What is our legal framework?
All personal data are processed in accordance with European Union data protection law, that is to say in line with Regulation (EU) 2018/1725 (‘EUDPR’).
Why do we process personal data?
Personal data are processed for the purposes described below; it does not divulge them for marketing purposes. All personal information is processed in line with EU data protection law and the ECB's IT security and confidentiality rules.
Your personal data may enable us to improve the usability of this website by allowing it to remember choices and customisations you make during your visit, for example by storing your favourite data lists and data comparison. It also helps us to understand the interests of our users and measure the effectiveness of our disseminations and communication. In this way, we can adapt the content of our website more specifically to your needs and thereby improve the way you can find data and information on the ECB Data Portal.
What is the legal basis for processing your personal data?
Your personal data are processed by the ECB because you consented to this processing by providing the personal data requested. You may withdraw your consent at any time by contacting via the Statistical Information Request form. All processing of your personal information will stop once you withdraw your consent; however, any processing that has already taken place remains lawful.
Who is responsible for processing your personal data?
The ECB is the controller for the processing of your personal data. The ECB Data Portal administrators and staff of Directorate General Statistics are responsible for processing this data. A restricted group of ECB staff will have access to your personal data, and external agencies may also process data on behalf and under the authority of the ECB.
Who will be the recipients of your personal data?
The recipients of your personal data will be the staff of the Directorate General Statistics as well as the ECB Data Portal administrators within the Directorate General Information Systems or external agencies part of the ECB Managed Services Partners or ECB Cloud Services Partner.
What categories of personal data are collected?
The ECB may process the following personal data:
Cookies
Cookies are small bits of data sent by a website server to the browser on your computer. The browser tells the server when you next visit that particular website. Cookies help storing the user preferences, such as data comparison selections, searched items related information, preferences on displaying information.
Every 6 months we remove all first-party cookies and ask you to make your selection again. We do this to ensure that your preferences are still valid and up to date. These cookies enable us to improve the usability and performance of this website by allowing it to remember choices and customisations you make during your visit, such as your preferred language. Cookies also allow us to understand the interests of our users and measure the effectiveness of our communications. In this way, we can adapt the content of our website more specifically to your needs and thereby improve what we offer you, for example by ensuring that you can more easily find what you are looking for.
Usage analytics
Matomo, a Europe-based external contracted service, is used to obtain statistics about the usage of the website, for example aggregate statistics about the number and duration of visits, usage patterns, traffic sources, geographic location, portal language and searches/downloads performed on this website. Additionally, the service may also be used to test how to improve user experience on our website.
Data collection tracks the number of visitors to the various parts of the site, manage visitor traffic and improve functionality and usability. We do not identify individual visitors and we receive anonymised aggregate data. The following personal data may be collected, subject to user consent: online identifiers, including cookie identifiers, device identifiers; client identifiers. Refer to Matomo Cloud’s privacy policy available on the company’s website.
Other third-party cookies
Please note that the ECB Data Portal is not responsible for the privacy policies or content on third-party websites. You are therefore encouraged to review their privacy policies, when visiting these websites. Certain third-party features on our website require cookies. For example, a video player or social media content embedded in a page may set cookies. These features will be disabled if you do not accept the use of cookies.
Log information
Servers automatically record information that your browser sends whenever you visit the ECB Data Portal. These server logs may include information such as the date and time of your visit, your Internet Protocol address, the domain name, the type of browser and operating system used (if provided by the browser), the URL of the referring page (if provided by the browser), the object requested and the completion status of the request. The information the ECB Data Portal collects is only used to compile statistics, on an aggregated basis, on the usage of this site. None of this information is reviewed at an individual level, nor associated with any other personal information. Besides server logging, ECB’s Datadog platform is used as a central monitoring and observability platform for application and infrastructure logs.
User registration
Log-in registration on ECB Data websites is optional. If you choose not to register or actively provide personal information, you can still use the ECB Data Portal websites. If you decide to register on the ECB Statistical Data Portal, you will be requested to enter your email address and password. Optionally you may share the context in which you plan to use the portal, e.g. Business professional, Economic enthusiast, Journalist, Student, etc. More information such as e-mail, encrypted password or the usage context is collected and stored through ECB Data Portal login for advanced features. The log-in functionality allows you creating and managing your own personalised lists, such as favourite data lists, publications, articles, notifications or set-up a personalised dashboard.
Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?
Your personal data might exceptionally be processed in third countries/international organisations based on the derogations for specific situations set out in Article 50(1) EUDPR.
How long will the ECB keep personal data?
- Every 6 months all first-party cookies are cleaned and you will be asked to make your selection again. We do this to ensure that your preferences are still valid and up to date.
- Usage analytics Matomo has a 24-month and 14-days retention period for usage statistics data.
- Server logs are shipped to ECB’s Datadog platform. Logs in Datadog are retained in their “main” index for 15 days. General data retention periods are described here
- The ECB Data Portal log-in account will be kept for a minimum period of 2 years, depending upon the user activity. Following two years of inactivity on the ECB Data Portal account, associated lists and subscription preferences will be removed.
What are your rights?
You have the right to access your personal data and correct any data that is inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.
Who can you contact for queries or requests?
You can exercise your rights by contacting us via the Statistical Information Request form. You can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu for all queries relating to your personal data.
Addressing the European Data Protection Supervisor
If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.