European Railway Agency - ERA

Making the railway system work better for society

Data protection

The European Union Agency for Railways (ERA) is committed to user privacy.

Personal data, such as contact details or other, will be processed in line with Regulation (EC) N°45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.

Although you can browse through most parts of the Agency site without giving any information about yourself, in some cases, personal information is required in order to provide access to e-services. Whenever such information is collected, the Agency will treat it according to the policy described in Regulation (EC) N°45/2001 (and any other regulation that will supersede it). Further information about the use of your data is provided in the specific privacy policy statements for the relevant e-services.

For any questions regarding the processing of such personal data including how to access and rectify them, please get in touch with our Data Protection Officer

In case of conflict on any Personal Data Protection issue you can address yourself to our Data Protection Officer

Should the conflict not be resolved by the Data Protection Officer you may lodge a complaint with the European Data Protection Supervisor at any time

The European Union Agency for Railways (ERA) is committed to respecting the privacy of the participants to any consultations which are organised in the framework of its activities. All personal data provided to ERA are dealt with in compliance with Regulation (EC) N°45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (and any other regulation that will supersede it).

The following data protection information notice outlines the criteria by which ERA collects, manages and uses the personal data of the participants to consultations wit social partners and organisations representing rail freight customers and passengers.

Identity of Controller:

ERA

Purpose of processing:

Processing of personal data is needed to obtain the views of stakeholders concerned whenever the Agency is required to address its recommendations to the European Commission on matters that have a direct impact on these categories of subjects.

Type of data processed:

Only the following data are collected:

  • Name (optional)
  • Surname (optional)
  • Organisation (optional)
  • E-mail address (optional)
Recipients of the data processed:

In accordance with Article 4 of Regulation (EC) N° 1049/2001 of 30 May 2001 regarding public access to European Parliament, Council and Commission documents and Article 8(2) of the “Arrangements to be applied by the Agency for public access to documents” (Annex to Management Board Decision N°145 of 29 November 2016), ERA is committed to grant access to any document you have submitted during the consultation phase, by publishing the outcome on the ERA website.

In a later stage, your opinions will be included in the report accompanying the recommendation to the Commission, as provided for in Articles 6 and 7 of the Agency’s Regulation.

In order to ensure the reliability of your contribution and for transparency reasons, some of your personal information may be published as well, where appropriate, without any further processing which is incompatible with the purpose of the consultation. You can specify what personal information you agree to be published by checking the relevant box in the comment sheet.

Legal basis and Lawfulness of processing:

Articles 6 and 7 of Regulation (EU) 2016/796 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Railways and repealing Regulation (EC) No 881/2004.

Protection and security measures:

All personal data are processed only by designated ERA staff and stored on servers which abide by the ERA’s IT security rules and standards.

Retention period:

Your personal data will remain in the database until the results have been completely analyzed and will be rendered anonymous when they have been usefully exploited, and at the latest after twelve months from the end of the consultation. This does not apply to personal data whose online publication has been consented. These data will remain available on the ERA website.

The data subject’s rights:

In case you wish to verify which personal data is stored on your behalf by the responsible Controller, have it modified, corrected or deleted, please contact the Data Controller by using the contact information below and by explicitly specifying your request, or our Data Protection Officer .

Resource:

Practical questions on the public consultation can be sent to the ERA staff in charge of the organisation of the relevant consultation, using the functional mailbox specifically established for that consultation.

In case of conflict on any Personal Data Protection issue you can address yourself to our Data Protection Officer or use the contact form on our website, selecting as type of request: “Data protection” and specifying the reference to the consultation.

Should the conflict not be resolved by the Data Protection Officer you may lodge a complaint with the European Data Protection Supervisor at any time

The European Union Agency for Railways (ERA) is committed to respecting the privacy of its candidates for recruitment. Within the framework of the selection procedures at ERA, all personal data provided by candidates are dealt with in compliance with Regulation (EC) N°45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.

The following data protection information notice outlines the criteria by which ERA collects, manages and uses the data provided by candidates within the different selection procedures for the recruitment.

Identity of Controller:

ERA Head of Resources and Support Department

Purpose of processing:

Processing of personal data is needed for:

  • The organisation of selection procedures to recruit temporary agents, contract agents, seconded national experts and trainees;
  • The management of applications at the various stages of these selections;
  • The management and control of the use of reserve lists.
Type of data processed:

The personal data processed are the ones provided in the form used for the electronic application, in particular:

  • Personal data allowing the candidate to be identified, i.e. surname, first name, date of birth, gender, nationality, private address, e-mail address, telephone;
  • Information provided by the candidate to allow the practical organisation of selection, i.e. address information: street, postcode, town, country, telephone, fax, e-mail;
  • Information provided by the candidate to verify whether s/he fulfils the eligibility and selection criteria laid down in the vacancy notice, i.e. information about nationality, languages, education, previous working experience, fulfilment of military/civil service duties, criminal convictions etc. Furthermore, the applicant may indicate any individual situation regarding eligibility criteria and any other information they would like to provide to support their application;
  • Information concerning any disabilities (with the purpose to prepare any necessary arrangements and possibly, assist the staff/trainee in receiving an additional supplement to his/her grant);
  • Additional information in case a traineeship is offered: proof of health and accident insurance, bank account details (for the purposes of travel costs reimbursement and payment of the traineeship grant, where applicable).

Candidates are free to give their data on a voluntary basis, although failure to provide data in the mandatory fields will not allow the submission of the application form.

Recipients of the data processed:
  • Human Resources Unit (more specifically staff in charge of recruitment);
  • Members of the Selection Board;
  • Appointing Authority (Executive Director);
  • Also, if appropriate, access will be given to the Internal Audit Service, the European Ombudsman, the Civil Service Tribunal and the European Data Protection Supervisor;
  • Should the applicant’s name be placed on a reserve list, access to the reserve list and to the applicant’s data will be provided to the concerned internal services interested in the recruitment of the person.
  • In case the Agency would outsource services to third parties, the identification data of the candidates may be transferred in order to organise the procedure.
Legal basis and Lawfulness of processing:

In accordance with Article 5(a) of Regulation (EC) No 45/2001, the processing is necessary for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Communities.

Decision 206/06.2009; Decision 207/06.2009; Rules governing traineeship period at ERA; Amendment to the ERA rules governing engagement of trainees.

The selection procedures are necessary for the management and functioning of the Agencies.

Protection and security measures:

All personal data are processed only by designated ERA staff and stored on servers which abide by the ERA’s IT security rules and standards.

Retention period:

Personal data regarding engaged applicants will be kept for ten years after the termination of employment or the last pension payment, whichever applicable.

Data of non-engaged applicants but successfully placed in the reserve list for appointment will be kept for seven years after the budgetary discharge.

Data concerning non-engaged applicants will be kept for five years from the date the data subject became aware of the result of the selection procedure.

Data concerning assigned trainees will be kept for two years after the termination of the traineeship. The purpose of archiving those data is to keep records of all beneficiaries of the traineeship scheme of ERA and allow the delivery of traineeship certification.

Data concerning non-successful applicants for traineeships will be deleted at the end of the traineeship period they applied for. This would allow to for a delayed assignment, should one of the successful trainees drop out of the scheme.

After the above-mentioned periods, only data needed to provide overall statistics on the exercise (number of eligible and non-eligible applications, total number of applications, etc.) will be kept for statistical reasons. These statistics are not subject to Regulation (EC) No 45/2001 since they are anonymous and cannot be used to identify one or more persons either directly or indirectly.

The data subject’s rights:

In case you wish to verify which personal data is stored on your behalf by the responsible Controller, have it modified, corrected or deleted, please contact the Data Controller by using the contact information below and by explicitly specifying your request, or our Data Protection Officer.

On the other hand, data demonstrating compliance with the eligibility and selection criteria may not be updated or corrected after the closing date for the respective selection procedure.

Resource:

Practical questions on the recruitment can be sent to the ERA staff working for the Human Resources Unit

In case of conflict on any Personal Data Protection issue you can address yourself to our Data Protection Officer or use the contact form on our website, selecting as type of request: “Data protection” and specifying the reference to the application.

Should the conflict not be resolved by the Data Protection Officer you may lodge a complaint with the European Data Protection Supervisor at any time

The European Union Agency for Railways (ERA) is committed to respecting the privacy of personal data processed by Microsoft Dynamics Customer Relationship Management (SRM) software implemented at ERA. Within the framework of the SRM, all personal data provided by contacts (or subscribers) are dealt with in compliance with Regulation (EC) N°45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.

The following data protection information notice outlines the criteria by which ERA collects, manages and uses the personal data of its contacts or subscribers.

Identity of Controller:

ERA Head of Communications

Purpose of processing:

ERA processes personal data of stakeholders to:

  • Facilitate contacts, consultation, review of work progress, as well as exchange of information and views between the Agency and its related stakeholders;
  • Organise and manage events, meetings or other activities, including but not limited to: contact/participant list, invitations, distribution of documents, information sharing, surveys, feedback on documents, follow-up actions, publication of photographs and videos;
  • Manage Extranet workspaces and access to ERA registers;
  • Inform about ERA’s activities;
  • Measure and analyse the interest of stakeholders in ERA communications for the purpose of improving the quality of our services;
  • Manage online surveys on specific topics relating to our activities.

ERA has identified categories of contacts (i.e. the data subjects) as useful and relevant in achieving its mission to make the railway system work better for society and to contribute to the effective functioning of a Single European Railway Area without frontiers. These categories comprise:

  • Relevant stakeholders: defined as ‘core contacts’ and including members of its working groups as well as those having a collaboration relationship with ERA (e.g. national-level decision-makers in the railway domain (national safety authortities, national investigation bodies, ministries of transport etc.), European commission (DG MOVE), EC committee (RISC), European ‘sister’ Agencies (EASA, EMSA, etc.), rail associations/organisations (GRB, CER, EIM, UIP, UITP, ETF, UIRR, ERFA, etc.)). All of these contracts or groups of contacts are deemed to have an inherent interest in, and influence on, the activities and governance of ERA.
  • Information users: defined as informed members of the general audience who have an interest in the ERA activities.
Type of data processed:

Data collected using the SRM software relate to contact information of corporate relevance.

The following personal data are collected:

  • Contact details: name, surname, user name, job title, organisation/company name, e-mail address(es), phone(s), gender, title, country, address, picture, domain name, equivalent user.

In addition, the contacts are invited to add information about their interest areas (topics), event participation, subscription and contact preferences.

When organising events or meetings (e.g. workshops or conferences), additional data may be collected:

  • Photographs and video images which could be published in the context of the event;
  • Audio recording of interventions during the participation to event.

ERA can make connections with other contacts (e.g. hierarchical relationship) in order to classify them and establish marketing lists.

The collected data are classified in stakeholder categories, companies/organisations, workgroups and marketing lists.

The Agency’s SRM system has an integrated Outlook client which means that the content of emails can be viewed or stored in the SRM system.

Communications made via the SRM also allow scores about frequency of interactions of the contact with the system, e.g. registration to events.

By working through SRM, the Agency and the contact are able to build up a profile and this can be further enhanced through the use of website cookies.

Recipients of the data processed:

Personal data may be accessed by ERA staff and contractors under the direct supervision of ERA staff.

Data records found not to meet applied standards are disabled.

The SRM is used to develop ERA’s mailing lists for dissemination. Other EU Agencies or bodies may request to use the ERA’s mailing list. To do so, they must first submit a request to ERA. The mailing list will be shared with the EU institution or body which made the request provided that the necessity of the transfer of the data is established, i.e. that the data to be transferred are necessary for the legitimate performance of the tasks covered by the competence of the recipient EU institution or body.

From time to time, in order to validate data or in relation to particular campaigns (e.g. user satisfaction surveys carried out on behalf of ERA or focus groups), contact details (name, emails, addresses) may be transferred to third parties provided that an adequate level of protection (within the meaning of Article 9 of the Regulation (EC) 45/2001) is ensured, in particular where the Controller adduces adequate safeguards (e.g. use of appropriate contractual clauses) with respect to the protection of the privacy and fundamental rights and freedoms of the data subjects concerned.

How are my data processed by SRM?
  • Contact details for the groups mentioned are either entered into the SRM system manually by ERA staff or by the data subject him/herself via the web interface
  • All ERA staff has editing rights to manage contacts as in accordance with good SRM practice and guidelines
  • Contact details may be gathered from publicly-available lists such as those relating to Members of the European Parliament, European Commission officials etc. and are also gathered through direct contact with an Agency staff member whether it is email, telephone, business card or face-to-face meeting
  • Where a new contact is entered into the SRM, s/he will receive an email to indicate that the Agency would like to enter his/her data in its contact database. This email informs the data subject of this intention and provides a hyperlink to lead the data subject through to a variety of options including the possibility to decline the invitation or, if the data subject agrees to be included in the SRM, to provide full contact details, state areas of interest and subscription preferences
  • It is only upon explicit agreement of the data subject concerned to be included in the system that the contact would become part of marketing lists for the provision of targeted information or for sending invitations to events
  • The contacts are under constant review to ensure accuracy of data
  • The contacts are requested to update themselves their data on an annual basis
  • The contacts can review their data each time the Agency contacts them using the SRM.
  • When data subjects are contacted through SRM, they are given the opportunity to review their data and subscription preferences through the link(s) to edit data. A link to data protection policy also appears in all correspondence
Legal basis and Lawfulness of processing:

In accordance with Article 5(a) of Regulation (EC) No 45/2001, the data processing, in as far as it concerns ERA’s ‘relevant stakeholders’, is necessary for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Communities.

The SRM forms part of the actions which have to be undertaken by the Agency in the context of Article 39 of Regulation (EU) 2016/796 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Railways and repealing Regulation (EC) No 881/2004, with a view to facilitating and making more effective the Agency’s engagement with its stakeholders.

The processing of personal data of all other contacts (‘information users’) who have and interest in ERA activities d and have voluntarily chosen to be added to the SRM is lawful under Article 5(d) of Regulation (EC) 45/2001 on the basis of the unambiguous consent of the data subjects.

Protection and security measures:

All personal data are processed only by designated ERA staff and stored on servers which abide by the ERA’s IT security rules and standards.

Data might be stored temporarily on the servers of our processor, ClickDimensions. For more information on the processing of your data by ClickDimensions please follow this link: http://help.clickdimensions.com/common-questions-about-clickdimensions-security/.

Retention period:

Personal data regarding stakeholders will be kept until they exercise their rights to have it deleted.

The data subject’s rights:

A data subject can access his/her personal data, rectify any data that is inaccurate or incomplete and request to delete them by sending an email. He or she can also access his/her data directly on the SRM via his/her log-in and password, modify his/her data and subscription preferences.

The participants to events or meetings who prefer their images are neither taken nor published on any support have the possibility to object.

Resource:

Practical questions on the stakeholder relationship management can be sent to the ERA staff working for the Communication Unit

In case of conflict on any Personal Data Protection issue you can address yourself to our Data Protection Officer or use the contact form on our website, selecting as type of request: “Data protection”.

Should the conflict not be resolved by the Data Protection Officer you may lodge a complaint with the European Data Protection Supervisor at any time

The European Union Agency for Railways (ERA) is committed to respecting the privacy of personal data of the participants in Calls for Expression of Interests (CEI). All personal data provided to ERA are dealt with in compliance with Regulation (EC) N°45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.

The following data protection information notice outlines the criteria by which ERA collects, manages and uses the personal data provided within CEI.

Identity of Controller:

ERA Procurement Unit

Purpose of processing:

The processing of personal data of applicants to CEI is needed in order to allow economic operators to propose themselves to be included on a list of potential service providers / experts in advance of public procurement operations / further processing within the subject scope of the respective CEI.

Type of data processed:

The following data are / may be collected in the registration form and further processed for the purposes indicated above:

  • Title, First Name, Family Name, Birth Date, Nationality
  • Contact Details:
    • Full Name;
    • E-Mail Address;
    • Street Nr & Name;
    • Town/ City;
    • Postcode;
    • Country;
    • Phone Number
    • Website URL (if available);
  • Description of main area of business / expertise;
  • Additional information;
  • Curriculum Vitae;
  • Information related to candidates’ legal, economic and financial as well as technical and professional capacity.
Recipients of the data processed:

 

Personal data may be accessed only by ERA staff for the purpose of management of the CEI and any associated tender procedures.

Also, if appropriate, access will be granted to the Internal Audit Service, Internal Legal Department, Court of Auditor, OLAF, the European Ombudsman, the EU Court and the European Data Protection Supervisor.

Legal basis and Lawfulness of processing:

Regulation (EU) 2016/796 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Railways and repealing Regulation (EC) No 881/2004.

In accordance with Article 5 (a) of Regulation (EC) No 45/2001, the processing is necessary for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Communities.

Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union (the “Financial Regulation”).

Commission Delegated Regulation (EU) No 1268/2012 of 29 October 2012 on the rules of application of the Financial Regulation.

Protection and security measures:

All personal data are processed only by designated ERA staff and stored on servers which abide by the ERA’s IT security rules and standards. Personal data of applicants might be accessed by ERA.

Retention period:

Your personal data are kept - in the service in charge of the procedure - until the end of validity of the CEI for which you submitted an expression of interest, and in the archives for a period up to 10 years following the end of the validity of the corresponding CEI.

The data subject’s rights:

In case you wish to verify which personal data is stored on your behalf by the responsible Controller, have it modified, corrected or deleted, please contact the Data Controller by using the contact information below and by explicitly specifying your request, or our Data Protection Officer

Resource:

Practical questions on CEI (establishing a list of vendors or a database of experts) can be sent to the ERA staff working for the Procurement Unit

In case of conflict on any Personal Data Protection issue you can address yourself to our Data Protection Officer or use the contact form on our website, selecting as type of request: “Data protection”.

Should the conflict not be resolved by the Data Protection Officer you may lodge a complaint with the European Data Protection Supervisor at any time