Privacy policy
Introduction
Any personal data you submit to the European Environment Agency (EEA) in the context of the Reportnet 3.0 platform will be processed in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.
With regard to the personal data collected for logging in purposes, processing operations are under the responsibility of the DIS1 (Information Systems and ICT) group under DIS (Data and Information Services) programme of the EEA acting as data controller, regarding the collection and processing of personal data.
This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.
Reportnet 3 requires you to login via your ‘EU Login’. ‘EU Login’ requires certain personal data such as the name, surname and e-mail address of the registrant. For further information, please refer to the privacy statement of ‘EU Login’.
What personal data do we collect and for what purpose?
When you visit the Reportnet 3 public page, we do not link or correlate your authenticated session to the collected website usage statistics. The collected statistics are fully anonymized.
We collect personal information only when your EU Login account is added to the platform. This is needed in order to grant a user access to specific functionalities of the website that require authentication.
Below the most common use cases for which a user needs to authenticate on the Reportnet 3 platform:
A user is going to create a dataflow, assign access rights, manage the dataflow and design the schema of a legal delivery;
A user is going to define and manage legislative instruments and ensure the quality of the reported data and create the EU dataset;
A user is going to import data and submit the data collection to a legal delivery;
A user is going to resolve any technical problems related to the reporting process and support the countries in the reporting process.
We process personal data (transactional data) such as anonymized IP-address, browser version and other device information that is necessary to securely deliver web pages to your internet client. This transactional data is also processed by personnel at EEA and at CERT-EU (https://cert.europa.eu/) which provides security services for EEA. This transactional data is also available to our Internet Service Provider and our cloud provider Amazon in EU (see their privacy statement).
Who can see your personal data?
A dedicated number of authorised users within the EEA are authorised to see all history on each content to allow the team to rectify web content, contact initial contributor or roll-back to a previous version in case of need.
Personal data is not shared with third parties for direct marketing purposes.
There are no third country transfers. We store your data within the European Economic Area/European Union.
How can you access or rectify your information?
For authenticated users: if you wish to access, modify any of your personal data please log in with your EU login account and click on the profile icon in the top left navigation and modify some of your personal data.
You can receive a copy of your personal data that has been submitted to the Reportnet 3 platform by sending an email to the Reportnet Helpdesk (helpdesk@reportnet.europa.eu).
Site usage statistics and personalised experience settings
We do not store personal data in cookies. We may store your own page settings in non-personalized ways (e.g. your language settings).
By default, the browsing experience of website visitors is tracked by EEA Matomo software in order to produce anonymised statistics. For example, when you visit our website, we may collect some data on your browsing experience such as your masked IP address (anonymized by removing the last two bytes), the web page you visited, when you visited and the website page you were redirected from.
This information is used to gather aggregated and anonymous statistics with a view to improving our services and to enhance your user experience. The analytical reports generated by EEA Matomo can only be accessed by the EEA staff, other relevant EU institution staff or by duly authorised external sub-contractors, who may be required to analyse, develop and/or regularly maintain certain sites.
By default, our Matomo installation respects users’ preferences and will not track visitors which have specified "I do not want to be tracked" in their web browsers (aka "Do not track").
How long do we store your personal data?
For authenticated users: The personal data you provide in Reportnet 3 will be kept up to seven (7) years. After seven (7) years from the date that you have registered to Reportnet 3, your personal data will be anonymised and the link to your EU login account will be removed.
Additionally, you always have the right to get your account deleted from the Reportnet 3 Directory by sending an email to the Reportnet Helpdesk (helpdesk@reportnet.europa.eu).
How do we secure your personal data
Access to your personal data is subject to strict security controls like encryption and access control. We do not share your personal data with third parties without your prior consent.
The functioning of the servers and databases containing the personal data is compliant with the EEA's Information Security Policy and the provisions established by the EEA's Information Security Officer.
How to contact us and right to appeal?
You may contact the EEA’s Data Protection Officer (DPO) in case of any difficulties relating to the processing of your data at the following email address: dpo@eea.europa.eu.
You are entitled to have recourse at any time to the European Data Protection Supervisor (https://edps.europa.eu; edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the EEA.