Privacy Notices

eu-LISA is committed to user privacy

We understand that you are aware of and care about your personal privacy interests, and we take that seriously. The processing of an individual's personal data carried out by the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) is performed in compliance with Regulation (EU) 2018/1725 on the protection of personal data by the European Union's institutions and bodies.

This Notice describes eu-LISA's policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and we will update this Notice as we undertake new personal data practices or adopt new privacy policies.

You can browse the eu-LISA website without having to give any information about yourself. However, in some cases, personal information is required in order to provide the e-services you request.

Pages that require such information are setup according to the policy described in Regulation (EU) 2018/1725,  and provide information about the use of your data in their specific privacy notices:

  • For each specific e-service, a controller determines the purposes and means of processing personal data and ensures conformity of the specific e-service with the privacy policy;

  • Within eu-LISA the Data Protection Officer ensures that the provisions of the Regulation are applied and advises controllers on fulfilling their obligations (see Article 45 of  Regulation (EU) 2018/1725);

  • For all the European Institutions, the European Data Protection Supervisor (EDPS) will act as an independent supervisory authority (see Articles 52 to 58 of  Regulation (EU) 2018/1725);

You can find a collection of privacy notices for each specific processing operation listed below.

eu-LISA's website provides links to third-party sites. Since eu-LISA does not control these sites, it encourages you to review these site's own privacy policies.

What is an e-service?

An e-service, on this website, is a service or resource made available on the internet in order to improve communication between eu-LISA and both citizens and businesses.

Three types of e-services are or may be offered by eu-LISA:

  • information services that provide users with easy and effective access to information, thus increasing transparency and understanding of the Agency's activities;

  • interactive communication services that allow better contacts with citizens, business, civil society and public actors, thus facilitating consultations and feedback mechanisms, in order to contribute to the shaping of eu-LISA's policies, activities and services;

  • Transaction services that allow access to all basic forms of transactions with eu-LISA such as procurement, financial operations, recruitment, event registration, etc.

In order to make this website work optimally, eu-LISA uses cookies to help analyse the use of its website. You can read our cookies' policy here.

Information contained in a specific privacy statement

A specific privacy policy statement will contain the following information about the use of your data:

  • Who will control what information is collected, for what purpose, on which legal basis and through which technical means. eu-LISA collects personal information to the extent necessary to achieve a specific purpose exclusively. The information will not be re-used for an incompatible purpose;

  • To whom is your information disclosed? eu-LISA will only disclose information to third parties if that is necessary for the fulfilment of the purpose(s) identified above and to the mentioned (categories of) recipients specified within the privacy notice. eu-LISA will not divulge or use your personal data for direct marketing purposes;

  • How you can access your information, verify its accuracy and, if necessary, correct it? As a data subject you also have the right to object to the processing or erasure of your personal data on legitimate compelling grounds, except when they are collected in order to comply with a legal obligation, or are necessary for the performance of a contract to which you are a party, or are to be used for a purpose for which you have given your unambiguous consent;

  • How long is your data kept? eu-LISA only keeps the data for the period necessary to fulfil the purpose for which it was collected or for further processing, this is stated in the privacy notices;  

  • Whom to contact if you have queries or complaints.

Who should you contact for more information on data protection at eu-LISA

eu-LISA's website is managed by the Agency's communication team for which the controller is the Head of General Coordination Unit. They can be contacted at the following e-mail address:

eu-LISA has an appointed Data Protection Officer for you to contact if you have any questions or concerns about eu-LISA's personal data policies and procedures.

The eu-LISA DPO contact information is the following:

Vesilennuki 5
10415 Tallinn, Estonia

Further information can be found on the Data Protection Officer page.

The European Data Protection Supervisor (EDPS) is an independent supervisory authority responsible for monitoring and ensuring the application of data protection rules by European Community institutions and bodies, including eu-LISA to whom you may also contact ( ). The EDPS is empowered to hear and investigate complaints and to conduct inquiries, including on his or her own initiative. If a breach of data protection rules is found to have occurred, the EDPS may exercise the powers assigned to him under Article 58 of  Regulation (EU) 2018/1725.