1. Without prejudice to the presumption of innocence, the competent authorities of the home and the host Member States shall update, in a timely manner, the corresponding IMI file with information regarding disciplinary actions or criminal sanctions which relate to a prohibition or restriction and which have consequences for the pursuit of activities by the holder of a European Professional Card under this Directive. In so doing they shall respect personal data protection rules provided for in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1) and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (2) . Such updates shall include the deletion of information which is no longer required. The holder of the European Professional Card as well as the competent authorities that have access to the corresponding IMI file shall be informed immediately of any updates. That obligation shall be without prejudice to the alert obligations for Member States under Article 56a.
2. The content of the information updates referred to in paragraph 1 shall be limited to the following:
(a) the identity of the professional;
(b) the profession concerned;
(c) information about the national authority or court which has adopted the decision on restriction or prohibition;
(d) the scope of the restriction or the prohibition; and
(e) the period for which the restriction or the prohibition applies.
3. Access to the information in the IMI file shall be limited to the competent authorities of the home and the host Member States, in accordance with Directive 95/46/EC. The competent authorities shall inform the holder of the European Professional Card of the content of the IMI file upon that holder’s request.
4. The information included in the European Professional Card shall be limited to the information that is necessary to ascertain its holder’s right to exercise the profession for which it has been issued, namely the holder’s name, surname, date and place of birth, profession, formal qualifications, and the applicable regime, competent authorities involved, Card number, security features and reference to a valid proof of identity. Information relating to professional experience acquired, or compensation measures passed, by the holder of the European Professional Card shall be included in the IMI file.
5. The personal data included in the IMI file may be processed for as long as it is needed for the purpose of the recognition procedure as such and as evidence of the recognition or of the transmission of the declaration required under Article 7. Member States shall ensure that the holder of a European Professional Card has the right at any time, and at no cost to that holder, to request the rectification of inaccurate or incomplete data, or the deletion or blocking of the IMI file concerned. The holder shall be informed of this right at the time the European Professional Card is issued, and reminded of it every two years thereafter. The reminder shall be sent automatically via IMI where the initial application for the European Professional Card was submitted online.
In the event of a request for deletion of an IMI file linked to a European Professional Card issued for the purpose of establishment or temporary and occasional provision of services under Article 7(4), the competent authorities of the host Member State concerned shall issue the holder of professional qualifications with evidence attesting to the recognition of his professional qualifications.
6. In relation to the processing of personal data in the European Professional Card and all IMI files, the relevant competent authorities of the Member States shall be regarded as controllers within the meaning of point (d) of Article 2 of Directive 95/46/EC. In relation to its responsibilities under paragraphs 1 to 4 of this Article and the processing of personal data involved therein, the Commission shall be regarded as a controller within the meaning of point (d) of Article 2 of Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (3) .
7. Without prejudice to paragraph 3, host Member States shall provide that employers, customers, patients, public authorities and other interested parties may verify the authenticity and validity of a European Professional Card presented to them by the Card holder.
The Commission shall, by means of implementing acts, lay down rules concerning access to the IMI file, and the technical means and the procedures for the verification referred to in the first subparagraph. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 58(2).]
Textual Amendments
F1 Inserted by Directive 2013/55/EU of the European Parliament and of the Council of 20 November 2013 amending Directive 2005/36/EC on the recognition of professional qualifications and Regulation (EU) No 1024/2012 on administrative cooperation through the Internal Market Information System (‘the IMI Regulation’) (Text with EEA relevance).
Textual Amendments
F1 Inserted by Directive 2013/55/EU of the European Parliament and of the Council of 20 November 2013 amending Directive 2005/36/EC on the recognition of professional qualifications and Regulation (EU) No 1024/2012 on administrative cooperation through the Internal Market Information System (‘the IMI Regulation’) (Text with EEA relevance).