#HerStoryOurStory

Politique de Confidentialité

 

Table of Contents

  1. Introduction
  2. Why do we process your data?
  3. Which data do we collect and process?
  4. How long do we keep your data?
  5. How do we protect your data?
  6. Who has access to your data and to whom is it disclosed?
  7. What are your rights and how can you exercise them?
  8. Contact information
  9. Where to find more detailed information

Introduction

This privacy statement explains the reason for  the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

The European institutions are committed to protecting and respecting your privacy. As this HerStoryOurStory campaign collects and further processes personal data, Regulation (EU) 2018/1725 [1] of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, is applicable.

This statement concerns the processing of the data undertaken for the execution and follow-up of the HerStoryOurStory campaign through web and social media channels. HerStoryOurStory is a digital engagement campaign, under the EU-UN Spotlight Initiative, which aims to raise awareness about violence against women and girls. Through interactive animations, it aims to educate players about the issues and demonstrate that we can all take action to help end discrimination and violence against women and girls.

It is undertaken by European Commission Directorate-General for International Cooperation and Development, Communication and Transparency Unit. The data controller is the Head of Unit, DG DEVCO Communication.

Why and how do we process your data?

Purpose of the processing operation

European Commission Directorate-General for International Cooperation and Development, Communication and Transparency Unit (referred to hereafter as Data Controller) collects and uses your personal information to implement the HerStoryOurStory digital engagement campaign, which is designed to raise awareness of violence against women and girls and the EU-UN Spotlight Initiative, which aims to eliminate it.

The processing of personal data linked to the organisation and management of the HerStoryOurStory campaign is necessary in order to help raise awareness of the issue of violence and discrimination against women and girls, and of individual actions which can be taken to help eliminate it.

Data is collected and processed for the following specific purposes:

  • Pledge: The name of data subjects signing the online pledge will be processed in order to calculate the number of signatories to the pledge. The number of pledges received will be shared to encourage action and commitment from the online audience.

Legal basis and Lawfulness

This processing operation is lawful under Article 5, point (d) of Regulation (EU) 2018/1725.

The legal basis for such processing is consent provided via a clear, affirmative action on the part of the data subject.

In addition, the processing is necessary for the fulfillment of the European Commission’s obligation to ensure visibility of the Union’s financial support, as stipulated in Article 4(5) of Regulation (EU) No 236/2014 of the European Parliament and of the Council of 11 March 2014 laying down common rules and procedures for the implementation of the Union’s instruments for financing external action, OJ L 77, 15.3.2014.

Technical means

Data is collected automatically via the HerStoryOurStory website content management system. Data is stored electronically on the content management system and on the internal servers of the European Commission.

Data is stored electronically in the content management system of the HerStoryOurStory website. The website server is located in Amsterdam, the Netherlands, The server owner is GoDaddy.com, LLC, 14455 N. Hayden Rd., Ste. 226, Scottsdale, AZ 85260 USA. GoDaddy.com is an active participant in the Privacy Shield list: https://www.privacyshield.gov/participant?id=a2zt0000000TN9xAAG&status=Active

Data may also be stored on the servers of the European Commission.

Data subjects can download and save their avatar to their personal device(s). They may also share their avatar and pledge via their social networks. Data subjects are not obliged to perform these actions which are undertaken on a voluntary basis.

Which data do we collect and process?

The personal data collected and further processed are:

  • Pledge: Name (mandatory), email (optional/voluntary);

This website uses cookies to improve your website experience and to generate anonymous, aggregate user statistics. It uses Google Analytics to better understand website usage and traffic. When you visit the website, you are required to confirm whether you agree with the use of Google Analytics or whether you wish to opt-out. By agreeing/opting-out, a cookie will be saved onto your computer to set your preference. You can deactivate cookies at any time by configuring your web browser. You can opt-out of Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on

How long do we keep your data?

European Commission Directorate-General for International Cooperation and Development, Communication and Transparency Unit only keeps the data for the time necessary to fulfil the purpose of collection or further processing.

More specifically, data may be kept for up to 2 more years after expiry of the life-time of the EU-UN Spotlight Initiative, which the campaign is designed to raise awareness of. The EU-UN Spotlight Initiative runs from 2017-2024[2].

Data subjects will be reminded annually that they have given their consent, and of what they consented to. Data subjects will be asked to renew their consent when reminded. If data subjects do not renew their consent, their data will be deleted within 30 days. All data will be deleted at the end of the Initiative.

The data subject may request their data to be deleted at any moment by sending an email to: EUROPEAID-Webmaster@ec.europa.eu.

How do we protect your data?

All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors; the operations of which abide by the European Commission’s security decision of 16 August 2006 [C(2006) 3602] concerning the security of information systems used by the European Commission;

The Commission’s contractors and subcontractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from Regulation (EU) 2018/679).

Who has access to your data and to whom is it disclosed?

Access to your data submitted as part of the pledge is provided to staff and authorised consultants of the Data Controller and its contractor and sub-contractor, according to the “need to know” principle.

Consultants will be authorised to access your data by written agreement of the Data Controller.

Such staff, consultants, contractors and sub-contractors abide by statutory, and when required, additional confidentiality agreements.

The recipients of your data are staff and authorised consultants of the European Commission Directorate General for International Cooperation and Development and its contractor Novacomm, via Specific Contract SC131.

What are your rights and how can you exercise them?

According to Regulation (EU) 2018/1725, you are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the data controller, or in case of conflict the Data Protection Officer and if necessary the European Data Protection Supervisor using the contact information given at point 8 below and explicitly specify your request. Special attention is drawn to the consequences of a request for deletion, in which case any possibility to re-contact the data subject will be lost.

Contact information

If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:

The Data Controller:

  • European Commission Directorate General for International Cooperation and Development, Communication Unit
  • Telephone: +32 2 299 11 11
  • Email: EUROPEAID-Webmaster@ec.europa.eu.

Recourse

Remarks can be addressed to the Data Protection Officer (DPO) of the Commission: DATA-PROTECTION-OFFICER@ec.europa.eu

Complaints can be addressed to the European Data Protection Supervisor (EDPS): edps@edps.europa.eu.

Where to find more detailed information?

The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link: http://ec.europa.eu/dpo-register

This specific processing has been notified to the DPO with the following reference: DPO-4033.1.


[1]  J L 295, 21.11.2018, p. 39–98.

[2] See Commission Retention List SEC (2019) 900, ANNEX I  under point 9.4.2.