The Fraud Notification System (FNS) is made available to the public as a web-based information system that may be used to submit information to OLAF which may be relevant in the fight against fraud, corruption and any other illegal activity affecting the financial and other interests of the EU. All messages are recorded by administrative staff of the Quality Assurance Team (QAT) of OLAF.C.1, some of them analysed by selectors of OLAF.0.1 and some of them further exploited by investigators from the operational directorates, OLAF.A and OLAF.B. Relevant information is noted and processed according to standard procedures.
The processing of data submitted will not be used for automated decision making, including profiling.
The legal basis for this processing operation is Regulation 883/2013, Regulation 2185/96, and Regulation 2988/95, in accordance with Article 5 paragraph 1 point (a) of Regulation (EU) 2018/1725.
OLAF collects information voluntary supplied by users of the system in a questionnaire, including a free text field. If the user chooses to register for further communication, OLAF collects the further information transmitted in all subsequent communications between OLAF and the user. This information is recorded on a dedicated server, and used as a source of intelligence/evidence.
OLAF also collects the following information about the users of the system: date and time of message, language they have chosen, content of the message which may include their own personal data.
Responsible OLAF C.1. (QAT), 0.1 and A & B staff has access. In addition, information which does not fall under the competence of OLAF, which is insufficient to justify the opening of an investigation or coordination case by OLAF or which does not fall within OLAF's Investigative Policy Priorities (IPP) may be passed to the relevant services in the EU Institutions, bodies, offices and agencies and to the relevant anti-fraud authorities in the Member States.
In order to protect your personal data, a number of technical and organisational measures have been put in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the data being processed. Organisational measures include restricting access to the data to authorised persons with a legitimate need to know for the purposes of this processing operation.
Your personal data may be retained in OLAF’s files which are stored for a maximum of 15 years after the dismissal or, where an investigation or coordination case was opened, after the closure thereof.
Improper and pointless messages will be deleted immediately.
You have the right to request access to your personal data, rectification or erasure of the data, or restriction of their processing. You have also the right to object to the processing of your data.
Any request to exercise one of those rights should be directed to the Controller (OLAF-FMB-DATA-PROTECTION@ec.europa.eu). Where you wish to exercise your rights in the context of one or several specific processing operations or files, please provide their description and reference(s) in your request.
Exceptions and restrictions based on Regulation (EU) 2018/1725 and relevant Commission Decisions may apply.
You may contact the Data Protection Officer of OLAF (OLAF-FMB-DPO@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.
You have the right to have recourse to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by OLAF.