When the SNS JU processes your personal data
The Smart Networks and Services Joint Undertaking (SNS JU), as a body of the European Union, is obliged to comply with the data protection law specifically applicable to them. The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. This right is also guaranteed under Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms.
In this regard, SNS JU processes personal data collected according to the provisions of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data. The new data protection rules applicable to the EU institutions are in line with those in the Data Protection Declaration & Legal Notice, applicable to EU member states. The new rules aim to make the EU institutions more accountable in the way they process personal data.
The SNS JU, as a controller, shall maintain a record of processing activities under its responsibility in a central register. In addition, for reasons of transparency, SNS JU shall make the register publicly accessible (article 31(5) of Regulation (EU) 2018/1725). In addition, the SNS JU shall take appropriate measures to provide transparent information, communication and modalities for the exercise of the rights of the data subject (articles 14 to 16 of Regulation (EU) 2018/1725). You can find a collection of privacy notices for each specific processing operation in our website.
For more information about how your personal data might be used when you visit this website, read our Data Protection Declaration & Legal Notice page.
Data Protection Officer
Based on the law, all EU institutions must appoint a Data Protection Officer (DPO).
SNS JU has appointed a DPO. The task of the DPO is to ensure, in an independent manner, that the Union body complies with the data protection law and protects individuals’ rights and freedoms by protecting effectively their personal data. The SNS JU DPO also collaborates with the DPOs of the other EU institutions in the relevant network.
The SNS JU is located rue de la Loi 51, 1000 Brussels.
If you have any question or enquiry regarding this Data Protection Declaration, you can contact the SNS JU Data Protection Officer at the following email address: firstname.lastname@example.org
Data Protection Principles
Personal data is any information relating to an identified or identifiable person. For a full definition, see Article 3 (1) of Regulation (EC) 1725/2018.
The Data Controller is the person who determines how personal data is processed and grants rights to the data subject. For each processing operation, a data controller is identified and prior notice must be given to the Data Protection Officer.
The Data Processor is a natural or legal person, public authority, agency or any other body, which processes personal data on behalf of the data controller.
The following data protection principles are applicable to all SNS JU processing activities that address personal data:
- lawful and fairness: meaning that personal data should be lawfully and fairly processed in accordance with the Regulation (EC) 1725/2018;
- data minimization: meaning that the collection of personal data must be adequate, relevant and not excessive, following a necessity test;
- purpose limitation: meaning that personal data should be obtained only for specified purposes and not further processed in a manner incompatible with those purposes;
- data accuracy: meaning that personal data should be accurate and up-to-date;
- storage limitation: meaning that personal data should not be kept for longer than necessary to complete the indicated purpose;
- data retention: meaning that a specific time limit should be defined for retaining personal data;
- data transfer: meaning that personal data should not be transferred to countries outside the European Union that don’t offer adequate protection;
- accountability: meaning that measures should be implemented and documented in order to guarantee the respect of data protection rules for all processing activities.
Your rights when we process your personal data
When your personal information is processed by the SNS JU you have the right to know about it. By making a written request to the SNS JU Data Protection Officer (e-mail: email@example.com) data subjects have also the right to:
- access the data processed, collected and used concerning themselves;
- rectify the information in case of inaccuracy and incompleteness;
- block inaccurate data collected;
- under certain conditions, delete the personal data or restrict its use;
- where applicable, object to the processing of your personal data, on grounds relating to your particular situation, at any time, and the right to data portability;
- withdraw their consent if it no longer represents the legal basis of the processing;
- be informed in case personal data is disclosed to any third party.
Without undue delay and in any case within one month of receipt of the request, SNS JU will provide information on action taken on the data subject’s request to exercise her/his rights. In case of complex or voluminous requests, this period may be extended by another two months, in which case SNS JU will inform the data subject.
Your rights on your personal data are stated in Articles 17 to 24 of Regulation (EU) 2018/1725.
How to exercise your data protection rights at the SNS JU
If the SNS JU is processing your personal data and you would like to exercise your data protection rights, please send us a written enquiry. We cannot accept verbal enquiries (telephone or face-to-face) as we may not be able to deal with your request immediately without first analysing it and reliably identifying you.
You can send your request to the SNS JU by post (SNS JU Office, Rue de la Loi 51, 1000 Bruxelles, BELGIUM) in a sealed envelope or by e-mail to firstname.lastname@example.org. Your request should contain a detailed, accurate description of the personal data you want access to.
Recourse to the EDPS
The Supervisory Authority, in terms of processing personal data, is the European Data Protection Supervisor (EDPS). The EDPS is responsible for the monitoring of European Union institutions and bodies and their compliance with data protection rules, ensuring that the rights to privacy and data protection, as fundamental human rights, are respected.
If data subjects consider that SNS JU has infringed their rights, they can lodge a complaint to the European Data Protection Supervisor (EDPS). The EDPS, after assessing the admissibility, will carry out an inquiry and take appropriate measures to solve it. For more information regarding how to complain to the EDPS, please refer to the EDPS website.