Data Protection Notice – ENISA website
This notice relates to the processing of personal data by ENISA through the general ENISA website. For any other specific ENISA activity that involves the processing of personal data, specific data protection notices/privacy statements are available (please, visit ENISA’s central register for data processing activities for further information).
Your personal data shall be processed in accordance with the Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data[1].
The data controller of the processing activity is ENISA (Public Affairs Team).
The legal basis for the processing activity is article 5(1)(a) Regulation (EU) 2018/1725, as the ENISA’s website is central to the operation of the Agency. The processing of personal data is needed to support certain functions of the website.
The purpose of this processing activity is to support a) communication of any individual with ENISA through the website via website contact forms or via email; b) subscriptions to ENISA’s newsletter. In addition, necessary technical information relating to website’s visitors is processed through log files, in order to support the website’s security, on the basis of standard information security practices.
Note: Sometimes the ENISA’s website is used to provide registration of participants to specific ENISA events, such as conferences or workshops organised by the Agency. The ENISA’s website or other related portals or services (e.g. Resilience portal) may also be used for the submission of applications to participate in specific ENISA’s experts groups. Please see the specific record/privacy notice of each event or expert group for further information about the processing of personal data in this particular context.
The data processor of this processing operation is EaudeWeb SRL (https://www.eaudeweb.ro/), which provides the hosting of ENISA web site and other relevant services.
The following personal data are being processed:
- Communication via website (contact forms or email): First and last name, email address, title/subject and content of your message.
- Cookies: ENISA's website uses Matomo (https://matomo.org/), an open source web analytics service to help analyse the use of this website. For more information see our Cookies policy.
- Technical information for security purposes (log files): website visitor’s IP address, timestamp, browser string and the full request on the ENISA’s website. In case of suspicious activity (e.g. visitor's IP address has been deemed as suspicious by security company Fortinet's global sensors network), the visitor’s IP is logged in “attack logs” and the connection to the ENISA’s website is blocked.
- The newsletter function has been temporarily discontinued
Access to your data will be granted only to designated ENISA staff and designated staff of the ENISA processor. In case of contacts via the website, if the management team of the mailbox is unable to answer your question, it will forward your email to another service within ENISA. You will be informed via email about which service your question has been forwarded to. Your personal data will not be transferred to any third party. The data may also be available to EU bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, European Anti-fraud Office – OLAF).
Personal data will be kept up to a maximum period of 1 year for communication via the website. Cookies will be retained as per cookies policy. Technical information for security purposes (log files) are rotated and kept in back-up store for a period of six months. Attack logs are stored on the equipment and they last between one and two months limited by the storage space after which they are being overwritten.
You have the right of access to your personal data and to relevant information concerning how we use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. We will consider your request, take a decision and communicate it to you. If you have any queries concerning the processing of your personal data, you may address them to ENISA at info [at] enisa.europa.eu. You may also contact at any time the ENISA DPO at dataprotection [at] enisa.europa.eu.
You have the right of recourse at any time to the European Data Protection Supervisor at https://edps.europa.eu.
[1] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002.