Privacy Policy
The Clean Aviation JU (CAJU) is committed to user privacy. It only clearly described in each specific privacy statement, and does not further process any personal data in a manner incompatible with those purposes.
All personal information is processed in line with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (the “Regulation”).
What is personal data and processing?
Personal data is any information relating to an identified or identifiable natural person (Article 3(1) of the Regulation). The data subject is the person whose personal data is processed. Processing of personal data means any operation or set of operations that is performed upon personal data, whether or not by automated means, such as collection, recording, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, deletion or destruction.
Below, you can find examples of cases in which the CAJU processes personal data and the related privacy statements:
- Procurement Procedure
- Εxperts
- Online Registration
- Grants
- Recruitment of staff
- Subscription to Communication
- SYSPER - Central administrative purposes
- Microsoft 365 Staff
- Microsoft 365 Guests
- PLANES tool
A system of records of the processing operations is maintained by the Clean Aviation JU.
e-services
An e-service on this website is a service or resource made available on the internet in order to provide you with easy and effective access to information, to manage organisation of events and management of specific initiatives and contracts. The CAJU currently has either on a permanent or on a temporary basis the following e-services:
- general information services
- information services that provide for the possibility to organise and manage your enrolment to events
- transaction services that allow access to all basic forms of transactions with the CAJU, such as procurement, financial operations, grants, recruitment, acquisition of documents
Who is responsible for the processing?
The CAJU is the data controller. The data controller is responsible for ensuring that technical and organisational measures are undertaken so as to protect the personal data with an appropriate level of security. Only dedicated CAJU staff and contractors will have access to your personal data. The data controller remains legally responsible if any of its staff breaches the data protection rules.
Please be aware that due to operational reasons, your personal data may be made available to contractors in charge of handling the IT systems of the CAJU and in charge of running the project management tool of the CAJU. The CAJU endeavours to ensure such contractors respect the confidentiality of data and implement data protection safeguards to guarantee the security of personal or other data.
Your rights as data subject
Everyone has the right of information (Articles 15 and 16 of the Regulation) – i.e. the right to know that their personal data is being processed and for which specific and limited purpose(s). In the context of the CAJU’s processing operations, this right is often fulfilled by the provision of a specific privacy statement (notice) to the data subject. The right of information is subject to certain exceptions, such as in cases where the data subject has already the above-mentioned information, where the provision of the information would involve a disproportionate effort, or where it is necessary to safeguard one of the legitimate interests mentioned in Article 25 of the Regulation.
In addition, the Regulation (Articles 17-24) grants a range of specific data subject rights, which can be exercised under particular conditions. These rights consist of:
- the right of access (Article 17),
- the right to rectification (Article 18),
- the right to erasure or “right to be forgotten” (Article 19),
- the right to restriction of processing (Article 20),
- the right to data portability (Article 22),
- the right to object (Article 23), and
- the right not to be subject to a decision based solely on automated processing (Article 24).
In accordance with Article 25 of the Regulation, the CAJU may restrict certain data subject rights. For more information please see CAJU internal rules concerning restrictions of certain rights of data subjects in relation to processing of personal data. These internal rules have also published in the Official Journal of the EU.
Whom to contact for more information about data protection?
The DPO of the CAJU can be contacted at Data-Protection@clean-aviation.eu
The CAJU DPO:
- Provides advice and makes recommendations on rights and obligations of data controllers and data subjects.
- Cooperates with the EDPS (responding to his requests about investigations, complaint handling, inspections conducted by the EDPS, etc.)
- Draws the CAJU’s attention to any failure to comply with the applicable data, and in certain situations, he/she may investigate matters and incidents either upon the request of a data subject or on his/her own initiative.
If you are dissatisfied with the processing of your data by the CAJU, you may notify the data controller stating the reason for your compliant. You may also contact the DPO for information on any issues related to the processing of your data.
If you consider that the processing of your personal data does not comply with the rules laid down in the Regulation, you may exercise your right to lodge a complaint with the European Data Protection Supervisor (EDPS).
The EDPS is an independent supervisory authority responsible for monitoring and ensuring the application of data protection rules by the European Union institutions and bodies, including the CAJU. The EDPS is empowered to hear and investigate complaints and to conduct inquiries, including on his or her own initiative. If a breach of data protection rules is found to have occurred, the EDPS may exercise the powers assigned to him under Article 58 of the Regulation.