ENTSO-E and EU DSO Entity Joint Working Group Repository

Last modified: 24 June 2025 

Privacy – Key Facts

ENTSO-E and EU DSO Entity (hereinafter referred to as “the Associations”) protect your personal data and your privacy in compliance with the General Data Protection Regulation (hereinafter referred to as “GDPR”), the Belgian Data Protection Act of 8th December 1992 on the protection of privacy in relation to the processing of personal data (as amended) and any applicable implementation rules on the protection of privacy in relation with the processing of personal data. Your personal data shall be processed by ENTSO-E (International Non-Profit Association created under Belgian law, having its registered office at 1000 Brussels, rue de Spa, 8 - Belgium) and by EU DSO Entity (International Non-Profit Association created under the laws of Belgium, having its registered office at 1000 Brussels, rue du Luxembourg, 3 – Belgium)acting as data controllers.  

When visiting the Associations’ Website, ENTSO-E and DSO Entity may process your personal data in accordance with the provisions of this privacy policy.

This data protection policy explains the reason for the processing of your personal data, the way we collect, handle, and ensure protection of all personal data provided, how your personal data are used and which rights you have in relation to your personal data. It also specifies the contact details that you can use to exercise your rights.

Privacy – Further Information

1.    Personal data refers to any information that directly identifies or indirectly makes an individual (a natural person) identifiable. The information provided in this Privacy Policy applies exclusively to the personal data of natural persons. For that reason, it does not apply to data regarding companies, legal entities, or institutions. However, the Privacy Policy does cover the personal data of natural persons engaged in professional activities, including employees of companies or organisations.

2.    In the context of this data protection policy, the Associations  may collect the following categories of personal data:

• Personal data derived from website visits such as, as the case may be, your account username, geographical area, age, gender, and other personal characteristics such as nationality which you provide us;
• Online identifiers (device ID, IP address and/or cookie identifier) through the use of cookies. More information can be found in our cookie policy;
• Personal data available about your activity as user on our pages including any reactions, comments, shares, networks and connections, but also personal data included in audiovisual content, such as an image, or a video; and
• Your email address.

3.    Your personal data are collected and processed for and to the extent necessary to achieve the following purposes:

• allow and, as the case may be, improve your visit on the Associations’ website.
• collect statistical data about your use of the Associations’ website, after pseudonimysation; and
• collect and manage your feedback on your Associations’website experience.

4.    The collection and processing of your personal data is based:

• For purposes a) and b) on your consent (Article 6(1)(a) of the GDPR), except for processing strictly necessary to operate our website ;
• For the website feedback (purpose c)) on the legitimate interest of the Associations (Article 6(1)(f) of the GDPR) to collect and manage your feedback (in order, for example, to improve the Associations’ website) given the fact that you give the feedback on a voluntary basis.

5.    Access to personal data

The Associations safeguard the confidentiality of personal data in accordance with applicable laws and have implemented appropriate technical and organisational measures to protect personal data against unauthorised access, unlawful processing or disclosure, accidental loss, alteration, and destruction.

The number of people who have access to your personal data is limited. Only people with us who need to process your personal data in accordance with the purposes stated above have access to the personal data. Your personal data shall not be transmitted to any third party other than, as the case may be:

• The Associations’  service providers in charge of the hosting and/or maintenance of the website.

We may also process your personal data, including the disclosure of such data, when we are required or authorized to do so by virtue of applicable law.

Some of the above-listed recipients are established outside of the European Economic Area (“EEA”). In this case, the Associations shall act in accordance with the terms included in paragraph (5) below.

6.    Transfers to countries outside the EEA

The personal data, which you transmit to the Associations, are stored in a database managed by and under responsibility of the Associations . Your data are stored exclusively on servers located within the European Union. 

Your personal data may be transferred to countries which may have a lower level of protection of personal data than the one offered within the EU/EEA. When your personal data is shared with these countries outside the EU/EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EU/EEA. This can be done in a number of ways:

• We use standard contractual clauses that have been approved by the European Commission as well as supplementary measures necessary to ensure an adequate level of protection for your personal data. The standard contractual clauses are available via the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en . If you would like to obtain actual copies of our agreements, please contact us at the contact information provided in section 8;
• Furthermore, in certain cases we also rely on the European Commission’s adequacy decisions for international transfers of personal data, meaning that we may transfer personal data to countries outside the EU which have been deemed to have an adequate level of data protection. Please see information on the adequacy decisions here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en 

In other circumstances the law may permit us to otherwise transfer your personal data outside the EU/EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with European data protection law.

7.    Your personal data shall be stored/processed:

As long as necessary to achieve the purposes as defined in Article 2 of this privacy policy, the cookies policy or to provide an appropriate follow-up to your feedback. In any case, your personal data will be removed 1 year after our latest interaction with you.

8.    Your rights in relation to personal data

We will respond to your requests within one month of receipt of the request, unless an extension is allowed under European data protection law. We may need to ask you to provide additional information to verify your identity before we can process your requests. Read more about your rights below.

• The right to access: You have the right to know which personal data we process about you, for what purposes the personal data is being processed and who we share your personal data with, etc. You also have the right to access the personal data and request a copy of the personal data being processed.
• The right to rectification: If you notice that we have incorrect or incomplete personal data about you, you may request that we correct or supplement this personal data.
• The right to erasure and restriction: In some cases, you may request that we delete your personal data or that we limit our processing for a certain period of time. Also, please note that there may be circumstances where you ask us to erase or restrict your personal data, but we are legally obliged to retain it.
• The right to object: You have the right to object to the processing we perform based on our legitimate interest.
• The right to data portability: In cases where we base our processing on your consent or on the fulfilment of an agreement, you have the right to receive your personal data in a structured, commonly-used and machine-readable format and have the personal data transferred to another controller.
• Withdrawal of consent: If you have given your consent to processing of your personal data, you always have the opportunity to withdraw your consent by contacting us using the contact information below or by using the “unsubscribe” button. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

If you have any questions about our processing of your personal data or wish to exercise any of your rights set out above, you can contact us in @email .

You may apply to or lodge a complaint with the Data Protection Authority (Rue de la presse 35, 1000 Brussels – @email - Tel. + 32 2 274 48 00– Fax + 32 2 274 48 35) for the exercise of these rights.