4RP countdown
Shadow Running Phase:
Submission of vehicle authorisation
application files :
Start of operations:

Banner Image
Privacy statement - Personal data protection statement for the Mail Registration System for Incoming/outgoing paper mail
1. Introduction and controller
Any personal data provided by users will be processed in accordance with Regulation (EC) 45/2001. This Regulation concerns the protection of individuals with regard to personal data provided to the Community institutions and bodies and on the free movement of such data.
The Certified Integrated Management System (IMS) is a single system used by the Agency to manage the totality of its processes.
This system sets up the framework to comply with the ERA Management standards and to be ISO9001 certified. In the view of the certification, the Agency needs to comply with the ISO9001 requirements.
The Mail Registration System (MRS) that the Agency put in place enables to comply with the Control of documented information requirement (section 7.5.3), Property belonging to customers or external providers’ requirement (section 8.5.3) and Preservation requirement (section 8.5.4).
The MRS, a part of the IMS, is a database that consists in registering the incoming and outgoing mails of the Agency to ensure its traceability; the personal data retained are necessary to identify and contact staff members and the stakeholders, with the purposes and legal basis explained under point 2b.
The Controller of the processing of the data is Mr Jens Engelmann, Head of Corporate Management and Evaluation Unit.
2. What personal data do we collect, for what purpose and under which legal basis?

2.1.   Data and processing

The processing affects only incoming/outgoing paper mail, excluding the following categories:
    Confidential and personal mail
    Junk mail
    Tender files/documents
    Parcels, magazines, booklets, newsletters etc.
Once selected, the relevant mails are scanned by the registration officer and handled through the Mail Registration System (MRS) by the administrative assistants.
The database gathers the following data fields:
    Last name - First name
    Job title/Unit
    Address (business or private)/ZIP – Postal code/City/Country
    Business/private phone
    Email address
The data are inserted in MRS manually by the Registration Officer and/or Administrative assistants in operational units.

2.2.   Purpose and legal basis

The overall purpose of the MRS is to meet the Agency’s objectives as established in the Agency’s regulation and developed in the annual work program and equitably satisfy its stakeholders. The data collection allows an efficient management of the mail flow, i.e. for the traceability, facilitating the paper mail correspondence between the Agency and its stakeholders.
The legal basis of this processing is  Regulation (EU) N° 2016/796 (ERA's statutory Regulation) as amended by Regulation (EC) 1335/2008; The Executive Director’s decision (ERA-ED-DEC-774- 2014) on the establishment of a Certified Integrated Management System; The Executive Director’s  decision (ERA-ED-DEC-70-2007)  on the Code of good Administrative behaviour.
The processing operations on personal data linked to the establishment of the MRS is necessary for the management and functioning of the Agency, as mandated by Regulation (EU 2016/796 and, lawful under article 5 (a) of Regulation EC 45/2001 on the protection of individuals with regards the processing of personal data.
3. Who has access to your data and to whom are your personal data disclosed?
All Agency staff members have a ‘read access’ in the MRS.
Only the following designated staff members who are directly involved in the mail process have been granted ‘contributor’ rights to be able to create, register, modify or delete data when needed:
    Executive Director
    All HoU
    All HoS
    All administrative assistants
    Reception Desk contractors
Any of the supervisory instances of the Agency, upon request (i.e. European Court of auditors, Internal audit service, EDPS, the Ombudsman, the Civil Service Tribunal, OLAF).
All recipients are reminded of their obligation not to use the data received for any further purpose other than the one for which they were transmitted.
4. How do we safeguard and protect your data?
According to article 22 and 23 of the Regulation, the controller must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk represented by the processing and the nature of the personal data to be protected.
5. How can you verify, modify, block or delete your information?
Regulation (EC) 45/2001 safeguards your right to access your data and to require to verify and rectify, if needed, without delay, any inaccurate or incomplete personal data at any time. You also have the right to require the Controller to erase data if the processing is unlawful. For this, you need to contact him at jens.ENGELMANN@era.europa.eu
6. How long do we keep your data?
Personal data will be retained according to the following table:
Record Name
Storage Responsible
Storage Location
Retention Time
Incoming mail (electronic version)
Unit administrative assistant
5 years in the MRS
Outgoing mail (electronic version)
Agency staff sending the document
5 years in the MRS
7. Remarks, questions and complaints
In case of any questions, difficulties related to the processing of your personal data you may also contact the Agency’s Data Protection Officer (DPO) at the following e-mail address: dataprotectionofficer@era.europa.eu
You have the right to recourse via the European Data Protection Supervisor at the following email address edps@edps.europa.eu if you consider that your rights under Regulation 45/2001 have been infringed as a result of the processing of your personal data by the Agency.