1. Privacy statement
Protection of your personal data
This privacy statement provides information about the processing and the protection of your personal data.
Processing operation: European e-Justice Portal
Data Controller: Directorate-General for Justice and Consumers (DG JUST), Unit A1 Digital transition & Judicial training
Record references: DPR-EC-01506, DPR-EC-01507, DPR-EC-01508, DPR-EC-01509, DPR-EC-01510, DPR- EC-03328, DPR-EC-08846.
1. Introduction
The European Commission (hereinafter “the Commission”) is committed to the protection of your personal data and to ensuring that your privacy is respected (Privacy policy for websites managed by the European Commission). The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).
This privacy statement explains the reasons for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor. The information herein pertains to the following data processing operations:
The European e-Justice Portal (hereinafter “the e-Justice Portal”) has been established with the objective to provide the general public with access to information, interconnected national databases, interactive services allowing users to communicate directly with the appropriate authorities in another Member State, and to provide contact information of competent national contact authorities and bodies. Therefore, the e-Justice Portal retrieves data for the very specific purpose of combination and alignment of data from different national databases. The Portal also processes personal data in the context of e-mail communication between the Commission, citizens, responsible content administrators and contact points (Data record: DPR-EC-01506).
Moreover, specific data processing operations take place in the context of some of the services provided by the e-Justice Portal, e.g. in the context of the “Find a Lawyer”, “Find a Notary” and “Find a company” tools, the European Case Law Identifier (ECLI) Search Engine, the e-CODEX communication tool, the Competent Court Database (CDB), the Fundamental Rights Interactive Tool (FRIT) and the Land Registers Interconnection system (LRI).
Please note that it is up to Member States and other bodies such as professional associations and non-profit organisations to operate the public databases providing services via the Portal. Data are collected by such entities for the purpose of compliance with national law and to provide necessary information at national level. Such databases are interconnected through the Portal in such a way that the information available at national level can be accessed via the Portal. It is up to Member States and other bodies such as professional associations and non-profit organisations to ensure security of the processing of personal data in their databases.
The Commission provides technical specifications for interconnection to the entitites mentioned above. The cooperation between the entities mentioned above and the Commission is ensured on voluntary basis (with the exception of BRIS and IRI 2.0 which are mandatory interconnections according to the applicable law[1]). Therefore, such cooperation is not regulated by any formal arrangement, such as a contract. The Commission ensures security of processing personal data strictly only within the scope of its responsibilities as data controller within the e-Justice Portal.
These data processing operations are carried out by DG JUST, Unit A1 Digital transition & Judicial training as further elaborated below.
2. Why and how do we process your personal data?
Purpose of the processing operation
DG JUST, Unit A1 Digital transition & Judicial training processes personal data for the main purpose of providing a “single one-stop (electronic) shop" for information on justice and access to European judicial procedures e-Justice Portal core platform - DPR-EC-01506).
In addition, separate processing operations take place in the context of the various additional functionalities offered by the e-Justice Portal:
Find a lawyer – Find a notary
“Find a Lawyer” and “Find a Notary” are two services provided to the general public by the Commission in collaboration with the relevant national associations of legal professionals (Data protection record: DPR-EC-01507). These associations are responsible for the initial collection of contact details in accordance with the applicable legislation on the protection of personal data (the General Data Protection Regulation (GDPR)). The Commission provides a search tool to enable cross-border searches for data stored aby the national associations. The Commission does neither store such contact details nor the search results.
ECLI search engine
The European Case Law Identifier (ECLI) Search Engine (Data protection record DPR-EC-01508) is a service provided to the general public by the Commission in cooperation with the participating case law providers, with the objective of facilitating access to European and national case law (Data protection record: DPR-EC-01508). Member States and their judicial authorities are responsible for the publication of national case law. The Commission provides a search tool to enable cross-border searches for such case law, which might contain certain personal data. The Commission does neither store case law nor the search results.
e-CODEX
The e-Justice Portal also provides a service enabling an electronic exchange of official forms pursuant to certain European cross-border legal instruments. This is achieved in the framework of an underlying secure communication infrastructure known as e-CODEX (Data protection record: DPR-EC-01509). E-CODEX is set of software products which allows direct secure cross-border electronic messages exchange in the judicial area. It is based on a decentralised architecture, designed to connect existing IT systems at national level.
e-CODEX facilitates the exchange of forms pursuant to specific European legal instruments. Apart from personal data required for the exchange of valid forms, processing of personal data is also taking place in the context of electronic signature. Such processing is also carried out in the context of providing information on the competent authorities in those cases when such functions are carried out by individuals. Additionaly, metadata, which may contain personal data, are logged for troubleshooting purposes (Data protection record DPR-EC-01509).
Court Database – Fundamental Rights Interactive Tool
The Competent Court Database (CDB) and the Fundamental Rights Interactive Tool (FRIT) are two services provided to the general public by the Commission and Member States allowing users to identify the authorities competent for certain European cross-border legal instruments and the enforcement of their fundamental rights (Data protection record DPR-EC-01510). Member States provide the Commission with the relevant contact details. The Commission is only responsible for the publication of such data.
These tools are processing contact details of competent authorities (including for the enforcement of fundamental rights); in certain cases contact details may refer to an individual person.
Find a company – Business Registers Interconnection System
The Find a company/ Interconnection of business registers service allows you to look for and get information about companies registered in business registers in the EU, Iceland, Liechtenstein or Norway. It is part of the Business Registers Interconnection System (BRIS), set up in line with EU law. The system connects the national business registers which make available the company information (Data protection record DPR- EC-03328). While most of the data on companies in the business registers are non-personal, some of the documents obtained e.g. names of directors, legal representatives, shareholders etc.
Land Registers Interconnection system
DG JUST A1 collects and uses your personal information to facilitate the functioning of the Land Registers Interconnection system (LRI).
The LRI core services provided by all registries are to register, examine and store land and property information, such as location and ownership, and to make this information available to the public and professional customers
National contact points are responsible for the initial collection of relevant information in accordance with the applicable legislation on the protection of personal data (the General Data Protection Regulation (GDPR)). The purposes of processing personal data are defined either in national legislation or by respective national associations. The Commission is not responsible for the definition of purposes for such processing at national level. The Commission neither stores any contact details provided nor the obtained search results.
Other data processing in the e-Justice Portal
The e-Justice Portal processes personal data of users for e-mail notification purposes, as well as personal data of the administrators responsible for the management of the specific functionalities of the Portal and its systems.
The e-Justice Portal authenticates its registered users through the Commission’s EU Login service. A separate privacy statement explains the nature of processing of personal data by EU Login.
None of the personal data processing operations are used for automated decision-making, including profiling (Article 24 of Regulation (EU) 2018/1725).
3. On what legal ground(s) do we process your personal data?
We process your personal data, because processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body (Article 5(1)(a) of the Regulation). Some forms of data processing are also consent-based (Article 5(1)(d) of the Regulation). The e-Justice Portal, and its various features and services, is provided further to Article 81 and 82 of the Treaty on the Functioning of the European Union (TFEU). In addition, the processing of personal data in the context of the Find a company/ Interconnection of business registers service is also carried out on the basis of Article 5(1)(b) of the Regulation. This processing is necessary in order to provide company documents (which may contain personal data) to the users of the “Find a company” page of the European e-Justice Portal, as required by Directive (EU) 2017/1132 of the European Parliament and of the Council of 14 June 2017 relating to certain aspects of company law.
The processing of personal data is also governed by the Commission Decision on "The protection of personal data in the European e-Justice Portal" of 5 June 2014.
4. Which personal data do we collect and further process?
The e-Justice Portal core platform
In the context of the general functioning of the European e-Justice Portal, the DG JUST, Unit A1 Digital transition & Judicial training processes the following categories of personal data:
- Personal data of the e-Justice Portal content administrators, personal data provided by users when using the e-Justice Portal, including in the context of contacts with the support mailbox (e-Justice Portal core platform - DPR-EC-01506).
Moreover, in order to carry out those processing operations, DG JUST, Unit A1 Digital transition & Judicial training collects the following categories of personal data:
- Personal data collected in the context of EU login (name and e-mail address). We obtain these personal data from the EU login service.
- Personal data of administrators (name and e-mail). We have obtained such personal data from the relevant national authorities.
The provision of such personal data is not mandatory.
Personal data processed in the context of the Portal’s services
- Names and contact details (such as, for instance, e-mail address, telephone number) of lawyers and notaries (Find a lawyer / Find a notary - DPR-EC-01507).
- Personal data included in European and national case law, made available in accordance with applicable European or national legislation (ECLI search engine- DPR-EC-01508).
- Personal data necessary to electronically exchange forms pursuant to the supported European legal instruments; personal data in the context of use of electronic signatures, personal data maintained as metadata necessary for troubleshooting purposes (e-CODEX - DPR-EC-01509).
- Names and contact details (such as, for instance, e-mail address, telephone number) of individuals who may be competent in the context of civil law procedures and/or for the enforcement of citizens’ fundamental rights (Court Database – Fundamental Rights Interactive Tool - DPR-EC-015010).
- The public documents available through the “Find a company” page of the European e-Justice Portal (e.g. instrument of constitution, statutes, accounting documents etc.) may contain personal data related to a company (e.g. directors, legal representatives, shareholders etc.). The categories may vary according to the national business register of provenience, and may include information such as: gender (Mr/Ms), name, surname(s), parents’ names, date of birth, ID/passport number, date of issuance and expiry date, tax number or other national identification numbers, address and signature (DPR-EC-03328)
- Names of land owners, their address, date of birth, marital status, signatures, names of successors etc. and any other categories of personal data determined in relevant national legislation of the respective Member State for the purpose of the functioning of the Land Register Interconnection system (DPR-EC-08846).
In the context of services which rely on data provided by third parties, the e-Justice Portal disseminates personal data mentioned above in case they are already being disclosed by other data controllers. The initial collection of such data may be mandatory under the applicable legislation.
5. How long do we keep your personal data?
DG JUST, Unit A1 Digital transition & Judicial training only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing, namely for:
- Data of content administrators and contact persons are stored until the person filfils his or her functions; the validity of the data is checked in the context of an annual update of the content of the e-Justice Portal; rectifications are also carried out upon request (DPR-EC-01506, DPR-EC-01507, DPR-EC-01508, DPR-EC-01509 and DPR-EC-01510).
- Personal data are retrieved from the databases of the participating bar associations and law societies. They are not stored by the e-Justice Portal, and are displayed only for the duration of the visualisation of search results (Find a lawyer / Find a notary - DPR-EC-01507).
- Personal data may be included in judicial decisions provided by European and national partners publishing case law (“ECLI providers”). The e-Justice Portal stores these data as part of each decision’s metadata and search indexes, as long as the providing entity does not anonymise or remove the respective judicial decision (ECLI search engine - DPR-EC-01508).
- With regard to the e-Justice Portal, personal data are being stored only during the preparation of relevant form by the applicant. Personal data are however stored in users' "mailboxes" on the eTrustEx component of e-CODEX. The maximum retention period is 10 years. Maximum retention period for data related to troubleshooting purposes is 5 years (e-CODEX - DPR-EC-01509).
- Personal data obtained via the Find a company functionality are stored on the platform for 6 days from the moment the file is made available for downloading (DPR-EC-03328)
- Personal data collected for the Land Registers Interconnection system is processed for the time necessary to fulfil the purpose of collection or further processing as defined in relevant national legislation of the respective Member State. Personal data are stored as long as necessary to meet all legal and fiscal obligations (DPR-EC-08846).
6. How do we protect and safeguard your personal data?
All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of the European Commission. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.
In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
7. Who has access to your personal data and to whom is it disclosed?
With respect to the data available on the public-facing component of the e-Justice Portal, access to personal data is provided to the general public. Personal data processed for determination of responsible technical contact points and processed for support and troubleshooting purposes (including personal data retrieved by the EU Login system) are only accessibly by authorised Commission staff according to the “need to know” principle. Such staff abide by statutory, and if relevant, additional confidentiality agreements.
If you contact us by using the e-Justice Portal’s “Your Feedback” tool, authorised staff will process your personal data. Subject to your consent, we may also forward your message (including personal data contained therein) to other competent European institutions or national authorities.
Personal data is processed in the context of collecting web traffic statistics. This is done by the Commission Europa Analytics system. You may learn more about what and how personal data are processed by Europa Analytics here.
8. What are your rights and how can you exercise them?
You have specific rights as a data subject under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access your personal data and to rectify them in case they are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.
In cases where the e-Justice Portal makes available personal data initially collected by third parties (e.g. Member State registers and databases, we will transfer requests for the exercise of data subjects’ rights to the appropriate data controllers.
You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) on grounds relating to your particular situation.
You can exercise your rights by contacting the Data Controller, or in case of conflict, the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 9 below.
Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified herein) in your request.
9. Contact information
The Data Controller
If you would like to exercise your rights under Regulation (EU) 2018/1725, if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the responsible Data Controller: DG JUST Unit A1 Digital transition & Judicial training (JUST-E-JUSTICE@ec.europa.eu)
The Data Protection Officer (DPO) of the Commission
You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.
The European Data Protection Supervisor (EDPS)
You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.
10. Where to find more detailed information?
The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.
These specific processing operations have been included in the DPO’s public register under the following references: DPR-EC-01506, DPR-EC-01507, DPR-EC-01508, DPR-EC-01509 and DPR-EC-01510.
[1] BRIS - Please see Article 17 of the Directive (EU) 2017/1132 of the European Parliament and of the Council of 14 June 2017 relating to certain aspects of company law; IRI.2.0 - Please see Article 25 of the Regulation (EU) 2015/848 of the European Parliament and of the Council of 20 May 2015 on insolvency proceedings
2. Personal data protection rules
The European Union is committed to user privacy. The policy on "protection of individuals with regard to the processing of personal data by the Community institutions" is based on Regulation (EC) N° 2018/1725 of the European Parliament and of the Council of 23 October 2018.
This general policy covers the European Union's family of institutional Web Sites, within the eu domain.
Although you can browse through most of these Web Sites without giving any information about yourself, in some cases, personal information is required in order to provide the e-services you request.
Web Sites that require such information treat it according to the policy described in the Regulation mentioned above and provide information about the use of your data in their specific privacy policy statements.
In this respect:
- For each specific e-service, a controller determines the purposes and means of the processing of personal data and ensures conformity of the specific e-service with the privacy policy;
- Within each Institution, a Data Protection Officer ensures that the provisions of the Regulation are applied and advises controllers on fulfilling their obligations (see art. 43-45 of the Regulation);
- For all the Institutions, the European Data Protection Supervisor will act as an independent supervisory authority (see art. 52 to 60 of the Regulation).
- The European Union's family of institutional Web Sites, within the eu domain, provides links to third party sites. Since we do not control them, we encourage you to review their privacy policies.
What is an e-service?
An e-service on EUROPA is a service or resource made available on the Internet in order to improve the communication between citizens and businesses on the one hand and the European Institutions on the other hand.
Three types of e-services are or will be offered by EUROPA:
- Information services that provide citizens, media, business, administrations and other decision makers with easy and effective access to information, thus increasing transparency and understanding of the policies and activities of the EU;
- Interactive communication services that allow better contacts with citizens, business, civil society and public actors thus facilitating policy consultations, and feedback mechanisms, in order to contribute to the shaping of policies, the activities and the services of the EU;
- Transaction services that allow access to all basic forms of transactions with the EU, e.g. procurement, financial operations, recruitment, event enrolment, acquisition or purchase of documents etc.
Information contained in a specific privacy statement.
A specific privacy policy statement will contain the following information about the use of your data:
- What information is collected, for what purpose and through which technical means the EU collects personal information exclusively to the extent necessary to fulfil a specific purpose. The information will not be re-used for an incompatible purpose;
- To whom your information is disclosed. The EU will only disclose information to third parties if that is necessary for the fulfilment of the purpose(s) identified above and to the mentioned (categories of) recipients. The EU will not divulge your personal data for direct marketing purposes;
- How you can access your information, verify its accuracy and, if necessary, correct it. As a data subject you also have the right to object to the processing of your personal data on legitimate compelling grounds except when it is collected in order to comply with a legal obligation, or is necessary for the performance of a contract to which you are a party, or is to be used for a purpose for which you have given your unambiguous consent;
- How long your data is kept. The EU only keeps the data for the time necessary to fulfil the purpose of collection or further processing;
- What are the security measures taken to safeguard your information against possible misuse or unauthorised access;
- Whom to contact if you have queries or complaints.
Europa Analytics
Europa Analytics is the corporate service which measures the effectiveness and efficiency of the European Commission's websites on EUROPA.
By default, website visitors are tracked using the first-party persistent cookies from Europa. You may choose not to be tracked by Piwik (opt-out). If you change your mind, you can choose to be tracked again by Piwik (opt-in).
To check your current status and make your choice, tick the corresponding box in the text appearing below.
Choosing not to be tracked by Piwik does not affect your navigation experience on Europa sites.
How do we treat e-mails you send us?
All webpages have a "Your feedback" link, which allows you to send your comments to a specific functional mailbox. When you send such a message, the personal data provided is collected by the addressee only to the extent necessary to reply. If the management team of the mailbox is unable to answer your question, it will forward your e-mail to another service. You will be informed, via e-mail, about which service your question has been forwarded to. The website will not maintain records of any e-mail exchanges carried out using this functionality.
If you have any questions about the processing of your e-mail and related personal data, do not hesitate to include them in your message.
This page is maintained by the European Commission. The information on this page does not necessarily reflect the official position of the European Commission. The Commission accepts no responsibility or liability whatsoever with regard to any information or data contained or referred to in this document. Please refer to the legal notice with regard to copyright rules for European pages.