Privacy statement on the protection of personal data in relation to the Galileo Green Lane application
All personal data are dealt with in compliance with the applicable rules on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (currently Regulation (EU) No 2018/1725).
The following data protection information notice outlines the criteria by which the EUSPA collects, manages and uses the data in relation to the Galileo Green Lane application.
Identity of controller and data protection officer:
Controller: European Union Agency for the Space Programme (EUSPA), Head of the EUSPA Market Development Department, email@example.com
DPO: European Union Agency for the Space Programme (EUSPA), Data Protection Officer; firstname.lastname@example.org
Purpose(s) of processing:
The purposes of the processing of personal data through the application are the following:
- provision of the functionalities offered by the application, specifically real-time awareness on the main European border crossings in terms of traffic and waiting time;
- fixing bugging issues related to the use of the application;
- provision of support or additional information on the Galileo Green Lane initiative
Description of the processing undertaken when using the application:
The application creates an unique application instance ID for each user, in line with the procedure recommended by Google ( https://developer.android.com/training/articles/user-data-ids#instance-ids-guids ).
The used method “UUID.randomUUID()” foresees that the running instance is globally unique. It ensures user anonymity, as it does not require any device or user specific data compared to non-resettable, device-scoped hardware IDs.
The Universally unique identifier (UUID) is generated on the first start of the application after its installation and, from that point on, each user is fully anonymised, considering that the location data collected from the device can be linked only to the UUID, not to a specific identifiable device.
Users need to allow for only one permission: to access device location
Location data is collected and used every few seconds to update the user’s position on the map. In this case the location coordinates are only stored on the application itself not on the server.
Coordinates are only sent and stored to the server in the following cases:
- In geofencing mode, once the driver enters the geofenced area (2km diameter on the border crossing) coordinates are used to calculate the delay between the outer diameter and the broader crossing point. These coordinates are sent to the server referenced with the mentioned UUID.
- In border crossing mode, coordinates are taken at the time of reporting the status on the border crossing. Data is sent to the server for statistical evaluation.
Data/Categories of data concerned:
- location data
- Universally unique identifier (UUID) allocated to each user as per the process explained above
Recipients/Categories of recipients of the data processed:
Data processors: EUSPA engages the following external contractors which are bound by personal data protection rules equal to those applying to the EUSPA:
- a limited number of staff of the EUSPA contractors (and their (sub-)contractor) in charge of the development and operation of the application;
- staff of the EUSPA contractor, including its subcontractors (i.e. sub-processors), in charge of providing cloud hosting servers;
- Bodies charged with a monitoring or inspection task in application of Union law (e.g. internal audits, Financial Irregularities Panel, European Anti-fraud Office – OLAF)
Any recipient shall be reminded of its obligation not to use the data received for other purposes than the one for which they were transmitted
Legal basis/Lawfulness of the processing:
Processing is based on the consent of the data subject (Art. 5(1)(d) of Regulation 2018/1725): data subjects unambiguously give their consent to the collection and processing of their personal data, when opening the application for the first time.
Considering that the location data is collected from the terminal equipment of the application’s users, the provision of consent is also in line with Article 37 of Regulation (EU) 2018/1725.
Information on the storage locations and retention period of data:
Personal data is stored electronically on the servers of the EUSPA contractors. In the EU, with the exception of the EUSPA contractor in charge of providing cloud hosting servers (analysed in the section below).
Transfer of personal data to third countries:
The EUSPA contractor in charge of providing cloud hosting servers is established in the Union, however personal data may also be transferred to other entities outside the Union in the course of the service provision. In such cases, the contractor has committed contractually that potential transfers out of the Union, European Economic Area and Switzerland shall be governed by the EU Model Clauses (i.e. Standard Contractual Clauses), in accordance with Article 48(2)(b) Regulation (EU) 2018/1725.
Furthermore, the EUSPA data controller has assessed that the standard contractual clauses adopted by the Commission in conjunction with the obligations of the EUSPA contractor and/or its sub-processors under the Contract in terms of disclosure of personal data and security of processing, offer a level of protection equal to that offered within the Union.
Data deletion process:
- Data stored on the application’s server: location coordinates which are sent to the application’s server (i.e. when the application is in the geofencing and border crossing modes as explained above), are stored on the server’s database for aggregation and analysis. These data points are deleted on regular basis; specifically, location coordinates older than 7 (seven) days are deleted from the database automatically and cannot be recovered in the future.
Data stored in the application: location coordinates stored on the application on the device itself are kept only until:
- the data is sent to the application’s server (i.e. when the application is in the geofencing and border crossing modes as explained above), and/or
- the user quits the application
After either of the above eventualities, the location coordinates are automatically deleted from the user’s device.
The data subject’s rights:
- Right of access: users can obtain confirmation as to whether or not his or her personal data are being processed, access the data and obtain detailed information on the processing;
- Right to rectification: users can update, correct and complement at any time their data;
- Right to erasure: users may obtain the erasure of their personal data provided that there are grounds for the exercise of this right, as per the applicable rules (Article 19 Regulation 2018/1725);
- Right to restriction of processing: users may obtain from the EUSPA restriction of processing of their personal data provided that there are grounds for the exercise of this right, as per the applicable rules (Article 20 Regulation 2018/1725);
- Right to data portability: users may obtain their personal data, submitted to the EUSPA, in a structured, commonly used and machine-readable format and transmit them to another controller provided that there are grounds for the exercise of this right, as per the applicable rules (Article 22 Regulation 2018/1725);
- Users are entitled to lodge a complaint at any time with the European Data Protection Supervisor (http://www.edps.europa.eu; EDPS@edps.europa.eu) if they consider that their rights under the applicable rules on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data have been infringed as a result of the processing of their personal data by the EUSPA;
Users can withdraw their consent at any time before by recalling the location permission of the
Galileo Green Lane application, without this affecting the lawfulness of the processing before the
withdrawal; depending on the user’s operating system, this setting can be found as follows in:
- Android: settings →biometrics and security →app permissions →location
Any request for the exercise of any of the abovementioned rights shall be addressed to the EUSPA Market Development Department at email@example.com; users are kindly requested to describe their requests explicitly.
- Regarding the processing of your personal data: firstname.lastname@example.org citing the UUID which can be found in the “configuration section” of the app.
- Regarding the interpretation, application or breach of Regulation (EU) 2018/1725, please contact the EUSPA Data Protection Officer (DPO) at email@example.com.