Privacy statement on the protection of your personal data collected by the Publications Office to manage publications orders submitted by EU Staff or print suppliers via the Integrated Logistics Management System (ILMS)

I. Introduction

The European institutions are committed to protecting and respecting your privacy. The policy on protection of individuals with regard to the processing of personal data by the Community institutions is based on Regulation (EC) N°45/2001, of the European Parliament and of the Council of 18 December 2000.

II. Why do we process your data?

Your personal information is collected to enable the Publications Office of the European Union to fulfil your orders and provide the services requested by using the Integrated Logistics Management System ("ILMS"), hosted by the contractor on behalf of the Publications Office.

The ILMS is a commercial application that manages inventory, orders and invoices on billing orders. As such, there is data on the affected customers by these orders and invoices (ie sales office of the OP, officials of author services having access to their stocks or officials who ordered a billed publication).

There are two types of customers:

  • EU Institutions staff having access to their own stocks; or having access to the other EU Institutions’ stocks (Author services). Both can place orders directly on ILMS application.
  • Citizen or any entity that places orders for monographs or print-on-demand (POD) products via the EU Bookshop website and who does not use ILMS.


The ILMS application  is used to manage:
- the stock of publications, data and orders,
- the entire sales process for printed monographs and POD publications: inputs, delivery and billing,
- the billing entries (in connection with the SAGAP application, see notification DPO-1294) and the EU Bookshop clients.

Your personal data will be used only for this purpose.

Tasks and operations of the Publications Office are defined in the decision 2009/496/EC.
The processing of your personal data is based on Article 5(a) of the Regulation (EC) no. 45/2001 which stipulates that “personal data may be processed only if “processing is necessary for the performance of a task carried out in the public interest on the basis of the Treaties establishing the European Communities or other legal instruments adopted on the basis thereof or in the legitimate exercise of official authority vested in the Community institution or body or in a third party to whom the data are disclosed,”

Collected personal data is treated according to the policy described in the above-mentioned Regulation.

III. Which data do we collect and process?

All following fields are compulsory. There are two sets of personal data:

  1. Details of the registered users (issued with a user ID and password for accessing in the "ILMS" application).

Data which are required to issue access and manage Your user ID include:

  • User name
  • User profile
  • User ID
  • Telephone number
  • E-mail address
  • Billing  address (es) (applicable only for users of the Advance Shipment Notice [ASN])
  • Your administrative entity (only for EU staff)
  • Name of the company (only for print suppliers)
  • Language preference (can be changed whenever connecting to "ILMS")
  1. Data collected to manage publication orders, which includes:
  • Recipient's name
  • Delivery address
  • Title(s) and catalogue number(s) of the publication(s) you are ordering
  • Telephone number (only compulsory if urgent deliveries)
  • Telephone number of the recipient (only compulsory if urgent deliveries)
  • E-mail address

No personal data is collected on the carriers used to make deliveries, declared in "ILMS" using an Advanced Shipment Notice.

No fields fall under Article 10 of Regulation (EC) N° 45/2001

IV. How long do we keep your data?

We keep the data only for the time necessary to fulfil the purpose of collection or further processing.

Your data will be deleted after the end of the contract by the contractor.

EU staff users inform the functional mailbox OP-ILS-ACCESS-RIGHT@publications.europa.eu  when they change duties and their profile is deactivated upon request.

V. How do we protect your data?

All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors; the operations of which abide by the European Commission’s security decision of 16 August 2006 [C(2006) 3602] concerning the security of information systems used by the European Commission.

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of Directive 95/46/CE.

The Publications Office has put in place, and regularly reviews and updates, appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information collected for the treatment of publications orders.

Staff of the EU institutions who have access to personally identifiable information are required to protect this information in a manner that is consistent with this Privacy Statement by, for example, not using the information for any purpose other than to carry out the services they are performing.

VI. Who has access to your data and to whom is it disclosed?

Access to your data is provided to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

The collected data will be treated confidentially and used only by the relevant staff of the European institutions, as well as the contractor (Arvato Services France).

Without prior written agreement of the person concerned, such personal details will not be disclosed to third parties, without prejudice to a possible transmission to the bodies in charge of a monitoring or inspection task in accordance with Community legislation.

The Publications Office and its contractor will not share personal data with third parties for direct marketing.

VII. What are your rights and how can you exercise them?

According to Regulation (EC) n°45/2001, you are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete.

You may also request us to delete your personal information completely, subject to settlement of all outstanding issues related to our relationship. This will mean that you will also terminate all services and access rights that may be linked to this information.

To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections.

You can exercise your rights by contacting the data controller, or in case of conflict the Data Protection Officer and if necessary the European Data Protection Supervisor using the contact information given at point 8 below.

VIII. Contact information

If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:

•     The Data Controller:

•     Head of the EU Bookshop and CORDIS unit

•     Email: op-ilms-access-rights@publications.europa.eu

If you wish to access or correct your personal information which are collected, please contact the Controller’s E-mail address.

IX. Where to find more detailed information?

The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link:
http://ec.europa.eu/dpo-register

This specific processing has been notified to the DPO with the following reference:  
DPO-3790.