Data protection notice for the EU Aquaculture Assistance Mechanism – online contact form
Under the European, Maritime, Fisheries and Aquaculture Fund (EMFAF)
European Climate, Infrastructure and Environment Executive Agency (CINEA), B-1049 Brussels, BELGIUM
Introduction
In accordance with Regulation (EU) 2018/1725 of 23 October 2018 on data protection (hereinafter the Regulation), the European Climate, Infrastructure and Environment Executive Agency (hereafter CINEA) and the European Commission Directorate-General for Maritime Affairs and Fisheries (DG MARE) collect your personal data only to the extent necessary to fulfil the precise purpose related to their tasks.
1. The controllers are:
European Climate, Infrastructure and Environment Executive Agency (CINEA)
Chaussée de Wavre 910 – BLS2 5/259
BE-1049 Brussels
CINEA Unit D3 – Sustainable Blue Economy
Person responsible for the processing: Head of Unit D3
Email: CINEA-EMFAF-CONTRACTS@ec.europa.eu
European Commission — Directorate-General for Maritime Affairs and Fisheries (DG MARE)
Rue Joseph II 99
BE-1049 Brussels
MARE Unit A2 - Blue Economy Sectors, Aquaculture and Maritime Spatial Planning
Person responsible for the processing: Head of Unit A2
Email: MARE-A2@ec.europa.eu
2. Purpose of the processing
The purpose of the processing is for the controllers and CINEA’s contractor NTT Data Belgium (1) to answer queries submitted through the contact form of the EU Aquaculture Assistance Mechanism website. The overall objective is to provide support to the Commission, Member States, the aquaculture industry and other stakeholders in the implementation of the Communication “Strategic guidelines for a more sustainable and competitive EU aquaculture for the period 2021-2030”. This processing includes:
- Management of queries submitted through the contact form;
- Management of the FAQ web page;
(1) The privacy policy of NTT Data is available at: https://www.nttdata.com/global/en/info/privacy-statement
3. The data subjects concerned by this notice are:
- Website users, individuals, aquaculture stakeholders filling the online Contact form to submit their inquiry and/or comment.
4. The categories of personal data collected and used for the processing operations are:
- First and last name;
- Email address;
- Country of residence (optional field);
- Any other data you may provide in the context of your inquiry.
The provision of personal data other than the email address and first and last name is not mandatory and will only be processed if you choose voluntarily, on your own decision, to mention them in the contact form or your email(s) sent to MARE-AQUACULTURE@ec.europa.eu with your query.
Personal data will not be used for an automated decision-making including profiling and will not be transferred outside the European Economic Area.
When visiting the EU Aquaculture Assistance Mechanism website you have the option not to accept cookies in which case your browser history is not kept. If you opt to accept cookies, the browser history of your visit will be kept for a maximum of 6 months. This information will then be deleted. The collection, aggregation and anonymising operations are performed in the data centre of the European Commission under adequate security measures.
Cookies are stored by Europa Analytics, the corporate service which measures the effectiveness and efficiency of the European Commission's websites on EUROPA. More information is available in the Record of Processing DPR-EC-00685 (Europa Analytics).
Enabling these cookies is not strictly necessary for the website to work but it will provide you with a better browsing experience. You can delete or block these cookies, but if you do that, some features of the website may not work as intended. The cookie-related information is not used to identify data subjects personally and the pattern data is fully under the Commission’s control. These cookies are not used for any purpose other than those described here.
Should you wish to opt your personal data out of our anonymised, aggregated statistics, you can do so on our cookies page. In particular, you can control and/or delete those cookies as you wish. Please refer to the cookies policy of the Commission.
5. Recipients
All recipients are on a "need to know" basis. The recipients to whom the personal data will or might be disclosed are:
- Authorised staff of CINEA and of the European Commission (DG MARE) involved in the EU Aquaculture Assistance Mechanism initiative;
- CINEA contractor’s authorised staff and their subcontractors’ authorised staff, in charge of performing and managing the online contact form.
In case of reviews, proceedings, personal data may be provided to CINEA’s Internal Controller, DPO, etc.
In addition, data may be disclosed to public authorities in accordance with Union and Member State law such as the European Court of Justice or a national judge as well as the lawyers and the agents of the parties in case of a legal procedure, Investigation and Disciplinary Office of the European Commission (IDOC), the competent Appointing Authority in case of a request or a complaint lodged under Articles 90 of the Staff Regulations, European Anti-Fraud Office (OLAF), the Internal Audit Service of the Commission, the Court of Auditors, the European Ombudsman, the European Data Protection Supervisor and the European Public Prosecutor’s Office.
The contractors will not share your personal data with any third parties without your express consent, except where we may be required to do so by law.
6. Data subjects’ rights
You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular:
- You have the right at any time to access, rectify or erase ('right to be forgotten') your personal data or to request for the restriction of its processing;
- You are also entitled to object to the processing of your personal data which is lawfully carried out pursuant to Article 5(1)(a) of Regulation (EU) 2018/1725 on grounds relating to your particular situation at any time unless CINEA and DG MARE demonstrate compelling and overriding legitimate grounds or in case of legal claims.
You can exercise your rights by contacting the data controllers, or in case of conflict the Data Protection Officer. If necessary, you can also contact the European Data Protection Supervisor. Their contact information is given under Heading 10 below.
7. How do we protect your personal data
All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of the European Commission or of CINEA’s contractor.
All processing operations within the Commission and CINEA are carried out pursuant to Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.
The processors (contractors and their sub-contractors) are bound by a specific contractual clause for any processing operations of your personal data on behalf of the data controllers. The processors have put in place appropriate technical and organisational measures to ensure the required level of security. For more information, please consult their privacy statement: https://benelux.nttdata.com/privacy-and-cookie-policy
In order to protect your personal data, the Commission and CINEA have put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
8. The legal basis of the processing is:
Article 5(1)(a) of Regulation (EU) 2018/1725 as the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in a Union institution or body as provided for by Union law, in particular:
- Regulation (EU) 2021/1139 of the European Parliament and of the Council of 7 July 2021 establishing the European Maritime, Fisheries and Aquaculture Fund and amending Regulation (EU) 2017/1004.
- Article 2(1) and (5)(e) Regulation (EU) No 1380/2013 of the European Parliament and of the Council of 11 December 2013 on the Common Fisheries Policy in connection with Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions “Strategic guidelines for a more sustainable and competitive EU aquaculture for the period 2021 to 2030”.
9. The time limit for keeping the data is the following:
The controllers only keep your personal data for the time necessary to fulfil the purpose of collection or further processing and in accordance with the 2022 Commission Retention List (2). Your data may therefore be kept for a maximum of 2 years (as far as necessary with regard to the mandated Commission retention period for requests for information).
(2) SEC (2022) 400 – ARES(2022)8801492 – 19/12/2022
10. Contact information
The data controllers
If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controllers:
- DG MARE, Unit A2: MARE-AQUACULTURE@ec.europa.eu; MARE-A2@ec.europa.eu
- CINEA, Unit D3: CINEA-EMFAF-CONTRACTS@ec.europa.eu
The Data Protection Officer (DPO)
You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu or CINEA-DPO@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.
The European Data Protection Supervisor (EDPS)
You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the data controller.
11. Where to find more information
The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the European Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.
In addition CINEA has register of records that can be accessed via the following link: https://cinea.ec.europa.eu/about-us/data-protection/public-central-register-data-protection_en
This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC.01063.1 and in CINEA record 2021-003/R1-COMM-02.
More information on processing your personal data with regard to Cookies stored by Europa Analytics is available in the Record of Processing DPR-EC-00685.
Reference: Ref. Ares(2025)5192427 - 30/06/2025