Privacy Shield Complaint Form
Who will be handling the data provided by this form and how is my personal data protected?
Your DPA is the data controller of personal information provided in the form. Where the “Informal Panel of EU DPAs” is competent, your personal data will be shared with the EU DPAs participating to the panel. European data protection law applies to protect your personal data processed by all EU DPAs involved. In accordance with European data protection law the DPAs will process your personal data exclusively for the purpose of handling your complaint. Your data will be submitted to restricted access and available only to authorised personnel within the relevant DPA.
Will my personal data be transferred to US-companies or to US-authorities?
Where your complaint can be handled without disclosing your personal data, they will not be disclosed.
Please be advised that the handling of your complaint might require the transfer of your personal data to the concerned US company and/or US-authorities (US Department of Commerce – DoC, US Federal Trade Commission – FTC, US Federal Transportation Authority – FTA). Such personal data may include your name, any other identifier you have used when communicating with the US-company or any other personal information that has been processed by the US –company and is part of your complaint3
If such transfer turns out to be necessary in order to handle your complaint, you will be specifically informed before the data is transferred and you will be given the opportunity to decide if you wish to proceed.
The outcome of the complaint procedure might be published, if appropriate. However, your personal data will not be disclosed in the course of this publication.
1 If your complaint concerns your right of access to your personal data, it will be necessary to provide this information since otherwise the US company will not know which user has lodged the complaint and hence will not be able to identify and therefore to handle the case. Additional information might also be asked by DPAs to ensure the proper verification of this information (authentication).
2 Please note that in most cases, it would be advisable that you first contact the US Privacy Shield-certified company to attempt to resolve your case. Your national EU DPA can help you to do so.
3 The „Informal Panel of EU DPAs“ is a group of Data Protection Authorities of EU member states which will be set up in order to handle a complaint concerning human resources personal data transferred from an EU entity to an US Privacy Shield company, or when the US company has voluntarily committed to cooperate with the EU DPAs.
