Privacy Notices

eu-LISA is committed to user privacy

We understand that you are aware of and care about your personal privacy interests, and we take that seriously. The processing of an individual's personal data carried out by the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) is performed in compliance with Regulation (EU) 2018/1725 on the protection of personal data by the European Union's institutions and bodies.

This Notice describes eu-LISA's policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and we will update this Notice as we undertake new personal data practices or adopt new privacy policies.

You can browse the eu-LISA website without having to give any information about yourself. However, in some cases, personal information is required in order to provide the e-services you request.

Pages that require such information are setup according to the policy described in Regulation (EU) 2018/1725,  and provide information about the use of your data in their specific privacy notices:

• For each specific e-service, a controller determines the purposes and means of processing personal data and ensures conformity of the specific e-service with the privacy policy;

• Within eu-LISA the Data Protection Officer ensures that the provisions of the Regulation are applied and advises controllers on fulfilling their obligations (see Article 45 of  Regulation (EU) 2018/1725);

• For all the European Institutions, the European Data Protection Supervisor (EDPS) will act as an independent supervisory authority (see Articles 52 to 58 of  Regulation (EU) 2018/1725);

You can find a collection of privacy notices for each specific processing operation listed below.

• Privacy notices relating to recruitment:

  • Recruitment of Temporary and contract agents
    

  • Recruitment of Seconded national experts (SNE's)

  • Recruitment of Interns

  • Remote testing of candidates at the Agency

  • Online Interview

• Privacy notices relating to events:

  • Organisation of External Events

  • Organisation of Internal Events
    

  • eu-LISA Annual Conference
    

  • eu-LISA Industry Rountable Event

  • Large meetings via videoconferencing tool at the Agency

  • Videoconferencing tool

  • Speech-to-text tool

• Privacy notice relating to Training to Member States

• Privacy notices relating to the eu-LISA premises:

  • Access to eu-LISA premises

  • Operation of video-surveillance (CCTV) in the Agency

  • Contractor security requirements at the Agency

  • Using the Condeco workplace optimisation solution at the Agency

  • Remote access of ICT Services (VPN)
    

  • Using the Regula Document Reader at the Agency
    

• Privacy notices relating to internal management:

  • The use of SYSPER2 in Human Resources Management at the Agency

  • Headquarters and Seat Agreements – Data exchange

  • The management of missions at the Agency

  • The enrolment for Qualified Digital Signature at the Agency
    

  • CBS System Solution testing tools
    

  • KNOM Navigator tool
    

  • CSI Register
    

  • Whistleblowing
    

  • Health and Safety accidents and incidents register
    

  • Manual Contact Tracing
    

  • eu-LISA's  Transparency Register
    

  • Administrative inquiries, pre-disciplinary, disciplinary and/or suspension proceedings
    

  • Timesheets for shift workers
    

• Privacy notice relating to the selection of experts and procurement procedures

• Privacy notices relating to apps and/ or online tools:

  • Personnel Administration Feedback Survey
    

  • creating and managing surveys

  • external users of Planview ProjectPlace

  • eu-LISA Data Protection (DPO) learning app

  • external sFTP service
    

  • Privacy notices related to testing activities
    

• Privacy notice relating to public access to documents

eu-LISA's website provides links to third-party sites. Since eu-LISA does not control these sites, it encourages you to review these site's own privacy policies.

What is an e-service?

An e-service, on this website, is a service or resource made available on the internet in order to improve communication between eu-LISA and both citizens and businesses.

Three types of e-services are or may be offered by eu-LISA:

• information services that provide users with easy and effective access to information, thus increasing transparency and understanding of the Agency's activities;

• interactive communication services that allow better contacts with citizens, business, civil society and public actors, thus facilitating consultations and feedback mechanisms, in order to contribute to the shaping of eu-LISA's policies, activities and services;

• Transaction services that allow access to all basic forms of transactions with eu-LISA such as procurement, financial operations, recruitment, event registration, etc.

In order to make this website work optimally, eu-LISA uses cookies to help analyse the use of its website. You can read our cookies' policy here.

Information contained in a specific privacy statement

A specific privacy policy statement will contain the following information about the use of your data:

• Who will control what information is collected, for what purpose, on which legal basis and through which technical means. eu-LISA collects personal information to the extent necessary to achieve a specific purpose exclusively. The information will not be re-used for an incompatible purpose;

• To whom is your information disclosed? eu-LISA will only disclose information to third parties if that is necessary for the fulfilment of the purpose(s) identified above and to the mentioned (categories of) recipients specified within the privacy notice. eu-LISA will not divulge or use your personal data for direct marketing purposes;

• How you can access your information, verify its accuracy and, if necessary, correct it? As a data subject you also have the right to object to the processing or erasure of your personal data on legitimate compelling grounds, except when they are collected in order to comply with a legal obligation, or are necessary for the performance of a contract to which you are a party, or are to be used for a purpose for which you have given your unambiguous consent;

• How long is your data kept? eu-LISA only keeps the data for the period necessary to fulfil the purpose for which it was collected or for further processing, this is stated in the privacy notices;  

• Whom to contact if you have queries or complaints.
  

Who should you contact for more information on data protection at eu-LISA

eu-LISA's website is managed by the Agency's communication team for which the controller is the Head of General Coordination Unit. They can be contacted at the following e-mail address: [email protected]

eu-LISA has an appointed Data Protection Officer for you to contact if you have any questions or concerns about eu-LISA's personal data policies and procedures.

The eu-LISA DPO contact information is the following:

eu-LISA
Vesilennuki 5
10415 Tallinn, Estonia
[email protected]

Further information can be found on the Data Protection Officer page.

The European Data Protection Supervisor (EDPS) is an independent supervisory authority responsible for monitoring and ensuring the application of data protection rules by European Community institutions and bodies, including eu-LISA to whom you may also contact ([email protected] ). The EDPS is empowered to hear and investigate complaints and to conduct inquiries, including on his or her own initiative. If a breach of data protection rules is found to have occurred, the EDPS may exercise the powers assigned to him under Article 58 of  Regulation (EU) 2018/1725.