Litigation before the Court of Justice of the EU – privacy statement
This privacy statement provides information regarding the processing of personal data (information related to an identified or identifiable natural person) carried out in the context of the litigation before the Court of Justice of the EU. It explains why we collect information about you, how that information may be used and how we keep it safe and confidential.
1. Purpose of the processing operation
The purpose of the processing of personal data is to represent the Bank (both in the preparation of procedural documents pertaining to the written procedure and for hearings) in litigation before the Court of Justice of the European Union. Processing of personal data may also be used in the course of negotiations for amicable settlement of a dispute.
2. Legal basis and the controller
Personal data are processed by the Controller (JU/CORP/CL) in accordance with Regulation (EC) 2018/1725 of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies and agencies and on the free movement of such data.
The processing operation is undertaken with the purpose of adequately defending the Bank’s position with respect to litigation lodged against the Bank before the General Court or the Court of Justice (i.e. actions filed under Articles 263, or 270, and/or 268 & 340 TFEU). Therefore, the processing operation complies with Article 5(1)(a) of Regulation 2018/1725. It is processed lawfully because it is necessary for the performance of a task carried out in the exercise of an official authority of the Bank, as well as being necessary for compliance with a legal obligation (i.e. to defend a case when summoned by the Court or the General Court, in line with the Protocol N° 3 on the Statute of the Court of Justice and the relevant Rules of Procedure).
3. What personal data do we process?
The following categories of data are processed:
Data subject personal details (name, nationality, gender, or other relevant information)
Details relating to Data subject’s relationship with the Bank (Staff number ID, job function and position, contract details including remuneration and other benefits, matters relating to performance, matters relating to conduct, or other relevant information)
Details relation to data subject’s medical information (medical records, records of doctor appointments, medical procedures, medical arbitration, or other relevant information)
Details relating to matters related to the data subject (administrative or other investigations that affect the data subject, details of special procedures to which the data subject was subject to, such as the Dignity at Work or Disciplinary procedure, or other relevant information)
Details relating to actions and/or oral or written statements made (that are used in the case as evidence)
Any other information about data subjects that may be relevant to the case
4. Who has access to your personal data and to whom is it disclosed?
The EIB General Counsel and the Director of the JU/CORP Department of the legal service
External counsel, contractually engaged to assist the Bank’s agents on the litigation file
Court of Justice of the European Union
The opposing party/parties to the case (who is/are most likely one of the data subject(s))
5. How do we protect and safeguard your information?
All information and documents (both electronic and physical files) collected and exchanged in the course of a litigation file is treated as strictly confidential and securely stored. Access is limited to a minimum number of persons (i.e. the agents of the case, members of JU/CORP/CL, and the persons/entities described in point 4 above).
6. How long do we keep your personal data?
Given the adversarial nature of litigation and the possible connection with other litigation matters, the litigation file is kept for 15 years from the date of judgment rendered by the General Court, or in case of appeal, the date of judgment of the Court.
7. What are your rights and how can you exercise them
You can exercise your rights in line with the applicable provisions of Regulation (EU) 2018/1725 by addressing the controller.
If you have any questions or concerns in relation to the manner in which we process your personal data, or wish to exercise any of your rights, you can contact us at: firstname.lastname@example.org.
8. Right of appeal
You have the right to address the European Data Protection Supervisor (email@example.com) at any time if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data in the context of the Administrative Review.
Before initiating this procedure, data subjects may contact the Controller, responsible for the processing or the EIB Data Protection Officer (DataProtectionOfficer@eib.org).
9. Changes to this Privacy Statement
This Data Privacy Statement is kept under regular review and is therefore subject to change