Asmens duomenų apsauga
Data Protection Policy
The right to protection of personal data is a fundamental right foreseen in the Charter of Fundamental Rights of the European Union. ECHA is therefore highly committed to ensuring the protection of the personal data of the individuals it works with, regardless of whether they are industry representatives (registrants, applicants for authorisation, etc.); stakeholders; individuals subscribing to a newsletter; members or invited experts of an ECHA body; staff members; or job applicants. The Agency will process any personal data it collects in line with the provisions of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.
Personal data shall only be processed for the performance of tasks carried out in the public interest on the basis of EU law or in the legitimate exercise of official authority vested in the Agency. Alternatively, processing is lawful if it forms part of a legal or contractual obligation or when the individual concerned has given their unambiguous consent.
What are your rights and who to contact?
As a general rule, data subjects have the right to be informed about the processing of their personal data. In addition, you have the right:
- to access your personal information at any time;
- to rectify it when it is inaccurate or incomplete;
- to request the erasure of your personal data, under certain conditions;
- to restrict or object to certain processing of your personal data;
- to data portability and not to be subject to automated individual decision-making.
To exercise the above mentioned rights, you can contact the responsible data controller directly or contact us via the contact form on ECHA’s website. Please use the phrase “Exercising Data Protection rights” in the heading.
For questions or complaints concerning the processing of your personal data, you can turn to the Agency's Data Protection Officer. Alternatively you can also have recourse to the European Data Protection Supervisor.
The ECHA Data Protection Officer
Like all other EU institutions, bodies or agencies, ECHA has appointed a Data Protection Officer (DPO) to ensure the application of the principles of personal data protection in the Agency. Currently, this function is exercised by Mr Bo Balduyck (bo.baldyuck (at) echa.europa.eu).
The DPO provides an independent advisory function. He provides advice and makes recommendations to the Agency and its staff on their rights and obligations. He monitors the Agency`s compliance with the Regulation and serves as contact point for the EDPS and data subjects on privacy matters. In critical situations, the DPO may investigate matters and incidents on request or on his own initiative.
Central Records Register
The central register of records contains all processes where the Agency collects personal data, in compliance with ECHA’s duties to inform data subjects of the processing of their personal data and the duty to keep records of such processing activities (Articles 14-16 and 31 of Regulation (EU) 2018/1725 respectively)
Personal data records in regulatory processses
Personal data records in communication processes
Personal data records in human resources processes
Personal data records in corporate services processes
Personal data records in governance processes