Personal Data Protection
Handling of personal data in the context of the EFSA website and applicable rules
This page provides information on how EFSA handles your personal data when you use our website. Without prejudice to cookies, as a user you can browse the EFSA website without giving away any of your personal information. However, in some cases, personal details are required for EFSA to be able to provide e-services, such as ‘Ask EFSA’, general pre-submission advice, subscription to the EFSA newsletter and public consultations.
The respect of privacy and the protection of personal data are fundamental rights, set out in articles 7 and 8 of the Charter of Fundamental Rights of the European Union. As an Agency of the EU, EFSA is subject to Regulation (EU) 2018/1725 which has equal legal value as the General Data Protection Regulation (EU) 2016/679 (GDPR) applicable in the EU Member States and which is aligned with the GDPR rules and principles on the protection of personal data.
EFSA is committed to ensuring the protection of the personal data of the individuals it works with, regardless of whether they are applicants for authorisations, stakeholders, individuals subscribing to the EFSA newsletter, members of the EFSA Scientific Committee, Panels and Working Groups, staff members, job applicants or individuals interested in EFSA’s work. EFSA will process any personal data it collects in accordance with Regulation (EU) 2018/1725.
Personal data are processed only for the performance of tasks carried out in the public interest on the basis of EU law or in the legitimate exercise of official authority vested in EFSA as an Agency of the EU. Alternatively, the data processing is lawful if it forms part of a legal or contractual obligation or when the individual concerned (data subject) has given consent.
E-services
An e-service on the EFSA website aims to improve the communication between the website user and EFSA. For each e-service, a controller determines the purposes and means of the personal data handling, if any, and ensures the conformity with Regulation (EU) 2018/1725. For the specific information on how your data is handled by EFSA in relation to a particular e-service, please refer to the relevant section of our website. In relation to each e-service, the following information will be provided:
- What information is collected, for what purpose and through which technical means: EFSA collects personal information only to the extent necessary to fulfil a specific purpose. The information will not be re-used for a different purpose;
- To whom your information is disclosed: EFSA will only disclose information to third parties if that is necessary for the fulfilment of the purpose(s) identified and to the mentioned (categories of) recipients. EFSA will not divulge your personal data for direct marketing purposes;
- How you can exercise your rights: the right of access to your information, to verify its accuracy and, if necessary, to rectify it or to object to its processing;
- How long we keep your data: EFSA only keeps the data for the time necessary to fulfil the purpose of collection or further processing;
- A point of contact if you have queries or to exercise your rights: The contact details of the data controller and EFSA’s Data Protection Officer: DataProtectionOfficer [at] efsa.europa.eu
- How as a data subject you can lodge a complaint with the European Data Protection Supervisor (EDPS), the independent supervisory authority established in accordance with Regulation (EU) 2018/1725: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
Specific e-services offered on our website include:
- Interactive communication services, most of which are supported by EFSA’s Relationship Management system ‘Connect.EFSA’ (General Privacy Statement) and requiring the processing inter alia of your email address, name and affiliation - for instance: ‘Ask EFSA’ – https://www.efsa.europa.eu/en/askefsa, and Public Consultations of EFSA - https://www.efsa.europa.eu/en/calls/consultations
- e-Subscription via the website: For the registration and management of subscriptions to its newsletter, EFSA relies on the service provider www.salesforce.com/eu. More information is available in the relevant section of the EFSA website;
- Transactional services such as public procurement, staff recruitment & expert selection and event registration, supported by e-tools for application submission and file management for which EFSA ensures the conformity with the applicable data protection legal framework;
- Corporate Twitter account: EFSA’s Twitter account is managed by the Communication, Engagement & Cooperation Department. EFSA issues tweets covering press releases, web news stories, or other news content such as the launch of public consultations or official correspondence. Additional Twitter accounts focused on specific themes or areas of work are maintained by various EFSA units. Please note that if you follow @EFSA_EU or any other EFSA’s Twitter account we will not automatically follow you back. EFSA updates and monitors its Twitter account during office hours, Monday to Friday. In addition, EFSA monitors social media to capture and analyse the discourse of institutional partners and stakeholders, to map emerging topics of EU citizens’ concern in the area of food safety and to interact and use EFSA content and related topics. More information on EFSA’s social media monitoring activity is available in the Register of records below.
Cookies and Analytics
- What are cookies?
A cookie is a small text file that is stored in the memory of your computer or mobile device via your browser when visiting a website. EFSA uses cookies for the technical functioning of the website and, if you consent to it, to collect your browsing experience for anonymised statistics, with the purpose of improving our communication and the service offered.
- What cookies do we use?
First party cookies are set for functional purposes by the website you’re visiting. EFSA also uses an external website analytics service, Piwik PRO, that prepares aggregated, anonymous statistical reports of browsing activity to analyse how people are using our website. Piwik PRO sets its own cookie to do this and does not rely on external parties. Piwik PRO enables your anonymity when browsing the EFSA website thanks to features such as the IP address de-identification.
Third-party cookies: EFSA is active on the social media platforms Twitter, YouTube and LinkedIn to strengthen our online presence and visibility. The EFSA website does not set cookies when displaying links to our social media channels. You can watch videos uploaded to our official YouTube channel and you can follow links from our website to Twitter and LinkedIn.
- Overview on cookies used:
Session cookies | A session cookie exists in temporary memory while the user navigates the website. Session cookies are deleted when the user closes the browser. |
Piwik PRO | EFSA’s websites use Piwik PRO Analytics Suite Cloud, a web analytics service, to collect information about the way visitors use our site. EFSA uses this information to compile statistical reports and for the purpose of optimizing the user experience. Piwik PRO collects first-party data in the form of technical characteristics of the visitor’s browser, activities on EFSA’s services, and length of stay on EFSA’s services, based on online identifiers. The full scope of data that can be gathered by the Piwik PRO platform is detailed here. All cookies used by the Piwik PRO platform are listed here. Data are stored on EU-located (NL) Microsoft Azure servers and are retained for 25 months. Piwik PRO does not share the data with any sub-processors or third parties, nor does it use the data for its own purposes. More information can be found here. Please note that Piwik PRO uses first-party cookies to collect non-personalised data from all visitors on their browsing activity in EFSA’s websites, regardless their consent provision. Data in this way collected by default concerns session information, events, traffic sources and country. Subject to the visitors’ consent, Piwik PRO uses cookies and session ID to collect the data, and it can recognise returning visitors and obtain city level location information on visitors. If visitors don’t provide consent, non-personalised browsing activity data is collected by means of a short-term cookie deleted after 30 minutes which does not recognise returning visitors and geolocation information is aggregated at country level. In either situation (consent or no consent), the visitor’s IP address is truncated by default in a way that no personal data is collected. |
YouTube | Most videos available on the EFSA website are embedded from EFSA’s official YouTube channel. YouTube’s privacy-enhanced mode is enabled, which means that YouTube will not store cookie information for playbacks of embedded videos. More information is available on YouTube’s embedding videos information page. |
Open EFSA | When visiting Open EFSA for the first time, visitors must accept the Terms of Use (Intellectual Property Rights Notice) in order to access the website. If accepted, a cookie is stored in the visitors’ browser to remember their choice. |
Other third-party cookies | Cookies from multimedia content player sessions, particularly Soundcloud for audiocasts or other audio or visual support programmes embedded on the EFSA website |
- How to control cookies?
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent the use of cookies. If you do so, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
How to exercise your rights as a data subject
As a general rule, anyone has the right to be informed about the processing of his/her personal data, and to access that information at any time and rectify it if it is inaccurate or incomplete. Under certain conditions a right to erasure, restriction of processing and objection to processing also applies. If as a data subject you want to exercise these rights, you need to contact the data controller of the data processing activity in question.
For questions related to the processing of your personal data by EFSA, you can contact the Data Protection Officer (DataProtectionOfficer [at] efsa.europa.eu). You also may lodge a complaint regarding the processing of your personal data by EFSA with the European Data Protection Supervisor.
Register of records on personal data processing activities
EFSA is legally obliged to keep a central register of records of the personal data processing activities it manages. The list with links to the relevant records follows here:
- Human Resources management
- HR/1 Staff selection
- HR/2 Performance management
- HR/3 Time management
- HR/4 Staff training
- HR/5 Staff outside activities and publications
- HR/6 Family allowances
- HR/7 Interim workers
- HR/8 Processing of health data
- HR/9 Anti-harassment informal proceedings and selection of counsellors
- HR/10 Administrative inquiries and disciplinary proceedings
- HR/11 Whistle-blower protection
- HR/12 Onboarding of new staff
- HR/13 Staff Promotion and Reclassification
- Governance & Administration
- GOV/1 Competing interest management
- GOV/2 Procurement and grant award process
- GOV/3 Public access to documents requests
- GOV/4 Correspondence management
- GOV/5 Missions management
- GOV/6 Video surveillance
- GOV/7 Building access and badge use
- GOV/8 EFSA login
- GOV/9 BIKE
- GOV/10 Body temperature measurement at EFSA entrance
- GOV/11 Management Board meetings
- GOV/12 DUO two-factor authentication
- GOV/13 Transactional services through ServiceNow
- GOV/14 Microsoft Office 365 online
- GOV/15 Complaints handling
- GOV/16 Green Pass obligation for access to EFSA
- Communications & Science
Specific data protection notices
- Data protection in relation to the organisation of EFSA meetings and events
- Data protection in relation to video surveillance at EFSA
- Implementing rules on video surveillance
- Webinar legal disclaimer and data protection note
- Data protection in relation to collective training courses offered by external providers
- Social media monitoring listening Data Protection Notice