1. Context and Controller
As part of the Corporate Department at Eurojust, the Corporate Communications Unit (CCU) is responsible to manage the Eurojust website.
The website is a key element of Eurojust’s external communication, and serves as sharing information in an easily accessible format to a wide range of audiences, wherever they are in the world. The Eurojust website also fulfils key compliance roles in communicating Eurojust’s activities to European citizens. This is in accordance to strategic objectives of promoting Eurojust visibility and branding as described on the Action Plan on External Communication, and Eurojust’s Multiannual strategy for 2019 – 2021.
Collection and processing of personal data within CCU are under the responsibility of the Controller, who is the Head of CCU, and can be reached at the address DP_comms@eurojust.europa.eu.
2. What personal information do we collect, for what purpose, on which legal basis and through which technical means?
Types of personal data
By default, the cookies Eurojust website uses to track the following information about the website visitors: Eurojust uses cookies called 'first-party persistent cookies' from Europa Analytics, a service provided by the European Commission. Every website hosted by DIGIT with an europa.eu domain is bound to the use of the Europa Analytics services.
First party cookies are cookies set by the visited website. Only that website can read them. In addition, a website might potentially use an external service to analyse how people are using their site. Europa Analytics sets its own cookie to do this and does not use external parties.
Persistent cookies are cookies saved on a user’s computer that are not deleted automatically when the user closes the browser, unlike a session cookie, which is deleted in that case. They expire after 13 months, after which they are actually removed from the device.
These cookies collect the information below which Eurojust uses to prepare aggregated, anonymous statistics reports of visitors’ activity:
- IP address (masked)
- Geolocation: country, region, city, approximate latitude and longitude
- Date and time of the request (visit to the site)
- Page title: title of the page being viewed
- Page URL: URL of the page being viewed
- Referrer URL: URL of the page that was viewed prior to the current page
- Screen resolution of user's device
- Time in local visitor's time-zone
- Download: files that were clicked and downloaded
- Outlink: links to an outside domain that were clicked
- Pages generation time: the time it takes for webpages to be generated by the webserver and then downloaded by the visitor (page speed)
- Accept-Language header: main language of the browser being used
- User-Agent header: browser version, browser plugins (PDF, Flash, Java, etc.), operating system version, device identifier
- Language of the visited page
- Campaigns
- Site Search
- Events
To improve the accuracy of the produced reports, information is also stored in a first-party cookie from Eurojust’s website and then collected by Europa Analytics:
- Random unique Visitor ID
- Time of the first visit for the specific visitor
- Time of the previous visit for the specific visitor
- Number of visits for the specific visitor
Additionally, a random identifier is generated by Matomo, an open source data analytics tool which is managed by Europa Analytics, under DIGIT. The identifier generated by Matomo enables Europa Analytics to identify when a user returns to the site.
For more information on cookies, please visit the Europa Web Guide of the European Commission.
For the purpose of the security of the Eurojust website and to ensure that this service remains available to all users, all network traffic is monitored to identify unauthorised attempts to upload or change information or otherwise cause damage or conduct criminal activity. To protect the Eurojust website and the IT systems supporting it from unauthorised use and to ensure that the systems are functioning properly, individuals using this computer system are subject to having all of their activities monitored by personnel authorised to do so by Eurojust. This information is kept for three years. Eurojust will forward all evidence of criminal activity conducted on the Eurojust website to the appropriate authorities.
Purpose of the processing
The Eurojust website is used to meet one of the following purposes:
- To promote Eurojust work and visibility as part of the Eurojust External Communication Action Plan and the Multiannual Strategy 2019-2021, by:
- fostering an understanding of Eurojust's contribution to making the EU safer and to mobilise more support for the EU in general and for JHA cooperation in particular
- building trust and engagement, encouraging case referrals to Eurojust and information sharing with Eurojust.
- To comply with statutory requirements on good administrative principles;
- To enable citizens and stakeholders to contact Eurojust;
Legal basis
The processing of data by CCU is subject to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, more specifically rec. (22) stating that processing of personal data for the performance of tasks carried out in the public interest by the Union institutions and bodies includes the processing of personal data necessary for the management and functioning of those institutions and bodies.
Data collected using cookies will be only processed on the basis of your consent. However, you always have an option to refuse the cookies on our website. Please note that you have the right to withdraw your consent at any time. To do that, please delete the cookies from your web browser.
Users can delete all cookies from their device. They can also set most web browsers to prevent cookies from being placed. However, it may be necessary to manually adjust some preferences every time the user visits a site, and some services and functionalities may not work. For more information, see AboutCookies.org.
Do Not Track is a technology that enables visitors to opt-out from being tracked by websites for whatever purpose, including the use of analytics services, advertising networks and social platforms. You can enable the 'Do not track' option directly in your web browser. Do Not Track is supported by the following browsers:
- Firefox
- Internet Explorer
- Edge
- Chrome
- Safari
- Opera
Europa Analytics will not track users who have enabled this option in their web browsers.
Technical means
The EJ Website is hosted on a cloud based hosting solution provided by the EU Commission where the data is stored on AWS (Amazon Web Services) cloud and is managed by the Commission (DIGIT).
All analytics data communication is encrypted via HTTPS protocol. The analytical reports generated by Europa Analytics can only be accessed through the European Commission Authentication System (ECAS) by authorised Commission staff dealing with Europa Analytics, the relevant European institution staff or by duly authorised external sub-contractors, who may be required to analyse, develop and/or regularly maintain certain sites.
3. Who has access to your personal data and to whom is it disclosed?
For the purposes detailed above in section 2, access to your personal data is only possible for the authorised staff members working at Corporate Communications Unit, Information Management Unit and specific staff members working at European Commission – DG DIGIT, based on the SLA with DIGIT (website hosting).
4. How do we protect and safeguard your information?
To protect your personal data, a number of technical and organisational measures have been put in place. Eurojust has put in place, based on a Risk Assessment, appropriate security measures to ensure confidentiality.
Concerning unauthorised access to equipment and data, Eurojust's secure premises are protected by Eurojust-specific physical security measures. Administrative measures include the obligation for all authorised personnel having access to personal data stored on Eurojust servers to be security screened or sign a confidentiality agreement, and for service providers maintaining the equipment and systems to be individually security cleared and to have signed non-disclosure and confidentiality agreements.
5. How long do we keep your personal data?
Data from cookies - Europa Analytics automatically deletes visitors' logs after 13 months. Anonymized and aggregated data are stored for an indefinite period by the European Commission for analysis purposes.
The data collected in relation to security measures is kept for three years. The workflow on the security measures and how to report incidents is included in the Questionnaire filled in by DIGIT in the ICT Security documents section.
6. How can you verify, modify or delete your information?
You have the right to access, rectify or erase or restrict the processing of your personal data or, where applicable, the right to object to processing or the right to data portability in line with Regulation (EU) 2018/1725.
Any such request should be directed to the Controller, by using the following email address: DP_comms@eurojust.europa.eu.
7. Contact information
In case of queries regarding the processing of personal data, Eurojust Data Protection Officer can be contacted via email address: dpo@eurojust.europa.eu.
8. Recourse
You have the right of recourse to the European Data Protection Supervisor (EDPS) via email: edps@edps.europa.eu or following the link: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en.