Skip to main content

Protecting your privacy is of the utmost importance to Due Diligence Helpdesk on EU Sanctions for EU SMEs dealing with Iran (‘the Helpdesk’ or ‘us’). The Helpdesk is committed to respecting and protecting your personal data and ensuring your rights as a data subject. All data of a personal nature that identifies you directly or indirectly will be handled fairly, lawfully and with due care.

The Helpdesk uses your data to provide and improve its services. By using our website, you agree to the collection and use of information in accordance with this policy.

Data security disclaimer

This processing operation is subject to Regulation (EU) 2016/679 "GDPR" and Regulation (EU) 2018/1725 "IDPR". 

1. What is the nature of the processing operation and what do we do with your data?

Personal data is processed for the purposes of communication/transparency to provide and make available information on the Helpdesk activities/initiatives/events, etc.

The Helpdesk uses the collected data from the website for various purposes:

• To compile project statistics for project reporting purposes;

• If you are using the Helpdesk service, to ask for more information about your query in the case that clarifications are needed; to send an answer to your sanctions questions; ask your feedback about the usefulness of the answers provided; and in limited instances, to follow up on your case; 

• If you attend a webinar, to send you information about the services or event as well as a follow-up email with useful materials (when relevant);

  • To publish pictures and/or audio-visual items on social media and on the Helpdesk website;

• In addition, you may exceptionally be contacted by our services in very limited instances – e.g. information about an update to the privacy policy, offering collaboration opportunities, or for a survey about user needs and service improvements.

2. What personal data do we process?

The categories/types of personal data processed are the following: 

The types of personally identifiable information that may be collected upon registration include information needed in order to provide the helpdesk services, to understand your request, to provide you with the best Due Diligence checks support possible in relation to your entity or partner; or needed for project statistics (e.g. first name and last name, name of your organisation, address, country, e-mail address, telephone number, type of entity, sector, information about your satisfaction and use of our services, etc.).

3. Who is responsible for processing the data?

The data controller of the processing operation is the Service for Foreign Policy Instruments (FPI), which acts under the powers delegated by the European Commission. Personal data is processed by the consortium members of the Helpdesk. These members are based in the European Economic Area (“EEA”), who process the data solely for the purposes of the Helpdesk and its operations, in compliance with the EU’s Internal and General Data Protection Regulations [see respective regulations (EU) 2018/1725 and (EU) 2016/679]. None of the data is sold to third parties or transferred outside of the EEA. 

4. Who has access to your personal data and to whom is it disclosed?

Images and other audio-visual items are published on the websites and social media and available to the general public. Other personal data is only accessible by the Helpdesk and the controller, as well as the bodies charged with monitoring or inspection tasks in the application of EU law (e.g. internal audits, Court of Auditors, European Anti-fraud Office (OLAF)) and other EU institutions on a need-to-know basis. Personal data is not used for any other purposes or disclosed to any other recipient nor third countries or international organisations. 

5. How do we protect and safeguard your information?

We take appropriate technical and organisational measures to safeguard and protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. All personal data related to the projects’ procedures is stored in secure IT applications according to the Helpdesk security standards, as well as in specific electronic folders accessible to authorised recipients only. Appropriate levels of access are granted individually only to the abovementioned recipients. The database is password-protected under a single sign-on system and connected automatically to the user’s ID. E-records are held securely to safeguard the confidentiality and privacy of the data therein.

6. How can you access your personal information and, if necessary, correct it? How can you receive your data? How can you request that your personal data be erased, or restrict or object to its processing?

You have the right to access, rectify, erase your personal data, as well as restrict its processing or object to the same, as provided in Articles 17 to 24 of Regulation (EU) 2018/1725. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. You have the right to request an explanation of the information that the Helpdesk has about you and how the Helpdesk uses that information. You also have the right to receive a copy of the information that the Helpdesk collects about you if collected on the basis of consent or because the Helpdesk requires the information to provide the services that you request. You also have the right to have your data completely removed from our database. Please note that we may retain certain information about you as required by law and for legitimate business purposes permitted by law. To modify or remove your personal information completely from our website and database, please send an email to:

Your request will be answered without undue delay, and in any event within 1 month of receipt of the request. However, according to Article 14(3) of Regulation (EU) 2018/1725, this period may be extended by up to 2 months where necessary, taking into account the complexity and number of requests. The Helpdesk will inform you of any such extension within 1 month of receipt of the request, together with the reasons for the delay. Alternatively, note that you can log in to your profile and edit your own data at any time.

Third-party platforms

Finally, it may be possible that the Helpdesk website contains links to other sites whose data processing practices are different from ours. Neither the consortium partners nor the European Commission are responsible for the privacy practices implemented on any of these external sites. You should be aware of this when leaving the Helpdesk website, and we encourage you to read the privacy statements on such external websites, as we have no control over the information that is submitted to or collected by these third parties. We also use third-party platforms to carry out some of our services for you and you can find their privacy policies separately on their website.

7. What is the legal basis for processing your data?

Personal data is processed in accordance with Article 5(1)(a) of Regulation (EU) 2018/1725, which states that ‘processing is necessary for the performance of a task carried out in the public interest’. Personal data is collected and processed in accordance with the contract signed between the Helpdesk Contracting Authority, namely the Service for Foreign Policy Instruments, and the Contractor Team, namely SD Policies Limited, Development Solutions Europe Ltd, Dentons Europe, The Governance Group, and Bedaan Inc.

8. How long can data be kept?

Personal data will be kept only for the time needed to achieve the purpose for which it is processed. All data related to the Helpdesk will be stored for the duration of the Helpdesk services 2020-2022. Information will be shared on the website and in the media and is stored for as long as the European Commission considers it appropriate. In the event of a formal appeal, all data held at the time of the appeal will be retained until the completion of the appeal process. 

9. Contact information

Should you have any queries on the processing of your personal data, please address them to the data controller, the Service for Foreign Policy instruments, at

You shall have the right of recourse at any time to the European Data Protection Supervisor at

10. Links to other websites

It may be possible that the Helpdesk web pages contain links to other sites whose privacy practices may differ. Neither the Helpdesk nor the European Commission, nor FPI are responsible for the Privacy Policy of these websites. We encourage you to read the privacy statements on other websites you visit, as we have no control over information that is submitted to, or collected by, these third parties.