Specific Privacy Statement

European Alien Species Notification System (EASIN – NOTSYS)

1. Description

The processing of personal data concerns an information database about Member States authorities/organisations. This processing is managed at the Joint Research Centre (JRC) by the IES Institute. As this processing collects and further processes personal data, Regulation (EC) 45/2001, of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, is applicable. The Unit Head of "Customer and Stakeholders Relations" acts as Controller of the processing of personal data covered by generic notification "CONTACTS LISTS & NETWORK PARTNERS DATABASES AT THE JRC” (DPO-1924). The JRC Unit Head of the Water Resources Unit (IES Institute) manages the processing, under the responsibility of the Institute Director who acts as Processor.

2. What personal information do we collect, for what purpose and through which technical means?

Identification Data

Data contained in contact information databases: name/surname, e-mail


Personal data are collected and processed in order to give access to the Invasive Alien Species Regulation 1143/2014 notification system.

Technical information

Personal data are normally collected through classical databases or Excel forms and stored on JRC servers.

3. Who has access to your information and to whom is it disclosed?

Access to the personal data is allowed to authorized officials and other staff of the JRC. No personal data are transmitted to parties, which are outside the recipients and the legal framework mentioned.

4. How do we protect and safeguard your information?

The collected personal data is stored on the servers of JRC, complying with and the Commission Decision C (2006) 3602 of 17/08/2006 “concerning the security of information systems used by the European Commission”. In this Decision, Annex I defines the security requirements of EC Information Systems. Annex II defines the different actors and their responsibilities. Annex III defines the rules applicable by users.

5. How can you verify, modify or delete your information?

The Member States authorities/organisations can send a message to the Controller or to the address mentioned under "Contract Information", by explicitly specifying the subject of the request to have personal data modified or deleted. Special attention is drawn to the consequences of a delete request, in which case any trace to be able to contact you will be lost.

6. How long do we keep your data?

Your personal data is kept as long as follow-up actions linked to the above mentioned purpose are necessary.

7. Contact Information

In case you have questions related to this processing or concerning any information processed in this context, or on your rights, please contact: - the JRC Controller or the JRC Processor using the address mentioned on the web page. - the JRC Data Protection Co-ordinator: jrc-data-protection-coordinator@ec.europa.eu - the Commission’s Data Protection Officer: data-protection-officer@ec.europa.eu

8. Recourse

Complaints, in case of conflict, can be addressed to the European Data Protection Supervisor: edps@edps.europa.eu