Frontex, as an EU agency, collects and further processes personal data in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, L295, 21.11.2018.
Frontex has appointed a Data Protection Officer – member of the staff who is entrusted with the main task of ensuring, in an independent manner, the internal application of the Data Protection Regulation.
As a general principle, the agency only processes personal data for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Union, the funding Regulation or in the legitimate exercise of official authority vested in the agency or in a third party to whom the data are disclosed.
All processing operations of personal data are duly reported to the Frontex Data Protection Officer and, if the situation requires, to the European Data Protection Supervisor (Register).
Frontex guarantees that the information collected is processed and/or accessed only by the members of its staff responsible of the corresponding processing operations. In a very rare cases and under a strict supervision and limitations, personal data are made available to external parties (contractors). In line with the Article 45(2) of the funding Regulation, Specific Implementing Measures are also in place.
Data subjects (individuals whose data are being processed) have the right to access and rectify their data in a written request to be addressed to the agency. In case consent of the data subject is a legal basis for processing of personal data, this consent may be withdrawn at any time.
Data subjects may at any time consult Frontex Data Protection Officer (firstname.lastname@example.org) or a Data Controller responsible for a particular data processing operation. Data subjects have a recourse to the European Data Protection Supervisor.
Frontex is authorised under very strict conditions foreseen in Article 48 of the funding Regulation to process personal data of certain groups of returnees. Further information can be found here. Additionally, Frontex is entitled by Article 47(1)(a) of the funding Regulation to process personal data related to individuals suspected of involvement in facilitation of illegal migration, human trafficking or other cross-border crimes, like terrorism, but only in the situations strictly foreseen in that provision (privacy statement).