Personal data protection notice

In accordance with the requirements of article 11 and 12 of Regulation (EC) 45/2001, EASA hereby publishes a personal data protection notice. A similar data protection notice will be published on the IORS website to inform the users.

Description of the personal data processing

Personal data related to the reporting entity or person will be stored as part of the occurrence data:

• name of the reporting person, if provided, will be stored in the IORS occurrence record
• other personal data (address phone number, email), if provided, will be stored in the occurrence data, only as part of the email message or fax or letter constituting the original occurrence report

Which personal data are processed

If provided:

• name
• address
• phone number
• email address

Legal basis of the processing

Regulation (EC) 216/2008

Purpose of the processing

The Agency’s primary objective in processing occurrence reports is to establish and maintain a high level of civil aviation safety in Europe by securing free and uninhibited reporting.

• To check the validity of the occurrence report
• To ensure follow up of the occurrence reporting by contacting back the reporting entity or person, in order to obtain clarifications or further information

Who has access to the information

• EASA staff that is "IORS user"
• NAA staff that is "IORS user"
• in case the personal data is included in a fax or letter, additionally these documents will be saved in EASA’s internal mail system "ADONIS"

To whom the information is disclosed

How the data protection is safeguarded

Access to occurrence data is safeguarded by restricted and authentificated access to the IORS IT environment

How long the data is kept

There is no time limit

How can the data subject verify, modify, or delete the information

The data subject can contact at any time the IORS department within EASA (iors .at. easa .point. europa .point. eu) and request access to personal data, verification, modification or partial deletion of personal data, access to personal data, verification, modification or partial deletion of personal data. Personal data can be deleted to the extent that it remains possible for EASA to contact the reporting entity.

Contact information to EASA data controller

Should you have any queries concerning the processing of your personal data,
please address them to the following processor address: iors .at. easa .point. europa .point. eu

On questions relating to the protection of personal data, you can contact: EASA's Data Protection Officer: dpo .at. easa .point. europa .point. eu

Right of recourse to the EDPS

In the event of a dispute, you can send a complaint to: European Data Protection Supervisor: edps .at. edps .point. eu .point. int