacts
The EIB’s commitment to transparent lending
Banking community
Multilateral development banks
Universities
Civil Society and Stakeholder Engagement
Transparency and access to information
Key policies and standards
Policy engagement
Civil society events
Contact us
Jobs
Work with us
We invest in you
Diversity
Life outside the office
Current vacancies
How to apply
Procurement
Economic research
European research hub
Our research
Surveys and data
Promoting dialogue
Assessing the macroeconomic impact of EIB activities

Privacy Statement for Investigations

    •  Display in:
    • en
  • Available in: en

1. Description of the processing operation

Investigations run by the EIB Group’s Fraud Investigations Division (“IG/IN”) are administrative investigations for the purpose of detecting and preventing fraud, corruption and any other prohibited conduct[1] affecting EIB Group’s activities. The EIB Group consists of the European Investment Bank and the European Investment Fund.

The legal basis for the processing operation is:

  • Article 325 of the Treaty on the Functioning of the European Union (“TFEU”);
  • Article 18 of the EIB Statute and articles 2 and 28 of the EIF Statutes;
  • Regulation (EU, EURATOM) No 966/2012 of the European Parliament and of the Council;
  • EIB Board of Governors Decision of 27 July 2004 concerning EIB’s cooperation with OLAF;
  • Policy on preventing and deterring prohibited conduct in European Investment Bank activities and Policy on preventing and deterring prohibited conduct in European Investment Fund activities (“EIB and EIF Anti-Fraud Policies”).

2. What personal information do we collect, for what purpose, and through which technical means?

In the context of its investigations, IG/IN collects identification data, professional data and case involvement data. This data may be used to assess allegations of Prohibited Conduct and determine whether any misconduct or wrongdoing was committed. It may also be used for contact purposes.

The data may be collected on the basis of a report by an EIB Group staff member or an external informant, including anonymous or confidential sources, and on the basis of publicly available information. The data may be collected by any of the means provided in the EIB and EIF Anti-Fraud Policies including by accessing any relevant information, documentation and premises of the EIB Group and/or the projects financed by the EIB Group, and by asking oral information from any relevant person.

The evidence collected is relevant to the matter under investigation and collected for the purpose of the investigation; it will include inculpatory and exculpatory evidence.

3. Who has access to your information and to whom is it disclosed?

Responsible IG/IN staff has access to your data. In addition, your data may be transferred to designated persons in the EIB Group, EU institutions, bodies, offices and agencies, international organisations and/or the relevant authorities in Member States, candidate countries or third countries in order to ensure the appropriate conduct of the investigation and in compliance with Articles 4 to 6, 9 to 11, and 47 to 50 of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union Institutions, bodies and agencies and on the free movement of such data.

4. How do we protect and safeguard your information?

In order to protect your personal data, a number of technical and organisational measures have been put in place.

IG/IN premises are part of a secured physical area only accessible to IG/IN staff and security services in order to prevent any unauthorised access to equipment and data. The IT systems used by IG/IN are subject to the IT security policy of the EIB which includes measures to protect the EIB IT infrastructures and systems. In addition, administrative measures include the obligation that service providers sign non-disclosure and confidentiality agreements.

5. How long do we keep your data?

Your personal data may be retained in IG/IN’s case files for at least five years and up to ten years after the closure of the investigation. If the related allegations were not substantiated, your personal data may be retained for a maximum of five years from the closure of the case.

6. How can you verify, modify or delete your information?

You are entitled to access, rectify and (in certain circumstances) restrict the processing of the data we hold regarding you. You may exercise these rights by contacting the data processing controller/processor at the following e-mail address: investigations@eib.org. Upon request and within three months from its receipt, you may obtain a copy of your personal data undergoing processing. Exemptions under Article 25 of Regulation (EU) 2018/1725 may apply.

7. Right of recourse

You have the right to have recourse to the European Data Protection Supervisor (edps@edps.europa.eu) at any time if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by IG/IN.

Before initiating this procedure data subjects may contact the Head of IG/IN (Investigations@eib.org), responsible for the processing, the EIB Data Protection Officer (DataProtectionOfficer@eib.org) or the EIF Data Protection Officer (dpo@eif.org), as the case may be.


[1] Prohibited conduct is defined in EIB and EIF Anti-Fraud Policies available on EIB and EIF websites.



 Print