• Introduction
• Intranet for all staff
• Setting up & maintaining a site
• Architecture
• Presentation
• Informatics technology
• Multilingualism
• Accessibility
• Interactivity
• Legal notice and notice on editorial policy
• Quality control
• Toolbox
• Updates
• IPG in PDF
• Annex 1- IntraComm transfers
• Annex 2 - Metadata
• Annex 3 - Privacy Statement

Annex 3 - Privacy Statement for a specific e-service

1. The Specific e-Service

This section will give a general description of the service offered



2. What personal information do we collect, for what purpose and through which technical means?

Identification Data

This section will describe in detail all personal data that is collected by the service and explains why it is collected. Examples are identification data of the person (name, address, …), preferred language, professional occupation, etc. For each information item it should be indicated whether its input is mandatory or optional. If there exists a legal basis for the collection of personal data, it should be mentioned.
Additional information of a personal nature in relation to the service
This section will list all the possible additional information of a personal nature that the service collects and how it relates to the service offered. As an example, a mailing list service may inquire about the domains of interest of the person in order to send focused newsletters.

Technical information

This section will explain what technical means are used to allow the service to work correctly. Examples are cookies, log-records, technical comments, etc. It must clearly be explained

• why these techniques are used,
• which options the user has (to accept or reject the use of them),
• what are the consequences of the user's choice.

3. Who has access to your information and to whom is it disclosed?

This section will explain who has access to the personal information that a user has provided and how it is processed. It is not necessary to give a list of individual names, a general reference to the services concerned is acceptable. Please bear in mind that access to personal data should be limited to only those who need to know (not for an incompatible purpose). If the information collected is passed on to third parties, it must be explained under which circumstances (not for an incompatible purpose and not for direct marketing) and constraints this will happen. In particular, the user should keep the possibility to object to it on-line, at any time and in an easy manner.
Please bear in mind that the absence of any information will be considered as the controller undertaking not to communicate the information collected.
The EU should not share data with third party for direct marketing.
This section will furthermore explain the purpose of the data collection.



4. How do we protect and safeguard your information?

This section will explain on a general way the measures taken to protect the data given by the user against possible misuse by internal or external persons, companies or services. It will describe the protection mechanisms (password protection, encryption, use of certificates, …) used while storing or transmitting the information. Please bear in mind that the protection mechanisms must follow the rules described in Regulation 45/2001, in particular articles 22 and 23.



5. How can you verify, modify or delete your information ?

This section will explain how the user can have access to his/her data and how he or she can modify or even completely delete it (if the processing is unlawful). It should also specify any delay necessary for processing the requested modification.
If necessary, particular attention must be drawn to the impact that certain modification requests may have. For example, in case of use of a central register the user should be warned that a request for deletion of his personal data may have unwanted side-effects such as the deletion of services other than the one in question.



6. How long do we keep your data ?

This section will explain how long the personal data provided by the user is kept in the service's database. In particular it will indicate any automatic removal of the data (e.g. after a given time) or any temporary preservation of it following a request for removal (e.g. in order to avoid mistakes).
This section should also indicate the lifetime of any technical information stored either on the user's equipment or on the server.



7. Contact Information

This section will indicate how the user may ask questions or post complaints about the service with respect to the use of his/her personal information. A precise indication of the identity and the contact address of the responsible person or service (i.e. the controller, see art. 2, litt. d of the above Regulation) must be given. Reference must be made to the general privacy statement for an explanation on the possibilities of appeal in case of conflict.