Notice Regarding Data Subject Rights Under EU Restrictive Measures Against Iran

An official website of the European Union How do you know?
1. EUROPA
2. EUR-Lex home
3. EUR-Lex - 52026XG02065 - EN

• Help
• Print
• Share Menu Search tips Need more search options? Use the Advanced search Document 52026XG02065

Notice for the attention of the data subjects to whom the restrictive measures provided for in Council Decision 2011/235/CFSP and Council Regulation (EU) No 359/2011 concerning restrictive measures directed against certain persons and entities in view of the situation in Iran apply

OJ C, C/2026/2065, 31.3.2026, ELI: http://data.europa.eu/eli/C/2026/2065/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

ELI: http://data.europa.eu/eli/C/2026/2065/oj

Expand all Collapse all Languages, formats and authentic version

• BG
• ES
• CS
• DA
• DE
• ET
• EL
• EN
• FR
• GA
• HR
• IT
• LV
• LT
• HU
• MT
• NL
• PL
• PT
• RO
• SK
• SL
• FI
• SV HTML

-

-

-

-

-

-

-

-

-

-

-

-

PDF - authentic OJ

-

-

-

-

-

-

-

-

-

-

-

• e-signature

-

-

-

-

-

-

-

-

-

-

-

-

How to verify the authenticity of the Official Journal Multilingual display

Display Text

| | Official Journal
of the European Union | EN

C series |

| | C/2026/2065 | 31.3.2026 |
Notice for the attention of the data subjects to whom the restrictive measures provided for in Council Decision 2011/235/CFSP and Council Regulation (EU) No 359/2011 concerning restrictive measures directed against certain persons and entities in view of the situation in Iran apply

(C/2026/2065)

The attention of data subjects is drawn to the following information in accordance with Article 16 of Regulation (EU) 2018/1725 of the European Parliament and of the Council (1).

The legal bases for this processing operation are Council Decision 2011/235/CFSP (2), as amended by Council Decision (CFSP) 2026/779 (3), and Council Regulation (EU) No 359/2011 (4), as implemented by Council Implementing Regulation (EU) 2026/776 (5).

The controller of this processing operation is the Council of the European Union represented by the Director-General of Directorate-General for External Relations (RELEX) of the General Secretariat of the Council and the department entrusted with the processing operation is RELEX.1 that can be contacted at:

| Council of the European Union |
| General Secretariat |
| RELEX.1 |
| Rue de la Loi/Wetstraat 175 |
| 1048 Bruxelles/Brussel |
| BELGIQUE/BELGIË |
| Email: sanctions@consilium.europa.eu |
The Data Protection Officer of the Council can be contacted at:

Data Protection Officer

data.protection@consilium.europa.eu

The purpose of the processing operation is the establishment and updating of the list of persons subject to restrictive measures in accordance with Decision 2011/235/CFSP, as amended by Decision (CFSP) 2026/779, and Regulation (EU) No 359/2011, as implemented by Implementing Regulation (EU) 2026/776.

The data subjects are the natural persons who fulfil the listing criteria as laid down in Decision 2011/235/CFSP and Regulation (EU) No 359/2011.

The personal data processed include data necessary for the correct identification of the person concerned, the statement of reasons and any other data related to the grounds for listing.

The legal bases for the handling of personal data are the Council Decisions adopted under Article 29 TEU and Council Regulations adopted under Article 215 TFEU designating natural persons (data subjects) and imposing the freezing of assets and travel restrictions.

Processing is necessary for the performance of a task carried out in the public interest in accordance with Article 5(1), point (a), and for compliance with legal obligations laid down in above-mentioned legal acts to which the controller is subject in accordance with Article 5(1), point (b), of Regulation (EU) 2018/1725.

Processing is necessary for reasons of substantial public interest in accordance with Article 10(2), point (g), of Regulation (EU) 2018/1725.

The Council may obtain personal data of data subjects from Member States and/or the European External Action Service. The recipients of the personal data are Member States, the European Commission and the European External Action Service.

All personal data processed by the Council in the context of EU autonomous restrictive measures will be retained for 5 years from the moment the data subject has been removed from the list of persons subject to the asset freeze or the validity of the measure has expired or, if a legal action is brought before the Court of Justice, until a final judgment has been handed down. Personal data contained in documents registered by the Council are kept by the Council for archiving purposes in the public interest, within the meaning of Art. 4(1), point (e), of Regulation (EU) 2018/1725.

The Council may need to exchange personal data regarding a data subject with a third country or international organisation in the context of the Council’s transposition of UN designations or in the context of international cooperation regarding the EU’s restrictive measures policy.

In the absence of an adequacy decision, or of appropriate safeguards, transfer of personal data to a third country or an international organisation is based on the following condition(s), pursuant to

Article 50 of Regulation (EU) 2018/1725:

| — | the transfer is necessary for important reasons of public interest; |

| — | the transfer is necessary for the establishment, exercise or defence of legal claims. |
No automated decision-making is involved in the processing of the data subject's personal data.

Data subjects have the right of information and the right of access to their personal data. They also have the right to correct and complete their data. Under certain circumstances, they may have the right to obtain the erasure of their personal data, or the right to object to the processing of their personal data or to ask for it to be restricted.

Decision No 2/2026 of the Secretary-General of the Council of the European Union laying down implementing rules concerning the application of Regulation (EU) 2018/1725 of the European Parliament and of the Council and the restriction of data subjects’ rights for the purpose of restrictive measures applies.

Data subjects can exercise these rights by sending an e-mail to the controller with a copy to the Data Protection Officer as indicated above.

Attached to their request, the data subjects must provide a copy of an identification document to confirm their identity (ID card or passport). This document should contain an identification number, country of issue, period of validity, name, address and date of birth. Any other data contained in the copy of the identification document such as photo or any personal characteristics may be blacked out.

Data subjects have the right to lodge a complaint with the European Data Protection Supervisor in accordance with Regulation (EU) 2018/1725 (edps@edps.europa.eu).

Before doing so, it is recommended that data subjects first try to obtain a remedy by contacting the controller and/or the Data Protection Officer of the Council.

(1) OJ L 295, 21.11.2018, p. 39.

(2) OJ L 100, 14.4.2011, p. 51.

(3) OJ L, 2026/779, 31.3.2026, ELI: http://data.europa.eu/eli/dec/2026/779/oj.

(4) OJ L 100, 14.4.2011, p. 1.

(5) OJ L, 2026/776, 31.3.2026, ELI: http://data.europa.eu/eli/reg_impl/2026/776/oj.

ELI: http://data.europa.eu/eli/C/2026/2065/oj

ISSN 1977-091X (electronic edition)

Top