Privacy Policy

We are committed to ensuring that your privacy is protected. This privacy policy sets out how the EBRD collects and processes your personal data through your use of this website, including any data you may provide through this website when you complete the Business Reorganisation Questionnaire and/or the NPL Survey.  For the purposes of this policy, personal data, or personal information, means any information about an individual from which that person can be identified.

We keep our privacy policy under regular review. We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 1 September 2020 and should be read in conjunction with the website's Terms and Conditions and Site Policy.

Information You Provide to Us

Any information and data that you voluntarily provide to us, including identity data and contact data, will be used for the sole purpose for which the information was provided to us. We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. From time to time, we may also use your information to contact you for research purposes. We may contact you by email, phone, or mail. In addition, communication exchanges on this website are public (not private) communications. Therefore, any message that you post on this website will be considered and treated as available for public use and distribution.

Information We Share

We do not sell or otherwise disclose personal data collected as set out above, except as described in this privacy policy. The information may also be shared with third-party service providers who perform services for the EBRD. These service providers are not authorised by the EBRD to use or disclose the personal data, except as necessary to perform specific services for the EBRD. The EBRD requires its partners and service providers to appropriately safeguard the privacy and security of personal data they process on the EBRD's behalf.

Specific Purpose of Processing

The purpose of data collection on this website is to conduct the Business Reorganisation Assessment and the NPL Survey and to provide information to the Legal Transition Team aimed at identifying potential areas for future technical assistance in the EBRD regions. We may also collect and process the personal data of visitors to this website.

Types of Processing

Any personal data collected on this website is done through manual and automated processes. The data collected on this site also undergoes automated processing for the sole purpose of website functionality and user experience. We use cookies to record information about how people use the web site. This information is then used to refine and develop the site so that it benefits our audience as much as possible. By using you are consenting to the EBRD sending one cookie to your web browser. If you do not consent to this you should cease using the website or change the cookie settings on your computer to restrict their use. Manual processing may be applied if problems are discovered on the site.

How We Protect the Information

We have put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data. These include reasonable measures to deal with any suspected data breach.

We are committed to the appropriate ongoing security and confidentiality of personal data by taking all reasonable and appropriate steps to protect the personal data that we hold from accidental or unauthorised destruction, loss, alteration, disclosure or access by unauthorised persons. We do this by having in place a range of appropriate technical and organisational measures.

There is always risk involved in sending information through any channel over the internet. You send information over the internet entirely at your own risk. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet and we do not warrant the security of any information, including personal data, which you transmit to us over the internet.

If you suspect any misuse or loss of or unauthorised access to your personal data please let us know immediately. If you think that EBRD did not process your personal data in accordance with the PDPR, you can submit a complaint to the Personal Data Review Panel in accordance with the EBRD Personal Data Complaint Review Procedure.

For further information about EBRD's obligations in respect of the security and confidentiality of personal data, please see Section IV, paragraph 4 of the EBRD Personal Data Protection Directive, the Information Security Policy and its implementing acts.

How Long We Keep the Information

Your personal data will be kept only as long as necessary for the purposes set out in this policy.

In determining the appropriate retention period for different types of personal data, we always consider the amount, nature, and sensitivity of the personal data in question, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we need to process it and whether we can achieve those purposes by other means (in addition of course to ensuring that we comply with our obligations under our policies, directives and procedures, as described above).

Once we have determined that we no longer need to hold your personal data, we will delete it from our Systems.

Your rights

Please note that you have various rights to your personal data, which we have set out below.

Right to access personal data

You may ask to obtain confirmation from the EBRD as to whether or not your personal data is being processed, and, where it is processed, to access certain relevant information about the data and the processing. Your rights will be subject to the restrictions on the right to access under applicable EBRD's policies and procedures.

For more information about this right of access, and if you wish to submit a request to exercise your right of access, please refer to Section IV, paragraphs 9 and 10 of the EBRD Personal Data Protection Directive and the EBRD Data Subject Requests Procedure.

Right to rectification

In the event that you identify inaccuracies or incompleteness in the personal data that EBRD holds about you, you have the right (i) to request that the EBRD rectifies such inaccuracies; or (ii) to supplement the personal data, as appropriate, for completeness.

For more information about this right to rectification, and if you wish to submit a request to exercise your right to rectification, please refer to Section IV, paragraphs 9 and 10 of the EBRD Personal Data Protection Directive and the EBRD Data Subject Requests Procedure.

Right to lodge a complaint

In the event that you have a complaint about the processing of your personal data by the EBRD, you have the right to lodge such a complaint to the EBRD's Personal Data Review Panel within 90 days of becoming aware of the EBRD's failure to process personal data in accordance with the PDPR.

For more information about this right to lodge a complaint, please refer to the EBRD Personal Data Complaint Review Procedure.

Please note that we may keep a record of your communications to help us resolve any issues which you raise.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during the period for which we hold your data.

How do we store and transfer your data internationally?

In connection with the purposes described in this External Privacy Notice, your personal data may be transferred to the following recipients located outside of your jurisdiction:

·       To other EBRD offices (including the London Headquarters and Resident Offices); 

·       To third parties (such as advisers to EBRD and suppliers to our business or providers of benefits); and 

·       To a cloud-based storage provider.

Please note that some of these third parties may, in turn, transfer your data internationally.

We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data internationally to third parties where they comply with a standard of protection of personal data equivalent to at least the level of protection established by the PDPR.


Please contact the Business Reorganisation Assessment Team on if you have any questions or concerns.