Privacy Policy for the European Transport Documents Database System (ETDDS)

This Privacy Policy explains how the European Transport Documents Database System (ETDDS) collects, uses, stores, shares, and protects personal data in connection with its services. ETDDS is a centralized, cross-border database designed to store, manage, verify, and share transport-related documents across European jurisdictions. By using ETDDS, you agree to the collection and use of information in accordance with this policy.

If you have questions about this policy, contact your organization’s ETDDS administrator or the ETDDS Privacy Office at [contact email].

1. Data Controller and Data Protection Officer

• Data Controller: The organization operating the ETDDS instance you use (often your national regulator, authority, or delegated administrator) acts as the data controller for the personal data processed within that namespace.
• Data Protection Officer (DPO): Each implementing organization may designate a DPO or privacy lead. For cross-border inquiries affecting multiple jurisdictions, you can contact the ETDDS Privacy Office at [contact email].

2. What personal data we may collect

ETDDS may collect and process the following categories of personal data, as required by your role and the document workflow:

• Identity and access data: name, job title, organization, role, employee ID, contact information, username, authentication credentials (in a secure, hashed form), and MFA-related data.
• Document-related data: applicant or submitter names, contact details, representatives or agents, issuer details, and any personal identifiers embedded in documents or metadata (subject to access controls).
• Metadata: timestamps (submission, validation, approval), document IDs, version numbers, status, namespaces (jurisdiction), and audit trail entries.
• Technical data: IP address, device information, browser type, and log data necessary for security, operations, and anomaly detection.
• Compliance and regulatory data: information required to verify transport claims, including test results, attestations, and certificates, which may include personal data of named individuals where relevant to regulatory processes.
• Analytics and usage data: how users interact with the system to improve services.

We apply data minimization principles and collect only data necessary for the purpose of processing transport documents and fulfilling regulatory requirements.

3. How we use personal data

Perform workflow processes: submission, validation, verification, approval/rejection, publication, and archival.

• Authenticate and authorize users: enforce access controls, MFA, and session management.
• Record-keeping and auditing: maintain immutable logs for accountability and compliance.
• Communicate with users: notifications about status changes, deadlines, and security notices.
• Compliance with legal obligations: meet GDPR, local data protection laws, and cross-border data transfer requirements.
• Security and operations: monitor for security incidents, perform maintenance, and support incident resolution.
• Analytical purposes: improve system performance, detect misuse, and generate aggregated reports (always in a privacy-conscious way).

4. Legal bases for processing

ETDDS processes personal data under the following legal bases, as applicable:

• Contractual necessity: for performance of duties related to document submission, validation, and regulatory processes.
• Legal obligation: compliance with laws and regulations governing transport documentation, record-keeping, and audit requirements.
• Consent: where required or voluntarily provided for specific activities (e.g., optional communications or research with proper approvals).
• Legitimate interests: for security, integrity, and improvement of the ETDDS platform, balanced against individual privacy rights.
• Public interest or official authority: where processing is necessary for regulatory or governmental purposes.

5. Data sharing and international transfers

• Within ENDDS: personal data may be shared with authorized roles across namespaces as part of the workflow (e.g., validators, applicants, auditors) under strict access controls.
• With third parties: service providers (hosting, security, analytics) bound by data processing agreements to protect personal data.
• Cross-border transfers: transfers to other European Union member states or countries with equivalent protection to GDPR, or where appropriate safeguards are in place (e.g., SCCs, adequacy decisions).
• Public disclosures: no personal data is disclosed in publications unless explicitly required by law and with appropriate redaction or anonymization.

• Retention periods: defined per document type and jurisdiction. Records may be archived or deleted in accordance with policy, legal obligations, and organizational needs.
• Deletion requests: individuals may have rights to request deletion or erasure where legally permissible, subject to regulatory retention requirements and the integrity of audit trails.
• Backups: data in backups is protected and restored only as needed to support retention and disaster recovery plans, with access controls applied.

7. Your rights

Depending on jurisdiction, you may have rights including:

• Right to access and obtain a copy of your personal data.
• Right to rectify inaccurate or incomplete data.
• Right to erasure (where permitted) or to restriction of processing.
• Right to data portability where applicable.
• Right to object to processing based on legitimate interests or public authority.
• Right to withdraw consent where consent is the basis for processing.
• Right to lodge a complaint with a supervisory authority.
• Requests should be directed to your organization’s DPO or the ENDDS Privacy Office. The organization will respond in accordance with applicable law and policy timelines.

8. Security measures

• Encryption: data encrypted at rest and in transit.
• Access controls: role-based access control (RBAC), least-privilege principles, and regular access reviews.
• Authentication: MFA and strong credential management.
• Auditing: immutable logs of user actions and system events.
• ** incident response**: documented procedures for detecting, reporting, and remediating security incidents.
• Data integrity: digital signatures, cryptographic hashes, and versioning to ensure traceability.

9. Data protection by design and by default

Privacy considerations are integrated into system design, development, and deployment. Data minimization, pseudonymization or anonymization where feasible, and regular privacy impact assessments (PIAs) are conducted.

10. Children’s privacy

ENDDS is not directed at children, and we do not knowingly collect data from individuals under the applicable age of consent. If you become aware of such data in your jurisdiction, please notify the DPO.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, organizational changes, or updates to the ETDDS platform. When material changes occur, we will provide notice as required by law and by contract with your organization.

• Contact your organization’s ENDDS administrator.
• For privacy-specific inquiries, contact the ENDDS Privacy Office at [contact email].
• If you are unsatisfied with the response, you may escalate to your national data protection authority.

13. Compliance and accountability

ENDDS and its administering organizations comply with applicable data protection laws (e.g., GDPR) and maintain documentation of processing activities, DPIAs, and security measures. Regular audits, staff training, and access reviews help ensure ongoing compliance.