Legal notice

Intellectual property

  1. The EBA owns the copyright in all material on this site. This copyright does not extend to any legislative text which is publicly available or other third party materials.
  2. The EBA's name, abbreviation and logo are exclusive property of the European Banking Authority.
  3. Reproduction of all EBA material on this site is authorised, provided the source is acknowledged, save where otherwise stated. The EBA's logo may not be used without prior permission except when reproducing EBA material containing the logo. Where copyright vests in a third party, permission for reproduction must be obtained from this copyright holder.


  1. The EBA tries to ensure that the information on this site is correct and complete.
  2. The EBA accepts no responsibility or liability whatsoever with regard to the information on this site. The EBA is not liable for any damage arising from use or inability to use this site, or any material contained in it, or from any action or decision taken as a result of using this site or any such material.
  3. This disclaimer is not intended to limit the liability of the EBA in contravention of any requirements laid down in applicable law nor to exclude its liability for matters which may not be excluded under that law.
  4. The information on the site is of a general nature only and is not intended to address the specific circumstances of any particular individual or entity.
  5. This site offers links to other sites. The EBA has no control over the linked sites and is not responsible for the contents of any linked site nor for any problems incurred as a result of using any linked site.
  6. The information on this site can under no circumstances be regarded as professional or legal advice. If you need specific advice, you should consult a suitably qualified professional.
  7. By accessing any part of this site, you will be deemed to have accepted the terms of this legal notice.

Personal data protection

  1. The protection of individuals with regard to the processing of personal data by the EBA is based on Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Union institutions and bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (‘EUDPR') as implemented by the EBA in its implementing rules adopted by its Management Board.
  2. Although you can browse through most of the EBA website without giving any information about yourself, in some cases, personal information is required in order to provide the e-services you request. Pages that require such information treat it according to the policy described in the EUDPR mentioned above.

In this respect:

  • For each specific e-service, a controller determines the purposes and means of the processing of personal data and ensures conformity of the specific e-service with the privacy policy.
  • The EBA ensures that the provisions of both the Regulation and the Implementing Rules are applied and that the data protection officer is involved, properly and in a timely manner, in all issues which relate to the protection of personal data. Based on such involvement, the data protection officer informs and advises the controller of their obligations under the Regulation (see in particular Article 45 of the EUDPR).
  • For all EU institutions and bodies, the European Data Protection Supervisor acts as an independent supervisory authority (see Articles 52 to 62 of the EUDPR).

The EBA website provides links to third party sites. Since we do not control them, we encourage you to review their privacy policies.

What is an e-service?

An e-service on this website is a service or resource made available on the internet in order to improve the communication between citizens and businesses on the one hand and the EBA on the other hand.

Three types of e-services are or may be offered by the EBA:

  • Information services that provide users with easy and effective access to information, thus increasing transparency and understanding of the activities of the EBA.
  • Interactive communication services that allow better contacts with the EBA's target public thus facilitating consultations, and feedback mechanisms, in order to contribute to the shaping of policies, activities and services of the EBA.
  • Transaction services that allow access to all basic forms of transactions with the EBA,

e.g. procurement, financial operations, recruitment, event enrolment, etc.

Basic principles

As a general principle, the EBA only processes personal data for the performance of tasks carried out in the public interest on the basis of the Treaty on the Functioning of the European Union, on the basis of the relevant legislation or in the legitimate exercise of official authority vested in the EBA or in a third party to whom the data are disclosed.

All processing operations of personal data are duly notified to the EBA's Data Protection Officer and, if the case arises, to the European Data Protection Supervisor.

The EBA guarantees that the information collected is processed and/or accessed only by the members of its staff responsible for the corresponding processing operations.

The EBA process personal data lawfully in compliance with Article 5 of the EUDPR. We do not need your consent when we process your personal data when the processing is necessary:

  1. for the performance of a task carried out in the public interest or in the exercise of official authority vested in the EBA;
  2. for the compliance with a legal obligation to which the EBA is subject;
  3. for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  4. in order to protect the vital interests of the data subject or of another natural person.

However, some of our processing activities do need your consent. In such cases the consent may be provided by a natural person by a written statement, including by electronic means, or an oral statement. This may include ticking a box when visiting the EBA's website or registering for the e-services provided by the EBA.

Data subjects have the right to access and rectify their data on written request to be addressed to the Agency.

Data subjects may at any time consult the EBA's Data Protection Officer ( or have recourse to the European Data Protection Supervisor.

Register of Personal Data Processing Operations at the EBA – Article 31(5) of Regulation (EU) 2018/1725

How are data processed by the EBA?

Further information on how your data are processed by the EBA may be found on the relevant section of the EBA website. In particular, the following information will be included:

  • What information is collected, for what purpose and through which technical means the EBA collects personal information exclusively to the extent necessary to fulfil a specific purpose. The information will not be re-used for an incompatible purpose.
  • To whom your information is disclosed. The EBA will only disclose information to third parties if that is necessary for the fulfilment of the purpose(s) identified above and to the mentioned (categories of) recipients. The EBA will not divulge your personal data for direct marketing purposes.
  • How you can access your information, verify its accuracy and, if necessary, correct it. As a data subject you also have the right to object to the processing of your personal data on legitimate compelling grounds except when it is collected in order to comply with a legal obligation, or is necessary for the performance of a contract to which you are a party, or is to be used for a purpose for which you have given your unambiguous consent.
  • How long your data is kept. The EBA only keeps the data for the time necessary to fulfil the purpose of collection or further processing.
  • A point of contact if you have queries or complaints.

How personal data is processed when using Microsoft Teams?

The EBA processes personal data provided in connection with the use of Microsoft Teams for communication and collaboration purposes — namely for the organisation of internal and external meetings as well as conversation chats — in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Union institutions and bodies, offices and agencies and on the free movement of such data.

Privacy notice on processing personal data when using Microsoft teams 

How do we treat e-mails you send us?

Some pages on the EBA's website have a link to our contact mailboxes, which activates your e- mail software and invites you to send your comments. When you send such a message, your personal data is collected only to the extent necessary to reply. If the management team of the mailbox is unable to answer your question, it will forward your e-mail to another service. If you have any questions about the processing of your e-mail and related personal data, do not hesitate to include them in your message.

Video surveillance at the EBA premises

For the safety and security of its building, assets, staff and visitors, the EBA operates a video-surveillance system, which has been put in place in accordance with the Video-Surveillance Guidelines by the European Data Protection Supervisor. The EBA processes the images in accordance with the Regulation (EU) 2018/1725EU Data Protection Regulation (EUDPR) applicable to EU institutions and bodies and the EDPS Guidelines and Recommendations. For matters of public security, the EBA retains the video footage for 30 days. 

Video surveillance policy