Data protection

 

Information on data protection

What is data protection?

Data protection is a fundamental right, protected not only by national legislation, but also by European Union law. At Eurofound, we are responsible for the personal data that we collect and process.

When does Eurofound process your personal data?

Eurofound may process your personal data (also known as personal information) for a number of reasons, from dealing with public requests for information, staff matters, visitor information to the handling of complaints, or simply because you submit your data when using our website, among others.

Processing of your personal data is done in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 linked below.

What types of personal data do we collect?

The personal data collected can be classified into two types.

1. Mandatory personal data: This refers to the personal data necessary for the performance of the tasks carried out in the public interest that were conferred to the Agency or for compliance with a legal obligation to which the Agency is subject to. Some examples include your name, address, your CV when applying for a job or traineeship at the Agency, or when submitting a tender linked to a published procurement procedure.

2. Non-mandatory personal data: This refers to personal data processed based on consent only. Examples include your dietary and mobility requirements when attending an event organised by the Agency, or the acceptance of cookies.

What is the purpose of the processing?

Eurofound may process your personal data for a variety of purposes, for example to carry out a selection and recruitment procedure, to send you the newsletter, to invite you to a meeting or to invite you to complete one of our surveys, among others.

All purposes of processing can be found:

What are the legal bases for which we process your personal data?

The Agency collects and processes your personal data, primarily, in compliance with Article 5.1(a), (b) and (d) of the Regulation (EU) 2018/1725:

  • for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body
  • for compliance with a legal obligation to which the Agency is subject to
  • the processing is based on consent.

In very specific circumstances, another legal basis based on Article 5 of Regulation (EU) 2018/1725 might apply.

The processing of personal data by the Agency is not only governed by Regulation (EU) 2018/1725, but also by specific legal instruments, such as implementing rules, and information is provided to you via a data protection notice.

Who has access to your personal data?

Unless otherwise stated in a specific data protection notice, access to your personal data will be given only to staff members of the Agency.

How long do we keep your data?

For each processing operation there is a defined retention period that specifies the period for which the personal data are kept. Depending on the processing operation the retention period can vary. The exact retention period is specified in the applicable data protection notice.

What are your rights when we process your personal data?

Within the limits foreseen in Regulation (EU) 2018/1725, you have the right to:

  • know when your personal information is being processed
  • have access to your personal data
  • have your personal data rectified if it is inaccurate or incomplete
  • have your data deleted
  • restrict the processing of your data
  • object to the processing of your data
  • port your data
  • not be subject to automated decisions (made solely by machines) affecting you, as defined by law.

The exercise of all these rights is free. However, where requests are manifestly unfounded or excessive, Eurofound may refuse to act on the request. Should this be the case, Eurofound will inform you accordingly.

You can send your request to Eurofound by post in a sealed envelope or send us an email: see Contacts.

Your request should contain a detailed, accurate description of the personal data you want access to.

You must provide a copy of an identification document to confirm your identity, for example, an ID card or passport. The document should contain an identification number, country of issue, period of validity, your name, address and date of birth. Any other data contained in the copy of the identification document such as a photo or any personal characteristics, may be blacked out.

Our use of the information on your identification document is strictly limited: we will only use the data to verify your identity and will not store them for longer than needed for this purpose.

In principle, we will not accept that you use other means to give evidence of your identity. Should you wish to propose alternatives, we will assess their adequacy on a case-by-case basis.

Complaint to the European Data Protection Supervisor

You also have the right to recourse to the EDPS, our supervisory authority, should you feel that Eurofound has infringed provisions of Regulation (EU) 2018/1725 when processing your personal data.

Contacts

Eurofound’s Data Protection Officer

European Data Protection Supervisor

Data Protection Officer

Wyattville Road, Loughlinstown,

Co. Dublin, D18 KP65, Ireland

Tel:(+353 1) 204 3100
Fax: (+353 1) 282 64 56 / 282 42 09

Email: DataProtectionOfficer@eurofound.europa.eu

Rue Wiertz 60
B-1047 Brussels
Belgium

Tel: (+32) 2 283 1900
Fax: (+32) 2 283 1950

Email: edps@edps.europa.eu
Website: http://www.edps.europa.eu/

Data protection notices

The following specific data protection notices apply to the processing of personal data by Eurofound.

Name of personal data processing operation / Web service

Purpose

Related document

Recruitment

Selection and recruitment of Officials, Temporary Agents (TAs), Contract Agents, SNEs and trainees.

Privacy statement [250kb pdf]

Procurement

Management and administration of the selection of experts or procurement procedures.

Privacy statement [148kb pdf]

Personal data in CVs  and Declarations of Interest (DoIs) – Management Board members

Management of conflicts of interests.

Privacy statement [177kb pdf]

Personal data in CVs – Eurofound Management Committee members

Management of conflicts of interests.

Privacy statement [197kb pdf]

Customer Relationship Management (CRM)

Personal data processed for the targeted dissemination of Eurofound research findings/data, for subscriptions, events, visits and external communication.

Privacy statement [217kb pdf]

User feeedback survey 2020 The purpose of the survey is to get stakeholders' views on Eurofound research and communication and how these can be improved in the future to best suit users' information requirements. Privacy statement  [190kb pdf]
Meetings  Privacy statement for Board meetings. Privacy statement [198kb pdf]
 Privacy statement for Advisory Committee meetings. Privacy statement [88kb pdf]
 Generic privacy statement for events (including online registration). Privacy statement [132kb pdf]
 Data protection notice for research stakeholder meetings. Privacy statement [176kb pdf]
 Disclaimer for webinars. Privacy statement [91kb pdf]
Qualitative research Data protection notice for participants in qualitative research (case studies and interviews). Privacy statement [131kb pdf]
  Participant consent form - Qualitative research (case studies and interviews). Participant consent form [252kb pdf]
Microsoft Teams Data protection notice on the use of Microsoft Teams. Privacy statement [155kb pdf]
Surveys - ECS 2020: Follow-up survey The purpose of the follow-up survey of the 4th European Company Survey is to re-contact managers across Europe (who gave their permission to be re-contacted in the survey carried out in 2019). Privacy statement, all languages [106kb pdf]
Surveys - EWCS 2021: EWCS CATI fieldwork Survey fieldwork using computer-assisted telephone interviewing. Privacy statement [142kb pdf]
Traineeships Data protection notice on the engagement of trainees. Pivacy statement [95kb pdf]
DocuSign signature Data protection notice on the use of DocuSign signature. Privacy statement [100kb pdf]
Call for academic experts for Eurofound's Advisory Committees Data protection notice on the processing of personal data provided in connection with the call for academic experts. Privacy statement [408kb pdf]
Public access to documents requests The purpose of collecting personal data is to manage the applications for public access to specific Eurofound documents.  Privacy statement [370kb pdf]
Administrative inquiries and disciplinary procedures Eurofound processes personal data for the management, administration and follow-up of administrative inquiries or disciplinary proceedings. This implies the constitution of disciplinary files (paper and electronic) and lists of open and completed cases. Privacy statement [322kb pdf]
Article 90 of the Staff Regulations requests or complaints Personal data are processed in order to establish the relevant facts and assess them from a legal point of view, in order to provide the person who submits the request/complaint with a decision on his/her complaint or request. Privacy statement [316kb pdf]
Procedures for cases of harassment Eurofound processes personal data for the purpose of conducting both formal and informal procedures under the Eurofound Decision on protecting the dignity of the person and preventing psychological or/and sexual harassment. Privacy statement [319kb pdf]
Management of personnel files The purpose of processing is to keep track of administrative status and all reports relating to the ability, efficiency and conduct of staff and any comment by staff on such documents. Privacy statement [307kb pdf]
Staff medical data Eurofound processes health data of Eurofound’s staff for preventive and occupational medical purposes. Privacy statement [500kb pdf]
Training for staff The purpose of the processing is to manage staff applications to learning and development activities as part of their career progression. Privacy statement [306kb pdf]
Whistleblowing procedures Eurofound processes personal data for the purpose of conducting whistleblowing procedures (written reports on suspicions of fraud, corruption and other serious irregularities). Privacy statement [316kb pdf]
Appraisal, promotion and reclassification exercises The purpose of the processing is to evaluate the jobholder's efficiency, competencies and conduct in the service, including in the initial phase of his/her contract and to carry out the yearly promotion and reclassification exercise. Privacy statement [308kb pdf]
Registration of visitors The purpose of the processing is to register entry and exit on-site of all Eurofound visitors for security and health and safety purposes. Privacy statement [306kb pdf]
Continuity management process In the event of a crisis, Heads of Unit (or ex-ante delegated Unit staff members) will need to be able to contact all staff, in order to ensure their security and safety as well as continuity of service. Privacy statement [310kb pdf]
Video surveillance Eurofound uses a video surveillance system with video recording (CCTV) for monitoring its premises and for guaranteeing safety, security and access control.  Privacy statement [304kb pdf]
Use of Microsoft 365 Data subjects of this processing operation include Eurofound staff members as well as any natural person whose personal data is being processed using M365 (e.g. a participant in a Teams call; an email recipient; a participant in a survey). Privacy statement [546kb pdf]
Electronic log file management The purpose of processing is to ensure that Eurofound ICT systems work the way they should and to minimize the unavailability of such systems. In particular, personal data is processed to detect and prevent attacks. Privacy statement [313kb pdf]