You are here

Privacy policy for logged-in users of the website


Organizational part of the Agency entrusted with the processing of personal data

Andrew Smith, Head of Communication and Promotion Unit


Purpose of processing

The purpose of the processing operation is the creation of your account. The submitted email address and name is stored in our servers located in EU territory.


Type of data processed

Name and surname

E-mail address


Legal basis

Council Regulation (EC) No. 2062/94 of 18/07/1994 establishing the European Agency for Safety and Health at Work and subsequent amendments.


Lawfulness of processing

The processing is based on Article 5(a) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (hereinafter the Regulation).


Data recipients

Access to the personal data, by other people than the partner itself, is granted on the basis of the role and responsibilities of the subjects involved (“need to know” principle):

  • Duly appointed EU-OSHA staff
  • External provider hosting and maintaining EU-OSHA’s server

Only collaborators, contractors and Agency staff are allowed to log in, for the only purpose of working on the website.



The EU-OSHA website does not collect statistics from logged in users. However, it will set temporary session cookies whenever you visit the site. They will be deleted when you close your browser session. More cookies may be set when you log in, to avoid typing in your user name (or optionally password) on your next visit. These last up to 30 days. You may clear these cookies after use if you are using a public machine and don’t wish to expose your username to future users of the machine. (If so, clear the browser cache as well). Cookies do not contain any personal information about you and cannot be used to identify an individual user.

This website uses Matomo, a software to generate web statistics, that is entirely hosted in EU-OSHA’s servers, located in the European Union. Matomo will store cookies in your computer, but no personal data will be collected. An anonymous ID will enable Matomo to identify your session, but this ID is meaningless to anybody else, and it cannot be used to identify an individual user.

If you do not want EU-OSHA to track your activity through Matomo, you can opt-out from Matomo by clicking in the box below.


The data subject’s rights

Data subjects have the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or, where applicable, the right to object to processing or the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal (Articles 17, 18, 19, 20, 22, 23 and 24 of the Regulation).

Any requests to exercise one of those rights should be directed per email to the organisational part of the Agency entrusted with the processing operation as indicated in this privacy statement, including in the subject the words “data protection”.

Data subjects’ rights can be restricted only in the cases foreseen in Art 25 of the Regulation.


Information on the conservation period of data

The data will be kept by the Agency as long as this is necessary for the creation of anonymous statistical reports.


Security measures

We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption of communication and physical security measures to guard against unauthorised access to systems where we store personal data.


Request for information

For any further information regarding the handling of their personal data, data subjects can address their request to EU-OSHA Data Protection Officer at: dpo osha [dot] europa [dot] eu .


Recourse to the EDPS

Data subjects are entitled to make recourse to the European Data Protection Supervisor: , should they consider that the processing operations do not comply with the Regulation.