Data protection - Calls for Expression of Interest (CEI)

The European Aviation Safety Agency (EASA) is committed to protect the personal data of the participants in Calls for Expression (CEI). All personal data provided to EASA are dealt with in compliance with Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. The following data protection information notice outlines the criteria by which the EASA collects, manages and uses the personal data provided within the CEI.

Identity of controller


Purpose of processing

The processing of personal data of applicants to CEI is needed in order to allow economic operators to propose themselves to be included on a list of potential service providers / experts in advance of public procurement operations / further processing within the subject scope of the respective CEI.

Type of data processed

The following data are / may be collected in the registration form and further processed for the purposes indicated above:

a) Title, First Name, Family Name, Birth Date, Nationality
b) Contact Details:

  1. Full Name;’
  2. E-Mail Address;
  3. Street Nr & Name;
  4. Town/ City;
  5. Postcode;
  6. Country;
  7. Phone Number
  8. Website URL (if available):

c) Description of main area of business / expertise;
d) Additional information;
e) Curriculum Vitae
f) Information related to candidates’ legal, economic and financial as well as technical and professional capacity

Recipients of the data processed

  • Personal data may be accessed only by EASA staff members for the purpose of management of the CEI and any associated tender procedures.
  • Also, if appropriate, access will be granted to the Internal Audit Service, Internal Legal Department, Court of Auditor, OLAF, the European Ombudsman, the EU Court and the European Data Protection Supervisor.

Legal basis and lawfulness of processing

Regulation (EC) 216/2008 of the European Parliament and of the Council on common rules in the field of civil aviation and establishing a European Aviation Safety Agency, and repealing Council Directive 91/670/EEC, Regulation (EC) No 1592/2002 and Directive 2004/36/EC.

In accordance with Article 5 (a) of Regulation (EC) Nº 45/2001, the processing is necessary for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Communities.

Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union (the “Financial Regulation”).

Commission Delegated Regulation (EU) No 1268/2012 of 29 October 2012 on the rules of application of the Financial Regulation.

Protection and security measures

All personal data collected are internally processed only by designated EASA administrators or agents and stored on servers which abide by the EASA’s security rules and standards. Personal data of applicants might be accessed by the EASA.

Retention period

Your personal data are kept - in the service in charge of the procedure - until the end of validity of the CEI for which you submitted an expression of interest, and in the archives for a period up to 10 years following the end of the validity of the corresponding CEI.

The data subject’s rights

The data subject rights can be exercised in accordance with the EASA implementing rules on data protection.

If you wish to access, correct or delete, block or erase your personal data, please contact the data controller at: tenders [at] easa [dot] europa [dot] eu (for standard CEI), vendors [at] easa [dot] europa [dot] eu (for CEI establishing a list of vendors), experts [at] easa [dot] europa [dot] eu (for CEI establishing a database of experts) or the EASA Data Protection Officer at dpo [at] easa [dot] europa [dot] eu

Any conflict on Personal Data Protection issues can be referred to the Controller at the above mentioned address. You can also contact EASA Data Protection Officer at the following email address: dpo [at] easa [dot] europa [dot] eu
Should the conflict not be resolved by the Controller or the Data Protection Officer you may lodge a complaint with the European Data Protection Supervisor at any time: Website E-mail: edps [at] edps [dot] europa [dot] eu