Privacy Statement on the protection of personal data
Consultation using SurveyGizmo tools provided by an external company from the United States of America for the Publications Office
The European Union is committed to protecting and respecting your privacy.
The policy on protection of individuals with regard to the processing of personal data by the Community institutions is based on Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.
II. Why do we process your data?
The Publications Office carries out "Consultations" of stakeholders and/or the public on behalf of EU Institutions, agencies and other bodies concerning publication and distribution activities.
These consultations generally concern: gathering feedback on one or more publications or related services; establishing the level of interest in one or more publications or subscriptions; and/or creating a mailing list for one or more publications or subscriptions.
Stakeholders may be invited to present their views in writing, in the context of public consultations.
The public and interested parties may be invited via e-mail, the Internet, or traditional alternatives (press releases, mailings), to fill in an on-line questionnaire prepared using SurveyGizmo tools provided by a company based in the United States of America (USA).
The Publications Office or the EU service requesting the survey may ask the data subject to provide contact data for subsequent clarification or follow-up of his/her contribution to the survey.
If the data subject gives these data, they will be part of a list of contact details shared internally amongst the staff of the European Union dealing with the evaluation of the survey. The data subject can contact the Controller by using the Contact Information in the Privacy Statement and can request to be removed from the list.
Your personal data will be used only for this purpose.
Tasks and operations of the Publications Office are defined in the Decision 2009/496/EC.
The processing of your personal data is based on Article 5(a) of Regulation (EC) N° 45/2001 which stipulates that “personal data may be processed only if processing is necessary for the performance of a task carried out in the public interest on the basis of the Treaties establishing the European Communities or other legal instruments adopted on the basis thereof or in the legitimate exercise of official authority vested in the Community institution or body or in a third party to whom the data are disclosed.”
Collected personal data is treated according to the policy described in the above-mentioned Regulation.
III. Which data do we collect and process?
The personal data collected and further processed are data necessary for the participation in the consultation, such as:
Title, First Name, Family Name, Organisation, Department/Service, Organisation's geographic area of activity, Street and number, Country, Postal Code, City, Phone, Fax, E-Mail Address, Data subject's categories they represent, Language, Age Group and Contribution.
The public and interested parties may be invited via e-mail, the Internet, or traditional alternatives (press releases, mailings), to fill in an on-line questionnaire prepared using SurveyGizmo tools provided by a company based in the USA. The implications and consequences of this are explained further below in section V., entitled "To whom are your data disclosed?" below.
The processing operations on personal data linked to the organisation and management of this consultation are necessary for the management and functioning of the Commission, as mandated by the Treaties, and more specifically in Article 5 of the Treaty on European Union (TEU), Article 13 TEU and Articles 244-250 of the Treaty on the Functioning of the European Union (TFEU), and in accordance with Article 1 and Article 11 TEU.
IV. How long do we keep your data?
We keep the data only for the time necessary to fulfil the purpose of collection or further processing.
- When the Publications Office keeps personal data for the purpose of evaluating a survey:
Your personal data will remain in the database until the results have been completely analysed and will be rendered anonymous when they have been usefully exploited, and at the latest after 1 year from the end of the consultation.
- When the Publications Office needs to keep personal data collected in the context of this consultation in order to feed its lists of contact details:
If you provided your email address at the end of the consultation, your personal data will be part of a list of contact details shared internally amongst the staff of the EU institutions for the purpose of contacting you in the future in the context of the EU’s activities. If you do not agree with this, please contact the Controller by using the Contact Information below and by explicitly specifying your request.
V. How do we protect your data?
All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors; the operations of which abide by the European Commission’s security decision of 16 August 2006 (C(2006) 3602) concerning the security of information systems used by the European Commission.
The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of Directive 95/46/CE.
The Publications Office has put in place, and regularly reviews and updates, appropriate physical, electronic, and managerial procedures to safeguard and help prevent unauthorized access, maintain data security, and correctly use the information collected for the treatment of publications orders.
Staff of the Publications Office and the European institutions who have access to personally identifiable information are required to protect this information in a manner that is consistent with this Privacy Statement by, for example, not using the information for any purpose other than to carry out the services they are performing.
To protect your privacy and security, we will take reasonable steps to help verify your identity before granting access or making corrections.
The collected personal data and all information related to the above mentioned consultation is stored on a computer of SurveyGizmo or its subcontractor(s), and the secure servers of the EU institutions.
VI. Who has access to your data and to whom is it disclosed?
Access to your data is provided to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
The access to all personal data as well as all information collected in the context of this consultation is only granted through UserId/Password to a defined population of users, without prejudice to a possible transmission to the bodies in charge of a monitoring or inspection task in accordance with Community legislation. These users typically are members of the Unit organising the consultation inside the Publications Office, and its related contractors.
Data are extracted from SurveyGizmo servers by the Publications Office. Processing of this data is internal, done by officials of the Publications Office or the EU service requesting the survey, on a secure server. In the case of orders for publications, the data is transferred to Arvato, our order fulfillment contractor (see Privacy statement DPO-3790 - OP: Integrated Logistics Management System (ILMS) https://op.europa.eu/en/web/about-us/legal-notices/ILMS), in France. If the survey is about requesting services or subscription or further contact, data is transferred to the internal client (OP or other Commission DGs and EU bodies) who may contact the data subjects to provide them with these services.
This survey is done using the services of a U.S. tool, SurveyGizmo. By responding to our surveys on SurveyGizmo you give your consent that SurveyGizmo processes your personal data in accordance to U.S. laws.
No personal data is transmitted to parties which are outside the recipients and the legal framework mentioned.
The Publications Office and its contractor(s) will not share personal data with third parties for direct marketing purposes.
Without prior written agreement of the person concerned, such personal details will not be disclosed to third parties, without prejudice to a possible transmission to the bodies in charge of a monitoring or inspection task in accordance with EU legislation.
VII. What are your rights and how can you exercise them?
In accordance with Regulation (EC) N°45/2001, you are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the data controller, or in case of conflict the Data Protection Officer and if necessary the European Data Protection Supervisor using the contact information given at section VIII below.
You may also request us to delete your personal information completely, subject to settlement of all outstanding issues related to our relationship. This will mean that you will also terminate all services and access rights that may be linked to this information.
In case you want to verify which personal data is stored on your behalf by the responsible controller, have it modified, corrected or deleted, please contact the controller by using the contact information below and by explicitly specifying your request.
VIII. Contact information
If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:
The Data Controller:
- Head of the “Common Portal and Open Data Portal” unit
- Email: firstname.lastname@example.org
In case you wish to access or verify your personal information which is stored on your behalf by the responsible controller, have it modified, corrected, or deleted, or if you have questions regarding the consultation, or concerning any information processed in the context of the consultation, or on your rights, feel free to contact the support team, operating under the responsibility of the Controller:
- The Data Protection Officer (DPO) of the Commission: DATA-PROTECTION-OFFICER@ec.europa.eu
- The European Data Protection Supervisor (EDPS): email@example.com
Complaints, in case of conflict, can be addressed to the Data Protection Officer of the European Commission or the European Data Protection Supervisor.
IX. Where to find more detailed information?
The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link: http://ec.europa.eu/dpo-register
This specific processing has been notified to the DPO with the following reference: DPO-3732.