Data protection

Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Regulation (EC) 45/2001 on Data Protection confers rights on individuals as well as placing responsibilities on those persons processing personal data.

Personal data, data subject

Any information relating to an identified or identifiable person. An identifiable person, called the data subject, is someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity (Article 2 (a) Reg. 45/2001).

Processing of personal data

Any operation or set of operations that is performed upon personal data, whether or not by automatic means, such as collection, recording, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, deletion or destruction.

Data processing operations concerning the ETF's stakeholders and other people involved or interested in the activities of the ETF include for example compiling and publishing a list of participants at a meeting or conference organised by the ETF; evaluation of tenders submitted in response to a procurement procedure managed by the ETF and conclusion of contracts with the ETF, recruitment.

Data processing operations concerning members of staff and other people working within the ETF include, for example, procedures relating to staff appraisal and promotion, handling of personal and medical files.

Data Controller

The processing of personal data by the ETF is under the responsibility of the data controller who is the ETF’s Director. The data controller is responsible for ensuring, in particular, that technical and organisational measures are undertaken so as to protect the personal data with an appropriate level of security. The data controller remains legally responsible if someone who works for him or her breaches the data protection rules.

Data Protection Officer

The ETF Data Protection Officer (the DPO) is the person who shall ensure that the rights and freedoms of the data subjects are respected by ETF, and advises the data controller on fulfilling the obligations.

The DPO also provides advice and makes recommendations on rights and obligations of ETF and its services related to data processing processes and operations.

In critical situations, he or she may investigate matters and incidents either upon a request of a data subject or on his own initiative.

The DPO keeps a register of all personal data processing operations carried out in the institution, and ensures the timely notification of sensible personal data processing operations to the European Data Protection Supervisor (EDPS).

The ETF's DPO can be contacted at, or directly:

    Tiziana Ciccarone (ETF Data protection Officer)
    Laurens Rijken (Deputy Data Protection Officer)

The European Data Protection Supervisor (EDPS)

The European Data Protection Supervisor is the independent supervisory authority responsible for monitoring and ensuring the application of data protection rules by European Community institutions and bodies, including the Agencies