Print

Website Data Protection Notice

The EDPS website is our most important communication tool. Here, we communicate about our work, such as our Opinions, data protection news and information on individuals’ data protection rights, to the general public, as well as to our more expert audience.

Some of the services offered on certain pages of our website require the processing of your personal data. In such cases, links are available on the relevant pages, which direct you to specific information and data protection notices on how we process your personal data for these services.

This document provides you with a general overview of some of the ways the EDPS website processes your personal data, including the use of cookies, social media and automatic - content translation. See also, ‘When the EDPS processes your personal data’ for more information, including on data protection rights.

Your personal data and our website

  • The EDPS collects your personal information only to the extent that is necessary to fulfil a precise purpose related to our tasks as an institution (which are laid down in Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Union institutions and bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (hereinafter “the Regulation”) and more specifically in Article 57). 
  • The controller is the European Data Protection Supervisor (EDPS). The EDPS uses a cloud service provider for this processing activity provided by the Cloud II Framework Contract concluded between European Commission (EC) DIGIT and Amazon Web Services EMEA SARL (‘AWS’). 
  • The legal basis of the processing of personal data is Article 5(1)(a) of the Regulation (‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body’) and, in certain cases, (such as for statistical purposes) Article 5(1)(d) of the Regulation - consent. 
  • We use features of the website to collect personal data in the context of the EDPS’ activities. In particular, the website includes:
    • an EDPS contact form;
    • a form to send complaints to the EDPS on the way EU institutions, bodies, offices and agencies (EUIs) process personal data;
    • a form for the EUIs to notify personal data breaches based on the Regulation;
    • multiple forms for events registration.
  • The processing of personal data carried out with these features are described in the relevant entries of the EDPS’ data protection records available in the central register. The web pages containing these forms feature links to relevant data protection notices, which will give you more specific information, including how long we keep your personal data, and your data protection rights
  • We do not keep your personal information for longer than necessary for the purposes for which we collected it. However, we may keep your information for a longer period for historical, statistical or scientific purposes with the appropriate safeguards in place. The retention period for the website connection logs is 1 year after collection.
  • The IT services of the European Commission (EC) may process website - connection data for information security purposes, including the IP address of the web client and the requested web resource.
  • The videos that are presented in the video section of our Website are hosted on a dedicated service managed by a processor. When accessing the video section, your IP address, for technical reasons, will be provided to the processor. No logs are stored at the processor level.
  • The security of our website and of the data collected is protected by adequate technical and organisational measures. We protect data in transit between your device and our website by using the SSL secure protocol, which ensures the confidentiality and integrity of your personal data.
  • Under certain conditions outlined in law, we may disclose your information to third parties, such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities, if it is necessary and proportionate for lawful and specific purposes.
  • Your personal data is not subject to automated decision-making.
  • If you have any remarks or complaints regarding the way we process your personal data, we invite you to contact the EDPS’ DPO.
  • You have, in any case, the right to have recourse to the EDPS as a supervisory authority.

Cookies

Cookies are short text files stored on a user’s device (such as a computer, tablet or phone) by a website. These can be used for the technical functioning of a website, for gathering statistics on the use of the website or for other purposes, such as providing a user with a more personalised experience, for example, to enable an online service to remember your user profile without you having to login again.

Visit our cookies page for more information about the types of cookies this website uses.

Social Media - Your privacy

We use social media to present our work using widely - used communications platforms.

For instance, you can watch EDPS videos, which we also upload to our YouTube page and EU Video channel, and follow links from our website to Twitter, LinkedIn and EU Voice.

In order to protect your privacy, our social media buttons to connect to those services do not set cookies when our website pages are loaded on your device, nor are you immediately redirected to social media or other websites.

Each social media channel has its own policy on the way it processes your personal data when you access its website. For example, if you choose to watch one of our videos on YouTube, you will be asked for explicit consent to accept YouTube cookies; if you look at our Twitter activity on Twitter, you will be asked for explicit consent to accept Twitter cookies; the same applies for LinkedIn and Instagram.

You can read the data protection notice on the EDPS use of YouTube, Twitter and LinkedIn here.

The EDPS is also present on EU Voice and EU Video. These two platforms are part of decentralised, free and open-source social media networks that connect users in a privacy-oriented environment, based on Mastodon and PeerTube software.

The privacy policy is available on EU Voice and EU Video.

If you have any concerns or questions about the aforementioned communication providers’ use of your personal data, you should read their privacy policies carefully before using them.

Our social media moderation policy

The European Data Protection Supervisor is present on social media to communicate about its work and better engage with the public. We are present on LinkedIn, Twitter, YouTube, EU Voice and EU Video and we encourage you to share our content and take part in our discussions. Please note the accounts we follow are not an indication of our endorsement.

The EDPS social media accounts are managed by the EDPS Information and Communication Sector and are monitored daily to the greatest possible extent, but not on a 24-hour basis.

We are happy to see different views and opinions on our social media accounts, however we ask you to observe a fundamental principle of good behaviour. Please show respect to fellow users and avoid inflammatory, insulting or offensive language. We reserve the right to not respond to, hide or delete all the comments that are defamatory, racist, spam, repetitive, irrelevant and/or commercial. Users that post violent, threatening or clearly illegal content will be blocked. We encourage you to post comments that stick to the subject and contribute to the ongoing debates.

Use of machine content translation – Webtools eTranslation Widget

eTranslation is an online machine translation service provided by the EC. eTranslation is intended for European public administrations, Small and Medium-sized enterprises and University language faculties, or for Connecting Europe Facility projects. eTranslation allows public administrations to get quick, raw machine translations of a text into any official EU language.

Webtools is a portfolio of high-end, corporate tools and interactive services tailored for europa.eu sites provided by the EC.

Visitors of the EDPS website can request the online machine translation of some pages using the ‘Translate’ icon at the top right corner of the website. When requesting the translation, visitors are presented with both a disclaimer explaining the limitations of the automatic translation mechanism and a choice of the desired language. Once the visitor selects the language and accepts the disclaimer, two HTTP requests are sent from the browser of the visitor to the EC’s web services:

  • The first request triggers the translation of the page. 
  • The second request sends some technical details about the translation request to the Webtool services. This request includes the following details:
    • sid: an ID that Webtools generates to identify the request to the translation service. The sid includes the URL to be translated, the requested language and a data stamp.  
    • url: the URL of the page to be translated.
    • source_language: the default or indicated source language of the page
    • target_language: the target language.
    • requested at: the time at which the translation request was sent.
    • received at: the time at which the translation was received.
    • failed at: the time when the translation request failed (if applicable).
    • in cache: if translation is read from the browser storage or not.
    • Info: error messages (if applicable).
    • user: the name of the website making the request. The EDPS does not use this field.
    • reload: if the page was reloaded after translation was received.

The visitor’s IP address and source TCP port will be transmitted to the remote servers during the two HTTP requests.

After a certain delay, the translation is retrieved by the browser and the content is displayed to the visitor. The visitor can then switch between the original and translated version of the content.

This feature uses no cookies but can store a copy of the translated content in the browser storage, for its reuse in case of similar request in the future. This version is stored in cache as a unique identifier that is calculated based on the URL and the language of the translated content.