PROTECTION OF YOUR PERSONAL DATA

This privacy statement provides information about the processing and the protection of your personal data when using EUSurvey for creating and managing surveys.

Version 1.0, 2020/06/10

Processing operation: EUSurvey

Data Controller: The European Commission (or the “Commission”)

Record reference: DPR-EC-01488

Introduction

The European Commission (hereafter the “Commission”) is committed to protect your personal data and to respect your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) N° 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

The information in relation to the processing operations via the EUSurvey application undertaken by the Commission are presented below i.e. this privacy statement explains how your personal data is handled when you register as a user of EUSurvey and use the service to create surveys. It does not cover the data protection aspects linked to the surveys you create, i.e., when creating a survey you will need to include a specific privacy statement in the survey itself if your survey collects and process personal data.

1. WHY AND HOW DO WE PROCESS YOUR PERSONAL DATA?

1.1 Personal data collected for user management

Purpose of the processing operations: The Commission, through EUSurvey, collects and uses your personal information for the purpose of enabling you, as a user, to connect to the EUSurvey application and use the service for creating and publishing online questionnaires. Your contact details (email address, first name and last name) may also be used for contacting you for support and quality management purposes.

Your personal data will not be used for an automated decision-making including profiling.

1.2 Personal data collected via online surveys

Please note that the Commission is not responsible for the privacy policies or practices carried out by the people or organisations using the EUSurvey application and service to create and publish a survey. All personal data collected within such a survey will be processed by and under the responsibility of the survey owner or survey owner’s organisation.

Individuals and organisations using EUSurvey to organize a survey have the legal obligation to create and publish their own privacy statement when collecting personal data.

2. ON WHAT LEGAL GROUND(S) DO WE PROCESS YOUR PERSONAL DATA

We process your personal data, because:

“the data subject has given consent to the processing of his or her personal data for one or more specific purposes.”

You have/will give(n) the aforementioned consent by accepting the present privacy statement. Accepting this privacy statement is required before entering the application and using the service.

You may exercise your right to withdraw your consent by contacting the Data Controller using the contact form.

3. WHICH PERSONAL DATA DO WE COLLECT AND FURTHER PROCESS?

In order to provide the EUSurvey services, through the processing operations, the Commission collects the following categories of personal data:

3.1 Credentials

To be identified by the system, the user needs a couple login / password, which is managed by the EULogin [1] service. For further information on how EULogin is processing your personal data, please refer to the EULogin privacy statement .

3.2 User data

Some personal data are accessible from the EUSurvey application under the ‘Settings’ tab:

• Full name (first name and last name)

• Email address

Full name and Email address are data retrieved by an automatic process from EULogin and the European Commission's Central User Database, which is stored at the Data Centre of the European Commission. The Data Centre of the European Commission is bound to comply with Regulation (EU) N° 2018/1725 and with any Commission's security decision and provision established by the Directorate General of Security and Human Resources for this kind of servers and services.

3.3 Europa Analytics

Europa Analytics is the corporate service that monitors and evaluates the effectiveness and efficiency of the European Commission's websites on Europa. Europa Analytics is based on the open source analytics platform “Matomo” and is installed on a webserver. Both the infrastructure and software are under the full control of the European Commission and comply with the current EU data protection legislation.

EUSurvey is using Europa Analytics for traffic statistics and analytics. You can find more information on the Data Protection Information and measures, the ‘do not track’ preference and other information on the Europa Analytics website.

4. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

The Commission only keeps your personal data for the time necessary to fulfil the purpose of the survey.

4.1 EU staff member (internal user)

As long as you are an EU staff member, your user account remains active and your personal data is therefore retained. However, you can, at any time, ask the EUSurvey team to terminate your account if you no longer wish to use the service. In this case, your user account, all associated data and all surveys and results will be permanently deleted.

4.2 EUSurvey external user

As an external user, you can, at any time, ask the EUSurvey team to terminate your account if you no longer wish to use the service. The corresponding account, all associated data, and all surveys and results will be permanently deleted.

In addition, unused external user accounts are deleted after a period of inactivity of 2 years.

5. HOW DO WE PROTECT AND SAFEGUARD YOUR PERSONAL DATA?

All personal data are stored on the servers of the European Commission’s Data Centre. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of the processing operations.

The security of your personal data is important to us but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use means to protect your personal data, we cannot guarantee its absolute security.

6. WHO HAS ACCESS TO YOUR PERSONAL DATA AND TO WHOM IS IT DISCLOSED?

Access to your personal data is provided to the Commission staff responsible for carrying out this processing operations and to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

As a result, the staff managing the EUSurvey application have access to your personal data.

This includes:

• The Commission EUSurvey team for purposes of system support and maintenance.

• The infrastructure administrators.

The information we collect will not be given to any third party, except to the extent and for the purpose we may be required to do so by law.

The Commission will not share user personal data with third parties for direct marketing. In other words, the Commission will not use your personal data to contact you with newsletters, marketing or promotional information. However, we may use your email address to contact you with information or updates regarding EUSurvey.

7. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access your personal data, and, to rectify them, in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.

You can exercise your rights by contacting the Data Controller, or, in case of conflict, the Data Protection Officer.

Please note that your first name, last name and email address are taken from EULogin and can only be modified there. EUSurvey is automatically updated according to EULogin data. At first login, your account is automatically created using data extracted from the EULogin database. Other personal data can be modified from the EUSurvey Settings page . If not possible, please contact us using the contact form.

This Privacy Statement will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on the EUSurvey application and accepted by the user. In case of any changes to this Privacy Statement, we will notify you by placing a prominent acceptation message on the EUSurvey application immediately after the login. You will be requested to read and accept the new Privacy Statement.

8. CONTACT INFORMATION

8.1. The Data Controller

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the contact form.

You have the possibility to contact the EUSurvey support team, using the contact form, in order to permanently delete your account in case you no longer need to use the Service.

8.2. The Data Protection Officer (DPO) of the Commission

You may also contact the Commission’s Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

8.3. The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

The European Data Protection Supervisor is acting as an independent supervisory authority. The EDPS makes sure that all EU institutions and bodies respect people’s right to privacy when processing their personal data.

9. WHERE TO FIND MORE DETAILED INFORMATION?

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register .

This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-01488

[1] EULogin is the Authentication Service of the European Institutions based on SSO (Single-Sign On) technology.