Protection of personal data

The General Data Protection Regulation 2016/679 (GDPR) is European legislation that replaces Directive 95/46/EC and that sets a new framework for the protection and exchange of personal data. The basis of this new regulation is the protection of citizens and the transparency as to what is done with their personal data and it extends the scope of EU data protection legislation. The European Union wanted to standardize the existing rules while protecting the citizen in an equivalent way on the complete European territory.

What is the objectif?

The Union Registry and the EU Transaction Log (EUTL) are established pursuant to Directive 2003/87/EC of the European Parliament and of the Council establishing a system for the trading of emission allowances for greenhouse gas emissions in the Community (EU-ETS) and Decision No 280/2004/EC of the European Parliament and of the Council on a mechanism to monitor greenhouse gas emissions in the Community and to the Kyoto Protocol. They ensure accurate accounting of all allowances issued under the EU-ETS and keep track of the ownership of allowances held on electronic accounts managed by the national administrators of the Member States (all 28 Member States and the three EFTA-EEA Member States). The functioning of the Union Registry and the EUTL is governed by Regulation (EU) No 389/2013.

The European Commission (the "Commission") and the registry administrator of the Belgian Register (the "Registry Administrator") are co-controllers of personal data. The first collection and the first encoding of personal data in the Union Registry shall be carried out by the account holders and by the Registry Administrator, who shall manage in the Union Registry only those accounts within the jurisdiction of Belgium. The Registry Administrator uses a support tool (REMA) for this management.

In the case of personal data relating to accounts within the jurisdiction of Belgium, the controller is the Registry Administrator. The accuracy of the data is the sole responsibility of the Registry Administrator and account holders..

What data are collected?

The personal data collected in the Union Registry which are then processed concern account and legal representatives. The term "Personal data" is used for:

  • the surname(s) and first name(s);
  • the date and place of birth;
  • the gender and preferred language;
  • the postal address;
  • contact data: phone number, mobile phone number and e-mail address;
  • registry access data: EU login data, status, software language and secret question/answer;
  • a proof of identity, criminal record and / or proof of permanent residence;
  • the account holder relation: related account holder, role, job title and/or job department;
  • For security control purposes, the user ID, the IP addresses, the time of the connection, the time of the disconnection, the browser used and the infrastructure resources used (server logs) are also registered.

How are your data saved, protected, who has access to your data and for how long are these data preserved?

Personal data are exclusively collected in a database and in log files in REMA, the EUTL and the Union Registry. They are located on servers located in the territory of the Union.

Commission officials and the Registry Administrator have access to personal data.

The data in the REMA database is protected by archiving and regular backups (incremental and complete), a confidentiality and non-disclosure statement signed by the software developer's staff, clear end-of-contract rules for data transfer and destruction, consistency checks to prevent corruption or loss of data, monitoring and backup mechanisms, incident and incident management system (incident classification), fees for non-compliance,...

More information on data protection in the EUTL and Union Registry common log files can be found in the privacy statements on the EU Registry website (

Your personal data are kept 5 years after you are removed from the last user account you were linked to, or 5 years after the closing of the last user account you are linked to.

The administrator and the account holders are responsible for updating the personal data contained in the Union Registry. The procedures for updating this data are available on this website

What are your rights in regards to your personal data?

Some of these rights apply only in limited circumstances.

  • You have the right to access your data; either directly through the registry (after login), or by requesting the helpdesk via email.
  • You have the right to obtain, as soon as possible, the rectification of inaccurate personal data concerning yourself. Given the purpose of the processing, you have the right to have the incomplete personal data about yourself completed. The procedures for updating this data are available on this website

Qestions, problems or complaints?

If you have a question, a problem or a complaint concerning the collection and use of your personal data, you can contact the designated Data Protection Officer (DPO) via the email address or via the postal addres:

FPS Public Health, Food Chain Safety and Environment
Data Protection Officer (DPO)
Eurostation – bloc 2
Place Victor Horta, 40 boîte 10
1060 Brussels


[Back to the top of this page]