Processing of personal data related to the EU Agencies Network (EUAN)
The processing of the personal data is carried out under the responsibility of the Agency coordinating the EUAN, acting as data controller during its term of chairmanship.
This processing operation is subject to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
1. Description and Purpose of the Processing Operation
The EU decentralised Agencies and Joint Undertakings (herein, “EU Agencies”) work on a wide range of areas, providing services, information and knowhow to the general public and numerous stakeholders from EU industries, institutions, and Member states. Each agency deals with a specific legal, technical or scientific task, with the purpose of helping EU institutions, agencies and bodies and Member States implement EU policies more efficiently.
To build upon this vast array of work, the EU Agencies have formed the EUAN, as a collective voice to coordinate common actions, exchange information and agree positions of shared interest, with the EU Agencies website working as the main communication channel, both between the EU Agencies and to the general public.
The EU Agencies website does not collect any other personal data from the general public than the data required for the technical functioning of the website, or to help us store user preferences and track usage trends on an aggregated basis. For this, we may collect some data on your browsing experience. This information is used to gather aggregated and anonymous statistics with a view to improving our services.
The website also includes a login area for EU Agencies created as a shared space for the network members to exchange relevant documents and files. The restricted area can be accessed with the EU login or with credentials created by the EUAN Shared Support Office (SSO). For the creation of the latter SSO collects and processes personal data.
Documents in the open area and in the restricted area of the website are uploaded by either the EUAN members themselves or, under the instructions of the Agency coordinating the EUAN, by the SSO. Notwithstanding this, the originators of documents are responsible for ensuring that the information shared complies with the data protection rules applicable to them.
The processing of your data will not be used for an automated decision making, including profiling.
2. Identity of the Data Controller
The data controller for processing of personal data related to the EUAN is the Agency coordinating the EUAN, during its term of chairmanship. The contact point is the SSO email@example.com.
The website is hosted by the European Union Intellectual Property Office (EUIPO).
The SSO may also process personal data on behalf of the Agency coordinating the EUAN.
3. Legal Basis for the Processing
The legal basis of the processing operation are:
- Article 5. 1 (a) and recital 17 of the EUDPR, second sentence, the processing is required for the functioning of the EUAN;
- Other legal basis: Terms of Reference of the EU Agencies Network (05/2018)
4. Categories of personal data collected
Cookies and trackers:
Cookies and trackers are used to gather aggregated and anonymous statistics with a view to improving our services.
We track in our statistics module (Matomo) anonymized IPs, devices and the country.
Restricted area including credentials:
- First name
- E-mail address
- Phone number
- Job title
- Place of employment
- Work position/occupation
- Section / Unit
- Membership and login history
- EU login or credentials produced by the SSO
5. Who has access to your information and to whom is it disclosed?
Personal data included in documents which are uploaded in the restricted area of the website and contact details of EUAN members who have a user account are accessible to other members and to authorised staff of the SSO.
Personal data included in documents which are uploaded in the open area of the website (such as names of Heads of Agencies, name and position of speakers and panellists at events) are accessible to the general public.
Other than this, personal data collected through the EU Agencies website is made accessible only to the IT Administration teams of the EU Agency acting as processor to ensure the management of the website (currently EUIPO) and its subprocessor, for operational purposes and incident resolution, if required.
Your personal data is not used for any other purposes nor disclosed to any other recipient.
6. Transfers to third countries or International Organisations
All personal data related to the management of the EU Agencies website is stored in EU territory and there is no intent to transfer your personal data to any third country or International Organization.
7. How long do we keep your data?
Personal data of the site users is managed on an aggregated basis, and only stored for 12 months in backup systems for data restoration purposes. At the end of this period EUIPO deletes the data.
Personal data included in the directory is kept for as long as it is not deleted or modified by the data subject or an authorised user of his/her Agency or until the requested deletion or modification has been processed by the SSO. .
Your personal data is kept only for the time necessary to achieve the purpose for which they are processed.
8. How do we protect and safeguard your information?
All personal data related to the management of the EU Agencies website is stored in secure IT systems In the EU territory, according to the relevant security standards.
The systems and servers are password protected and require an authorised username and password to access. The information is stored securely to safeguard the confidentiality and privacy of the data therein.
All persons dealing with personal data in the context of the management of log files, at any stage, shall sign a confidentiality declaration and/or non-disclosure agreement.
In order to protect your personal data, a number of technical and organisational measures have been put in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the data being processed. Organisational measures include restricting access to certain data to authorised persons with a legitimate need to know for the purposes of this processing operation.
The collection of data by cookies and trackers, the aggregation and anonymisation of this data are performed in the data centre of the EUIPO under adequate security measures.
9. What are your rights and how you can exercise them?
As a data subject, you have the right to request from the controller access to and rectification or erasure of your personal data or restriction of processing it or to object to processing. You have the right to the portability of your data. You have the right to withdraw the consent to process your personal data.
Exceptions based on Regulation 2018/1725 may apply.
Should you consider that your data is processed unlawfully by the Controller, you can contact the Data Protection Officer by writing to firstname.lastname@example.org. You also have the right to lodge a complaint with the European Data Protection Supervisor. email@example.com.