This notice relates to the processing of personal data by ENISA through the main ENISA website. For any other specific ENISA activity that involves the processing of personal data, specific data protection notices/privacy statements are available (please, visit ENISA’s central register for data processing activities for further information).
Your personal data shall be processed in accordance with the Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data[1].
The data controller of the processing activity is ENISA (Communications Sector).
The legal basis for the processing activity is article 5(1)(a) Regulation (EU) 2018/1725, as the ENISA’s website is central to the operation of the Agency. The processing of personal data is needed to support certain functions of the website.
The purpose of this processing activity is to support communication of any individual with ENISA through the website via website contact forms or via email. In addition, necessary technical information relating to website’s visitors is processed through log files, in order to support the website’s security, on the basis of standard information security practices.
Note: Sometimes ENISA’s website is used to provide registration of participants to specific ENISA events, such as conferences or workshops organised by the Agency. ENISA’s website or other related portals or services may also be used for the submission of applications to participate in specific ENISA’s expert groups. In such cases please refer to the specific record/privacy notice of each event or expert group for further information about the processing of personal data in this particular context.
The data processors of this processing operation are:
- Microsoft Azure providing cloud hosting services under a framework contract with the European Commission (Cloud II) to which ENISA is party.
- Bilbomatica S.A (https://www.bilbomatica.es/) and its subcontractor Syslab GmBH (https://www.syslab.com) providing web development and web hosting maintenance services under a contract with ENISA.
- Office Line S.A (https://officeline.gr/) providing cloud engineering service under a specific contract with COSMOTE S.A with which ENISA has a framework contract.
The following personal data are being processed:
- Communication via website (contact forms or email): First and last name, email address, title/subject and content of your message.
- Cookies: ENISA's website uses Matomo (https://matomo.org/), an open source web analytics service to help analyse the use of this website. Cookies are installed only upon prior consent. For more information see our Cookies policy.
- Technical information for security purposes (log files) collected by Azure and retrieved and analysed by Bilbomatica S.A: and Office Line S.A website visitor’s IP address, timestamp, browser string and the full request on the ENISA’s website.
Access to your data will be granted only to designated ENISA staff and designated staff of the ENISA processors listed above for maintenance, development and monitoring of website security, performance, load balancing etc. In case of contacts via the website, if the management team of the mailbox is unable to answer your question, it will forward your email to another service within ENISA. You will be informed via email about which service your question has been forwarded to. Your personal data will not be transferred to any third party. The data may also be available to EU bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, European Anti-fraud Office – OLAF).
Personal data will be kept up to a maximum period of 1 year for communication via the website. Cookies will be retained as per cookies policy. Technical information for security purposes (log files) are rotated and kept in back-up store for a period of six months. Attack logs are stored on the equipment and they last between one and two months limited by the storage space after which they are being overwritten.
You have the right of access to your personal data and to relevant information concerning how we use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. We will consider your request, take a decision and communicate it to you. If you have any queries concerning the processing of your personal data, you may address them to ENISA at info [at] enisa.europa.eu. You may also contact at any time the ENISA DPO at dataprotection [at] enisa.europa.eu.
You have the right of recourse at any time to the European Data Protection Supervisor at https://edps.europa.eu.
[1] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002.