Data protection

The protection of personal data is a fundamental right established in the Charter of Fundamental Rights of the European Union.

All personal data collected by CEPOL are processed in line with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the EU institutions, bodies, offices and agencies, and on the free movement of such data.

All processing operations involving personal data are duly notified to the CEPOL Data Protection Officer (DPO) and, where applicable, to the European Data Protection Supervisor (EDPS).

Your rights when CEPOL processes your personal data

You rights concerning your personal data are set out in Articles 17-24 of Regulation (EU) 2018/1725.

When CEPOL processes your personal information, you have the right to:

• Be informed that your data are being processed;
• Access your personal data and request rectification without undue delay if they are inaccurate or incomplete;
• Request erasure (“the right to be forgotten”) or restriction of processing under certain conditions;
• Object to the processing of your data, on grounds relating to your particular situation, at any time;
• Request data portability, where applicable. CEPOL will consider your request, take a decision, and communicate it to you without undue delay and, in any event, within one month of receipt of the request. This period may be extended by up to two additional months where necessary;
• Not be subject to automated decisions, including profiling, as defined by law.

You may also request that CEPOL inform third parties to whom your data have been disclosed about corrections or deletions, where possible.

In all cases, you have the right to contact the EDPS as the competent supervisory authority.

Please note that your rights may be subject to certain restrictions under Article 25 of Regulation (EU) 2018/1725 and Decision No 17/2019 of 5 August 2019 of CEPOL’s Management Board concerning internal rules on restricting certain data subject rights. 

How to exercise your data protection rights

Data protection is a fundamental right safeguarded by both national and EU law. CEPOL is responsible for the personal data we collect and process.

If you wish to exercise your data protection right, please submit a written request. CEPOL cannot normally accept verbal (telephone or in-person) requests, as we need to review them carefully and confirm your identity.

You can send your request:

• By post, in a sealed envelope addressed to CEPOL;
• By email, to the CEPOL Data Protection Officer (DPO).

Your request should include a clear and detailed description of the personal data you wish to access or correct.

Where there are reasonable doubts about your identity, CEPOL may ask for a copy of an identification document. Please ensure that your name and address are visible; you may obscure other personal details such as your photo or personal characteristics.

The use of your identification document is strictly limited to verifying your identity. CEPOL will not keep these details longer than necessary for that purpose.

For further information, please consult our guidance document: Your data protection rights at CEPOL:

Loading data

‌
‌
‌
‌
‌
‌
‌
‌

Register of CEPOL 

Like all EU institutions, CEPOL maintains a register of records of processing activities under its responsibility. These records cover all operations involving personal data, such as collection, storage, and use.

The register is publicly accessible and contains key information explaining the purpose and conditions of each processing activity.

You can consult CEPOL’s register to learn how we process personal data in the course of our activities below:

Loading data

‌
‌
‌
‌
‌
‌
‌
‌