Purpose of processing
For the purpose of producing anonymous statistics on the use of this website, log files are created for each access to the website, containing the following aggregated data: total number of visits, countries of the users, duration of sessions, and the path followed by the users during the sessions.
Type of data processed
Those log files contain the following information:
- The user’s IP address
- The date and time when the user’s request to access the website reached the web server
- The requested URL
- The HTTP return code served to the requester (the user)
- The requester’s processing time
- The requester’s user agent string
Council Regulation (EC) No. 2062/94 of 18/07/1994 establishing the European Agency for Safety and Health at Work and subsequent amendments.
Lawfulness of processing
The processing is based on Article 5(a) of Regulation (EC) No. 45/2001 of the European Parliament and the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (hereinafter, Regulation (EC) No. 45/2001).
Access to the personal data is granted on the basis of the role and responsibilities of the subjects involved (“need to know” principle):
- Duly appointed EU-OSHA staff
- External provider hosting EU-OSHA’s server
- Legal Service, Civil Service Tribunal, the European Data Protection Supervisor, the European Anti-Fraud Office (OLAF), the European Ombudsman, the Court of Auditors, the Internal Audit Service, if applicable
All the recipients mentioned above are bound by Regulation (EC) Nº 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. EU-OSHA will not disclose personal data to third parties. EU-OSHA will not divulge personal data for direct marketing for commercial purposes.
This website will set temporary session cookies whenever you visit the site. These cookies are needed to allow the session. They will be deleted when you close your browser session. The user’s IP address is not stored in any cookie. Cookies have a unique ID to identify the sessions which is completely anonymous for the purpose of enabling the session.
This website uses Piwik, a software to generate web statistics, that is entirely hosted in EU-OSHA’s servers, located in the European Union. Piwik will store cookies in your computer, but no personal data will be collected. An anonymous ID will enable piwik to identify your session, but this ID is meaningless to anybody else, and it cannot be used to identify an individual user.
This website uses, as well, Google Analytics, a web analytics service provided by Google, Inc. ('Google'). Google Analytics uses 'cookies', which are text files placed on your computer, to help EU-OSHA analyse how users use the website. The information generated by the cookie about your use of the website (no personal data is collected) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
The data subject’s rights
Data subjects have the right to access, rectify and block their information (in case of inaccuracy of data), request their cancellation and object about their processing on the cases foreseen in Articles 13,14,15, 16 and 18 of Regulation (EC) N. 45/2001.
Information on the conservation period of data
The information contained in the log files are kept for 2 years in EU-OSHA’s server hosted by an external provider located in the European Union. Data for the creation of anonymous statistical reports will be kept for a longer period.
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption of communication and physical security measures to guard against unauthorised access to systems where we store personal data.
Recourse to the EDPS
Data subjects are entitled to make recourse to the European Data Protection Supervisor: http://www.edps.europa.eu, should they consider that the processing operations do not comply with Regulation (EC) No. 45/2001.