One of CEER’s and ERRA’s core values is respect and we will apply that principle to your rights, including your personal data rights in accordance with the requirements of the EU General Data Protection Regulation (GDPR). We are very serious about our responsibility to ensure that your personal data is protected. This privacy and cookies policy sets out what data we collect, why we collect this data and how we use it.

We are committed to safeguarding the privacy of our website visitors and other individuals with whom we deal, and to keeping your personal data safe and secure.

If you have any questions, do not hesitate to contact us at the following address: or


Who is responsible for processing your data?

CEER and ERRA are the data controller of your personal information and our contact details are:


Council of European Energy Regulators (CEER)

Cours Saint-Michel 30a, box F (5th floor) 1040 Brussels, Belgium

Tel.: +32 (0) 2 788 73 30


Energy Regulators Regional Association

Logodi u. 44/B., 1112 Budapest, Hungary

Tel.: +36 70 392 5986


What data do we collect?

We adopt a minimalist approach of collecting only the data that is necessary. Depending on the product or service, this may include some or all of the following: name, gender, email address, telephone number, member organisation, CV and photographs.

(a) Correspondence data: we may process information contained in or relating to any communication that you send to us, whether through the site, by email, through social media, responding to our public consultations or questionnaire or otherwise. This may include the communication content and metadata associated with the communication, as well as any contact details you provide to us, such as your name, email address, phone number, job title, address or social media username. We process correspondence data for the purposes of communicating with you and record-keeping.

(b) Transaction data: we may process information relating to transactions, such as bank account details, contact details, or transaction data in relation to payments made by us to you or by you to us. This may include your contact details, or any bank account or sort code information provided for the purposes of making payment, as well as transaction details (such as POs or invoices). The transaction data may be processed for the purpose of supplying or receiving and administering the relevant services and keeping proper records of those transactions, and for making and receiving payments.

(c) Personal data we obtain from others: your personal data may be provided to us by someone other than you—for example, by your employer, by an organisation with whom you      and we are both dealing, or by someone who wishes to refer you to us or vice versa. Normally this data will be correspondence data, enquiry data, or project data as describe above, and will be processed by us for the purposes described above.


Why do we collect your data?

We process personal data on lawful bases only. In particular, we process personal data on the following lawful bases identified in Article 6 of the General Data Protection Regulation:

(a) for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you (Article 6 (1) (b) GDPR). This may be our basis for processing correspondence data, enquiry data, matter data and transaction data;

(b) for our legitimate interests (Article 6 (1) (f) GDPR). This may be our basis for processing:

I. correspondence and matter data (as we have an interest in properly administering our business and communications);

II. enquiry data (as we have an interest in developing our business with interested parties);

III. transaction data (as we have an interest in making and receiving payments promptly and in recovering debts);

IV. any personal data identified in the other provisions of this notice where necessary in connection with legal claims (as we have an interest in the protection and assertion of our legal rights, your legal rights and the legal rights of others);

V. any of the personal data identified in the other provisions of this notice in connection with backups of any element of our IT systems or databases containing that personal data (as we have an interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data).



How do we collect your data?

Most personal data is provided by the individual when they register (typically online) to participate in an event or initiative or request to be placed on a distribution list for news alerts. Typically, only a name and email address are required.

Persons interested in being notified of CEER and/or ERRA activities (events, training courses, news alerts) can subscribe online to receive news alerts of forthcoming activities. We require your e-mail address only. You can “unsubscribe” at any time if you no longer wish to be on CEER mailing lists.



Are your data protected?

We take appropriate measures to ensure that our server prevents unauthorised leaks, disclosure or destruction of personal data.


How long do we store your data?

Personal data for individuals who have requested to be placed on distribution lists is kept indefinitely or until they request removal (i.e. unsubscribe).


Who has access to your data and to whom are they communicated?

CEER and ERRA employees access and share personal data only to the extent necessary to comply with requests concerning products, services and activities.

CEER and ERRA store personal data in as few locations as possible. CEER and ERRA shares personal data only with colleagues who are directly involved. CEER and ERRA do not leave personal data unattended.

CEER and ERRA do not process data regarding race, religion, health, criminal records, etc. CEER and ERRA remove personal data after expiration of the retention period.

CEER and ERRA do not share the personal information of event participants, news alert subscribers, members of our organisation, or staff members with any third parties for marketing purposes.


What are your rights and how can they be exercised?


Right of Access (Article 15 GDPR)

You have the right to obtain confirmation that we hold and process your personal information and to access these data.We will apply security checks to ensure that the request matches the identity of the user.


Right to Rectification (Article 16 GDPR)

You can have inaccurate personal data rectified without undue delay.


Right to Object (Article 21)

You can object to your personal data being processed, for example, in relation to direct marketing or publication on a website.This right will be communicated when the first initial contact is made.


Right to Restriction of Processing (Article 18 GDPR)

This applies when you contest the accuracy of your personal data or consider that the processing is illegal.


Right of Erasure (Article 17)

Also known as the right to be forgotten, you can request the erasure of your personal data without undue delay. This does not apply when we are required to comply with a legal obligation.


Right to data Portability (Article 20)

You have the right to receive your personal data in a user-friendly format and to transfer it to another organisation.


Right to lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority in the Member State where you live, work or in locations where the alleged infringements took place, if you believe we have not complied with the GDPR.


Do we share your personal data with others?

We generally do not share personal data.

We may disclose your personal data to our insurers and/or professional advisers as necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.

We may disclose personal data to our suppliers or subcontractors in connection with the uses described above. For example, we may disclose:

(a) any personal data in our possession to suppliers that host the servers on which our data is stored;

(b) transaction data and billing contact details to our accountants; and

(c) transaction data and other relevant personal data to third parties for the purposes of fraud protection, credit risk reduction and debt recovery.

We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and applicable law. In addition to the specific disclosures of personal data set out in this section, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.


How to receive our products?

With your consent, we only use your email address to offer you products similar to those that you have already expressed an interest in or ordered.

You can request to be removed from promotions, direct marketing or mailing lists at any time.


What is our policy on data concerning minors?

Our website or products are not targeted to children under the age of 13. If you learn that we have the personal data of your child without your consent, please contact us at or


What happens in the event of a change to the privacy policy?

Changes will be published on our website.


How to contact us or make a complaint to us?


Council of European Energy Regulators (CEER)

Cours Saint-Michel 30a, box F (5th floor) 1040 Brussels, Belgium

Tel.: +32 (0) 2 788 73 30


Energy Regulators Regional Association

Logodi u. 44/B., 1112 Budapest, Hungary

Tel.: +36 70 392 5986



Complaints to the Data Protection Authority

You have a right to complain about how we have handled your information and you can report it directly to the Data Protection Authority, at the following address.


Belgian Data Protection Authority

Rue de la Presse 35, 1000 Brussels

+32 (0)2 274 48 00 +32 (0)2 274 48 35


Hungarian National Authority for Data Protection and Freedom of Information

Falk Miksa utca 9-11H-1055 Budapest

Tel. +36 1 3911 400




Third Party websites and security

This website ( contains links to third-party websites and refers to third-party service providers and other entities. If you follow a link to any third-party website or deal with any third-party entity referred to on the site, then you should note that these third parties may have their own privacy and cookie policies, and that we are not responsible for their use of any personal data which you may provide to them. You should ensure that you have read and understood any relevant policies.

Although we do our best to ensure the security of personal data provided to us (and to use only reputable service providers), any transmission of data via the Internet is by its nature insecure and we cannot guarantee the security of any personal data you provide to us.