1. Data Protection legal framework applicable to the Single Resolution Board (SRB)
All personal data are processed in line with EU Data Protection Law.
2. The SRB as controller of processing personal data
The SRB is the controller for processing the personal data. The SRB Legal Service is responsible for the processing.
3. Purposes for processing personal data
The SRB processes personal data for setting up SRB’s litigation database as integral part of the Unified Litigation Management Application (ULM). The ULM provides a tool to the SRB Legal Service to manage the cases in which the SRB is party/intervener before the General Tribunal and the Court of Justice of the European Union as well as the SRB Appeal Panel. The collected data enables the SRB Legal Service to fulfil its mission to represent the SRB in litigation cases and to ensure their procedural follow-up, as well as their administrative processing.
The different reports offered by the tool:
- provide to the agents an instrument to, which helps them with the management of their cases and in particular to meet procedural deadlines,
- provide to the line managers of the Legal Service an instrument to follow the evolution of the different cases and the allocation of these cases among the staff members of the Legal Service, facilitating the management of the service and its staff.
The SRB obtains the personal data from the documents of the Court of Justice of the European Union (CJEU) proceedings and the SRB Appeal Panel proceedings, which, in turn, were provided by the data subjects to the CJEU and SRB Appeal Panel.
4. Legal basis for processing personal data
The legal basis for processing personal data is the following:
- processing is necessary for the performance of a task carried out in the public interest (Article 5(1)(a) Regulation (EU) 2018/1725) in conjunction with SRMR.
- processing is necessary for compliance with a legal obligation to which the SRB is subject (Article 5(1)(b) Regulation (EU) 2018/1725). Pursuant to Article 86 SRMR, SRB’s decisions as well as SRB’s failures to act are reviewable acts before the Court of Justice of the European Union. Pursuant to Article 85 SRMR, certain SRB decisions may be appealed before the SRB’s Appeal Panel. Hence, the SRB has the duty to defend itself in such proceedings.
5. Recipients of the personal data
When the SRB processes personal data for the above-mentioned purposes, the following persons may access your personal data on a strict need-to-know basis:
- Staff members of SRB’s Legal Service
- Staff members of DG DIGIT in its function as service provider to maintain the correct functioning of the application
6. Time limits for storing personal data
In accordance with the Rules of Procedure of the Court, the personal data processed by this system are included in the judgments, which are public. The SRB Legal Service processes this data in the context of legal proceedings in which the SRB is a party or intervener, as long as the cases are pending or have a link with any pending case. The Legal Service also stores personal data (surname and first name) for archival, historical and statistical purposes. This processing is subject to appropriate safeguards for the rights and freedoms of the data subjects.
7. Data protection rights
You have the right to access your personal data and correct any data that is inaccurate or incomplete. You have also (with some limitations) the rights to delete your personal data, to restrict or to object to the processing of your personal data in line with the Regulation (EU) 2018/1725.
8. Contact Information in case of queries and requests
You can exercise your rights by contacting the SRB’s Legal Service at SRB-LEGAL [a] srb.europa.eu. The SRB’s Data Protection Officer at dpo [a] ecb.europa.eu (@srb.europa.eu) answers all queries relating to personal data protection.
9. Addressing the European Data Protection Supervisor
If you consider that your rights under Regulation (EU) 2018/1725 have been violated as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.
 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, OJ L 295, 21.11.2018, p. 39–98 (EUDPR).