31.7.2020   

EN

Official Journal of the European Union

C 251/12

Notice for the attention of the data subjects to whom the restrictive measures provided for in Council Decision (CFSP) 2019/797 and Council Regulation (EU) 2019/796 concerning restrictive measures against cyber-attacks threatening the Union or its Member States

(2020/C 251/09)

The attention of data subjects is drawn to the following information in accordance with Article 16 of Regulation (EU) 2018/1725 of the European Parliament and of the Council (1) .

The legal basis for this processing operation are Council Decision (CFSP) 2019/797 (2), as amended by Council Decision (CFSP) 2020/1127 (3), and in Council Regulation (EU) 2019/796 (4), as implemented by Council Implementing Regulation (EU) 2020/1125 (5) concerning restrictive measures against cyber-attacks threatening the Union or its Member States.

The controller of this processing operation is the Department RELEX.1.C in the Directorate-General for Foreign Affairs, Enlargement and Civil Protection – RELEX of the General Secretariat of the Council (GSC), that can be contacted at:

Council of the European Union

General Secretariat

RELEX.1.C

Rue de la Loi/Wetstraat 175

1048 Bruxelles/Brussel

BELGIQUE/BELGIË

Email: sanctions@consilium.europa.eu

The GSC’s Data Protection Officer can be contacted at:

Data Protection Officer

data.protection@consilium.europa.eu

The purpose of the processing operation is the establishment and updating of the list of persons subject to restrictive measures in accordance with Decision (CFSP) 2019/797, as amended by Decision (CFSP) 2020/1127, and in Regulation (EU) 2019/796, as implemented by Implementing Regulation (EU) 2020/1125.

The data subjects are the natural persons who fulfil the listing criteria as laid down in Decision (CFSP) 2019/797 and Regulation (EU) 2019/796.

The personal data collected includes data necessary for the correct identification of the person concerned, the statement of reasons and any other data related thereto.

The personal data collected may be shared as necessary with the European External Action Service and the Commission.

Without prejudice to restrictions pursuant to Article 25 of Regulation (EU) 2018/1725, the exercise of the rights of the data subjects such as the right of access, as well as the rights to rectification or to object will be answered in accordance with Regulation (EU) 2018/1725.

Personal data will be retained for 5 years from the moment the data subject has been removed from the list of persons subject to the restrictive measures or the validity of the measure has expired, or for the duration of court proceedings in the event they had been started.

Without prejudice to any judicial, administrative or non-judicial remedy, data subjects may lodge a complaint with the European Data Protection Supervisor in accordance with Regulation (EU) 2018/1725 (edps@edps.europa.eu).

(1)  OJ L 295, 21.11.2018, p. 39.

(2)  OJ L 129 I, 17.5.2019, p. 13.

(3)  OJ L 246, 30.7.2020, p. 12.

(4)  OJ L 129 I, 17.5.2019, p. 1.

(5)  OJ L 246, 30.7.2020, p. 4.