euspa logo green lane logo
Galileo Green Lane
About FAQ Reports Privacy policy

Privacy statement on the protection of personal data in relation to the Galileo Green Lane application

All personal data are dealt with in compliance with the applicable rules on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (currently Regulation (EU) No 2018/1725).

The following data protection information notice outlines the criteria by which the EUSPA collects, manages and uses the data in relation to the Galileo Green Lane application.

Identity of controller and data protection officer:

Controller: European Union Agency for the Space Programme (EUSPA), Head of the EUSPA Market Development Department, market@euspa.europa.eu

DPO: European Union Agency for the Space Programme (EUSPA), Data Protection Officer; dpo@euspa.europa.eu

Purpose(s) of processing:

The purposes of the processing of personal data through the application are the following:

  • provision of the functionalities offered by the application, specifically real-time awareness on the main European border crossings in terms of traffic and waiting time;
  • fixing bugs and issues related to the use of the application;
  • provision of support or additional information on the Galileo Green Lane initiative

Description of the processing undertaken when using the application:

In both type of smartphones, Android and iOS, the application generates a Universally Unique Identifier (UUID) when the user approaches a border crossing, so that the information coming from a single driver can be correlated together. To protect the users’ privacy and prevent any possibility of tracking an individual, the UUID is discarded when the user leaves the border crossing area, and a new one is generated the next time he approaches a border crossing.

The UUID is generated following industry best practices, such as described in the procedure recommended by Google ( https://developer.android.com/training/articles/user-data-ids#instance-ids-guids ). It ensures user anonymity, as it does not require any device or user specific data compared to non-resettable, device-scoped hardware IDs.

Users need to allow for only one permission: to access device location (when the application is in use and in the background).

Location data is collected and used every few seconds to update the user’s position on the map. In this case the location coordinates are only stored on the application itself not on the server.

Coordinates are only sent and stored to the server when the driver enters the geo-fenced area (an area about 2 km diameter on the border crossing). coordinates are used to calculate the delay between the outer diameter and the broader crossing point. These coordinates are sent to the server referenced with the mentioned UUID.

The gathered data allows calculating the time required to cross the borders of the different Member States and neighboring countries.

Data/Categories of data concerned:

  • location data
  • Universally unique identifier (UUID) allocated to each user as per the process explained above

Recipients/Categories of recipients of the data processed:

  • Data processors: EUSPA engages the following external contractors which are bound by personal data protection rules equal to those applying to the EUSPA:
    • a limited number of staff of the EUSPA contractors (and their (sub-)contractor) in charge of the development and operation of the application;
    • staff of the EUSPA contractor, including its subcontractors (i.e. sub-processors), in charge of providing cloud hosting servers;
  • Bodies charged with a monitoring or inspection task in application of Union law (e.g. internal audits, Financial Irregularities Panel, European Anti-fraud Office – OLAF)

Any recipient shall be reminded of its obligation not to use the data received for other purposes than the one for which they were transmitted

Legal basis/Lawfulness of the processing:

Processing is based on the consent of the data subject (Art. 5(1)(d) of Regulation 2018/1725): data subjects unambiguously give their consent to the collection and processing of their personal data, when opening the application for the first time.

Considering that the location data is collected from the terminal equipment of the application’s users, the provision of consent is also in line with Article 37 of Regulation (EU) 2018/1725.

Information on the storage locations and retention period of data:

Personal data is stored electronically on the servers of the EUSPA contractors in the EU, with the exception of the EUSPA contractor in charge of providing cloud hosting servers (analysed in the section below).

Transfer of personal data to third countries:

The EUSPA contractor in charge of providing cloud hosting servers is established in the Union, however personal data may also be transferred to other entities outside the Union in the course of the service provision. In such cases, the contractor has committed contractually that potential transfers out of the Union, European Economic Area and Switzerland shall be governed by the EU Model Clauses (i.e. Standard Contractual Clauses), in accordance with Article 48(2)(b) Regulation (EU) 2018/1725.

Furthermore, the EUSPA data controller has assessed that the standard contractual clauses adopted by the Commission in conjunction with the obligations of the EUSPA contractor and/or its sub-processors under the Contract in terms of disclosure of personal data and security of processing, offer a level of protection equal to that offered within the Union.

Data deletion process:

  • Data stored on the application’s server: location coordinates which are sent to the application’s server (i.e. when the application is in the geofencing and border crossing modes as explained above), are stored on the server’s database for aggregation and analysis. These data points are deleted on regular basis; specifically, location coordinates older than 7 (seven) days are deleted from the database automatically and cannot be recovered in the future.
  • Data stored in the application: location coordinates stored on the application on the device itself are kept only until:
    • the data is sent to the application’s server (i.e. when the application is in the geofencing and border crossing modes as explained above), and/or
    • the user quits the application

After either of the above eventualities, the location coordinates are automatically deleted from the user’s device.

The data subject’s rights:

  • Right of access: users can obtain confirmation as to whether or not his or her personal data are being processed, access the data and obtain detailed information on the processing;
  • Right to rectification: users can update, correct and complement at any time their data;
  • Right to erasure: users may obtain the erasure of their personal data provided that there are grounds for the exercise of this right, as per the applicable rules (Article 19 Regulation 2018/1725);
  • Right to restriction of processing: users may obtain from the EUSPA restriction of processing of their personal data provided that there are grounds for the exercise of this right, as per the applicable rules (Article 20 Regulation 2018/1725);
  • Right to data portability: users may obtain their personal data, submitted to the EUSPA, in a structured, commonly used and machine-readable format and transmit them to another controller provided that there are grounds for the exercise of this right, as per the applicable rules (Article 22 Regulation 2018/1725);
  • Users are entitled to lodge a complaint at any time with the European Data Protection Supervisor (https://www.edps.europa.eu; EDPS@edps.europa.eu) if they consider that their rights under the applicable rules on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data have been infringed as a result of the processing of their personal data by the EUSPA;
  • Users can withdraw their consent at any time before by recalling the location permission of the Galileo Green Lane application, without this affecting the lawfulness of the processing before the withdrawal; depending on the user’s operating system, this setting can be found as follows in:
    • Android: settings →biometrics and security →app permissions →location

Any request for the exercise of any of the abovementioned rights shall be addressed to the EUSPA Market Development Department at market@euspa.europa.eu; users are kindly requested to describe their requests explicitly.

Contact information:

  • Regarding the processing of your personal data: market@euspa.europa.eu citing the UUID which can be found in the “configuration section” of the app.
  • Regarding the interpretation, application or breach of Regulation (EU) 2018/1725, please contact the EUSPA Data Protection Officer (DPO) at dpo@euspa.europa.eu.