Data protection notice specific to the  EEA website

Any personal data you submit to the European Environment Agency (EEA) in the context of the EEA website (www.eea.europa.eu) will be processed in accordance with Regulation (EU) 2018/1725 of 23 October 2018.

What personal data do we collect and for what purpose

When you visit the EEA website, we do not link or correlate your authenticated session to the collected website usage statistics. The collected statistics are fully anonymized. See "site usage statistics" section below for more details.

We collect personal information only when we create an account in the Eionet User Directory (Eionet account). This account is needed in order to grant a user access to specific functionalities of the website that require authentication. Please see the privacy statement of the Eionet website for details on the Eionet User Directory.

Below the most common use cases for which we create an Eionet account for a user and require authentication on the EEA website:

  • A user needs to authenticate in order to provide official comments on draft documents published on the EEA’s website, for example Indicators that are in Eionet review receive comments from Countries’ representatives.
  • A user needs to authenticate in order to see content that is still in draft and not ready to be public or is restricted to a smaller number of users.
  • A user is a content contributor to the EEA website and has been authorised to edit/upload content on the site.

We process personal data (transactional data) such as IP-address, browser version and other device information that is necessary to securely deliver web pages to your internet client. This transactional data is also processed by personnel at EEA and at CERT-EU (https://cert.europa.eu/) which provides security services for EEA. This transactional data is also available to our Internet Service Provider and our cloud provider Amazon in EU (see their privacy statement).

The processing of your personal data is necessary for the performance of the tasks carried out by the EEA as mandated by Regulation (EC) No 401/2009 of 23 April 2009 on the EEA and Eionet.

Who can see your personal data

Anonymous visitors to the EEA website cannot see any personal data on the content created on the site.

Authenticated users can see who initially created the content. Eionet username and full name is visible above each content on the site.

A dedicated number of authorised users within the EEA Web Team are authorised to see all history on each content in order for the team  to  rectify web content, contact initial contributor or roll-back to a previous version in case of need.

Personal data is not shared with third parties for direct marketing purposes.

There are no third country transfers. We store your data within the European Economic Area/European Union.

How can you access or rectify your information

For authenticated users: if you wish to access, modify any of your personal data please login in with your Eionet account on Eionet user profile page, click the linkedit my user profile found in the left navigation. The information is then updated and synced to all EEA/Eionet systems using Eionet User Directory authentication system. The syncing process may take up to 24 hours.

If you wish to modify any of your uploaded content you should be able to do it just by logging in and re-edit your uploaded content to the site. In some cases, you are also able to delete the content you have uploaded yourself.

If you wish to exercise your rights as a data subject in relation to the EEA website , you should address your request to info@eea.europa.eu.

Site usage statistics and personalised experience settings

We do not store personal data in cookies. We may store your own page settings in non-personalized ways (e.g. your language settings).

By default, the browsing experience of website visitors is tracked by EEA Matomo software2 in order to produce anonymised statistics. For example, when you visit our website, we may collect some data on your browsing experience such as your masked IP address3 (anonymized by removing the last two bytes), the web page you visited, when you visited and the website page you were redirected from.

This information is used to gather aggregated and anonymous statistics with a view to improving our services and to enhance your user experience. The analytical reports generated by EEA Matomo can only be accessed through the Eionet User Directory authentication system to EEA staff, other relevant EU institution staff or by duly authorised external sub-contractors, who may be required to analyse, develop and/or regularly maintain certain sites.

By default, our Matomo installation respects users preferences and will not track visitors which have specified "I do not want to be tracked" in their web browsers (aka "Do not track").

How long do we store your personal data

For authenticated users: The personal data you provide in Eionet User Directory will be kept until you ask for the account to be deleted.

You have the right to get your account deleted from the Eionet User Directory by sending an email to Eionet Helpdesk (helpdesk@eionet.europa.eu).

Our social links are not sharing any personal information with third parties without your prior consent. These are simply links to external websites.

If you click on any button that allows you to share our pages or follow a link, you will be redirected to this other page and you are then subject to the privacy policy of this third party, over which EEA has no control or responsibility.

How do we secure your personal data

Access to your personal data is subject to strict security controls like encryption and access control. We do not share your personal data with third parties without your prior consent.     

The functioning of the servers and databases containing the personal data is compliant with the EEA's Information Security Policy and the provisions established by the EEA's Information Security Officer.

How to contact us and right to appeal

You may contact the EEA’s Data Protection Officer (DPO) in case of any difficulties relating to the processing of your data at the following email address: dpo@eea.europa.eu. 

You are entitled to have recourse at any time to the European Data Protection Supervisor (https://edps.europa.eu; edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the EEA.

Footnotes

2 Matomo is an open-source and privacy-oriented web analytics software. The term "EEA Matomo" refers to our installation, managed directly by EEA Staff and installed within EEA/EU.

3 Masking of IP addresses. Institution, city and country origin are determined from the full IP, then stored and aggregated before a mask is applied. EEA Matomo uses an IP de-identification mechanism that automatically masks a portion of each visitor's IP (Internet Protocol), effectively making it impossible to identify a particular website visitor via the sole IP address.