Organisational part of the Agency entrusted with the processing of personal data
Head of Prevention and Research Unit (information (at) osha (dot) europa (dot) eu)
Purpose of processing
For the purpose of producing anonymous statistics on the use of this website, log files are created for each access to the website, containing the following aggregated data: total number of visits, countries of the users, duration of sessions, and the path followed by the users during the sessions.
Regulation (EU) 2019/126 of the European Parliament and of the Council of 16 January 2019 establishing the European Agency for Safety and Health at Work (EU-OSHA), and repealing Council Regulation (EC) No 2062/94.
Type of data processed
Those log files contain the following information:
- The user’s IP address
- The date and time when the user’s request to access the website reached the web server
- The requested URL
- The HTTP return code served to the requester (the user)
- The requester’s processing time
- The requester’s user agent string
This website will set temporary session cookies whenever you visit the site. These cookies are needed to allow the session, but they do not contain personal data.
This website collects web statistics with Matomo, that is entirely hosted in EU-OSHA’s servers, located in the European Union. Matomo will store cookies in your computer, but they do not contain personal data. The IP address is received by Matomo for geographical statistic purpose only (country, region and city).
If you do not want EU-OSHA to track your activity through Matomo, you can opt-out from Matomo by clicking in the box below.
Lawfulness of processing
The processing is based on Article 5.1 (a) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (hereinafter the Regulation).
Access to the personal data is granted on the basis of the role and responsibilities of the subjects involved (“need to know” principle):
- Duly appointed EU-OSHA staff
- External provider hosting EU-OSHA’s server
The data subject’s rights
Data subjects have the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or, where applicable, the right to object to processing or the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (Articles 17, 18, 19, 20, 22, 23 and 24 of the Regulation).
Any requests to exercise one of those rights should be directed per email toinformation(at)osha.europa.eu, mentioning the organisational part of the Agency entrusted with the processing operation as indicated in this data protection statement and the name of the processing operation, including in the subject the words “data protection”.
Data subjects’ rights can be restricted only in the cases foreseen in Art 25 of the Regulation.
Information on the conservation period of data
The information contained in the log files are kept for 2 years in EU-OSHA’s server hosted by an external provider located in the European Union.
Data for the creation of anonymous statistical reports will be kept for a longer period.
We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption of communication and physical security measures to guard against unauthorised access to systems where we store personal data.
Request for information
For any further information regarding the handling of their personal data, data subjects can address their request to EU-OSHA Data Protection Officer at email@example.com.
Recourse to the EDPS
Data subjects are entitled to make recourse to the European Data Protection Supervisor: http://www.edps.europa.eu, should they consider that the processing operations do not comply with the Regulation.
Date when processing starts
Date of access to the website.