Privacy

How we protect your data

EU data protection rules guarantee the protection of your personal data whenever they are collected – for example, when you buy something online, apply for a job, or request a bank loan. These rules apply to both companies and organisations (public and private) in the EU and those based outside the EU who offer goods or services in the EU, such as Facebook or Amazon, whenever these companies request or re-use the personal data of individuals in the EU.

It doesn’t matter what format the data takes – online on a computer system or on paper in a structured file – whenever information directly or indirectly identifying you as an individual is stored or processed, your data protection rights have to be respected.

When is data processing allowed?

EU data protection rules, also known as the EU General Data Protection Regulation (or GDPR), describe different situations where a company or an organisation is allowed to collect or reuse your personal information:

• they have a contract with you – for example, a contract to supply goods or services (i.e. when you buy something online), or an employee contract

• they are complying with a legal obligation – for example, when processing your data is a legal requirement, for example when your employer gives information on your monthly salary to the social security authority, so that you have social security cover

• when data processing is in your vital interests – for example, when this might protect your life

• to complete a public task – mostly relating to the tasks of public administrations such as schools, hospitals, and municipalities

• when there are legitimate interests – for example, if your bank uses your personal data to check whether you’d be eligible for a savings account with a higher interest rate

In all other situations, the company or organisation must ask for your agreement (known as “consent”) before they can collect or reuse your personal data.