Personal Data Protection Policy

Share this page:

The EBRD Personal Data Protection Policy and Directive were approved by the EBRD in 2021 and came into effect on the date of their approval.

The EBRD Personal Data Protection Policy sets out the core principles relating to personal data protection followed by the EBRD and it applies to all personal data processed by or on behalf of the Bank.

The EBRD Personal Data Protection Directive, which sits underneath the aforementioned Policy, sets out the rights and obligations of data subjects and the Bank in relation to processing of personal data.

The Personal Data Protection Policy and Directive are supported by the Personal Data Complaint Review Procedure and the Data Subject Requests Procedure.

  • The Personal Data Complaint Review Procedure sets out the process to be followed for complaints by data subjects who consider that the Bank has failed to process their personal data in accordance with the Personal Data Protection Policy and its implementing acts.
     
  • The Data Subject Requests Procedure sets out the process that should be followed by the data subjects and the EBRD when they request review, rectification or supplementing of their personal data and by the EBRD when dealing with such requests.

Submitting a Complaint

A data subject (or their legal representative), who considers that the Bank has failed to process personal data in accordance with the Personal Data Protection Policy and its implementing acts, may submit a complaint to the EBRD Personal Data Review Panel within 90 days of becoming aware of the alleged failure.

The complaint must be made in writing, preferably in English or in any other working language of the Bank (Russian, German or French) or, alternatively, in an official national language of the Bank’s recipient country. In each case the complaint should be prepared by completing the data subject complaint form available and submitted via one of the following methods:

(a) by delivery or post to the following address:

European Bank for Reconstruction and Development
For the attention of the Personal Data Review Panel
One Exchange Square
London EC2A 2JN
United Kingdom

(b) by email to the following address: PDReviewPanel@ebrd.com

When preparing the complaint, data subjects shall follow the format and content of the complaint form and provide information on, including but not limited to: (i) the reasons why the data subject considers that the Bank has failed to process personal data in accordance with the Personal Data Protection Policy and its implementing acts, (ii) the date on which the data subject was informed or became aware of the Bank's failure, and (iii) the remedy being sought.

Please note:

  • The Bank shall not accept any complaints made other than via the methods set out above.
  • The Bank shall not accept or respond to anonymous complaints.

For more information, please see the Personal Data Complaint Review Procedure.

Request access, rectification or supplement personal data

A data subject (or their legal representative) may submit a request to the Personal Data Management Officer in writing, preferably in English or in any other working language of the Bank (Russian, German or French) or, alternatively, in an official national language of the Bank’s recipient country. In each case, the Request shall be prepared by completing the data subject request form available and submitted via any of the following methods:

(a) by email to the following email address: DPOffice@ebrd.com

(c) by delivery or post to the following address:

European Bank for Reconstruction and Development
For the attention of the Personal Data Management Officer
One Exchange Square
London EC2A 2JN
United Kingdom

The Bank shall not accept any requests made other than via the methods set out above. For more information, please see the Data Subject Requests Procedure.

Following the data subject request, they may be requested to verify their identity. 

Share this page: