ACER is highly committed in processing personal data in a lawful way.
The Agency processes personal data collected according to the provisions of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.
ACER only processes personal data for the performance of tasks carried out in the public interest in accordance with European Union law or whilst legitimately exercising the official authority vested to the Agency. Furthermore, the processing of personal data is lawful as a part of a legal or contractual obligation or when the data subject concerned has given his or her unambiguous consent.
The Agency will not process personal data for marketing or commercial purposes.
The Agency's supervisory authority, in terms of processing personal data, is the European Data Protection Supervisor (EDPS). The EDPS is responsible for the monitoring of European Union institutions, agencies and bodies and their compliance with data protection rules, ensuring that the rights to privacy and data protection are respected.
Data Protection Officer
The Agency appointed a Data Protection Officer (DPO) to ensure, in an independent manner, the internal application of data protection requirements.
The DPO's main functions are to:
- inform data controllers and individuals regarding their obligations and rights pursuant to Regulation (EU) 2018/1725,
- cooperate and consult with the EDPS,
- ensure the transparency of Agency's processing operations. The DPO keeps a register of all personal data processing operations performed at the Agency,
- advise on lawful processing of personal data, ensuring that data controllers respect the rights to privacy and data protection in the course of their work,
- provide recommendations, develop guidelines to enhance good practice, organise training and awareness session for Agency' staff,
- support the data subjects on the exercise of their rights,
- provide advice with regards to data protection related breaches
- ensure in an independent manner the internal application of the Regulation (EU) 2018/1725.