Skip to main content

Central Entry Point - Privacy Statement


This privacy statement explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes personal data, Regulation (EU) 2018/1725, of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, is applicable.

This privacy statement concerns processing the data necessary for the proper functioning of the InvestEU Advisory Hub Central Entry Point for advisory support requests. The InvestEU Advisory Hub Central Entry Point has been created by the European Commission on the basis of Regulation (EU) 2021/523 of the European Parliament and of the Council of 24 March 2021 establishing the InvestEU Programme.

Why do we process your data?

Purpose of the processing operation:

Staff involved in the functioning of the InvestEU Advisory Hub Central Entry Point, supervised by the Data Controller, collects and uses your personal information with the sole purpose to support and contribute to the management of the InvestEU Advisory Hub Central Entry Point, in accordance with Article 25 of Regulation (EU) 2021/523.

Lawfulness of the processing operation:

The data processing is considered lawful because it is necessary for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Communities.

Which data do we collect and process?

The personal data collected and further processed are:

  • First Name;
  • Last Name;
  • Email address;
  • Phone Number.

How long do we keep your data?

We keep the data only for the time necessary to fulfil the purpose of collection or further processing. Personal data related to an advisory support requestor are kept in the service in charge for 2 years following an explicit request for removal.

How do we protect your data?

All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors: the operations of which abide by the European Commission’s security decision of 16 August 2006 [C (2006) 3602] concerning the security of information systems used by the European Commission.

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission. The processors have to put in place appropriate technical and organisational measures to ensure the level of security, required by the Commission.

Who has access to your data and to whom is it disclosed?

Access to your data is provided to authorised staff specified below according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

  1. Staff of operational units of the European Commission involved in the implementation of the InvestEU Advisory Hub Central Entry Point and departments charged with a monitoring or inspection task in application of Union law (e.g. internal control, internal audit).
  2. Staff of the EU Institutions, representatives of Member States and InvestEU Advisory Partners dealing with the implementation of the InvestEU Advisory Hub Central Entry Point in line with Article 25 of Regulation (EU) 2021/523.

What are your rights and how can you exercise them?

According to Regulation (EU) 2018/1725, you are entitled to access your personal data and rectify, block or delete it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the data controller, or in case of conflict the Data Protection Officer and if necessary the European Data Protection Supervisor using the contact information given at point 8 below.

Contact information

If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:

The Data Controller:

The Data Protection Officer (DPO) of the Commission:

The European Data Protection Supervisor (EDPS):

Where to find more detailed information

The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link: DPO Public register

This specific processing has been notified to the DPO with the following reference: Record DPR-EC-11761.