PROTECTION OF YOUR PERSONAL DATA

This privacy statement provides information about the processing and the protection of your personal data.

Processing operation: European Alien Species Information Network (EASIN)

Data Controller: Sustainable Resources - Nature Conservation and Observations Unit of the Joint Research Centre (JRC.D.6)

Record Reference: DPR-EC-18348

1. Introduction

The European Commission (hereafter ‘the Commission’) is committed to protect your personal data and to respect your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).
This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.
The information in relation to processing operation “European Alien Species Information Network (EASIN)” undertaken by the Nature Conservation and Observations Unit of the Joint Research Centre (JRC.D.6) is presented below.

2. Why and how do we process your personal data?

Purpose of the processing operation: JRC.D.6 collects and uses your personal information to set up the European Alien Species Information Network (EASIN). EASIN is a comprehensive platform designed for the management and monitoring of invasive alien species (IAS) in Europe. It plays a crucial role in supporting the EU Biodiversity Strategy and the implementation of the Regulation (EU) 1143/2014 (IAS Regulation). EASIN serves as a vital resource by providing information and standardized georeferenced data on alien species (AS), thereby informing policymakers, researchers, and the general public.

Data Aggregation and Tools – Documentation: EASIN compiles data from a variety of sources including scientific literature, national programs, and citizen science initiatives. This extensive database covers over 14,000 AS found in Europe. One of the platform's key features is its integration of advanced mapping and spatial analysis tools, which enable users to visualize the distribution of species at various scales. Additionally, users can access further functions and to save their queries using the EU Login system. In this context, a list of publications (e.g. scientific publication, science for policy reports, codes of conducts), displaying the authors names and affiliations of such publications, are available on the EASIN website. This processing is in line with the well-establish scientific publication conventions and open science practises, openly disseminating knowledge and ensuring visibility and accountability of publications.

Early Warning and Notification System: A critical component of EASIN is the NOTSYS, which acts as the official tool for EU Member States (MS) to notify the Commission and other MS about IAS as mandated by the IAS Regulation. This system facilitates the timely reporting of new IAS detections, eradication measures, official surveillance findings, and derogations. Access to submit notifications is restricted to authorized representatives of EU MS, who must use their EU login credentials. When providing details on the detection of IAS, authorized representatives of EU MS might provide documents containing additional personal data. However, the JRC is not responsible for the content of the information provided in NOTSYS, which is managed directly by the authorized representatives of EU MS.

Public Engagement through Citizen Science: EASIN also engages the public through citizen science projects focused on IAS in Europe. These projects allow users to report and share sightings of IAS regulated under the IAS Regulation. Users can submit their observations, which include photos, location, and date. These submissions are then validated by experts from the Joint Research Centre (JRC) or volunteer taxonomists before being added to the EASIN database. Only validated data, including species, location, date, image, abundance, and habitat, are made publicly visible.

Quality Control and Data Management: Quality control is overseen by the EASIN Editorial Board, comprising experts who review and validate user-submitted data updates. These experts access the platform using their EU login credentials, ensuring that all data added to the system meets the required standards. The full name of the members of the Editorial Board, and JRC current and former team members, together with their CVs, will be displayed on the EASIN website.

Privacy and Security: Regarding privacy, username and email addresses are processed solely for the purpose of EU-Login authentication. For more detailed information on how this is managed, one can refer to the DIGIT record DPR-EC-03187, which pertains to ‘EU Login’.

Your personal data will not be used for an automated decision-making including profiling.

3. On what legal grounds do we process your personal data

We process your personal data, because, according to Article 5(1)(a) of Regulation (EU) 2018/1725, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body. More specifically the applications were developed in context of JRC support to implementation of the Invasive Alien Species (IAS) Regulation (Regulation (EU) No 1143/2014) of which EASIN act as the official information system (Art. 25 of EU Regulation on IAS).

In addition, the basis for the processing has been laid down in the following Union law:

• The Decision (EU) 2022/591 of the European Parliament and of the Council of 6 April 2022 on a General Union Environment Action Program to 2030;
• Horizon Europe Programme
  • Regulation (EU) 2021/695 of the European Parliament and of the Council of 28 April 2021 establishing Horizon Europe – the Framework Programme for Research and Innovation, laying down its rules for participation and dissemination;
  • Council Decision (EU) 2021/764 establishing the Specific Program implementing Horizon Europe;
  • Commission Implementing Decision of 15.2.2023 (C (2023) 897 final, on the adoption of the work program of the JRC for 2023 and 2024; and
  • Commission Implementing Decision of 16.5.2025 (C(2025) 2934 on the adoption of the work programme of the Joint Research Centre for 2025, 2026 and 2027.

We also process your personal because, according to Article 5(1)(d) of Regulation (EU) 2018/1725, you have given your consent to the processing of your personal data for one or more specific purposes (publication of personal data on the EASIN website).

We do not process special categories of personal data, therefore Article 10 of Regulation (EU) 2018/1725 does not apply.

4. Which personal data do we collect and further process?

In order to carry out this processing operation JRC.D.6 collects the following categories of personal data:

• EU Login Username (including name and surname), and
• email address from all users for the authentication process.
• Additionally, for all species observations reported through the IAS applications, we collect the species location, date of observation, IAS Image, and any optional comments.
• EASIN also compiles data from a variety of sources including scientific literature, national programs, and citizen science initiatives. In this context name and surname of the authors of such publications will be made available to the EASIN users.
• On the EASIN website personal data (name, surname, picture and cv) of the EASIN Editorial Board members, and JRC current and former team members are also displayed.

The provision of your personal data is mandatory for the management of the European Alien Species Information Network.

5. How long do we keep your personal data?

JRC.D.6 only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing, namely for:

• Personal data of EASIN users (name, surname, e-mail address and username): 4 years after the last active login of the user or upon deletion request of the user.
• Authors quoted in publications: available on the EASIN website as long as relevant to the EASIN activities.
• Personal data of EASIN Editorial Board members, JRC current and former team members, and related consent form: personal data are published on the EASIN website for the duration of the data subject's collaboration with the JRC, after which only the surname of the data subject is displayed for a maximum of 6 years to acknowledge his/her contribution. Personal data can always be deleted on the website upon the request of the data subject. The consent form is kept until the need to provide for the publication of personal data on the EASIN website.

Please note that data related to species location, date of observation and IAS Image, and comment will be kept as long as the IAS Application is in use / the IAS project is active.

In particular, once the user's identification data (name, surname and email address) are deleted according to the above mentioned retention period, the additional personal data collected which includes species location, date of observation and IAS Image, comment (provided that no personal data is in the comment) will be anonymized. Once all identifying information is removed, it becomes impossible to trace any data back to an individual's identity.

6. How do we protect and safeguard your personal data?

All personal data in electronic format (name and email for authentication process (EU-Login); species location, date of observation, IAS Image, comment (optional) for all species observations reported) are stored on the servers of the European Commission. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of the General Data Protection Regulation in the EU Member States (‘GDPR’ Regulation (EU) 2016/679).

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

7. Who has access to your personal data and to whom is it disclosed?

Access to your personal data is provided to the Commission staff responsible for carrying out this processing operation and to authorised staff, including authorised experts (taxonomists) and external contractors, according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

The staff of the JRC and JRC's external service providers/contractors, who are involved in the processing operations for EASIN, have access to personal data. These are EU-Login usernames and email addresses and these individuals can access detailed species observation reports. The accessible information includes: Species location, Date of observation, IAS Image (images related to the IAS), Comments (which are optional).

Authorized taxonomists, who are responsible for validating species, also have access to the species observation data mentioned above. This access is crucial for the validation process, ensuring the accuracy of species identification within the EASIN database.

Users who are not authenticated (i.e., visitors) and use the IAS applications or EASIN can access a limited set of information through the public Geo-portal. This includes: Species Location Coordinates (general locations where species have been observed, without precise details that could compromise privacy or sensitive information), Species Names, General Images (images related to the species, which can help in identification and awareness), Pseudonymized Date of Observation (the dates when observations were made, processed in a way that protects the identity of the observers), Names and Surnames of quoted publications and relevant articles, Personal data(picture, name, surname and cv) of EASIN Editorial Board Members , and JRC current and former team members.

The information we collect will not be given to any third party, except to the extent and for the purpose we may be required to do so by law.

8. What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.

You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) of Regulation (EU) 2018/1725.

You have consented to provide your personal data to JRC.D.6 for the present processing operation. You can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 9 below.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified under Heading 10 below) in your request.

9. Contact information

The Data Controller
If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller at JRC-EASIN@ec.europa.eu.

The Data Protection Officer (DPO) of the Commission
You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

The European Data Protection Supervisor (EDPS)
You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

10. Where to find more detailed information?

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: https://ec.europa.eu/dpo-register.
This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-18348 European Alien Species Information Network (EASIN)