Data protection

The CPVO Decision of 17 December 2018 on Implementing Regulation (EU) 2018/1725 lays down the general rules for implementing, in the CPVO, Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) 45/2001 and Decision No 1247/2002/EC.

The protection of your privacy is of great importance to the CPVO. We feel responsible for the personal data that we collect and process. Therefore, we are committed to respecting and protecting your personal data and ensuring the efficient exercise of your data subject rights.

Although you can browse through the CPVO website without giving any information about yourself, in some cases personal information is required to provide the e-services you request. Web Sites that require such information treat it in accordance with Regulation (EU) 2018/1725 and provide information about the use of your data in their specific privacy policy statements. In particular:

• For each specific e-service, a controller determines the purposes and means of the processing of personal data and ensures conformity of the specific e-service with the privacy policy;
• The Data Protection Officer (DPO) of the CPVO ensures that the provisions of Regulation (EU) 2018/1725 are applied and provides legal advice to controllers on fulfilling their obligations (Article 26 of the Regulation);
• The European Data Protection Supervisor (EDPS) is an independent supervisory authority that monitors the CPVO’s compliance with Regulation (EU) 2018/1725 (Articles 52 to 56 of the Regulation).

For more information on how the CPVO handles your personal data to perform its tasks, based on EU law and in accordance with Regulation (EU) 2018/1725, please consult our Personal Data Protection Notice.

The CPVO has a publicly accessible centralised Register of Records of the personal data processing activities carried out within the remit of the CPVO, in conformity with Article 31(5) of Regulation (EU) 2018/1725. The records in this register contain the information required as per Article 31(1) of Regulation (EU) 2018/1725. To ensure that the information provided is accurate and up-to-date, the Register is regularly reviewed.

In those cases where the CPVO collects personal data relating to a data subject, the CPVO provides said data subject with all relevant information relating to the processing of the data, in accordance with Regulation (EU) 2018/1725. To consult our Privacy Statements, please refer to our dedicated page.

In accordance with Article 25 of Regulation (EU) 2018/1725, and within the framework of its processing operations, the CPVO may restrict the application of the rights enshrined in Articles 4, 14 to 21, 35 and 36 of said regulation.

To this end, the CPVO has implemented Decision of the Administrative Council of the Community Plant Variety Office of 1 April 2020 on internal rules concerning restrictions of certain rights of data subjects in relation to processing of personal data in the framework of the functioning of the CPVO (“CPVO Decision on restrictions of certain rights of data subjects”).

The CPVO Decision on restrictions of certain rights of data subjects lays down rules relating to the conditions under which the CPVO may restrict the cited rights. It applies to the processing of personal data by the CPVO for the purposes of administrative inquiries, disciplinary proceedings, whistleblowing procedures, (formal and informal) procedures for dealing with harassment, processing complaints, processing medical data and/or files, conducting internal audits, investigations carried out by the Data Protection Officer in line with Article 45(2) of Regulation (EU) 2018/1725 and IT security investigations handled internally or with external involvement.

The CPVO Decision on restrictions of certain rights of data subjects is published in the Official Journal of the European Union (L 259, 10 August 2020, pp. 32-39) and is available in all EU official languages. The decision is also available on our website, in our dedicated page.

In the CPVO website, there are several e-mail addresses provided, which activate your e-mail software and invite you to send your comments to a specific mailbox. When you send such a message, your personal data is collected only for this purpose and to the extent necessary to reply.

For the safety and security of our staff members as well as of our visitors, the CPVO premises are under video-surveillance and images are recorded. The images are processed in conformity with Regulation (EU) 2018/1725, account taken of the EDPS Video-Surveillance Guidelines and EDPB Guidelines on processing of personal data through video devices. To learn more about this processing activity, please consult our Video-Surveillance Notice.

In our software, we use TrackJS Service operated by TrackJS, LLC (or “TrackJS”). Track JS is an error tracking service for web application. While tracking errors in our software we store the browser, obfuscated IP address and operating system on which the error occurred. Our legitimate interest to use TrackJS is to prevent errors displayed to our users in the software. For more information, please refer to TrackJS’s Privacy Policy.

For further information or to submit any query concerning the treatment of personal data by the CPVO, please contact directly the CPVO Data Protection Officer (DPO) (dpo [at] cpvo.europa.eu (dpo[at]cpvo[dot]europa[dot]eu)) or the concerned Data Controller (dpc [at] cpvo.europa.eu (dpc[at]cpvo[dot]europa[dot]eu)).