Privacy statement

Updated: 12/20/2019

This statement describes how we handle personal data of consumers/reporters who address us. 

The ECC-Net can give you information and advice when buying goods and services cross-border within the EU (and Norway and Iceland).

The measures that are taken to protect the collected personal data are explained in this Privacy Statement:

I. Aim and actors of ECC-Net

ECC-Net aims to promote consumer confidence by advising citizens on their rights as consumers and providing easy access to redress, in cases where the consumer has purchased something in another country to his/her own (cross-border). ECC's provide consumers with a wide range of services, from providing information on their rights to giving advice and assistance to their cross-border complaints and informing about the available resolution of disputes. They also advise on out-of-court-settlement procedures (ADR) for consumers throughout Europe and provide consumers with easy and informed access to such procedures, when an agreement could not be reached directly with the trader where an applicable ADR is available.

To enable ECC-Net to provide the above mentioned services to the citizens, the ECC-Net Case Handling tool ECC-Net2 is used to collect and handle the necessary data. The IT tool is operated by the European Commission. In this respect, personal data is collected and processed from the consumers/reporters.

The European Consumer Centres collect this information on the basis of Action 9 (in the Annex) of Decision no 20/2004/EC of the European Parliament and of the Council of 8 December 2003 establishing a general framework for financing Community actions in support of consumer policy for the years 2014 to 2020 (OJ L5 of 09/01/2004).

The collection and processing of the above personal data through the ECC-Net Case Handling IT tool follows the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of individuals with regard to the processing of personal data by Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC and more specifically article 5, Paragraph (a and b).

II. Which personal information do we collect, for what purpose and through which technical means?

A. Identification Data which are entered in the ECC-Net Case Handling IT tool ECC-Net2

ECC-Net collects personal data that identifies who you are when you, as consumer/reporter, request information or when you seek assistance in the treatment of a complaint or the settlement of a dispute with a trader in a EU Member State which is not your own country or in Norway or Iceland. The ECC which you contact collects all or part of the following personal data: your name, address, contact details including your telephone, fax, e-mail, gender and language.

Where available, documents in support of the case may also be collected.

B. Technical information

All data is entered by the European Consumer Centres into the ECC-Net Case Handling IT tool ECCNet2 on behalf of the Directorate General of the European Commission for Justice and Consumers. The application is hosted on servers situated in the Informatics Directorate-General of the European Commission.

No personal data is stored in any cookies or log files created on the ECC-Net2.

III. Who has access to your information and to whom is it disclosed?

In order for ECC-Net to provide an efficient service, it is important that specific case related data including personal data are made available to the ECC's. Access to personal data is granted only to the two European Consumer Centres, located in the countries of the consumer and the trader, which assist the consumer to resolve his/her cross-border complaint or dispute. Furthermore, case related data including personal data is available to the Controller in the European Commission s Directorate-General Health and Consumer Protection, and to European Commission staff working under the instructions of the Controller, to enable them to carry out quality control checks of the ECC-Net service provided and for network and database management tasks including block/delete of personal data on justified request by the consumers/reporters. All personal data collected will only be used to the extent necessary to carry out the above mentioned tasks.

In the case of a cross-border complaint or dispute with a trader, the ECC which you as consumer/reporter have contacted enters your information into the ECC-Net Case Handling IT tool ECC-Net2. This information is then transmitted through the IT tool to the ECC in the country of the trader who is the subject of your complaint. The staff members of both ECC's use the information to assist you to resolve your case, if required by directly contacting the trader. If the latter is the case, your information will be transmitted to the trader.

In the case of an information request, the ECC enters your personal data into the ECC-Net Case Handling IT tool ECC-Net2 in order to process your request. In such cases, no information will be transmitted to other bodies.

IV. How do we protect and safeguard your information?

Your information is held in a secure system the operations of which are covered by the European Commission's security decisions and provisions established by its Directorate of Security for this kind of servers and services. The system is protected by nominative User Id / Passwords. 

V. How can you verify, modify or delete your information?

Consumers can verify and modify their personal data. They can also introduce a request to block or delete their personal data from the ECC-Net Case Handling IT tool ECC-Net2. Requests to block or delete personal data will be processed within a 2 month period. Such requests can be made to the European Consumer Centre with which they have been in contact or to the European Commission using the below mentioned functional mailboxes and contact numbers:

European Consumer Centre SWEDEN
Telephone: +46 54 19 41 50

The European Commission
Head of Unit E.3: Consumer Enforcement and Redress
Directorate-General for Justice and Consumers
European Commission

The Data Protection Officer (DPO) of the Commission:

The European Data Protection Supervisor (EDPS):

VI. How long do we keep your data?

All personal data shall be kept in the ECC-Net2 as long as follow-up actions are necessary, and for a maximum of one year after the query has been closed. After this period, all personal data will be erased. Case information may be kept in anonymous form for statistical purposes.

VII. Contact Information

If you have questions or complaints about the use of your personal information, you should, in the first instance, contact the ECC with which you have been in contact. If you have further complaints, you should contact the European Commission. The respective addresses to be used are indicated under point V.

VIII. Recourse

Complaints, in case of conflict on the processing of personal data, can be addressed to the European Data Protection Supervisor.