Privacy statement for public procurement procedures
Privacy statement for processing of personal data within the implementation of the public procurement procedures organised by the BEREC Office
The following personal data are obtained from tenderers/candidates and contractors:
The processing of personal data is necessary to run procurement procedures and manage corresponding contracts in the context of the performance of a public interest task, namely the management and functioning of the BEREC Office and BEREC.
Therefore, the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the BEREC Office (Article 5(a) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC).
The legal bases confirming the lawfulness of the respective data processing operations can be found in the following legal acts:
Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (‘Financial Regulation’) and in particular Article 38, 167, 198, 200.
The processing of data relating to offences and criminal convictions in the form of an extract from the judicial record or declaration of honour is justified in view of Article 11 of Regulation 2018/1725 since it is explicitly foreseen in the Financial Regulation
For the purpose detailed above, access to your personal data is granted to:
In compliance with Article 57 of the Financial Regulation, candidates and tenderers are informed that, for the purposes of safeguarding the financial interests of the Union, their personal data may also be communicated to internal audit services, to the Court of Auditors or to the European Anti-Fraud Office (OLAF) and to other EU institutions and bodies.
Your personal data are kept seven years as of the year following the last payment under the awarded contract. This retention period applies to both successful and unsuccessful tenderers/candidates as well as contractors.
Where personal data are published in compliance with Article 38 of the Financial Regulation, the information shall be removed two years after the end of the financial year in which the funds were legally committed. This shall also apply to personal data referring to legal persons whose official name identifies one or more natural persons.
You have the right to request from the controller access to and rectification or erasure of your personal data or restriction of processing.
You also have the right to object to processing of personal data.
The controller shall provide information on action taken on a request within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
The BEREC Office shall exercise the tasks of the data controller for the purpose of these processing operations.
To exercise the mentioned rights, you can contact the controller as follows: firstname.lastname@example.org.
If you feel your data protection rights have been breached, you can always lodge a complaint with the BEREC Office’s Data Protection Officer (email@example.com) or with the European Data Protection Supervisor: firstname.lastname@example.org.