Privacy Statement

Privacy Statement – Users of Ireland’s Domain on the Union Registry IRL UR009-1

1.       Background:

The Union Registry and the EU Transaction Log (EUTL) are established under the Directive 2003/87/EC of the European Parliament and of the Council establishing a scheme for greenhouse gas emission allowance trading within the EU (EU ETS) and by Decision No 280/2004/EC of the European Parliament and of the Council concerning a mechanism for monitoring EU greenhouse gas emissions and for implementing the Kyoto Protocol.

The Union Registry and the EUTL ensure the accurate accounting of all allowances issued under the EU ETS. They record the possession of allowances held in electronic accounts which are administered by the National Administrators of the Member States (the 28 Member States of the EU and the 3 States from EFTA-EEA). The functioning of the Union Registry and the EUTL is regulated by Commission Regulation 389/2013 (the Registry Regulation).

The European Commission (the Commission) together with the Member States (MSs) are co-controllers of personal data. The Environmental Protection Agency (EPA) in Ireland has statutory responsibility for the establishment and maintenance of Ireland’s domain on the Union Registry, and is the National Administrator for Ireland.

The primary collection and encoding of personal data in the Union Registry for Ireland is made by the account holders and by the EPA since the EPA manage the accounts in the Union Registry, which are under the jurisdiction of Ireland.

For personal data relating to accounts under the jurisdiction of Ireland, the controller is the EPA.

Within the Union Registry and EUTL the Commission performs limited processing of personal data that is handled in conformity with Regulation (EC) N° 45/2001 on the protection of individuals with regard to the processing of personal data by Community Institutions and bodies and on the free movement of such data. The relevant processing operations are under the responsibility of the Head of the Unit CLIMA.B1 Implementation of ETS, Directorate-General Climate Action (CLIMA), acting as the controller.

2.       What personal data is collected?

The personal data collected by the EPA which is further processed concerns the Primary Registry Contact (PRC); account holders (where they are natural persons); Authorised Representatives; Additional Authorised Representatives and directors of the account holders (where they are legal entities). 

The data elements collected may include:

  • Personal Name and Surname
  • Personal ID
  • Date and place of birth
  • Professional postal address
  • Phone and fax number, mobile phone
  • E-mail address
  • For security monitoring reasons the logging of user ID, IP addresses, logon time, logoff time, programme used and accessed infrastructure resources (servers’ logs) is also recorded. 

The application documentation to be submitted is detailed in the Registry Regulation. Article 25.1 of the Registry Regulation requires all account holders to notify the EPA within 10 working days of changes to the information submitted for the opening of an account. In addition, account holders shall confirm to the EPA by 31 December each year that the information for their account remains complete, up-to-date, accurate and true.

This application documentation is also regularly reviewed by the EPA to ensure that it remains complete, up-to-date, accurate and true.

Please also refer to the European Commission - Privacy Statement for Users Registered with the EU ETS Union Registry - http://ec.europa.eu/clima/sites/registry/privacy_en.htm 

3.       Technical Information

The personal data is exclusively collected in a database and in application log files shared by both the EUTL and the Union Registry. Application log files are created to record elements that trace any operation on the system. These elements may be the name, the User ID, the logical address (IP address), a time stamp giving the beginning and the end of the operation.

The information is to be processed by Commission personnel, under the responsibility of the controllers mentioned in Point 1.  

4.       Who has access to your information and to whom is it disclosed?

The personal data collected is accessible by the designated officials of the European Commission and of the respective National Administrators, including the EPA.

Some of the professional contact details (name, fixed line phone number) will be published on the web via the Europa site –  http://ec.europa.eu/environment/ets/

In accordance with Art.110 of Commission Regulation 389/2013 MSs and EU entities explicitly listed in these provisions may obtain access to the data stored in the Union Registry and in the EUTL if this is necessary for the performance of their tasks. The Commission shall provide this access to the MSs and EU entities through the Security Directorate of its Directorate-General for Human Resources and Security. EUROPOL has a permanent read-only access to that data stored in the Union Registry and in the EUTL for the purpose of the performance of its tasks in accordance with Council Decision 2009/371/JHA. EUROPOL must keep the Commission informed of the use it makes of the data.  Furthermore, in accordance with Art 110.8 of Commission Regulation 389/2013, National Administrators shall make available to other National Administrators and the Commission the names and identities of Account Holders and (Additional) Authorised Representatives in certain circumstances. 

The application documentation and application records are only accessible by designated persons within the EPA. 

The PRC data is not uploaded onto the Union Registry and the PRC has no access to the Union Registry. The EPA records certain PRC details within the EPA IT infrastructure such as the PRC Name, Organisation Address, contact details and relevant Accountholder details are recorded on a Network Drive where access is restricted to a small number of personnel working in the Union Registry area.

The PRC details are used by the EPA National Administrators to verify that any additional changes to an account or authorised representatives have truly been authorised by the PRC.

The PRC documentation (Nomination Forms, Statement of Particulars and Evidence of Identity) is retained offline as hard copies. 

5.       How long is the information retained?

According to best practice in the security industry, a retention period of one year is required for log files. This is critical to allow for investigations in case of security breaches. Once a formal investigation has been concluded, data is kept for six months and destroyed afterwards.

The central administrator shall ensure that the Union Registry stores records concerning all processes, log data and account holders for five years after the closure of an account.

The central administrator and Member States shall ensure that the Union Registry and other KP registries store records concerning all relevant KP processes, log data and account holders of KP accounts for fifteen years after the closure of the account or until any issue of implementation relating to them arising within the context of the UNFCCC bodies has been resolved, whichever is the later. 

The application documentation submitted is maintained for the duration of your appointment on the Union Registry (Primary Registry Contact, Authorised Representatives, Additional Authorised Representatives) and/or for as long as you hold an account on the Union Registry (account holders).

The application documentation is retained for three years from removal of the PRC, Authorised Representatives, Additional Authorised Representatives and/or closure of the account. 

6.       How is the documentation safeguarded?

The hard copy application documentation submitted is securely stored with restricted access thereto. Upon expiry of the retention period, the documentation is securely destroyed.

The collected personal data and all information related to the above mentioned processes of the Union Registry are stored on servers of Directorate-General for Informatics of the Commission , the operations of which abide by the Commission's security decisions and provisions established by the Security Directorate of the Directorate-General for Human Resources and Security of the Commission.

Please also refer to the European Commission - Privacy Statement for Users Registered with the EU ETS Union Registry - http://ec.europa.eu/clima/sites/registry/privacy_en.htm 

7.       Right of Access and Costs:

If you would like a copy of the documentation or data that is held about you, please contact: 

 

Irish National Administrator

Data Protection Officer

Environmental Protection Agency

PO Box 3000

Johnstown Castle Estate

Co Wexford Y35 W821

Ireland 

 

A maximum fee of €6.35 may be charged for accessing the data from the EPA. 

 

European Commission

European Commission  

Directorate-General for Climate Action,

Unit B1 "Implementation of ETS"

200 Rue de la Loi

B - 1040 Brussels 

 

E-mail: clima-registry-request@ec.europa.eu