EEAS PRIVACY STATEMENT - DATA PROTECTION NOTICE

FOR THE PURPOSE OF
PROCESSING PERSONAL DATA RELATED TO CAMPAIGN

Dubai Expo 2020

VIA EUEXPLORE.EU WEBSITE

1. INTRODUCTION

The protection of your personal data and privacy is of great importance to the European External Action Service (EEAS), including the Delegations of the European Union. You have the right under EU law to be informed when your personal data is processed [e.g. collected, used, stored] as well as about the purpose and details of that processing.

When handling personal data, we respect the principles of the Charter of Fundamental Rights of the European Union, and in particular Article 8 on data protection. Your personal data are processed in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, aligned with Regulation (EU) 2016/679, the General Data Protection Regulation. In this privacy statement you find information about how the EEAS and EU Delegations process your personal data and what rights you have as a data subject.

2. PURPOSE OF DATA PROCESSING: Why do we process your data?

The purpose of the present processing activity is to facilitate the #EUatEXPO Social Media awareness raising campaign, which aims for the EU to project its geopolitical and economic interests and highlight its role in tackling global challenges by engaging with citizens, key policy makers and influencers in the region and beyond. When you send us an e-mail, we collect your data to be able to respond to your question or request.

Description

  • The website is hosted by OVH SAS on a Digital Ocean server located in France.
  • The URL code is neutral, identical for all visitors and does not contain any additional information (like the source of the link)
  • Google Analytics (https://analytics.withgoogle.com) is used to analyse the performance of the site, for more information please see the privacy policy of Google: https://analytics.withgoogle.com
  • Users can share the site URL or the videos using the buttons on the website on their own social media accounts or visit the Twitter, Facebook or Instagram pages of the EEAS via a link
  • Users can send a message using the “Write to us via our contact form” to Europe Direct The privacy statement of Europe Direct can be found on: https://europa.eu/european-union/contact/data-protection_en.
  • The “Contact us” function opens a page which enables the user
    • to visit the Twitter page of the Ambassador and the Deputy Commissioner General,
    • visit different sites of the EU Delegation to the United Arab Emirates and
    • to send an e-mail to different EEAS e-mail boxes using the user’s e-mail software.

3. DATA PROCESSED: What data do we process?

Clicking on the “contact us” button activates your e-mail software and invites you to send your comments to a specific mailbox. You can freely edit the draft e-mail so created or not send it at all.

When you send such a message, the following personal data is collected:

  • E-mail address
  • Name
  • Content of the e-mail

Clicking on the “Write to us via our contact form” link opens a contact form with the following data:

  • First name
  • Last name
  • Email address
  • Nationality
  • Country of residence
  • Preferred contact language
  • Alternative contact language (optional)
  • Enquiry

Your e-mail or your message may be forwarded to another service within the EEAS if the team responsible for the mailbox is unable to answer your question or handle your request. An e-mail will inform you about which service your question has been forwarded to.

If you consent to it, cookies are placed on your device to analyse the performance of the site. You can decide to exclude cookies from your navigation by clicking on the “Do not track” button.

If you click on any “share” button, you can share content using you own social media account. You can also visit the Twitter, Instagram, Flickr and Facebook pages of the EEAS. You can find information how these social media providers process your personal data on the Twitter, Flickr, Facebook, Instagram privacy pages. If you click on the “E-mail” button, your e-mail software will be activated and will invite you to send the link to the page and any comments to a mailbox you define. You can freely edit the draft e-mail so created or not send it at all.

4. DATA CONTROLLER: Who is entrusted with processing your data?

The data controller determining the purpose and the means of the processing activity is the European External Action Service (EEAS). The EEAS Division entrusted with managing the personal data processing

under the supervision of the Head of Division is the following organisational entity:

SG.STRAT.2 - Strategic Communications Division

5. RECIPIENTS OF THE PERSONAL DATA: Who has access to your data?

The recipients of your data may be

  • EEAS assigned staff – STRATCOM 1/2 and the service assigned to answer your question or handle your request.
  • Lunar, the company developing and operating the website (to the analytics data)

Personal data is not intended to be transferred to a third country or an international organisation, except where necessary for providing access to recipients as described above. In case of international transfers appropriate safeguards are ensured in accordance with Chapter V of Regulation (EU) 2018/1725. The given information will not be communicated to third parties, except where necessary for the purposes outlined above.

6. ACCESS, RECTIFICATION AND ERASURE OF DATA: What rights do you have?

You have the right of access to your personal data and the right to correct your inaccurate, or incomplete personal data taking into account the purpose of the processing. The right of rectification can only apply to factual data processed. Under certain conditions, you have the right to ask the deletion of your personal data or restrict their use as well as to object at any time to the processing of your personal data on grounds relating to your particular situation. We will consider your request, take a decision and communicate it to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary. For more detailed legal references, you can find information in Articles 14 to 21, 23 and 24 of Regulation (EU) 2018/1725. In specific cases, restrictions under Article 25 of the Regulation may apply. If you wish to exercise your rights or have questions concerning the processing of your personal data, you may address them to the Data Controller via the functional mailbox:

WEBSITE@eeas.europa.eu

7. LEGAL BASIS: On what grounds we collect your data?

The processing of personal data related to the “Campaign Expo’s Social Media” organised by the EEAS is necessary for the performance of a task carried out in the public interest (to respond to your questions and requests) and for the management and functioning of the EEAS (to analyse the performance of the site)[Article 5(1)(a) of Regulation (EU) 2018/1725], as mandated by the Treaties, in particular by articles 5, 11, 20, 21-40, 42, 43 of the of the Treaty on European Union (TEU) and 2 (4) and (5), 205, 220-221, 326 – 334 of the Treaty on the Functioning of the European Union (TFEU).

Not technically necessary cookies are only set when you give your consent.

Further legal reference: Council Decision of 26 July 2010 establishing the organisation and functioning of the EEAS (2010/427/EU) – OJ L 201, 3/8/2010, p. 30.

8. TIME LIMIT FOR DATA STORED & SECURITY MEASURES: For what period and how we process your data?

Correspondence is kept for a maximum period of 3 years or the period mandated by the Common Retention List of the EEAS, depending on the subject of the communication. Analytics results are only kept in an anonymous format.

Security of data: Appropriate organisational and technical measures are ensured according to Article 33 of Reg. (EU) 2018/1725. The collected personal data are stored on servers that abide by pertinent security rules. Data is processed by assigned staff members. Access to specific files requires authorisation. Measures are provided to prevent unauthorised entities from access, alteration, deletion, disclosure of data. The server is fully protected with end-to-end encryption that ensures that all data in transit is protected and encrypted with HTTPS protocol, preventing access to data during transfer from one system to another. General access to personal data is only possible to recipients using an industry standard Two-Factor Authentication. Physical copies of personal data are stored in a properly secured manner.

Specific security measures : The server is fully protected and encrypted with HTTPS protocol.

9. EEAS DATA PROTECTION OFFICER: Any questions to the DPO?

If you have enquiries you can also contact the EEAS Data Protection Officer at data-protection@eeas.europa.eu.

10. RECOURSE

You have, at any time, the right to have recourse to the European Data Protection Supervisor at edps@edps.europa.eu.