Privacy notice

European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) Specific Privacy Statement (SPS)

EDPB and EDPS “Europe Day” webpage

Last updated: 05/05/2021

1. Introduction
Every year, the EU institutions typically open their doors to the public for the occasion and celebrate peace and unity across the continent.

This year however, with the spread of Covid-19, the world faces a public health crisis. Therefore, the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB), like all the European Institutions, will not be able to personally showcase the work we do or interact with the public on our stand at EU Open Day as in past years. As a result, the EDPB and the EDPS decided to create a joint webpage to ensure their participation in this year’s “Europe Day”, using a storytelling platform (“Pageflow”) and the European Commission’s “Europa Analytics” corporate service.
To learn more about “Pageflow”, please visit:; to learn more about Europa Analytics, please visit:

2. What personal information do we collect, for what purpose and through which technical means?

2.1 Processed personal data
(1) Europa Analytics
• IP address (masked)
• Location: country, region, city, approximate latitude and longitude (Geolocation)
• Date and time of the request (visit to the site)
• Title of the page being viewed (Page Title)
• URL of the page being viewed (Page URL)
• URL of the page that was viewed prior to the current page (Referrer URL)
• Screen resolution of user's device
• Time in local visitor's time-zone
• Files that were clicked and downloaded (Download)
• Links to an outside domain that were clicked (Outlink)
• Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the visitor:Page speed)
• Main language of the browser being used (Accept-Language header)
• Browser version, browser plugins (PDF, Flash, Java, …) operating system version, device identifier (User-Agent header)
• Language of the visited page
• Campaigns
• Site Search
• Events

To improve the accuracy of the produced reports, information is also stored in a first-party cookie from our websites and then collected by Europa Analytics:
• Random unique Visitor ID
• Time of the first visit for the specific visitor
• Time of the previous visit for the specific visitor
• Number of visits for the specific visitor

2.2 Purpose and lawfulness of the processing
The EDPB and the EDPS are responsible for this processing operation. This processing is necessary to (1) ensure that data subjects are able to access the website; (2) Cookies (from Piwik.Pro) used by Europa Analytics enable the European Commission to track the following information about visitors. We use this information to prepare aggregated statistics reports of visitors’ activity. Said personal data is collected through cookies, to which visitors are asked to consent when they visit the “Europe Day” website. Said cookies are deployed using Europa Analytics, a tool owned and managed by the European Commission. Lawfulness is therefore ensured by compliance with article 5(1)(d) of Regulation (EU) 2018/1725 (consent).

Where the EDPB and/or the EDPS are required to keep data for the purposes of audits and investigations by relevant EU bodies, the lawfulness of said processing rests on article 5(1)(b) and (2) of Regulation (EU) 2018/1725.

Where the EDPB and/or the EDPS are required to process personal data for the purposes of requests for access to documents, in accordance with Regulation 1049/2001, or requests for data subject rights, in accordance with Regulation (EU) 2018/1725, the lawfulness of processing is ensured by compliance with articles 5(1)(a) and 5(2) of Regulation 2018/1725.

2.3 Technical means
Our common “Europe Day” page was set up through the storytelling platform “Pageflow”, which acts as a processor for data collected through EDPB / EDPS deployed cookies.

- First party cookies are cookies set by the website you’re visiting. Only that website can read them. In addition, a website might potentially use an external service to analyse how people are using their site. Europa Analytics sets their own cookie to do this and does not use external parties.

- Persistent cookies are cookies saved on your computer and are not deleted automatically when you close your browser, unlike a session cookie, which is deleted when you close your browser.

3. Who has access to your information and to whom it is disclosed?
The following entities may have access to your information:

• EDPB and EDPS staff members responsible for handling the platform, on a need to know and need to do basis;
• European Commission staff members responsible for Europa Analytics;
• Any EU entities or authorities responsible for auditing;
• The general public, in case of a request for access to documents, on the basis of the applicable exceptions.

4. How do we protect and safeguard your information?
(1) Europa Analytics

Europa Analytics uses an open-source analytics platform, Piwik.Pro, fully controlled by the European Commission. This platform enables the protection of end-user personal data thanks to features such as IP address de-identification. On top of that, the EDPS has created a feature to manage users’ consent to the collection of users’ browsing experience for anonymised statistics. It is configured to use the second level domain (used by the websites of European institutions) and to store first-party cookies.

By default, the browsing experience of our website visitors is NOT tracked by Europa Analytics. You may, though, choose to consent to contributing your browsing experience on our website for us to produce aggregated statistics. If you enable the Do Not Track option (see below for an explanation) in your web browser, we will respect your choice and your browsing experience on our website will not be tracked for our aggregated statistics.

If you have not enabled the Do Not Track option, we will prompt you a cookie banner for you to make your choice and install a cookie called “edp_cookie_agree” to keep track of your choice. If you consent to analytics, then Europa Analytics is activated and some relevant cookies loaded. You can always decide to withdraw your consent or consent again at any time.
The “edp_cookie_agree” expires after 6 months: then, if your Do Not Track option is not enabled, you will be prompted the cookie banner again to renew your choice. In case you have disabled all cookies, you will be prompted the cookie banner at each visit of our website.

All analytics data communication is encrypted via HTTPS protocol. The analytical reports generated by Europa Analytics can only be accessed through the European Commission Authentication System (ECAS) by authorised Commission staff dealing with Piwik.Pro, the relevant European institution staff or by duly authorised external sub-contractors, who may be required to analyse, develop and/or regularly maintain certain sites.

Institution, city and country of origin for statistical purposes are determined from the full IP, then stored and aggregated before a mask is applied. Europa Analytics uses an IP de-identification mechanism that automatically masks a portion of each visitor's IP (Internet Protocol), effectively making it impossible to identify a particular Europa visitor via the sole IP address.

“Do not Track” is a technology that enables visitors to opt-out from being tracked by websites for whatever purpose, including the use of analytics services, advertising networks and social platforms.
To enable the “do not track” option in your browser follow the respective link below:
Internet Explorer
Microsoft Edge

If your preferred browser is not in the above list of browsers, visit the vendor's website for more information.

EDPS Social media cookies
Visit EDPS’ social media privacy policy for more information on the way EDPS uses social media and personal data processing. This does not apply to EDPB.

(2) General organisational / technical measures

Physical access to the premises of the EDPS and EDPB is protected, and restricted to authorised personnel. Data is kept on restricted access servers, available only on need to do and need to know basis.

5. How can you verify, modify or delete your information?
You can withdraw consent at all times here AcceptRefuse.

You have the right to request from the data controller access to, rectification or erasure of your personal data, restriction of processing concerning the data subject or, where applicable, the right to data portability. Please note that the rights provided to data subjects are not absolute rights and may be subject to exceptions, which may be applied on a case-by-case basis.

Where processing of your personal data is based on article 5(1)(a) of Regulation 2018/1725, you can object to the processing of your personal data on grounds relating to your particular situation, by stating said grounds in an email sent to the controller. If the controller is not able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, the controller will remove the personal data categories indicated in section 2.1 above. The same applies to the processing for the establishment, exercise or defence of legal claims.
To exercise your rights as a data subject, see the “Contact information” section below.
6. For how long do we keep your data?
Europa Analytics automatically deletes visitors' logs after 13 months. A ggregated data are stored for an indefinite period by the European Commission for analysis purposes.

7. Time limit for addressing your data modification request
The time limit for treating the data subject’s request and modifying the database fields is one month. This period may be extended by two further months where necessary, taking into account the complexity and the number of the requests. In those cases, the controller will inform the data subject of the extension within one month of receipt of the request and will provide reasons for the delay.

8. Contact information
In case you have questions, or wish to exercise your rights as a data subject, please contact the EDPB or the EDPS, using the following contact information: or

You can also directly contact the EDPB or the EDPS Data Protection Officers, at or

9. Resources
Complaints can be addressed to the EDPS at the following address:

European Data Protection Supervisor (EDPS)
Rue Wiertz 60
B-1047 Brussels
Phone: +32 2 283 19 00

Server Logs

By visiting this website, which was built with the storytelling software "Pageflow", data is transmitted and processed in so-called "server log files":

Browser type and browser version,
Operating system used,
Referrer URL,
Host name of the accessing computer,
Time of the server request,
IP address

These files are deleted automatically after 30 days. Collecting this data guarantees a flawless performance on different devices and browsers and enables to provide the best possible media quality for each network condition. These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) GDPR. The website operator has a legitimate interest to ensure an optimized service provided free of technical errors. Therefore server log files have to be stored.

Responsible party for processing data on this website

Codevise Solutions GmbH
Deutz-Mülheimer Straße 129
D-51063 Köln
Telefon: +49 221 977 628 – 02


For entries that apply a special feature to emphasize new content since the last visit of a page, a cookie is used to enable this notification.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.