Account services

Data Protection Notice

Specific privacy statement for Eionet's website (https://www.eionet.europa.eu)

Introduction

Any personal data you submit to the European Environment Agency (EEA) in the context of the Eionet website will be processed in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

Processing operations are under the responsibility of the CAS1 (Networks and Partnerships) group under the CAS (Coordination and Strategy) programme of the EEA acting as data controller, regarding the collection and processing of personal data.

What personal data do we collect and for what purpose

When you visit the website we do not collect any personal information and we do not link or correlate your authenticated session to the collected website usage statistics which are fully anonymized. See "site usage statistics" section for more details.

We collect personal information when we create an account in the Eionet User Directory. This is needed in order to grant the user access to various EEA/Eionet's websites that require authentication.

Users added to Eionet User Directory include the EEA's own staff, staff of organisations that EEA cooperates with, including the member organisations of the European Environment Information and Observation Network (Eionet) , and EU's institutions, as well as consultants working for EEA.

Self-registration is not possible. Registration only occur by invitation at the initiative of the organisation that the user belongs to or represents by contacting the helpdesk@eionet.europa.eu.

The personal data processed in Eionet User Directory is:

(*)These are required fields.

We also process personal data (transactional data) such as IP-address, browser version and other device information that is necessary to securely deliver web pages to your internet client. This transactional data is also processed by https://cert.europa.eu/) which provides security services for EEA. These transactional data is also available to our Internet Service Provider (tdc.dk) and our cloud provider Amazon in EU and their privacy statement applies.

The processing of your personal data is necessary for the performance of the tasks carried out by the EEA as mandated by Regulation (EC) No 401/2009 of 23 April 2009 on the EEA and Eionet.

Who can see your personal data

The Eionet User Directory is accessible to the public and therefore exposes some personal information for example when searching for a user in Eionet User Directory or when browsing the user directory by groups (LDAP roles).

The following personal data is public available (except for disabled accounts):

The following information is not public available. However it is visible by all the users in Eionet User Directory once logged in:

Only staff in Eionet helpdesk can see “Reason to create account”.

Accounts are disabled by the Eionet helpdesk when is made aware that the account is not needed anymore. These deactivated accounts are not publicly searchable. The disabled account is only findable by all the users in Eionet User Directory once logged in.

Personal data is not shared with third parties for direct marketing purposes.

There are no third country transfers. We store your data within the European Economic Area/European Union.

How can you access or rectify your information

If you wish to access, modify any of your personal data please login in with your Eionet account on Eionet user profile page, click the link edit my user profile found in the left navigation. The information is then updated and synced to all EEA/Eionet systems using Eionet User Directory authentication system. The syncing process may take up to 24h.

If you wish to modify any of your uploaded content you should be able to do it just by logging in and re-edit your uploaded content to the site. In many cases you are also able to delete the content you have uploaded yourself.

If you wish to delete your account or any other personal data or need further assistance, you should address your request in writing by email to helpdesk@eionet.europa.eu. You would need to use the same email address that is used in the account in order to prove your identity. You may be asked to provide more information to prove your identity before your account can be deleted.

If you wish at any time to withdraw your consent to the process, you should address your request in writing by email to dpo@eea.europa.eu. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal.

Site usage statistics and personalised experience settings

We do not store personal data in cookies. We may store your own page settings in non-personalized ways (e.g. your language settings).

By default, the browsing experience of website visitors is tracked by EEA Matomo software1 in order to produce anonymised statistics. For example when you visit our website, we may collect some data on your browsing experience such as your masked IP address2 (anonymized by removing the last two bytes), the web page you visited, when you visited and the website page you were redirected from.

This information is used to gather aggregated and anonymous statistics with a view to improving our services and to enhance your user experience. The analytical reports generated by EEA Matomo can only be accessed through the Eionet User Directory authentication system to EEA staff, other relevant EU's institution staff or by duly authorised external sub-contractors, who may be required to analyse, develop and/or regularly maintain certain sites.

By default, our software Matomo installation respects users preference and will not track visitors which have specified "I do not want to be tracked" in their web browsers (aka "Do not track").

How long do we store your personal data

The personal data you provide in Eionet User Directory will be kept as long as you don’t ask for the account to be deleted.

You have the right to get your account deleted from the Eionet User Directory by sending an email to Eionet Helpdesk (helpdesk@eionet.europa.eu).

Network logs storage

We process your personal data, to provide web pages from this site to you ("transactional data" such as your IP address, browser version and device information that is part of the various internet communication protocols) and use it for ensuring the security of the pages.

Transactional data (security logs) is stored for a maximum of 1 year for security audit purposes unless there is an individual reason to keep information for a longer period of time (e.g. when individual IP addresses are blocked if part of a DoS-attack).

Sharing on social networks or follow external links

Our social links are not sharing any personal information with third parties without your prior consent. These are simply links to external websites.

If you click on any button that allows you to share our pages or follow a link, you will be redirected to this other page and you are then subject to the privacy policy of this third party, over which EEA has no control or responsibility.

How do we secure your personal data

Access to your personal data is subject to strict security controls like encryption and access control. We do not share your personal data with third parties without your prior consent.

The functioning of the servers and databases containing the personal data is compliant with the EEA's Information Security Policy and the provisions established by the EEA's Information Security Officer.

How to contact us and right to appeal

You may contact the EEA's Data Protection Officer (DPO) in case of any difficulties relating to the processing of your data at the following email address: dpo@eea.europa.eu.

You are entitled to have recourse at any time to the European Data Protection Supervisor (https://edps.europa.eu; edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the EEA.

Footnotes

1 Matomo is an open-source and privacy-oriented web analytics software. The term "EEA Matomo" refers to our installation, managed directly by EEA Staff and installed within EEA/EU.

2 Masking of IP addresses. Institution, city and country origin are determined from the full IP, then stored and aggregated before a mask is applied. EEA Matomo uses an IP de-identification mechanism that automatically masks a portion of each visitor's IP (Internet Protocol), effectively making it impossible to identify a particular website visitor via the sole IP address.