PROTECTION OF YOUR PERSONAL DATA
This privacy statement provides information about the processing and the
protection of your personal data when using EUSurvey for creating and
managing surveys.
Version 1.0, 2020/06/10
Processing operation:
EUSurvey
Data Controller:
The European Commission (or the “Commission”)
Record reference:
DPR-EC-01488
Introduction
The European Commission (hereafter the “Commission”) is committed to
protect your personal data and to respect your privacy. The Commission
collects and further processes personal data pursuant to
Regulation (EU) N° 2018/1725
of the European Parliament and of the Council of 23 October 2018 on the
protection of natural persons with regard to the processing of personal
data by the Union institutions, bodies, offices and agencies and on the
free movement of such data (repealing Regulation (EC) No 45/2001).
This privacy statement explains the reason for the processing of your
personal data, the way we collect, handle and ensure protection of all
personal data provided, how that information is used and what rights you
have in relation to your personal data. It also specifies the contact
details of the responsible Data Controller with whom you may exercise your
rights, the Data Protection Officer and the European Data Protection
Supervisor.
The information in relation to the processing operations via the EUSurvey
application undertaken by the Commission are presented below i.e. this
privacy statement explains how your personal data is handled when you
register as a user of EUSurvey and use the service to create surveys. It
does not cover the data protection aspects linked to the surveys you
create, i.e., when creating a survey you will need to include a specific
privacy statement in the survey itself if your survey collects and process
personal data.
Purpose of the processing operations: The Commission, through EUSurvey,
collects and uses your personal information for the purpose of enabling
you, as a user, to connect to the EUSurvey application and use the service
for creating and publishing online questionnaires. Your contact details
(email address, first name and last name) may also be used for contacting
you for support and quality management purposes.
Your personal data will not be used for an automated decision-making
including profiling.
Please note that the Commission is not responsible for the privacy policies
or practices carried out by the people or organisations using the EUSurvey
application and service to create and publish a survey. All personal data
collected within such a survey will be processed by and under the
responsibility of the survey owner or survey owner’s organisation.
Individuals and organisations using EUSurvey to organize a survey have
the legal obligation to create and publish their own privacy statement
when collecting personal data.
We process your personal data, because:
“the data subject has given consent to the processing of his or her
personal data for one or more specific purposes.”
You have/will give(n) the aforementioned consent by accepting the present
privacy statement. Accepting this privacy statement is required before
entering the application and using the service.
You may exercise your right to withdraw your consent by contacting the Data
Controller using the contact form.
In order to provide the EUSurvey services, through the processing
operations, the Commission collects the following categories of personal
data:
To be identified by the system, the user needs a couple login / password,
which is managed by the EULogin
[1]
service. For further information on how EULogin is processing your personal
data, please refer to the
EULogin privacy statement
.
Some personal data are accessible from the EUSurvey application under the
‘Settings’ tab:
• Full name (first name and last name)
• Email address
Full name and Email address are data retrieved by an automatic process from
EULogin and the European Commission's Central User Database, which is
stored at the Data Centre of the European Commission. The Data Centre of
the European Commission is bound to comply with Regulation (EU) N°
2018/1725 and with any Commission's security decision and provision
established by the Directorate General of Security and Human Resources for
this kind of servers and services.
3.3 Europa Analytics
Europa Analytics
is the corporate service that monitors and evaluates the effectiveness and
efficiency of the European Commission's websites on Europa. Europa
Analytics is based on the open source analytics platform “Matomo” and is
installed on a webserver. Both the infrastructure and software are under
the full control of the European Commission and comply with the current EU
data protection legislation.
EUSurvey is using Europa Analytics for traffic statistics and analytics.
You can find more information on the Data Protection Information and
measures, the ‘do not track’ preference and other information on the
Europa Analytics
website.
The Commission only keeps your personal data for the time necessary to
fulfil the purpose of the survey.
As long as you are an EU staff member, your user account remains active
and your personal data is therefore retained. However, you can, at any
time, ask the EUSurvey team to terminate your account if you no longer
wish to use the service. In this case, your user account, all
associated data and all surveys and results will be permanently
deleted.
4.2 EUSurvey external user
As an external user, you can, at any time, ask the EUSurvey team to
terminate your account if you no longer wish to use the service. The
corresponding account, all associated data, and all surveys and results
will be permanently deleted.
In addition, unused external user accounts are deleted after a period of
inactivity of 2 years.
All personal data are stored on the servers of the European Commission’s
Data Centre. All processing operations are carried out pursuant to the
Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the
security of communication and information systems in the European
Commission.
In order to protect your personal data, the Commission has put in place a
number of technical and organisational measures. Technical measures include
appropriate actions to address online security, risk of data loss,
alteration of data or unauthorised access, taking into consideration the
risk presented by the processing and the nature of the personal data being
processed. Organisational measures include restricting access to the
personal data solely to authorised persons with a legitimate need to know
for the purposes of the processing operations.
The security of your personal data is important to us but remember that no
method of transmission over the Internet, or method of electronic storage,
is 100% secure. While we strive to use means to protect your personal data,
we cannot guarantee its absolute security.
Access to your personal data is provided to the Commission staff
responsible for carrying out this processing operations and to authorised
staff according to the “need to know” principle. Such staff abide by
statutory, and when required, additional confidentiality agreements.
As a result, the staff managing the EUSurvey application have access to
your personal data.
This includes:
• The Commission EUSurvey team for purposes of system support and
maintenance.
• The infrastructure administrators.
The information we collect will not be given to any third party, except to
the extent and for the purpose we may be required to do so by law.
The Commission will not share user personal data with third parties for
direct marketing. In other words, the Commission will not use your personal
data to contact you with newsletters, marketing or promotional information.
However, we may use your email address to contact you with information or
updates regarding EUSurvey.
You have specific rights as a ‘data subject’ under Chapter III (Articles
14-25) of Regulation (EU) 2018/1725, in particular the right to access your
personal data, and, to rectify them, in case your personal data are
inaccurate or incomplete. Where applicable, you have the right to erase
your personal data, to restrict the processing of your personal data, to
object to the processing, and the right to data portability.
You can exercise your rights by contacting the Data Controller, or, in case
of conflict, the Data Protection Officer.
Please note that your first name, last name and email address are taken
from EULogin and can only be modified there. EUSurvey is automatically
updated according to EULogin data. At first login, your account is
automatically created using data extracted from the EULogin database. Other
personal data can be modified from the
EUSurvey Settings page
. If not possible, please contact us using the contact form.
This Privacy Statement will remain in effect except with respect to any
changes in its provisions in the future, which will be in effect
immediately after being posted on the EUSurvey application and accepted by
the user. In case of any changes to this Privacy Statement, we will notify
you by placing a prominent acceptation message on the EUSurvey application
immediately after the login. You will be requested to read and accept the
new Privacy Statement.
If you would like to exercise your rights under Regulation (EU) 2018/1725,
or if you have comments, questions or concerns, or if you would like to
submit a complaint regarding the collection and use of your personal data,
please feel free to contact the Data Controller using the contact form.
You have the possibility to contact the EUSurvey support team, using the contact form, in
order to permanently delete your account in case you no longer need to use
the Service.
You may also contact the Commission’s Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data
under Regulation (EU) 2018/1725.
You have the right to have recourse (i.e. you can lodge a complaint) to the
European Data Protection Supervisor (edps@edps.europa.eu) if you
consider that your rights under Regulation (EU) 2018/1725 have been
infringed as a result of the processing of your personal data by the Data
Controller.
The European Data Protection Supervisor is acting as an independent
supervisory authority. The EDPS makes sure that all EU institutions and
bodies respect people’s right to privacy when processing their personal
data.
9. WHERE TO FIND MORE DETAILED INFORMATION?
The Commission Data Protection Officer (DPO) publishes the register of all
processing operations on personal data by the Commission, which have been
documented and notified to him. You may access the register via the
following link:
https://ec.europa.eu/dpo-register
.
This specific processing operation has been included in the DPO’s public
register with the following Record reference: DPR-EC-01488
[1]
EULogin is the Authentication Service of the European Institutions
based on SSO (Single-Sign On) technology.
