Data Protection at the EUI
To ensure the protection, privacy, and security in the processing of personal data, the European University Institute treats your data in accordance with the principles of fairness, lawfulness, transparency and data minimisation, in compliance with EUI Data Protection Policy (EUI President’s Decision 10/2019), inspired by the EU General Data Protection Regulation (GDPR). We create and maintain an environment where the confidentiality of your personal data is of particular concern to us. Providing data protection is our job”.
EUI Data Protection Policy
Decision of the President No. 10 of 18 February 2019 (EUI Data Protection Policy) was drafted in accordance with the principles of the Convention and Protocol on Privileges and Immunities establishing the EUI and inspired by the EU data protection rules (GDPR) and the Regulation (EU) 2018/1725. Data protection aims at guaranteeing the individual’s right to privacy. It refers to the technical and legal framework designed to ensure that personal data are safe from unforeseen, unintended or malevolent use. Data protection therefore includes measures concerning collection, access to data, communication and conservation of data. In addition, a data protection strategy can also include measures to assure the accuracy of the data. EUI Data Protection Officer supports all aspects of the data protection at the EUI:
- Definitions & actors involved
- Purposes of processing personal data
- Principles of data processing
- Data subject rights & data protection complaints
- Confidentiality & security
- Transfer of data
Actors involved in the Data Protection at the EUI
The EUI Secretary General has the overall responsibility for the implementation of the EUI Data Protection Policy and can nominate the Data Controllers in the EUI’s governing bodies, departments, and centres.
Data Controller: the EUI or one of its organisational entities who determine the purposes and means of the processing of personal data by the EUI.
At the EUI, a Data Controller can be – depending on the type of processing operation – the Secretary General, or the Director of Service/Head of Unit or Department. More information on nominated Data Controllers and Delegated Controllers can be found in the Decision of the Secretary General’s No. 03/2023 of 7 July 2023, available internally.
Data Processor: a natural or legal person within the EUI structure who processes personal data on behalf of the Controller.
External Processor: natural or legal person, public authority, agency or any other body (e.g. organisational entity of an event, Settlements Office of the Joint Sickness Insurance Scheme) external to the EUI that processes personal data on behalf of the EUI.
Rights of the Data Subject and Data Protection Complaints
Data subjects have the right to:
- Be informed about whether, how, by whom and for which purpose their data are processed
- Rectification of inaccurate or incomplete personal data
- Erasure of data in case the processing by the EUI is or becomes unlawful
- Block the processing of data under specific conditions.
If data subjects believe that there has been a breach of the data protection principles set out in the EUI Data Protection Policy, they can address a complaint to the Controller with simultaneous notification to the DPO at the following e-mail address: [email protected]
If the reply is not satisfactory, or it is not given within one month, the data subjects have the right to judicial remedies under the terms and conditions outlined in the President’s Decision 10/2019.
Disclaimer: The summary above is provided for information purposes only and in no way replaces or substitutes the relevant regulatory documents of the EUI.
Page last updated on 07 November 2023