Terms of Service

Context and Controller

As the Commission service collects and further processes personal data, it is subject to Regulation (EU) 2018/1725 of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the freemovement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
Processing operations are under the responsibility of the Controller, indicated in the Call for Expression of Interests or the Invitation to Tender or Grant Application Form, regarding the collection and processing of personal data.

What personal information do we collect, for what purpose, underwhich legal bases and through which technical means?

Types of personal data

Personal data collected and further processed concern the expert, grant applicant, tenderer and its staff or subcontractors (natural persons). Information can relate to the following data:

  • Identification data: Name, surname, passport number, ID number;
  • Function;
  • Contact details (e-mail address, business telephone number, mobile telephone number, fax number, postal address, company and department,country of residence, internet address);
  • Certificates for social security contributions and taxes paid, extract from judicial records;
  • Financial data: bank account reference (IBAN and BIC codes), VAT number;
  • Information for the evaluation of selection criteria or eligibility criteria: expertise, technical skills and languages, educational background, professional experience including details on current and past employment;
  • Declaration on honour that they are not in one of the exclusion situation referred to in articles 136 and 141 of the Financial Regulation.


Upon reception of your expression of interest, grant application, tender or request to participate by the Directorate General, your personal data is collected and further processed for the purpose of the management and administration of experts or procurement or grant procedures by Commission services.

Legal bases

The legal basis for the processing operations on personal data is Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (OJ L 193 of 30.7.2018, p.1 https://eur-lex.europa.eu/legalcontent/EN/TXT/uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG) , (hereafter “the Financial Regulation”) in particular Articles 160-179 for the procurement procedures, Articles 180-200 for the grant application and Articles 237-238 for selection of experts.

Technical means

Your personal data is provided by submission of your grant application, expression of interest or tender.The information is collected in files stored in an isolated secure system. The information is processed by Commission personnel and transferred to Commission systems (as described in point 4.), under the responsibility of the Controller mentioned in the Call for Expression of Interests, Grant Application Form or Invitation to Tender.

  1. Who has access to your personal data and to whom is itdisclosed?
    For the purpose detailed above, access to your personal data is given to the following persons, without prejudice to a possible transmission to the bodies in charge of a monitoring or inspection task in accordance with European Union law:
    • Commission staff members [members of the institutions, agencies and bodies participating in the procurement procedure in case of inter-institutional procurement] as well as external experts and contractors who work on behalf of the Commission for the purposes of management of the expert selection procedure, the procurement procedure and tender evaluation, the grant procedure and grant evaluation, and the bodies charged with a monitoring, audit or inspection task in application of European Union law (e.g. internal audits, Financial Irregularities Panel referred to in Article 93 ofthe Financial Regulation, Exclusion Panel referred to in Article 143 of the Financial Regulation, European Anti-fraud Office – OLAF);
    • Members of the public; In case you are awarded a contract by the Commission, your personal data will be made public, in accordance with the Commission’s obligation to publish information on the outcome of the procurement procedure and on the beneficiaries of funds deriving from the Union’s budget (Article 163, 189(2) and Article38(2) of the Financial Regulation, respectively). The information will concern in particular your name and address, the amount awarded and the name of the project or programme for which you are awarded a contract. It will be published in supplement S of the Official Journal ofthe European Union and/or on the website of the Commission.Additionally, selected experts may be listed in the Register of Expert Groups of the Commission on https://ec.europa.eu/transparency/regexpert/.For more information on the Register of Expert Groups see notification 2194 to the Data Protection Officer in the registry available on https://ec.europa.eu/dataprotectionofficer
  2. How do we protect and safeguard your information?
    The collected personal data and all related information are stored:
    • for the duration of the multi-annual programme for which you submitted an expression of interest, or
    • after closure of the procurement procedure, or
    • after closure of the grant procedureon the premises of the Commission and on servers of a computer centre of either DG DIGIT or the Directorate General issuing the call forexpression of interest, call for proposals orprocurement procedure. The Commission premises and operations of all computer centres abide by the Commission’s security decisions andprovisions established by the Security Directorate of Directorate General Human Resources and Security.
  3. How can you verify, modify or delete your information?
    In case you wish to verify which personal data is stored on your behalf by the responsible Controller, have it modified, corrected, or deleted, or restrict the processing, or object to it or to exercise the right to dataportability, please make use of the contact information mentioned in the Call for expression of interest or grant application or invitation to tender, by explicitly describing your request. Any correction of your personal data will be taken into considerationfrom the data protection point of view. Special attention is drawn to the consequences of a request for deletion, as this may lead to an alteration of the terms of the tender and lead to rejection as stated in Article 112 of the Financial Regulation.
  4. How long do we keep your personal data?
    Your personal data are kept:
    • For selection of experts, until the end of the multi-annual programmefor which you submitted an expression of interest in the service in charge of the procedure, and in the archives for a period of 5 years following the end of the programme.
    • Files relating to tender procedures, including personal data, are to beretained in the service in charge of the procedure until it is finalised, and in the archives for a period of 10 years following the signature of the contract. However, tenders from unsuccessful tenderers have to be kept only for 5 years following the signature of the contract.
    • Files relating to grant procedures, including personal data, are to be retained in the service in charge of the procedure until it is finalised, and in the archives for a period of 10 years following the signature of the grant agreements or decisions. However, applications from unsuccessful applicants have to be kept only for 3 years following the finalization of the call.
    • Until the end of a possible audit if one started before the end of the above period.
    • After the period mentioned above has elapsed, the tender and grant files containing personal data are sampled to be sent to the historical archives of the Commission for further conservation. The non-sampledfiles are destroyed.
  5. Contact information
    You have the right to access, rectify or erase or restrict the processing of your personal data or, where applicable, the right to object to processing or the right to data portability in line with Regulation (EU) 2018/1725.Any such request should be directed to the Controller, by using the contact information mentioned in the Call for expression of interest, Grant Application Form or the Call for tenders, and by explicitly specifying your request.You may also contact the Data Protection Officer of the Commission (DATA-PROTECTIONOFFICER@ec.europa.eu).Any information relating to processing of your personal data is detailedin the register of the Data Protection Officer of the Commission: https://ec.europa.eu/dataprotectionofficer/register/index.cfm?TargetURL=D_REGISTER
  6. Recourse
    You have the right to lodge a complaint to the European Data Protection Supervisor (https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data.