- Information on data protection
- What is data protection?
- When does Eurofound process your personal data?
- What types of personal data do we collect?
- What is the purpose of the processing?
- What are the legal bases for which we process your personal data?
- Who has access to your personal data?
- How long do we keep your data?
- What are your rights when we process your personal data?
- Complaint to the European Data Protection Supervisor
- Data protection notices
Data protection is a fundamental right, protected not only by national legislation, but also by European Union law. At Eurofound, we are responsible for the personal data that we collect and process.
Eurofound may process your personal data (also known as personal information) for a number of reasons, from dealing with public requests for information, staff matters, visitor information to the handling of complaints, or simply because you submit your data when using our website, among others.
Processing of your personal data is done in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 linked below.
- EUR-Lex: Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data
The personal data collected can be classified into two types.
1. Mandatory personal data: This refers to the personal data necessary for the performance of the tasks carried out in the public interest that were conferred to the Agency or for compliance with a legal obligation to which the Agency is subject to. Some examples include your name, address, your CV when applying for a job or traineeship at the Agency, or when submitting a tender linked to a published procurement procedure.
- EUR-Lex: Regulation (EU) 2019/127 of the European Parliament and of the Council of 16 January 2019 establishing the European Foundation for the improvement of living and working conditions (Eurofound), and repealing Council Regulation (EEC) No 1365/75
2. Non-mandatory personal data: This refers to personal data processed based on consent only. Examples include your dietary and mobility requirements when attending an event organised by the Agency, or the acceptance of cookies.
- About us: Cookies
Eurofound may process your personal data for a variety of purposes, for example to carry out a selection and recruitment procedure, to send you the newsletter, to invite you to a meeting or to invite you to complete one of our surveys, among others.
All purposes of processing can be found:
- in our record of processing operations
- Eurofound register: Controller records November 2020 (PDF)
- below in our data protection notices
The Agency collects and processes your personal data, primarily, in compliance with Article 5.1(a), (b) and (d) of the Regulation (EU) 2018/1725:
- for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body
- for compliance with a legal obligation to which the Agency is subject to
- the processing is based on consent.
In very specific circumstances, another legal basis based on Article 5 of Regulation (EU) 2018/1725 might apply.
The processing of personal data by the Agency is not only governed by Regulation (EU) 2018/1725, but also by specific legal instruments, such as implementing rules, and information is provided to you via a data protection notice.
Unless otherwise stated in a specific data protection notice, access to your personal data will be given only to staff members of the Agency.
For each processing operation there is a defined retention period that specifies the period for which the personal data are kept. Depending on the processing operation the retention period can vary. The exact retention period is specified in the applicable data protection notice.
Within the limits foreseen in Regulation (EU) 2018/1725, you have the right to:
- know when your personal information is being processed
- have access to your personal data
- have your personal data rectified if it is inaccurate or incomplete
- have your data deleted
- restrict the processing of your data
- object to the processing of your data
- port your data
- not be subject to automated decisions (made solely by machines) affecting you, as defined by law.
The exercise of all these rights is free. However, where requests are manifestly unfounded or excessive, Eurofound may refuse to act on the request. Should this be the case, Eurofound will inform you accordingly.
You can send your request to Eurofound by post in a sealed envelope or send us an email: see Contacts.
Your request should contain a detailed, accurate description of the personal data you want access to.
You must provide a copy of an identification document to confirm your identity, for example, an ID card or passport. The document should contain an identification number, country of issue, period of validity, your name, address and date of birth. Any other data contained in the copy of the identification document such as a photo or any personal characteristics, may be blacked out.
Our use of the information on your identification document is strictly limited: we will only use the data to verify your identity and will not store them for longer than needed for this purpose.
In principle, we will not accept that you use other means to give evidence of your identity. Should you wish to propose alternatives, we will assess their adequacy on a case-by-case basis.
You also have the right to recourse to the EDPS, our supervisory authority, should you feel that Eurofound has infringed provisions of Regulation (EU) 2018/1725 when processing your personal data.
- European Data Protection Supervisor: Complaints
Eurofound’s Data Protection Officer
European Data Protection Supervisor
Data Protection Officer
Wyattville Road, Loughlinstown,
Co. Dublin, D18 KP65, Ireland
Tel:(+353 1) 204 3100
Rue Wiertz 60
Tel: (+32) 2 283 1900
The following specific data protection notices apply to the processing of personal data by Eurofound.
Name of personal data processing operation / Web service
Selection and recruitment of Officials, Temporary Agents (TAs), Contract Agents, SNEs and trainees.
Management and administration of the selection of experts or procurement procedures.
Personal data in CVs and Declarations of Interest (DoIs) – Management Board members
Management of conflicts of interests.
Personal data in CVs – Eurofound Management Committee members
Management of conflicts of interests.
Customer Relationship Management (CRM)
Personal data processed for the targeted dissemination of Eurofound research findings/data, for subscriptions, events, visits and external communication.
|User feeedback survey 2020||The purpose of the survey is to get stakeholders' views on Eurofound research and communication and how these can be improved in the future to best suit users' information requirements.||Privacy statement [190kb pdf]|
|Meetings|| Privacy statement for Board meetings.||Privacy statement [198kb pdf]|
| Privacy statement for Advisory Committee meetings.||Privacy statement [88kb pdf]|
| Generic privacy statement for events (including online registration).||Privacy statement [132kb pdf]|
| Data protection notice for research stakeholder meetings.||Privacy statement [176kb pdf]|
| Disclaimer for webinars.||Privacy statement [91kb pdf]|
|Qualitative research||Data protection notice for participants in qualitative research (case studies and interviews).||Privacy statement [131kb pdf]|
|Participant consent form - Qualitative research (case studies and interviews).||Participant consent form [252kb pdf]|
|Microsoft Teams||Data protection notice on the use of Microsoft Teams.||Privacy statement [155kb pdf]|
|Surveys - ECS 2020: Follow-up survey||The purpose of the follow-up survey of the 4th European Company Survey is to re-contact managers across Europe (who gave their permission to be re-contacted in the survey carried out in 2019).||Privacy statement, all languages [106kb pdf]|
|Surveys - EWCS 2021: EWCS CATI fieldwork||Survey fieldwork using computer-assisted telephone interviewing.||Privacy statement [142kb pdf]|
|Traineeships||Data protection notice on the engagement of trainees.||Pivacy statement [95kb pdf]|
|DocuSign signature||Data protection notice on the use of DocuSign signature.||Privacy statement [100kb pdf]|
|Call for academic experts for Eurofound's Advisory Committees||Data protection notice on the processing of personal data provided in connection with the call for academic experts.||Privacy statement [408kb pdf]|
|Public access to documents requests||The purpose of collecting personal data is to manage the applications for public access to specific Eurofound documents.||Privacy statement [370kb pdf]|
|Administrative inquiries and disciplinary procedures||Eurofound processes personal data for the management, administration and follow-up of administrative inquiries or disciplinary proceedings. This implies the constitution of disciplinary files (paper and electronic) and lists of open and completed cases.||Privacy statement [322kb pdf]|
|Article 90 of the Staff Regulations requests or complaints||Personal data are processed in order to establish the relevant facts and assess them from a legal point of view, in order to provide the person who submits the request/complaint with a decision on his/her complaint or request.||Privacy statement [316kb pdf]|
|Procedures for cases of harassment||Eurofound processes personal data for the purpose of conducting both formal and informal procedures under the Eurofound Decision on protecting the dignity of the person and preventing psychological or/and sexual harassment.||Privacy statement [319kb pdf]|
|Management of personnel files||The purpose of processing is to keep track of administrative status and all reports relating to the ability, efficiency and conduct of staff and any comment by staff on such documents.||Privacy statement [307kb pdf]|
|Staff medical data||Eurofound processes health data of Eurofound’s staff for preventive and occupational medical purposes.||Privacy statement [500kb pdf]|
|Training for staff||The purpose of the processing is to manage staff applications to learning and development activities as part of their career progression.||Privacy statement [306kb pdf]|
|Whistleblowing procedures||Eurofound processes personal data for the purpose of conducting whistleblowing procedures (written reports on suspicions of fraud, corruption and other serious irregularities).||Privacy statement [316kb pdf]|
|Appraisal, promotion and reclassification exercises||The purpose of the processing is to evaluate the jobholder's efficiency, competencies and conduct in the service, including in the initial phase of his/her contract and to carry out the yearly promotion and reclassification exercise.||Privacy statement [308kb pdf]|
|Registration of visitors||The purpose of the processing is to register entry and exit on-site of all Eurofound visitors for security and health and safety purposes.||Privacy statement [306kb pdf]|
|Continuity management process||In the event of a crisis, Heads of Unit (or ex-ante delegated Unit staff members) will need to be able to contact all staff, in order to ensure their security and safety as well as continuity of service.||Privacy statement [310kb pdf]|
|Video surveillance||Eurofound uses a video surveillance system with video recording (CCTV) for monitoring its premises and for guaranteeing safety, security and access control.||Privacy statement [304kb pdf]|
|Use of Microsoft 365||Data subjects of this processing operation include Eurofound staff members as well as any natural person whose personal data is being processed using M365 (e.g. a participant in a Teams call; an email recipient; a participant in a survey).||Privacy statement [546kb pdf]|
|Electronic log file management||The purpose of processing is to ensure that Eurofound ICT systems work the way they should and to minimize the unavailability of such systems. In particular, personal data is processed to detect and prevent attacks.||Privacy statement [313kb pdf]|
|Attendance of Eurofound's staff||The purpose of processing is necessary for a sound and efficient handling of staff members’ rights and entitlements.||Privacy statement [119kb pdf]|
|Contact details of journalists||The purpose of processing is to collect, maintain and update contact information and subscription preferences of journalists, in order to regularly inform them about Eurofound's work.||Privacy statement [68kb pdf]|
|Use of SYSPER 2||SYSPER 2 is used to support the management of the main Human Resources processes and to ensure that personal data is kept adequate, is traceable and rapidly retrievable.||Privacy statement [87kb pdf]|
|Eurofound's library catalogue||Personal data of staff members is processed to manage access to a cloud-based knowledge repository, including basic library loan management functionality to deal with the circulation of print books.||Privacy statement [114kb pdf]|
|Processing of personal data in Eurofound’s website and
|The purpose of processing is to ensure that Eurofound’s website functions properly, as well as to provide access to services hosted on Eurofound's website (i.e. subscriptions to key topics, CRM subscription management, subscription to forthcoming publications).||Privacy statement [118kb pdf]|
|Events organised by Eurofound||The purpose of processing is to organise events: register individuals at events; organise travel, transfers, hotel bookings and meals; reimburse travel related expenses; take photos and videos at selected events; maintain an events database; organise visits to Eurofound’s premises.||Privacy statement [98kb pdf]|
|Eurofound’s Content Management System (website)||The CMS is used for the management of internal publishing workflows and interactions with contractors as well as stakeholders.||Privacy statement [125kb pdf]|