The present Privacy Notice explains how the Council of Europe processes personal data on VenSite, (www.venice.coe.int) which is a website of the European Commission for Democracy through Law (a.k.a. the Venice Commission of the Council of Europe).
1. Who is responsible for data processing?
The Council of Europe is the “data controller” with respect to the processing of personal data on VenSite, which means it has the decision-making power over the data processing.
2. What data does VenSite process and for what purpose?
2.1. VenSite is publicly accessible, and does not require login. However, when a user connects to the Council of Europe website, certain information, such as the user’s Internet digital address (IP), the software s/he uses, as well as some other data are stored on the Council of Europe servers. These items do not specifically identify the user. More information on the collection and use of such data can be found in the Council of Europe data protection disclaimer.
2.2. Venice Commission liaison officers with restricted access to VenSite have an online account, which requires a login with an e-mail address and a password.
For the duration of the session, the Council of Europe stores login information in the user browser’s local storage.
2.3. Names and surnames of individual members of the Venice Commission and the position they hold are published on VenSite for the purpose of transparency. If individual members agree to make their CV public, it is also published on the site as they show the expertise of the members, which are relevant for their membership.
2.4. The Venice Commission also processes individual members’ contact details to be able to communicate with them quickly and efficiently for the purposes of its work, notably searching for rapporteurs among the members for on-going opinions.
3. What is the legal basis for the Venice Commission’s processing of personal data?
The Venice Commission processes personal data on the basis of the Revised Statute of the European Commission for Democracy through Law adopted by the Committee of Ministers on 21 February 2002 at the 784th meeting of the Ministers' Deputies (Resolution Res(2002)3) in order to carry out activities necessary for the performance of the Venice Commission’s tasks.
The legal basis for the publication on VenSite of individual members’ CVs is their consent.
4. Who has access to personal data?
Individual members’ names, surnames and the office hey hold are publicly accessible. If they agreed to their CV being published, it is also publicly accessible. Otherwise, as well as the individual members’ contact details, they are only accessible by liaison officers with restricted access to VenSite and the staff of the Venice Commission secretariat in charge of administering VenSite.
Liaison officers’ personal data used for restricted access to VenSite may only be accessed by the staff of the Venice Commission secretariat in charge of administering VenSite.
5. How do we collect and store personal data?
The individual members’ personal data we collect is provided by the Venice Commission Member States and updated by the individual members themselves. These data are stored electronically on the Council of Europe’s servers. Measures have been put in place to protect the security of personal data, including appropriate security measures to prevent personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
6. How long will personal data be stored?
Personal data of individual members is stored for the duration of their mandate and beyond for archiving purposes. In addition, the former member can decide to be a part of the Association of Former Members (AFM)
Personal data processed in order to manage liaison officers’ restricted access to VenSite is stored while the account is active.
7. Is personal data transferred to a third country?
The personal data is stored within the European Union and is not transferred to any country outside of the European Union. However, information publicly available in VenSite may be accessed from anywhere.
8. What are your data protection rights?
As a data subject, you have the right to:
- request access to your personal information held by us;
- request that we correct incomplete or inaccurate personal information that we hold about you;
- request we delete or remove your personal information when there is no valid reason for us to keep it;
- object to the processing of your personal information on specific grounds relating to your situation.
If you want to exercise the above rights, or for any queries, concerns, or requests you may have in connection with the way your data is collected and used, please contact the Council of Europe by:
- sending an email to firstname.lastname@example.org
- sending an email to the Council of Europe’s Data Protection Officer at email@example.com.