Introduction
Under the Connecting Europe Facility (CEF), the European University Institute, Athens Technology Center, Aarhus University and Pagella Politica created a consortium for the establishment of the European Digital Media Observatory (EDMO).
The establishment of the European Digital Media Observatory is based on the Service Contract LC-01464044 with the European Commission that runs until 30 November 2022. While under this contract, the European Commission is data controller, the European Digital Media Observatory acts in full independence (more info on its governance can be found here).
Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC applies to the EDMO data processing activities.
The data protection policy described below applies to (1) the EDMO website; (2) the relevant EDMO activities; and (3) a specific session refers to the EDMO Secure Online Collaborative Platform (hereinafter referred to as “EDMO Platform”).
The partners of the EDMO consortium are dedicated to respecting the data protection of the users of the EDMO website and of the EDMO platform as well as of the participants of the EDMO activities and events. The policy below describes how the partners of the EDMO consortium collect, manage and use the data provided by users, and how users can exercise their rights. Data might be shared among the EDMO consortium members and sub-contractors and external collaborators for the sole purpose of guaranteeing the full implementation of the EDMO activities. Any sub-contractor and/or external collaborator of the members of the EDMO consortium that will collaborate on the development of the EDMO activities will implement this data protection policy.
The European Commission’s Head of Unit Media Convergence and Social Media, Directorate-General for Communications Networks, Content and Technology acts as the Data Controller. The European University Institute is the first contact point for any queries regarding the EDMO website and activities and Athens Technology Center is the first contact point for any queries related to the EDMO platform – contact details are provided below.
Cookies
To make EDMO’s website work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.
What are cookies?
A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another.
How do we use cookies?
On our site, we only use a very limited number of cookies:
- User preferences: These cookies help to improve a user’s experience of a website by providing a more personalised service, without having to ask you every time again; more specifically, our portal stores a limited number of user preferences, such as language and session id.
- Analytics: We use Google Analytics (GA) to track user interaction and for statistical reasons. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Your computer’s IP address is anonymized by GA services and cannot be used to personally identify you. We consider Google to be a third party. GA makes use of cookies, details of which can be found on Google’s developer guides. For your information, our Website uses the analytics.js implementation of GA. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website. For more information you can also see the Cookie Declaration on the Cookies we use.
How to control cookies?
You can control and/or delete cookies as you wish – for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.
You reserve the right to set up your browser to warn you before accepting cookies, or you can simply set it to refuse them, although you may not have access to all the features of this website if you do so. See your browser ‘help’ button for how you can do this. You do not need to have Cookies on to use or navigate through many parts of this website. Remember that if you use different computers in different locations, you will need to ensure that each browser is adjusted to suit your Cookie preferences.
You can at any time change or withdraw your Cookies consent from the Cookie Declaration on our Website.
Security
The EDMO website and the EDMO collaborative platform are run by Athens Technology Center, that implements state-of-the-art technical and management measures to keep your personal information secure and safe from loss, damage, corruption or deletion.
Appropriate and detailed security policies, rules, and technical measures are implemented to protect your personal data that are used by the Service and are stored on the Service from improper or unauthorized access, including use of firewalls where appropriate.
All employees and data processors, who have access to and are associated with the processing of personal data, are obliged to respect the confidentiality of your personal data. The ATC Data Protection Officer ensures that all processes are fully compliant with the GDPR provisions.
Changes within this privacy policy
Any and all changes to this privacy policy will be posted on this webpage and will take effect upon their publication. A dedicated notice on the website will be produced and subscribers to the EDMO newsletter and registered participants to EDMO events will be notified by email. If you have any questions or concerns about this privacy policy, please contact edmo@eui.eu
Contacting EDMO
For any questions related to the EDMO website and activities policy, you can contact us:
via email: edmodp@eui.eu
via post:
Paula Gori
European University Institute
Via dei Roccettini 9
50014 San Domenico di Fiesole, Firenze
Italy
via telephone:
+39 055 4686545
Please be informed that your requests might be shared for action with the other partners of the EDMO consortium.
For any questions related to the EDMO Online Secure Collaborative Platform policy, you can contact:
Danae Tsabouraki
Athens Technology Center
10 Rizariou street, Chalandri, 15233, Greece
d.tsabouraki@atc.gr
If required, we will transfer your questions to the contracting authority:
via email:
CNECT-DATA-PROTECTION-COORDINATOR@ec.europa.eu
via post:
European Commission
Directorate-General Communications Networks, Content and Technology
Unit I4: Media Convergence and Social Media
CNECT-I4@ec.europa.eu
Information collection EDMO website, events and overall EDMO activities
In order to implement the EDMO activities and to best serve citizens, users might be asked to submit some personal information when participating in specific activities.
Information access
Users can access, edit or delete their information at any time, by contacting the dedicated email address.
Use of collected information
Personal information will be collected for a specific purpose and will be respectively used to:
- When the purpose is the organisation and management of events: personal information will be collected and processed for the organization of offline and online events (this also includes application to be selected to participate in training activities). A specific privacy statement will be accessible by users for any event.
- When the purpose is to create multi-media material: photos, videos, voice-recordings, biographies can be collected and published upon consent of the data subject.
- When the purpose is to collect subscriptions to the EDMO newsletter and other EDMO outreach activities: personal information will be collected in order to provide subscribers with the services they subscribed to. For more information consult the dedicated Privacy Statement.
- When the purpose is the collaboration with EDMO: any third party interested in collaborating with EDMO can express their interest by filling-in and submitting the collaboration form accessible on the EDMO website. Personal data is collected for the purpose of evaluating and potentially further developing a collaboration.
- When the purpose is the creation, update and management of the EDMO repositories: EDMO sets-up and hosts repositories with media literacy material and policies, online fact-checks, scientific articles, policy papers as well as mapping exercises. For this purpose, the EDMO consortium members create specific databases that can also include relevant personal data.
- When the purpose is conducting research and policy analysis: EDMO will collect and process personal data that will be used to produce relevant research and policy analysis.
- When the purpose is gathering information via consultations and surveys: EDMO opens public consultations and anonymous surveys to gather feedback from the relevant stakeholder community and from citizens (including follow-up surveys of events). Relevant personal data to gather this feedback will be gathered and processed.
- When the purpose is opening, selecting and managing calls for research proposals and access to data for research purposes: EDMO opens calls to collect and select research proposals that will get access to specific data of online platforms. Gathering and processing of personal data will be needed.
- When the purpose is providing, improving, testing, and monitoring the effectiveness of EDMO’s website and platform and provide user support.
- When the purpose is to allow and facilitate monitoring and analysis of the EDMO activities.
Access to this information is strictly limited to the four members of the EDMO Consortium (and when relevant to the sub-contractors and external collaborators as approved by the European Commission) and the European Commission. The transfer of specific data to other third parties can be permitted under the specific authorisation of the Data Controller; in accordance with applicable data protection law. Whenever possible, data will be processed in an anonymous way. The EDMO consortium partners and the European Commission will not divulge your personal data for direct marketing purposes to third parties.
The EDMO consortium partners and the European Commission will have access to provided account information and can modify and/or delete information as needed to maintain the integrity of the user database or to ensure the proper implementation of the EDMO activities.
Information collection EDMO Secure Collaborative Platform
EDMO’s platform enables users to collect and process User Generated Content (UGC) across different social media platforms and to collaborate with other platform users by collecting, sharing, and commenting on publicly available information. In this context, besides the data collected from platform users by EDMO, EDMO also processes Personal Data on behalf of platform users as their Data Processor, such as content generated or published via the supported social media platforms, in accordance with the instructions platform users give (including, for example, the information users monitor or collect from social media websites like Twitter and Facebook through the platform). Section A below details information about the data collected from platform users by EDMO, while Section B details information about the data collected from other social media users by EDMO’s platform users.
A. Personal data controlled by EDMO
The first level of data processing activities concerns the personal data of EDMO’s platform users that are collected and processed for the purpose of operating the platform and providing the service. More specifically, the collected data belongs to the following categories:
i) Profile data
When a user registers to Truly Media they need to provide the following data:
- Name;
- Email;
- Organization;
- Department;
- Role;
- Expertise;
- Office phone number;
- Twitter profile image;
- Twitter handle.
ii) Data from direct communications with EDMO
Depending on the purpose of communication, when platform users communicate with ATC through direct email, we might collect the following data:
- Name;
- Organisation;
- Email;
- Other information the user prompting the communication may share with us.
iii) Information on how users use the EDMO platform
When users access the platform, we collect certain information in the background in order to optimize and improve our service, as well as for security reasons. This includes:
- Browser type;
- Log data;
- Logins;
- Time stamps;
- IP address.
iv) Login data
The EDMO platform uses Twitter login for the authorization of users. Users therefore give us permission to access data about them via Twitter. We do not store or otherwise access their Twitter credentials (username and password).
Upon registration to the platform via the users’ Twitter account, we only store the following Twitter data belonging to each user:
- Twitter ID;
- Twitter Handle;
- Profile picture;
- Twitter Name.
v) Data provided by other platform users
Other users of the platform may provide us with data about users belonging to the same organisation in certain cases, namely when they request us to add another individual as a user to the platform. Users may also be mentioned by other users in notes and comments that were added or in support conversations with our team.
B. Personal data controlled by the user and processed by EDMO
Our users determine the purposes and means in relation to how social media content is collected and used by them. In legal terms this means that in these cases the users are the Data Controllers of their Social Media Content. Accordingly, the platform processes social media content to provide the services to the users. The type and scope of data obtained from social media platforms depend on the type of the Application Programming Interfaces (APIs) and permissions granted by the respective social media networks and on the permissions to process social media content and data granted to the platform by the users, where applicable.
Below are the most typical examples of data that may be collected by platform users about social media platform users:
- User generated content (such as posts, comments, pages, profiles, images or feeds) including its metadata (such as time and location of post or comment if publicly accessible);
- Contact details (such as name, email address, telephone number) if made public by the user.
We only process data that the social network users made available to the general public, pursuant to the relevant social media platforms’ terms, and that are generally accessible via the social network APIs, or data that our users grant us permission to access.
C. About the purposes for which your data will be processed
EDMO processes your personal data to deliver you the services offered through the EDMO platform. Specifically, we may use information we receive to:
- Create your account;
- Help you efficiently access your information after you sign in;
- Allow you to connect and collaborate with other users of the platform;
- Remember information so you will not have to re-enter it during your visit or the next time you visit the platform;
- Provide, improve, test, and monitor the effectiveness of our service;
- Communicate with you;
- Provide user support services (receive and respond to user feedback, provide technical support, etc.);
- Diagnose or fix technical problems.
D. When we may share your personal data
Except as provided in this Policy, we will never use the provided personal data for any other purpose than to enable the use of the platform by you.
We may only share information we have collected about you:
(1) where we are legally required to do so, such as in response to court orders or legal processes, or to establish, protect, or exercise our legal rights;
(2) we may also disclose information to our sub-contractors and service providers in order to facilitate the operability and functioning of the platform. We work with third-party service providers for hosting the service. If EDMO transfers your personal data to a service provider in order to fulfill a task, we will make sure that the service provider only processes the data based on our instructions and by guaranteeing the same safeguards as we do. To this effect, we have bound our data processors with data processing agreements concluded pursuant to Article 28 of the GDPR. In cases where third-party service providers are used, we have ensured that – even when these providers reside outside of the EEA – all data is stored in servers located in the EEA and there is no data transfer outside the EEA.
The following third-party contractors are used for the operation of EDMO’s platform:
- Amazon Web Services (Amazon S3), Inc., P.O. Box 81226, Seattle, WA 98108-1226; used for object storage.
- Salesforce.com, Inc., The Landmark at One Market, Suite 300, San Francisco, CA 94105, United States; used for application back-end hosting.
- MongoDB, Inc., 660 York St, Ste 101, San Francisco, CA 94110, United States; used as project database.
- Mailgun Technologies, Inc., 548 Market St. #43099, San Francisco, CA 94104, United States; used as a mail server.
E. Information other platform users can see about you
EDMO’s platform fosters collaboration among users working for the same or different organizations. Users of the platform are thus able to connect with each other and collaborate if they wish to. For this purpose, when you set up an account, certain information you provide in your profile details is also visible to other platform users, and in particular:
- Name;
- Organization;
- Department;
- Expertise;
- Twitter profile image;
- Twitter handle.
Length of data storage
Personal data will not be stored by the EDMO consortium partners or the European Commission in a form allowing the identification of the users for longer than two years after the expiration of the Service Contract (any potential extension will be published on the EDMO website). In any case, data subjects may contact the European University Institute, and, with regard to the EDMO collaborative platform, Athens Technology Center, as indicated above to ask for the deletion of their personal data.
Your rights as Data Subject with respect to your Personal Data
You have a number of important rights free of charge. In summary, those include rights to:
Right of access:
You have the right to be aware and verify the legitimate nature of the processing. So, you have the right to access your personal data and receive additional information about how we process it.
Right to rectification:
You have the right to study, correct, update or modify your personal data by contacting EDMO at edmodp@eui.eu.
Right to erasure (Right to be forgotten):
You have the right to request deletion of your personal data when we process it on your consent or in order to protect our legitimate interests. In all other cases (such as, where there is a contract, obligation to process personal data legally required, or public interest), this right is subject to specific restrictions or shall not exist, as the case may be.
Right to restriction of processing:
You have the right to request a restriction of the processing of your personal data in the following cases: (a) when the accuracy of the personal data is contested and until the accuracy is verified (b) when you oppose the deletion of your personal data and request the restriction of their use instead, c) when personal data are not needed for processing purposes, they are however required for the establishment, exercise, or defense of legal claims, and (d) when you object to the processing and the decision on your objection to processing is pending.
Right to object to processing:
You have the right to object at any time to the processing of your personal data where, as described above, the processing is based on the legitimate interests we pursue as data controllers, as well as, for the purposes of direct marketing and consumer profiling, if applicable.
Right to data portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them with commonly used editing methods. You also have the right to ask us, in case it is technically feasible, to transmit the data directly to another controller. Your right to do so exists for the data you have provided to us and is processed by automated means based on your consent or for the execution of a relevant contract.
Right to withdraw your consent:
In cases where processing is based on your consent, you have the right to withdraw it without affecting the lawfulness of processing based on consent prior to its withdrawal.
If you would like to exercise any of those rights, please:
- contact us using our contact details above,
- let us have enough information to identify you,
- let us have proof of your identity and address, and
- let us know the information to which your request relates.