The security of people with respect to the preparing of individual information by ESEC is based on Control (EU) 2018/1725 of the European Parliament and of the Committee of 23 October 2018 on the security of common people with respect to the preparing of individual information by the Union teach, bodies, workplaces and offices and on the free development of such information, and revoking Control (EC) No 45/2001 and Choice No 1247/2002/EC as executed by ESEC in actualizing rules embraced by its Administration Board.


Central enroll of all ESEC records of exercises preparing individual data.


In spite of the fact that you’ll browse through most of the ESEC site without giving any data approximately yourself, in a few cases, personal information is required in arrange to supply the e-services you ask. Pages that require such data treat it agreeing to the approach portrayed within the Direction specified above.
In this respect:

  • For each particular e-service, a controller decides the purposes and implies of the handling of individual information and guarantees similarity of the particular e-service with the protection policy.
  • ESEC’s Information Assurance Officer guarantees that the arrangements of both the Control and the Executing Rules are connected and exhorts controllers on satisfying their commitments (see in specific Chapter IV, Segment VI of the Regulation).
  • For all EU teach and bodies, the European Information Security Administrator (EDPS) acts as an free supervisory specialist (see Chapter VI of the Regulation).
  • ESEC keeps up records of handling exercises in agreement with Article 31 of the Regulation.


An e-service on this site may be a benefit or asset made accessible on the web in arrange to progress the communication between citizens and businesses on the one hand and ESEC on the other hand.

Three sorts of e-services are or may be advertised by the ESEC: 1. Information administrations that give clients with simple and compelling get to to data, in this way expanding straightforwardness and understanding of the exercises of ESEC. 2. Interactive communication administrations that permit way better contacts with ESEC’s target open hence encouraging meetings, and criticism components, in arrange to contribute to the forming of approaches, exercises and administrations of ESEC. 3. Transaction administrations that permit get to to all fundamental shapes of exchanges with ESEC, e.g. acquirement, budgetary operations, enlistment, occasion enrolment, etc.


ESEC’s site gives joins to third party locales. Since we don’t control them, we empower you to survey their protection policies.


As a common rule, ESEC as it were forms individual information for the execution of assignments carried out within the open intrigued on the premise of the Settlement on the Working of the European Union, on the premise of the relevant enactment or within the authentic work out of official specialist vested in ESEC or in a third party to whom the information are disclosed. All handling operations of individual information are appropriately informed to ESEC’s Information Security Officer and, on the off chance that the case emerges, to the European Information Assurance Supervisor.

ESEC ensures that the data collected is prepared and/or gotten to as it were by the individuals of its staff mindful for the comparing handling operations. ESEC does not take any choices based exclusively on robotized handling, counting profiling, without human association, which produces lawful impacts concerning normal people or which additionally influences characteristic persons.

Unless indicated in an unexpected way within the Records Enlist, all characteristic people giving individual data to ESEC by implies of paper or electronic shape are regarded to have unambiguously given their assent for the consequent handling operations in application of article 7 of Regulation. Natural people have the correct to pull back their assent at any time. Such withdrawal of assent will have no bearing on the legality of any past processing.

Information subjects have the proper to get data almost the preparing of their individual information, to get to the individual information and to adjust any wrong or fragmented individual information, as well as to ask the deletion, limitation of preparing or to question to the preparing of their individual information on composed ask to be tended to to the controller (particular contact subtle elements can be found within the pertinent record, as distributed within the Records Enlist). Information subjects may at any time counsel ESEC’s Information Assurance Officer or have plan of action to the European Information Assurance Supervisor.


Advance data on how your information are handled by ESEC, what are your Rights and how you’ll exercise them, may be found within the pertinent record, as distributed within the Records Enlist. In specific, the taking after data will be included:

  • What data is collected and for what reason. ESEC collects individual data only to the degree vital to satisfy a particular reason. The data will not be re-used for an incongruent purpose.
  • How long your information is kept. ESEC as it were keeps the information for the time fundamental to satisfy the reason of collection or advance processing.
  • To whom your data is uncovered. ESEC will as it were uncover data to third parties on the off chance that that’s fundamental for the satisfaction of the purpose(s) recognized over and to the said (categories of) beneficiaries. ESEC will not disclose your individual information for coordinate showcasing purposes.
  • Information around worldwide exchanges of individual information, where relevant.
  • Information almost how you’ll work out your rights, counting on conceivable appropriate limitations, which may apply and a point of contact on the off chance that you’ve got inquiries or complaints.
  • The security measures taken to defend your data against conceivable abuse or unapproved access.


You’re entitled to get to data relating to your individual information prepared by ESEC, confirm its exactness and, on the off chance that essential, rectify it in case the information is wrong or fragmented. In the event that your personal data is now not required for the reason of the handling, in case you pull back your assent or if the processing operation is illegal, you have got the proper to ask the eradication of your personal data. Under certain circumstances, such as in case you challenge the exactness of the handled individual information or in case you’re not sure in the event that your individual information is legally handled, you’ll inquire the Information Controller to limit the individual information handling. You’ll too protest, on compelling genuine grounds, to the preparing of your individual data.

Moreover, you’ve got the proper to information compactness which permits you to create a ask to get the individual information that the Information Controller holds on you and to exchange it from one Information Controller to another, where actually possible. You may work out your rights by contacting the Information Controller (particular contact details can be found within the important record, as distributed within the Records Enlist). Exceptions can be appropriate in understanding with Control (EU) 2018/1725.

In a few cases, your rights could be limited in agreement with Article 25 of Direction (EU) 2018/1725, ESEC’s Inside Rules and other relevant legal arrangements, such as ESEC’s commitment not to reveal secret data compatible to proficient mystery, or to anticipate partiality or hurt to the supervisory or requirement capacities of a third nation specialist acting within the work out of the official specialist vested in it. This may incorporate capacities relating to the checking or appraisal of compliance with appropriate laws, avoidance or examination of suspected encroachment; for critical goals of common open intrigued, or for the supervision of controlled people and entities. In each case some time recently applying a limitation, ESEC will evaluate whether the confinement is suitable. The limitation ought to be essential and given by law, and will proceed as it were for as long as the reason for the limitation proceeds to exist.


ESEC will exchange individual information exterior of the EU/EEA as it were where fundamental and fitting to fulfill its commitments within the setting of worldwide participation in agreement with Article 33 of the ESEC Control, as may be advance corrected, canceled or replaced. The transfers will be tired agreement with Chapter V of the Direction (EU) 2018/1725, i.e. where there’s a Commission’s ampleness choice perceiving a third nation as guaranteeing an satisfactory level of security of individual information, or for vital reasons of open intrigued, as perceived in Union or Part State law.

Within the nonappearance of an ampleness choice embraced by the Commission, where these transfers are made within the regular course of business or hone, your individual information may well be exchanged as it were to third nation specialists that are signatories to the IOSCO-ESEC Authoritative Course of action (AA) for the exchange of individual information between EEA and non-EEA securities controllers received in understanding with Article 48(3) of the Regulation.

In specific, the taking after shields are given to individual information traded beneath the AA:

  • ESEC will as it were exchange individual information that are significant, satisfactory and constrained to what is essential for the purposes for which they are asked by a third-country specialist (TCA);
  • The (TCA) getting individual information from ESEC will have in put fitting specialized and hierarchical measures to secure individual information that are exchanged to it against coincidental or illegal get to, devastation, misfortune, change, or unapproved disclosure;
  • The TCA will hold individual information for now not than is fundamental and fitting for the reason for which the information are processed;
  • No choice will be taken by the TCA concerning a normal individual based exclusively on computerized preparing of individual information, counting profiling, without human involvement;

The TCA will not unveil your individual information for other purposes, such as for promoting or commercial purposes. In the setting of universal exchanges, your Rights may well be exempted or confined in specific to anticipate bias or hurt to the supervisory or authorization functions of a TCA beneath the AA, acting within the work out of the official specialist vested in it, as demonstrated within the past area (“What are your Rights and how can you work out them?”). If you believe that your personal information have not been taken care of reliable with the shields set out within the AA, you’ll hold up a complaint or claim at ESEC, at the TCA or both Specialists: for doing so, you’ll be able contact the Information Controller (particular contact points of interest can be found within the important record, as distributed within the Records Enlist. In such occasion, ESEC and the TCA will utilize best endeavors to settle the debate or claim agreeably in a convenient fashion.

Within the event where the matter isn’t settled, other strategies can be utilized, by which the debate may be settled unless the ask is plainly unwarranted or over the top. Such strategies incorporate cooperation in non-binding intervention or other non-binding debate determination procedures initiated by the normal individual or by the ESEC or the TCA concerned. If the matter isn’t settled through participation by the Specialists, nor through non-binding intercession or other non-binding debate determination procedures, in circumstances where you raise a concern and ESEC is of the see that the TCA has not acted reliable with the shields set out within the AA, ESEC will suspend the exchange of individual information to the TCA until it is of the see that the issue is palatably tended to by the TCA, and will illuminate you thereof.


  • In the absence of an adequacy decision adopted by the Commission, where the transfers of personal data are made in the usual course of business or practice, ESEC will transfer personal data only to third country authorities that are signatories to the IOSCO-ESEC Administrative Arrangement (AA) for the transfer of personal data between EEA and non-EEA securities regulators adopted in accordance with Article 48(3) of the Regulation(EU) 2018/1725;
  • The European Data Protection Supervisor (EDPS) authorised ESEC to use the administrative arrangement as ensuring appropriate safeguards for the transfer of personal data to public bodies in third countries not covered by a European Commission adequacy decision, on the basis of the positive opinion of the European Data Protection Board (EDPB) (opinion 4/2019).


A few pages on ESEC’s websites have a interface to our contact mailboxes, which actuates your email program and welcomes you to send your comments. After you send such a message, your individual information is collected as it were to the degree essential to answer. On the off chance that the administration group of the post box is unable to reply your address, it’ll forward your mail to another benefit. In case you’ve got any questions approximately the preparing of your mail and related individual information, don’t waver to incorporate them in your message.