Personal Data Protection
Handling of personal data in the context of the EFSA website and applicable rules
This page provides information on how EFSA handles your personal data when you use our website. Without prejudice to cookies, as a user you can browse the EFSA website without giving away any of your personal information. However, in some cases, personal details are required for EFSA to be able to provide e-services, such as ‘Ask EFSA’, general pre-submission advice, subscription to the EFSA newsletter and public consultations.
The respect of privacy and the protection of personal data are fundamental rights, set out in articles 7 and 8 of the Charter of Fundamental Rights of the European Union. As an Agency of the EU, EFSA is subject to Regulation (EU) 2018/1725 which has equal legal value as the General Data Protection Regulation (EU) 2016/679 (GDPR) applicable in the EU Member States and which is aligned with the GDPR rules and principles on the protection of personal data.
EFSA is committed to ensuring the protection of the personal data of the individuals it works with, regardless of whether they are applicants for authorisations, stakeholders, individuals subscribing to the EFSA newsletter, members of the EFSA Scientific Committee, Panels and Working Groups, staff members, job applicants or individuals interested in EFSA’s work. EFSA will process any personal data it collects in accordance with Regulation (EU) 2018/1725.
Personal data are processed only for the performance of tasks carried out in the public interest on the basis of EU law or in the legitimate exercise of official authority vested in EFSA as an Agency of the EU. Alternatively, the data processing is lawful if it forms part of a legal or contractual obligation or when the individual concerned (data subject) has given consent.
E-services
An e-service on the EFSA website aims to improve the communication between the website user and EFSA. For each e-service, a controller determines the purposes and means of the personal data handling, if any, and ensures the conformity with Regulation (EU) 2018/1725. For the specific information on how your data is handled by EFSA in relation to a particular e-service, please refer to the relevant section of our website. In relation to each e-service, the following information will be provided:
- What information is collected, for what purpose and through which technical means: EFSA collects personal information only to the extent necessary to fulfil a specific purpose. The information will not be re-used for a different purpose;
- To whom your information is disclosed: EFSA will only disclose information to third parties if that is necessary for the fulfilment of the purpose(s) identified and to the mentioned (categories of) recipients. EFSA will not divulge your personal data for direct marketing purposes;
- How you can exercise your rights: the right of access to your information, to verify its accuracy and, if necessary, to rectify it or to object to its processing;
- How long we keep your data: EFSA only keeps the data for the time necessary to fulfil the purpose of collection or further processing;
- A point of contact if you have queries or to exercise your rights: The contact details of the data controller and EFSA’s Data Protection Officer: DataProtectionOfficer [at] efsa.europa.eu
- How as a data subject you can lodge a complaint with the European Data Protection Supervisor (EDPS), the independent supervisory authority established in accordance with Regulation (EU) 2018/1725: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en
Specific e-services offered on our website include:
- Interactive communication services, most of which are supported by EFSA’s Relationship Management system ‘Connect.EFSA’ (General Privacy Statement) and requiring the processing inter alia of your email address, name and affiliation - for instance: ‘Ask EFSA’ – https://connect.efsa.europa.eu/RM/s/help, and Public Consultations of EFSA - https://connect.efsa.europa.eu/RM/s/consultations
- e-Subscription via the website: For the registration and management of subscriptions to its newsletter, EFSA relies on the service provider www.salesforce.com/eu. More information is available in the relevant section of the EFSA website;
- Transactional services such as public procurement, staff recruitment & expert selection and event registration, supported by e-tools for application submission and file management for which EFSA ensures the conformity with the applicable data protection legal framework;
- Corporate social media accounts: EFSA’s social media accounts are managed by the Communication, & Partnership Department. EFSA publishes tailored content covering a wide range of communication outputs of potential interest to its stakeholders and audiences. Additional thematic social media accounts are maintained by relevant EFSA units. EFSA updates and monitors its social media accounts during office hours, Monday to Friday. In addition, EFSA monitors social media to capture and analyse the discourse of institutional partners and stakeholders, to map emerging issues of concern to EU citizens in the area of food safety, and to interact with and use EFSA content and related topics. More information on EFSA’s social media monitoring activity is available in the Register of records and Data Protection Notice below.
Cookies and Analytics
- What are cookies?
A cookie is a small text file that is stored in the memory of your computer or mobile device via your browser when visiting a website. EFSA uses cookies for the technical functioning of the website and, if you consent to it, to collect your browsing experience for anonymised statistics, with the purpose of improving our communication and the service offered.
- What cookies do we use?
First party cookies are set for functional purposes by the website you’re visiting.
EFSA uses Europa Analytics to monitor and evaluate the use of this website and to improve its functionality. Europa Analytics is the European Commission’s corporate web analytics service.
You can manage your cookie preferences at any time. When you visit the EFSA website, a banner invites you to choose between accepting all cookies or only essential cookies.
- If you accept only essential cookies, you stop Europa Analytics (i.e. tracking cookie is removed)
- If you accept all cookies, you enable Europa Analytics (i.e. tracking cookie is present)
- If you do not make a selection and continue to browse, the website enables all cookies
Choosing to accept only essential cookies does not affect your navigation experience on the EFSA website and your browsing experience will not be tracked for aggregated statistics.
Europa Analytics fully respects users’ preferences and does not track visitors who have enabled the “I don't want to be tracked” (DNT) setting in their web browser.
For more information on cookies preferences, please see the section below ‘How to control cookies?’
Third-party cookies: EFSA is active on the social media platforms BlueSky, WhatsApp, Instagram, YouTube and LinkedIn to strengthen our online presence and visibility. The EFSA website does not set cookies when displaying links to our social media channels. You can watch videos uploaded to our official YouTube channel and you can follow links from our website to Twitter and LinkedIn.
- Overview on cookies used:
| Session cookies | A session cookie exists in temporary memory while the user navigates the website. Session cookies are deleted when the user closes the browser or in any event 30 minutes after the visitor starts a session. |
| Europa Analytics | Subject to the user’s consent, Europa Analytics uses persistent cookies, which remain stored in the visitor’s browser for up to 13 months. Aggregated statistical data is retained for longer periods. It remains accessible for analytical purposes for up to five years, while anonymised and aggregated data may be kept indefinitely for analytical and compliance purposes, subject to controlled access. Through these cookies, Europa Analytics tracks the following information. We use this information to prepare aggregated statistics reports of visitors’ activity:
In addition, visitor’s metrics are also stored in cookies and collected by Europa analytics including de-identified IP addresses, visit frequency, and timestamps of first and previous visits. Personal data protection is ensured through safeguards embedded in the system’s design. As IP addresses are de-identified, the data collected contains no personal information and does not permit the identification of an individual website visitor. Persistent cookies likewise contain no personal information; instead, a random identifier is generated to enable Europa Analytics to recognise returning users. EFSA retains full control over the data collected through these first‑party cookies by storing it on servers under its full control. The data is not shared with external organisations for marketing, market research, or commercial purposes. Access is restricted to EFSA staff through EU Login and, where necessary, to authorised contractors, strictly for operational purposes such as website analysis or maintenance, under the supervision and responsibility of EFSA). More information on Europa Analytics is available on the European Commission’s website. |
| Videos and multimedia | Videos or other audiovisual support on the EFSA website are embedded from EFSA’s official Youtube Channel or Vimeo for live streaming. You-Tube’s privacy-enhanced mode is enabled, which means that YouTube will not store cookie information for playbacks of embedded videos. Vimeo uses cookies for its embeddable video player. More information is available on YouTube’s embedding videos information page and Vimeo Cookie Policy. |
| Open EFSA | When downloading a document on Open EFSA visitors must accept the Terms of Use (Intellectual Property Rights Notice) in order to access the website. If accepted with “remember my choice for 1 day”, a cookie is stored in the visitors’ browser to remember their choice. |
- How to control cookies?
When you use the EFSA website, Europa Analytics may register your browsing activity. At the same time, a dedicated banner may appear, allowing you to accept or refuse cookies.
To check your current Europa Analytics status and manage your consent, use the box below. In this context, 'opting in' means accepting all cookies, and 'opting out' means accepting only essential cookies:
The “Do not Track” option supersedes other options. To enable the "Do not track me" option in your browser:
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent the use of cookies. If you do so, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
How to exercise your rights as a data subject
As a general rule, anyone has the right to be informed about the processing of his/her personal data, and to access that information at any time and rectify it if it is inaccurate or incomplete. Under certain conditions a right to erasure, restriction of processing and objection to processing also applies. If as a data subject you want to exercise these rights, you need to contact the data controller of the data processing activity in question.
For questions related to the processing of your personal data by EFSA, you can contact the Data Protection Officer (DataProtectionOfficer [at] efsa.europa.eu). You also may lodge a complaint regarding the processing of your personal data by EFSA with the European Data Protection Supervisor.
Register of records on personal data processing activities
EFSA is legally obliged to keep a central register of records of the personal data processing activities it manages. The list with links to the relevant records follows here:
- Human Resources management
- HR/1 Staff selection
- HR/2 Performance management
- HR/3 Time management
- HR/4 Staff training
- HR/5 Staff outside activities and publications
- HR/6 Family allowances
- HR/7 Interim workers
- HR/8 Processing of health data
- HR/9 Anti-harassment informal proceedings and selection of counsellors
- HR/10 Administrative inquiries and disciplinary proceedings
- HR/11 Whistle-blower protection
- HR/12 Onboarding of new staff
- HR/13 Staff Promotion and Reclassification
- Governance & Administration
- GOV/1 Competing interest management
- GOV/2 Procurement and grant award process
- GOV/3 Public access to documents requests
- GOV/4 Correspondence management
- GOV/5 Missions management
- GOV/6 Video surveillance
- GOV/7 Building access and badge use
- GOV/8 EFSA login
- GOV/9 BIKE
- GOV/10 Body temperature measurement at EFSA entrance
- GOV/11 Management Board meetings
- GOV/12 DUO two-factor authentication
- GOV/13 Transactional services through ServiceNow
- GOV/14 Microsoft Office 365 online
- GOV/15 Complaints handling
- GOV/16 Green Pass obligation for access to EFSA
- GOV/17 Decision Review Process
- GOV/18 Personal data processing in the context of Microsoft 365 Copilot at EFSA
- Communications & Science
Specific data protection notices
- Data protection in relation to the organisation of EFSA meetings and events
- Data protection in relation to video surveillance at EFSA
- Implementing rules on video surveillance
- Webinar legal disclaimer and data protection note
- Data protection in relation to collective training courses offered by external providers
- Social media monitoring listening Data Protection Notice