Data protection statement and Specific terms and conditions for the use of the EURES portal services for EURES Staff

This website processes personal information. The European Labour Authority(hereafter 'the Authority ') is committed to protect your personal data and to respect your privacy. The Authority collects and further processes personal data pursuant to Regulation (EU) 2018/1725¹, which is applicable to processing of personal data by European Union institutions and bodies. The information in this Data protection statement is given pursuant to Articles 15-16 of that Regulation. Regulation (EU) 2016/679, the General Data Protection Regulation is applicable for any processing of data by organisations external to the EU institutions and bodies.

This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

The Extranet section of the EURES portal is intended as a tool for internal information exchange and communication within the EURES network. Access to the Extranet is given to users that have registered and been approved as "EURES staff" on the EURES portal. All persons that are directly involved in EURES activities, in ECO, NCOs and EURES Member and Partner organisations are considered EURES staff.

Access can also be granted to other persons that in their professional capacity are associated with EURES, such as contractors providing support to EURES organisations.

Personal data will not be used for automated decision-making including profiling.

We process your personal data because:

• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body, and
• you as the data subject have given consent to the processing of your personal data for one or more specific purposes.

This is in accordance with Regulation (EU) 2018/1725 of 23 October 2018, in particular Article 5(1).

Account information

In order to create an account for EURES staff, information about the user`s name, job function, job organisation, business address, e-mail address, phone number as well as languages spoken are required. In addition, users may optionally provide a photograph and write a personal presentation.

Data is stored in the system as long as the registered user is active in the EURES network. If a user is deregistered, the data will be deleted, except information related to messages and documents posted on the Extranet and only insofar, as the information is necessary to identify the originator or sender of the message or document in question.

In line with the provisions of Article 6, 44(1) and recital 45 of Regulation (EU) 2019/1149², stipulating that ‘the Authority shall manage the European Coordination Office of EURES’, the EURES European Coordination Office (ECO) of the European network of employment services (EURES) has been transferred to the European Labour Authority.

However, according to Article 6 of Regulation 2019/1149 the Commission will continue to ensure the operation and development of IT infrastructure of the EURES portal and related IT services.

Data is stored in a database located in the Data Centre of the European Commission. Data access is protected by an authentication mechanism. The access to the service is made available through the EUROPA web servers also located in the Data Centre, where the application is hosted.

Development, support and operations of the system could be delegated to external companies or organisations acting as "processor" on behalf of the European Commission. Such processors are bound by contracts defining the terms of service, including personal data protection clauses indicating their responsibilities as provided for by Regulation (EU) 2018/1725. Functional specifications of the system, including retention time and modalities for access/rectification/blocking/erasure of personal data, are established by the controller.

Notice to the data subjects, as required by Regulation (EU) 2018/1725, is provided by the system under the responsibility of the controller through this Data protection statement, the acceptance of which is a mandatory condition to be able to create an account.

All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

Public part of the EURES portal

Users of the public part of the EURES portal can search for specific categories of EURES staff providing services to clients (i.e. only the EURES staff that have been registered with this function) using the following criteria: country, region, cross border partnership, language spoken, name.

The following information can be displayed: Name, organisation, address, telephone numbers, e-mail address and language(s) spoken. In addition, a photograph will be displayed if the registered EURES staff has provided one and not explicitly asked that the photograph should not be displayed at all or only displayed for users of the Extranet.

Names and contact details of EURES cross-border co-ordinators are also displayed in the presentation of the respective cross-border partnership.

Extranet

Registered users of the EURES Extranet can search for information on all other registered EURES actors using the same criteria as above and in addition, the type of organisation and job function.

The following information can be displayed: Name, organisation, address, telephone numbers, e-mail address and language(s) spoken. In addition a personal presentation and a photograph will be displayed if the registered user has provided them.

Apart from the public information on EURES staff and cross-border co-ordinators described above, only registered and accepted EURES Extranet actors have access to the EURES Extranet using their own password protected accounts.

By agreeing to this data protection statement the registered EURES Extranet user also provides his consent to make his data available to users of EURES Extranet in EEA Member States and Switzerland who are associated to the EURES network in compliance with Regulation (EU) 2016/589 and the Agreement between the European Community and its Member States and the Swiss Confederation³.

The EURES portal uses cookies. For all information about cookies and how to accept or refuse them see the cookie statement.

No personal information is contained in the log files of the application and we do not store any personal information outside the application.

You have specific rights as a 'data subject' under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, rectify or erase your personal data and the right to restrict the processing of your personal data. Where applicable, you also have the right to object to the processing or the right to data portability.

You have consented to provide your personal data to the Data Controller for the present processing operation. You can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 9. Contact information.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified under Heading 10. Where to find more detailed information?) in your request.

How can you verify, modify, or delete your information?

By connecting to the EURES Extranet, using the password protected personal account, registered EURES staff users can modify information about address, phone numbers, e-mail address and preferred language. The personal presentation as well as a photograph can be modified or deleted.

In order to modify other personal details, to hide information or to un-register the registered user will have to notify the administrator of the system at data-protection@ela.europa.eu

Data is periodically controlled for correctness and completeness and registered users may be asked by e-mail to update their information.

The Data Controller

The EURES Job Mobility Portal is managed by the European Coordination Office for EURES, established within European Labour Authority - Information and EURES Unit, who is the controller within the meaning of Regulation (EU) 2018/1725.

If you would like to exercise your rights under Regulation (EU) 2018/1725 or for any questions, complaints or other requests regarding the data transmitted to and processed on the EURES portal, please contact the controller at the following e-mail address: data-protection@ela.europa.eu

The Data Protection Officer (DPO) of the  Authority

You may contact the Data Protection Officer data-protection@ela.europa.eu  with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

For further information see: https://edps.europa.eu/data-protection/our-role-supervisor/complaints.

The Authority Data Protection Officer (DPO) publishes the register of all processing operations on personal data by  the Authority, which have been documented and notified to him. You may access the register via the following link: https://www.ela.europa.eu/en/eures-data-protection-register

¹Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001)

² Regulation (EU) 2019/1149 of the European Parliament and of the Council of 20 June 2019 establishing a European Labour Authority, amending Regulations (EC) No 883/2004, (EU) No 492/2011, and (EU) 2016/589 and repealing Decision (EU) 2016/344 (Text with relevance for the EEA and for Switzerland)OJ L 186, 11.7.2019, p. 21–56

³ Agreement on the free movement of persons, air and land transport, public procurement, scientific and technological cooperation, mutual recognition in relation to conformity assessment, and trade in agricultural products, Official Journal L 114, 30/04/2002.

1. In accepting these terms and conditions, EURES staff agree to use the EURES service solely to search for and contact jobseekers for the purpose of offering real and concrete jobs or assignments. EURES staff works with employers in searching for candidates for employer’s vacant positions.  Any offer of employment shall be consistent with the wishes expressed by the jobseeker in his/her profile.

EURES staff may not demand a fee or any other form of payment from jobseekers for access to information on vacancies or to obtain an employment or other contract.

The information obtained may not, under any circumstances, be used to advertise or sell services or products, or to send out labour market information or offers of a general nature, such as requests for registration of CV/Jobseeker profiles in other CV databases.

Information received from the EURES portal CV database may contain personal information which must be treated in full compliance with current legislation in force regarding protection of personal data, in particular Regulation (EU) 2016/679. All data processing instructions received together with the data, such as data retention times, restrictions on further processing etc., must be fully respected

Data that has been downloaded from the EURES portal CV database may only be stored for the time strictly necessary to contact potential candidates and to carry out the following steps in the recruitment process⁴.

If no other instructions regarding retention of data are provided together with the data received, all data must be completely erased as soon they are no longer needed for the initial purpose of finding and contacting candidates for a real and concrete job or assignment, as specified above. The data about the jobseeker can only be stored by the EURES staff for a longer period of time if the individual jobseeker has given his/her explicit consent to this.

2. Users are responsible for any activity that occurs through their account and are responsible for keeping their password secret and secure.

3. Users are not permitted to use ‘web crawling’, ‘screen scraping’ or any other automated or manual system to extract data from CVs or job vacancies in order to further process or republish the information’. Users are not allowed to take any action that imposes an unreasonable or disproportionately large load on the website or related infrastructure. Only EURES members and partner organisations, recognised by a EURES National Coordination Office, are allowed to extract data using our API or similar technologies.

4. In order to prevent abuse and other unintended usage of the service, the controller reserves the right at all times to verify the identity and other information provided by users.

5. The controller reserves the right to delete without warning any information inserted that can be regarded as unlawful, unethical or in any other way unsuitable. Likewise, any user using the EURES portal in a way judged to be inconsistent with the service's purpose may have the account closed and all data deleted. The controller accepts no liability for loss or damage resulting from such an action.

6. Non-respect of these terms and conditions or any other processing instructions from the data controller or other bodies working on behalf of the data controller may, without prejudice to any other administrative or judicial remedy, constitute an infringement of Regulation (EU) 2016/679.

7. The Data protection statement and the Specific terms and conditions may be changed from time to time. Users agree that they will be notified of such updates by a posting published for twelve weeks on the EURES portal and that their use of the portal services after the effective date of the updated terms and conditions constitutes their agreement to the updated terms. The updated terms will be effective as of the time of posting unless a later date is stated in the posting.

⁴ Accessing to CVs are limited by the decision of the EURES Coordination Group on 11 March 2021 to 100 candidate result pages, 150 details CV views and 100 CV print views per day.