Data protection statement / Privacy statement on the processing of personal data related to websites set up under EU-funded projects
Protecting your privacy is of the utmost importance to the European Union Intellectual Property Office (‘EUIPO’ or ‘us’ or ‘the controller’). The Office is committed to respecting and protecting your personal data and ensuring your rights as a data subject. All data of a personal nature that identifies you directly or indirectly will be handled fairly, lawfully and with due care.
This processing operation is subject to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.
The information in this communication is given pursuant to Articles 15 and 16 of Regulation (EU) 2018/1725.
1. What is the nature and purpose of the processing operation?
Personal data is processed for the purposes of communication/transparency to provide and make available information on the projects’ activities/initiatives/events, etc. The following main activities are included:
- publication of events, including pictures and/or audiovisual items produced within the scope of EU-funded projects;
- publication of agendas and conference material;
- publication of the studies and reports deemed necessary for each project’s framework;
- use of social media linked to each project;
- sending newsletters based on subscription.
2. What personal data do we process?
The categories/types of personal data processed are as follows:
- personal names and official contacts;
- official photos of events;
- multimedia items showing the people participating in official events, their image, voices, statements, opinions, etc.;
- news in social media, including pictures, and on the web;
- email addresses for the purposes of sending newsletters.
3. Who is responsible for processing the data?
Personal data processing is the responsibility of the Institutional and Cooperation Department director, acting as the delegated EUIPO data controller.
Personal data is processed by the EU-Funded Awareness and Communication Officer, EU-funded project management teams, International Cooperation Service, EU-funded team (EUIPO), Communication Service (EUIPO) and the service providers for photos, videos and for web hosting.
4. Who has access to your personal data and to whom is it disclosed?
Personal data is published on the websites and social media and available to the general public.
Information concerning the people shown in multimedia, photos or any other audiovisual item or whose name is displayed in a document produced within the scope of EU-funded projects, and (if you decide to subscribe to our newsletter), your email address, will only be shared with those people required to implement such measures on a need-to-know basis. Personal data is not used for any other purposes or disclosed to any other recipient.
The projects social media will be managed by the project management teams, in particular by the project Awareness and Communication Officer who will be based in the region/country of the project, the EU-funded Communication Officers in the EUIPO International Cooperation Service and the Communication Service.
Personal data which form part of the website content will be hosted by the service provider within the EU as the Office can choose a specific region for the data location.
5. How do we protect and safeguard your information?
We take appropriate technical and organisational measures to safeguard and protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.
All personal data related to the projects’ procedures is stored in secure IT applications according to the Office’s security standards, as well as in specific electronic folders accessible to authorised recipients only. Appropriate levels of access are granted individually only to the abovementioned recipients.
The database is password-protected under a single sign-on system and connected automatically to the user’s ID. E-records are held securely to safeguard the confidentiality and privacy of the data therein.
Regardless of the stage, everybody dealing with personal data in the context of the projects’ procedures, and in particular the Awareness and Communication Officer appointed for each project, must sign a confidentiality declaration.
6. How can you access your personal information and, if necessary, correct it? How can you receive your data? How can you request that your personal data be erased, or restrict or object to its processing?
You have the right to access, rectify, erase, and receive your personal data, as well as restrict its processing or object to the same, as provided in Articles 17 to 24 of Regulation (EU) 2018/1725.
If you would like to exercise any of these rights, please send a written query explicitly stating your request to the delegated data controller, the Institutional and Cooperation Department director at: DPOexternalusers@euipo.europa.eu.
The right to rectification only applies to inaccurate or incomplete factual data processed within this procedure.
Your request will be answered without undue delay, and in any event within 1 month of receipt of the request. However, according to Article 14(3) of Regulation (EU) 2018/1725, this period may be extended by up to 2 months where necessary, taking into account the complexity and number of requests. The Office will inform you of any such extension within 1 month of receipt of the request, together with the reasons for the delay.
7. What is the legal basis for processing your data?
Personal data is processed in accordance with Article 5(1)(a) of Regulation (EU) 2018/1725, which states that ‘processing is necessary for the performance of a task carried out in the public interest’.
Personal data is collected and processed in accordance with the contract signed between the Project Contracting Authority, namely the European Commission, and the Executive Director of the EUIPO.
8. How long can data be kept?
Personal data will be kept only for the time needed to achieve the purpose for which it is processed.
All data related to the projects will be stored for the duration of the project. This is normally 7 years. Information will be shared on the website and in the media and is stored for as long as the European Commission considers it appropriate.
After you unsubscribe from our newsletter, your email address will be deleted automatically without delay.
In the event of a formal appeal, all data held at the time of the appeal will be retained until the completion of the appeal process.
9 .Which cookies are used on our website?
Cookies are small text files sent by a website server and stored on your device (such as a computer, table or phone).
This information is used to gather aggregated and anonymous statistics with a view to improving our services and your user experience. None of the cookies require your consent. The collection, aggregation and anonymisation of this data are performed in the data centre of the EUIPO under adequate security measures.
Our website also complies with the ‘Do Not Track’ option. If you enable the DNT option in your web browser, we will respect your choice and your browsing experience on our website will not be tracked for our anonymised statistics. Instructions on how to activate this option can be found below:
10. Contact information
Should you have any queries on the processing of your personal data, please address them to the data controller, the Institutional and Cooperation Department director, at: DPOexternalusers@euipo.europa.eu.
You may also consult the EUIPO’s data protection officer (DPO) at: DataProtectionOfficer@euipo.europa.eu.
Forms of recourse
If your complaint has not been resolved by the data controller and/or the DPO, you can forward it at any time to the European Data Protection Supervisor at: firstname.lastname@example.org.