EEAS PRIVACY STATEMENT – DATA PROTECTION NOTICE

FOR THE PURPOSE OF

PROCESSING PERSONAL DATA BY THE EEAS RELATED TO THE EUVSDISINFO WEBSITE INCLUDING VISITOR FEEDBACK AND THE “DISINFORMATION REVIEW” NEWSLETTER DISTRIBUTED BY USING MAILCHIMP

 

1. INTRODUCTION

The protection of your personal data and privacy is of great importance to the European External Action Service (EEAS), including the Delegations of the European Union. You have the right under EU law to be informed when your personal data is processed [e.g. collected, used, stored] as well as about the purpose and details of that processing.

When handling personal data, we respect the principles of the Charter of Fundamental Rights of the European Union, and in particular Article 8 on data protection. Your personal data are processed in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, aligned with Regulation (EU) 2016/679, the General Data Protection Regulation. In this privacy statement you find information about how the EEAS and EU Delegations process your personal data and what rights you have as a data subject.

2. PURPOSE OF DATA PROCESSING: Why do we process your data?

The purpose of the present processing activity is to process data necessary to maintain the EUvsDisinfo website and the “Disinformation Review” newsletter developed and serviced by the EEAS East StratCom Task Force enabling to search for and inform the public about disinformation efforts targeted against the EU and its values. That processes of the personal data concern the following activities:

I. Newsletter subscription
Collecting subscriptions to and distribution of a newsletter, called “Disinformation Review” developed and serviced by the EEAS East StratCom Task Force, sent via Mailchimp to subscribers from EU institutions, EU Member State administrations and partner countries, NGO and think tank representatives, journalists and any other interested citizens, about disinformation efforts and about information appearing on the EUvsDisinfo website.

II. Newsletter content
Displaying content about disinformation on the “Disinformation Review”, newsletter developed and serviced by the EEAS East StratCom Task Force.

III. Website content
Contributing and sharing information about disinformation effort and activity directed against the EU and its values on the EU vsDisinfo website as an author.

IV. Feedback on the EUvsDisinfo website
Many web pages on Europa have a contact button, which activates your e-mail software and invites you to send your comments to a specific mailbox.
When you send such a message, your personal data is collected only to the extent necessary to reply. If the management team of the mailbox is unable to answer your question, it will forward your e-mail to another service. You will be informed, via e-mail, about which service your question has been forwarded to.
If you have any questions about the processing of your e-mail and related personal data, do not hesitate to include them in your message.

3. DATA PROCESSED: What data do we process?

The data which may be processed for that purpose are the following:

I. Data of subscribers to the “Disinformation Review” Newsletter:

  • Email address (required)
  • First name / Last name (voluntary)
  • Job title/profession (voluntary)
  • Organisation (voluntary)
  • Country (voluntary)

II. Data Of individuals appearing in the materials on the website and in the newsletters, including authors of disinformation and other materials:

  • First Name / Last Name
  • Contact data, including e-mail address
  • Information in the response and follow-up to your request
  • Content-type data that will be uploaded to the system including actions, authoring and public appearances
  • In respect of these individuals, only personal data which appear in open sources are processed, they are not intended to be specifically collected, neither to be further processed in any way.

III. / IV. Data of visitors of the website providing feedbacks via the dedicated webform or via e-mail

  • First name/ Last name
  • E-mail address
  • Comment
  • Information in the response and follow-up to your feedback.
    All fields are mandatory and the syntax of the e-mail address is being checked.

4. DATA CONTROLLER: Who is entrusted with processing your data?

The data controller determining the purpose and the means of the processing activity is the European External Action Service (EEAS). The EEAS Division entrusted with managing the personal data processing under the supervision of the Head of Division is the following organisational entity:
SG.STRAT.2 – Strategic Communication, Task Forces and Information Analysis

5. RECIPIENTS OF THE PERSONAL DATA: Who has access to your data?

The recipients of your data may be

  • EEAS assigned staff in the Strategic Communications and Information Analysis Division and the technical staff of the EEAS, including designated members of the East StratCom Task Force and staff members in charge of responding or giving follow-up to your feedback
  • For subscribers to the newsletter, processor of the data: MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, United States
  • Transfer to this U.S. processor is based on Article 50(2) d of Regulation (EU) 2018/1725. The privacy policy of Mailchimp can be found here: https://mailchimp.com/legal/privacy/.
  • Contractor of the EEAS for technical support for the management of the website is Veedoo.

In order to gather subscriber feedback about the Disinformation Review and optimise the content provided in the newsletter, email opens as well as link clicks in the emails are also tracked. Such statistics, in anonymised form, are part of the regular EEAS in-house reporting, which serves to evaluate the activity of the East Stratcom Task Force.

Please note that with respect to the tracking of email opening and link clicks, it is Mailchimp’s policy to ignore any Do Not Track signal from your device. We trust that you as a user are aware that you may be tracked in case you open e-mails and click on links. Beyond tracking of opening rates and link clicks, no additional tracking will be performed on subscribers to the Disinformation Review.
Subscribers that click on the link “view this email in your browser” in the Disinformation Review visit a Mailchimp website. This could trigger the setting of certain cookies and the use of tracking technology. Users can control the dropping of cookies through their browser settings.

Beyond the processor mentioned above, personal data is not intended to be transferred to a third country or an international organisation, except where necessary for providing access to recipients as described above. In case of international transfers appropriate safeguards are ensured in accordance with Chapter V of Regulation (EU) 2018/1725. The given information will not be communicated to third parties, except where necessary for the purposes outlined above.

6. ACCESS, RECTIFICATION AND ERASURE OF DATA: What rights do you have?

You have the right of access to your personal data and the right to correct your inaccurate, or incomplete personal data taking into account the purpose of the processing. The right of rectification can only apply to factual data processed. Under certain conditions, you have the right to ask the erasure of your personal data or restrict their use as well as to object at any time to the processing of your personal data on grounds relating to your particular situation. We will consider your request, take a decision and communicate it to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary. For more detailed legal references, you can find information in Articles 14 to 21, 23 and 24 of Regulation (EU) 2018/1725. In specific cases, restrictions under Article 25 of the Regulation may apply. If you wish to exercise your rights or have questions concerning the processing of your personal data, you may address them to the Data Controller via the functional mailbox:

[email protected]
[email protected]

7. LEGAL BASIS: On what grounds we collect your data?

Lawfulness of the processing: the processing of personal data is necessary for the performance of a task carried out in the public interest [Article 5(1)(a) of Regulation (EU) 1725/2018], as mandated by the Treaties of the European Union and the Council Decision referred to below.

Subscription to newsletters is based on consent [Article 5(1)(d) of Regulation (EU) 1725/2018].

Further legal reference:
Good administrative practices in the framework of the Treaty of Lisbon and Council Decision of 26 July 2010 establishing the organisation and functioning of the EEAS (2010/427/EU) – OJ L 201, 3/8/2010, p. 30.

8. TIME LIMIT FOR DATA STORED & SECURITY MEASURES: For what period and how we process your data?

I. Newsletter Subscription
During your subscription to Mailchimp, your data will be stored by Mailchimp, the EEAS’ service provider for the Disinformation Review. EEAS will ensure that Mailchimp does not retain your data beyond the end of your subscription to Mailchimp. For this purpose, EEAS will manually delete the data of those recipients that have unsubscribed from the Disinformation Review at regular intervals. An enquiry is foreseen to be sent 1 year after the subscription to validate the account. For further information about the retention period of data on the Mailchimp server, see Mailchimp privacy policy, point 18.
II. and III. Newsletter and Website content
Data in the articles and statements are kept while the articles have actuality but not longer that 5 years. In case of an enquiry by authorities, data subjects or other concerned individuals personal data will be preserved as long as the legal claims arising from the investigations expire or any follow-up action is due.
IV. Feedbacks from visitors of the website “EUvsDisinfo
Personal data is kept as long as it is necessary to respond to your feedback and to follow-it up.

  • Personal data may be kept for information and historical, statistical or scientific purposes for a longer period of time. Archiving shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of individuals. Reports and other material containing personal data are archived according to e-Domec policy.
  • In case of an incident, event or enquiry by authorities, data subjects or other concerned individuals’ personal data will be preserved as long as the legal claims arising from the investigations expire or any follow-up action is due. This includes pending cases, appeals and court judgments to allow for the exhaustion of all appeal and other channels of legal remedies. In any case, personal data will not be kept longer than 5 years after the judgment on the pending case is final.
  • When appropriate, personal data contained in supporting documents (such as documents created during preparation of the response) are deleted where possible, if that data is not necessary for audit, inspection or other control purposes.

Security of data kept by the EEAS: Appropriate organisational and technical measures are ensured according to Article 33 of Reg. (EU) 2018/1725. The collected personal data are stored on servers that abide by pertinent security rules. Data is processed by assigned staff members. Access to specific files requires authorisation. Measures are provided to prevent unauthorised entities from access, alteration, deletion, disclosure of data. General access to personal data is only possible to recipients with a UserID/Password. Physical copies of personal data are stored in a properly secured manner.
Security of data kept by Mailchimp:
Access to the Mailchimp application is password-protected, this ensures that no one besides the designated authorised persons in the EEAS East StratCom Task Force has access to the data on the side of the EEAS. The password is protected from disclosure as it is not stored or saved anywhere in writing. Mailchimp encrypts account passwords and therefore cannot see them.

9. EEAS DATA PROTECTION OFFICER: Any questions to the DPO?

If you have enquiries you can also contact the EEAS Data Protection Officer at [email protected].

10. RECOURSE

You have, at any time, the right to have recourse to the European Data Protection Supervisor at [email protected].

Subscribe to the DISINFO REVIEW

Your weekly update on pro-Kremlin disinformation

No, thank you.