Handling of personal data in the context of the EFSA website and applicable rules
This page provides information on how EFSA handles your personal data when you use our website. Without prejudice to cookies, as a user you can browse the EFSA website without giving away any of your personal information. However, in some cases, personal details are required for EFSA to be able to provide e-services, such as ‘Ask EFSA’, the Applications helpdesk, subscription to the EFSA newsletter, and public consultations.
The respect of privacy and the protection of personal data are fundamental rights, set out in articles 7 and 8 of the Charter of Fundamental Rights of the European Union. As an Agency of the EU, EFSA is subject to Regulation (EU) 2018/1725 which has equal legal value as the General Data Protection Regulation (EU) 2016/679 (GDPR) applicable in the EU Member States and which is aligned with the GDPR rules and principles on the protection of personal data.
EFSA is committed to ensuring the protection of the personal data of the individuals it works with, regardless of whether they are applicants for authorisations, stakeholders, individuals subscribing to the EFSA newsletter, members of the EFSA Scientific Committee, Panels and Working Groups, staff members or job applicants. EFSA will process any personal data it collects in accordance with Regulation (EU) 2018/1725.
Personal data are processed only for the performance of tasks carried out in the public interest on the basis of EU law or in the legitimate exercise of official authority vested in EFSA as an Agency of the EU. Alternatively, the data processing is lawful if it forms part of a legal or contractual obligation or when the individual concerned (data subject) has given explicit consent.
An e-service on the EFSA website aims to improve the communication between the website user and EFSA. For each e-service, a controller determines the purposes and means of the personal data handling, if any, and ensures the conformity with Regulation (EU) 2018/1725. For the specific information on how your data is handled by EFSA in relation to a particular e-service, please refer to the relevant section of our website. In relation to each e-service, the following information will be provided:
- What information is collected, for what purpose and through which technical means: EFSA collects personal information only to the extent necessary to fulfil a specific purpose. The information will not be re-used for a different purpose;
- To whom your information is disclosed: EFSA will only disclose information to third parties if that is necessary for the fulfilment of the purpose(s) identified and to the mentioned (categories of) recipients. EFSA will not divulge your personal data for direct marketing purposes;
- How you can exercise your rights: the right of access to your information, to verify its accuracy and, if necessary, to rectify it or to object to its processing;
- How long we keep your data: EFSA only keeps the data for the time necessary to fulfil the purpose of collection or further processing;
- A point of contact if you have queries or to exercise your rights: The contact details of the data controller and EFSA’s Data Protection Officer: DataProtectionOfficer [at] efsa.europa.eu
- How as a data subject you can lodge a complaint with the European Data Protection Supervisor (EDPS), the independent supervisory authority established in accordance with Regulation (EU) 2018/1725: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
Specific e-services offered on our website include:
- Interactive communication services, requiring the processing of your email address, name and affiliation: ‘Ask EFSA’ and ‘Applications helpdesk’ – https://www.efsa.europa.eu/en/askefsa, as well as Public Consultations of EFSA- https://www.efsa.europa.eu/en/calls/consultations
- e-Subscription via the website: For the registration and management of subscriptions to its newsletter, EFSA relies on the service provider www.mailchimp.com. More information is available in the relevant section of the EFSA website;
- Transactional services such as public procurement, staff recruitment & expert selection and event registration, supported by e-tools for application submission and file management for which EFSA ensures the conformity with the applicable data protection legal framework;
- Corporate Twitter account: EFSA’s Twitter account is managed by the Communication, Engagement & Cooperation Department. EFSA issues tweets covering press releases, web news stories, or other news content such as the launch of public consultations or official correspondence. Additional Twitter accounts focused on specific themes or areas of work are maintained by various EFSA units. Please note that if you follow @EFSA_EU or any other EFSA’s Twitter account we will not automatically follow you back. EFSA updates and monitors its Twitter account during office hours, Monday to Friday.
Cookies and Analytics
- What are cookies?
- What cookies do we use?
First party cookies are set for functional purposes by the website you’re visiting. EFSA also uses an external website analytics service, Piwik PRO, that prepares aggregated, anonymous statistical reports of browsing activity to analyse how people are using our website. Piwik PRO sets its own cookie to do this and does not rely on external parties. Piwik PRO enables your anonymity when browsing the EFSA website thanks to features such as the IP address de-identification.
Third-party cookies: EFSA is active on the social media platforms Twitter, YouTube and LinkedIn to strengthen our online presence and visibility. The EFSA website does not set cookies when displaying links to our social media channels. You can watch videos uploaded to our official YouTube channel and you can follow links from our website to Twitter and LinkedIn.
- Overview on cookies used:
A session cookie exists in temporary memory while the user navigates the website. Session cookies are deleted when the user closes the browser.
EFSA’s website uses Piwik PRO Analytics Suite Cloud, a web analytics service, to collect information about the way visitors use our site. EFSA uses this information to compile reports and to help us improve the site. Piwik PRO collects data in the form of technical characteristics of the visitor’s browser, activities on EFSA’s services, and length of stay on EFSA’s services. The full scope of data that can be gathered by the Piwik PRO platform is described here. All cookies used by the Piwik PRO platform are listed here. Data are stored on Microsoft Azure servers located in The Netherlands and are kept for 25 months. Piwik PRO does not send collected data to other sub-processors or third parties nor does it use the data for its own purposes. More information can be found here.
Most videos available on the EFSA website are embedded from EFSA’s official YouTube channel. YouTube’s privacy-enhanced mode is enabled, which means that YouTube will not store cookie information for playbacks of embedded videos. More information is available on YouTube’s embedding videos information page.
Other third-party cookies
Cookies from multimedia content player sessions, particularly Soundcloud for audiocasts or other audio or visual support programmes embedded on the EFSA website
- How to control cookies?
How to exercise your rights as a data subject
As a general rule, anyone has the right to be informed about the processing of his/her personal data, and to access that information at any time and rectify it if it is inaccurate or incomplete. Under certain conditions a right to erasure, restriction of processing and objection to processing also applies. If as a data subject you want to exercise these rights, you need to contact the data controller of the data processing activity in question.
For questions related to the processing of your personal data by EFSA, you can contact the Data Protection Officer (DataProtectionOfficer [at] efsa.europa.eu). You also may lodge a complaint regarding the processing of your personal data by EFSA with the European Data Protection Supervisor.
Register of records on personal data processing activities
EFSA is legally obliged to keep a central register of records of the personal data processing activities it manages. The list with links to the relevant records follows here:
- Human Resources management
- HR/1 Staff selection
- HR/2 Performance management
- HR/3 Time management
- HR/4 Staff training
- HR/5 Staff outside activities and publications
- HR/6 Family allowances
- HR/7 Interim workers
- HR/8 Processing of health data
- HR/9 Anti-harassment informal proceedings and selection of counsellors
- HR/10 Administrative inquiries and disciplinary proceedings
- Governance & Administration
- GOV/1 Declarations of interest
- GOV/2 Procurement and grant award process
- GOV/3 Public access to documents requests
- GOV/4 Correspondence management
- GOV/5 Missions management
- GOV/6 Video surveillance
- GOV/7 Building access and badge use
- GOV/8 EFSA login
- GOV/9 BIKE
- GOV/10 Body temperature measurement at EFSA entrance
- Communications & Science