1. Description of the processing operation
This privacy statement provides information regarding the processing of personal data carried out by the European Investment Bank (the Bank) in the course of reviewing complaints related to procurement; procurement complaints are reviewed by EIB’s Procurement Complaints Committee (PCC) and are received and handled by the Procurement Complaints Committee’s secretariat.
The EIB, in the course of those activities, processes personal data. Such personal data could relate to individuals who are sharing their personal data as complainants or as individuals acting on behalf of the entities, which submit a procurement complaint. Those may be any party having or having had an interest in obtaining a particular contract and who has been or risks being harmed by an alleged infringement from the Guide to Procurement (available at https://www.eib.org/publications/guide-to-procurement).
2. Legal basis and the controller
Personal data are processed by the EIB (“EIB” or “Controller”) in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
In accordance with Article 309 of the Treaty on the Functioning of the European Union, the task of the European Investment Bank shall be to contribute, by having recourse to the capital markets and utilising its own resources, to the balanced and steady development of the internal market in the interest of the Union.
All of this processing is necessary so that the EIB can carry out its tasks in the public interest in the course of the activity and workings of the Bank’s PCC. In some cases, processing is also necessary so that the EIB can comply with its legal obligations. Consent is in general not the legal basis justifying our processing of your personal data. If we do propose to rely on your consent, we will make this clear at the time.
3. Why do we process your personal data
The EIB processes your personal data as reasonably necessary so that it can conduct and manage the Bank’s PCC, in a reasonable and proper manner, in accordance with applicable law and regulation. We collect and process personal data in connection with the handling of enquiries and procurement complaints pursuant to the work of the PCC and its secretariat. Specifically, we process your personal data for the following purposes:
- Processing correspondence received via the procurement complaints mailbox and via other entry points;
- checking whether complaints are admissible and should be reviewed by the PCC;
- maintaining a complete and accurate repository (Microsoft Outlook, GED document management system and local hard drives) of all relevant documentation and emails in relation to procurement complaints that have been received by the functional mailbox (be it procurement complaints or not);
- notifying to the PCC’s members and participants (experts, observers, secretariat etc.) a range of personal data as a part of the Committee’s core purposes i.e. hearing the complaints;
- during PCC’s deliberations written or oral; the Committee’s members and participants may also refer to personal data in case this is necessary during a case’s discussion and for the purposes of the Committee’s review, deliberations and decisions;
- in the process of having the PCC’s decisions endorsed by EIB’s governing and controlling bodies.
4. What personal data do we process?
We collect and process personal data, which may e.g. include the name, address, telephone number, fax number, email address of individuals in connection with the handling of enquiries and procurement complaints pursuant to the work of the PCC and its secretariat. We collect and process personal data communicated only in relation to complainants/tenderers or candidates and possibly their staff, their subcontractors and the subcontractors’ staff (natural persons), natural persons mentioned in references such as:
- identification data, e.g. full name,;
- position and function in a company;
- contact details, e.g. e-mail address, business/mobile telephone number, fax number, postal address, company and department, country of residence, internet address;
- possibly financial data, e.g. bank account (IBAN and BIC codes), VAT number;
- information for the evaluation of selection, award or eligibility criteria of procurement procedures, e.g. expertise, technical skills, languages, educational background (possibly including CVs of key personnel), professional experience including details on current and past employment, test results;
- information relating to eligibility, award or selection criteria of procurement procedures, e.g. declarations of honour and covenants, certificates for social security contributions and taxes paid, extracts from judicial records and any other information required to examine any given complaint.
5. Where do we obtain your personal data?
We may obtain your personal data directly from you (or from a legal entity or an organisation that you represent or with which you are associated, or from an intermediary involved in thetransaction, or if you are an individual beneficiary (or a beneficial owner of or other key individual associated with a beneficiary), we may also collect some information about you from international sanctions lists and other publicly available sources.
6. To whom is your data disclosed?
We may disclose personal data about you to:
- Internally, to the EIB relevant services including our legal advisors and/or EIB governing and controlling bodies,
- the legal entity, organisation (if any) with which you are associated,
- and other EU institutions (including the European Commission, and the European Court of Auditors),
- service providers who hold and process your personal data on our behalf, under strict conditions of confidentiality and security
7. How long do we keep your personal data?
We keep your data only for as long as is necessary for the purposes described in this privacy statement. For more specific information as to the period for which we will keep your personal data, please contact us (see the section headed "Contact us", below).
8. What are your rights and how can you exercise them?
Your rights are set out in the Regulation (EU) No 2018/1725.
You have the right to ask us to (i) provide you with a copy of your personal data; (ii) correct your personal data; (iii) erase your personal data; or (iv) restrict our processing of your personal data. You can also object to our processing of your personal data.
You can also lodge a complaint about our processing of your personal data with the European Data Protection Supervisor (edps@edps.europa.eu) at any time if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the EIB.
9. Contact us
If you have any questions about our processing of your personal data, or wish to exercise any of the rights described above, please contact us: procurementcomplaints@eib.org or the EIB's Data Protection Officer, Mr. Pelopidas Donos, by email at p.donos@eib.org or at the following address:
Mr. Pelopidas Donos
European Investment Bank
98-100 Boulevard Konrad Adenauer
L-2950 Luxembourg (Grand Duchy of Luxembourg)