Skip to main content

Privacy Notice – Use of Contact Webform

For the purpose of contacting the EPPO via its website, the EPPO needs to process some amounts of personal data. This notice is to inform you as to what is collected and how it is used.


1. Purpose & Legal Basis

The purpose is to allow the communication with you following your request to engage in such contact.This includes also the engagement and covers any subsequent contact made in relation to your completion of the form. The applicable legal framework for data protection purposes for this processing of administrative personal data is Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 (OJ L 295 of 21.11.2018), and the specific legal basis is Article 5(1)(a) thereof, based on the need to be able to communicate with citizens. The processing is not consent based as the subsequent storage foreseen under point 6 below is mandatory and cannot be opted out of.


2. Identity of the Controller & Contact Details

The controller is the EPPO, and for this process coordinated by the Head of the Sector Communications. Contact can be made by email in general to info (at), or by mail marked for attention of the Head of Sector of Communications, to EPPO, 11, Avenue John F. Kennedy, 1855 Luxembourg.


3. Contact Details of Data Protection Officer

The Data Protection Officer can be reached by email to EPPO-DPO (at), or by mail marked for the attention of the DPO, to EPPO,  11, Avenue John F. Kennedy, 1855 Luxembourg.


4. Who else may be recipients of the personal data

For the purposes of communication with you your data will be shared with those most competent to deal with your request. Additionally, it may be used for auditing purposes, and shared with the respective supervisory and respectively competent authorities in case of e.g. complaints, appeals, etc.


5. Transfers to third countries and / or International Organisations

No transfers to third countries or international organisations are foreseen under this process.  


6. How long will the personal data be stored

Your personal data collected will be stored as part of the communication chain. Additionally, dependent on the nature of your inquiry and request, it may be stored for a period of up to 2 years from the last communication that occurred. This is to allow the EPPO to comply with record-keeping requirements and subsequent potential audits. In case your query relates to specific sectoral aspects, such as HR processes, financial or procurement aspects, etc., dedicated retention policies may apply. In case of audits or judicial proceedings, to which the communication is of relevance, the storage period will be extended accordingly but restricted to that purpose.


7. Right to request access, rectification, erasure, restriction or objection

You have the right at any time to request access to, rectification, object to or request restriction of processing, and / or erasure of your personal data. To exercise these rights, request assistance in their exercise or questions thereto, or file a complaint, you may contact the data controller, or the Data Protection Officer of the EPPO.


8. Complaint to the European Data Protection Supervisor

You also have the right to address yourself to the European Data Protection Supervisor to lodge a complaint.The European Data Protection Supervisor can be contacted by email toEDPS (at), or by post to EDPS, Rue Wiertz 60, B-1047 Brussels, Belgium.


9. Mandatory Nature of provision of personal data

The provision and processing by the EPPO of your personal data for this purpose is mandatory to allow communication to occur.


10. Automated Decision Making

There is no automated decision making involved in this process.


11. Record of Processing Activity

The processing of personal data, and further details thereof, fall under the Record of Processing Activity Number APD-0710 on Use of Website Contact Form,  and is available on request to the EPPO Data Protection Officer.



Last Update: October 2021