Personal data are processed by the European Investment Bank ("EIB" or "Controller") in accordance with Regulation (EC) 2018/1725 of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
Legal basis and purpose of the processing
In accordance with Article 309 of the Treaty on the Functioning of the European Union, the task of the European Investment Bank shall be to contribute, by having recourse to the capital market and utilising its own resources, to the balanced and steady development of the internal market in the interest of the Union.
The EIB provides information services about all its activities to the public at large, thus increasing transparency and contributing to an understanding of the EIB's activities. In order to do so, the EIB has developed a framework of policies published on the EIB website. The EIB also foresees the possibility to fill-in contact forms.
In order to be able to provide the necessary information and/or answer questions from the public at large, the EIB collects personal data related to the visitors of its websites as further detailed below.
For the 'contact us' part: EIB Communications Department. For other parts: Other organizational entities inside the EIB, which they are entitled to have access or receive the data on "a need to know basis"
Data retention period
For EIB Communications Department: Data retention period is 1 year after termination of the interaction with the data subject.
For other organisation entities: Data retention may be different and no longer than is necessary for the purposes for which the personal data are processed.
Rights of data subjects
Subject to the conditions and modalities provided by the applicable laws:
You have the right to obtain from the controller, without constraint, at any time within three months from the receipt of the request and free of charge:
Confirmation as to whether or not personal data concerning you are being processed;
Information at least to the purposes of the processing operation, the categories of personal data concerned, and the recipients or categories of recipients to whom the data are disclosed;
Communication in an intelligible form of the data undergoing processing and of any available information as to their source;
Information of the logic involved in any automated decision process concerning the visitor (right of access);
You have the right to obtain from the controller, without undue delay, the rectification of any inaccurate or incomplete personal data concerning you (right to rectification).
The EIB may restrict the application of your right of access and right to rectification where such restriction may constitute a necessary measure to ensure safeguards - including but not limited to:
The prevention, investigation, detection and prosecution of criminal offences; and
The protection of the data subject or of the rights and freedoms of others.
Further to the above, you have the right to obtain from the controller the erasure of your personal data when they are no longer necessary in relation to the purposes for which they were collected (right to erasure). You have the right to obtain restriction of processing from the controller when:
You contest the accuracy of your personal data;
The processing is unlawful;
The controller no longer needs the personal data for the purposes of the processing; or
You have objected to processing, pending the verification whether the legitimate grounds of the controller override yours (right to restriction of processing).
Moreover, you have the right to:
Object on grounds relating to your particular situation when the processing of personal data is unlawful;
Receive from the controller your personal data in a structured, commonly used and machine-readable format and transmit those data to another controller without hindrance from the controller by which the personal data have been provided (right to data portability);
Lodge a complaint to the European Data Protection Supervisor (https://edps.europa.eu) at any time (right to lodge a complaint).