The aim of the European Union General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, approved by the EU parliament, is to protect Personal Data of EU citizens from data processing and free circulation.

In compliance with articles 13 and 14 of the Regulation, we inform you of the following:

a) The personal data you provide are intended and will be used in the management and processing of the European Reference Networks Assessment. They will be kept stored for as long as the contractual relationship is maintained or during the years necessary to comply with the legal obligations stipulated. Your data will not be disclosed to third parties, unless it is provided in a legal obligation.

b) The Data Controller is the Directorate-General for Health and Food Safety (DG SANTE), Unit B3 (SANTE-DATA-PROTECTION-COORDINATOR@ec.europa.eu).

c) Data are processed under Article 5(1)(a) of Regulation (EU) 2018/1725: Performance of a task carried out in the public interest or in the exercise of official authority. Legal references include:
Regulation (EU) 2018/1725Directive 2011/24/EU (patients’ rights in cross-border healthcare)Commission Decisions 2014/286/EU and 2014/287/EU

d) You can contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu).

e) You can exercise your rights of access, rectification, deletion, portability of your data, and the limitation or object to the processing by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can lodge a complaint to the European Data Protection Supervisor if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller (edps@edps.europa.eu).