Data protection notice

Last updated: 14 November 2023

The European Parliament processes your personal data to offer you the youthideas.eu online platform whereby young people can share their ideas on how to contribute to a better Europe.

We process your personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (the ‘Regulation’).

We provide you with the information that follows based on Article 15 of the Regulation.

1) Who processes your personal data (data controller)?

• The European Parliament is acting as the controller and the entity responsible for the processing is the Youth Outreach Unit of the Directorate-General for Communication of the European Parliament, represented by the Head of Unit.
• You can contact the controller at youth@ep.europa.eu or by post, in a sealed envelope, to the attention of  the Head of Unit of Youth Outreach Unit of the Directorate-General for Communication, Rue Belliard 80, 1000 Brussels, Belgium.

2) What is the purpose of the processing of your personal data?

We process your personal data for the following purposes:

• to allow you to access the website
• to provide security on the website
• to allow you to submit your ideas and comments and publish them.
• to allow the Youth Outreach Unit of the European Parliament to send you the final Youth Ideas report.
• to get in touch bilaterally with you to inform you about an infringement of the Moderation Policy or to follow-up on your input and to answer to questions sent by you to youth@ep.europa.eu. 
• In addition to the processing above, we run a statistics system that does not keep track of any personal data.

The legal basis for the processing is based on the Article 5(1)(d) of the Regulation: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

3) What personal data is processed and where did we get your personal data?

The personal data that is processed depends on the purpose:

a) To allow your navigation on the website

IP address and requests: When you access the website, our servers will receive your request and answer by sending back, to your IP address, the content requested. We keep the logs for security reasons up-to 44 days. Your computer is sharing this information when you click on links.

b) To improve our content

IP address and navigation: If you accept the cookies, we analyse the data through AT Piano Analytics. Your IP address is not saved and is immediately anonymised. The anonymisation process is not reversible. Visit Cookie management page for more information and change your cookie settings. Your computer is providing this information if you agree to it.

c) To allow you to submit ideas and publish them:

• Name: to identify you when you share your idea. We get it through the form you send ideas or comments.
• Email: to get in touch bilaterally with you to inform you about an infringement of the Moderation Policy or to follow-up on your input. And also to answer to questions sent by you to our inbox youth@ep.europa.eu. We get it through the form you send ideas or comments or if you send us an email.
• Language of this message: language of your input. It is used to provide automatic translation. We get it through the form you send ideas or comments.
• Idea proposed: where you express your personal opinion. We get it through the form you send ideas or comments.
• Timestamp: to know the moment when you shared your idea and provided your consent to the processing of your personal data. We get it automatically through the form you send ideas or comments.
• IP address: to allow your navigation and sending your ideas and comments through our website. We get it through your computer.

Important: none of your personal data (name, email, language, timestamp and IP address) will be visible for everyone on the website. On top of that,  as your idea might be merged with others before being published, you might not find it exactly as you wrote it.

d) To allow you to post comments:

• Name: to identify you when you share your idea. We get it through the form you send ideas or comments.
• Email: to get in touch bilaterally with you to inform you about an infringement of the Moderation Policy or to follow-up on your input.  And also to answer to questions sent by you to our inbox youth@ep.europa.eu. We get it through the form you send ideas or comments or if you send us an email.
• Language of this message: language of your input. It is used to provide automatic translation. We get it through the form you send ideas or comments.
• Comment shared: where you express your personal opinion. We get it through the form you send ideas or comments.
• Timestamp: to know the moment when you shared your idea and provided your consent to the processing of your personal data. We get it automatically through the form you send ideas or comments.
• IP address: to allow your navigation and sending your ideas and comments through our website. We get it through your computer.

Important: your name, comment and timestamp will be visible for everyone on the website. The rest (email, language and IP address) will not be displayed.

e) To get in touch bilaterally with you and answer your questions:

• Email address: to reply you back.
• Personal data included in your email: to personalise the reply.

We do not do any automatic decision making or profiling with your personal data to take decisions that would affect you nor share your personal information outside the EU.

f) To allow the fulfilment of administrators duties

• Working email address: to allow them to have access to the administrator area and recover their logins and password if needed.
• Logins: the name used to access the back-end
• Password: secret personal password

4) For how long will your personal data be stored?

If you are visiting the website, your data (IP address and requests) will be kept in the servers for up to 44 days for security reasons.

If you share a comment or idea, your personal data will be stored for the purposes for which they were collected until the end of the project (December 2025) or until the data subjects have requested their removal, depending on what comes first.

The information of the team behind youthideas.eu will be stored until December 2025. If one of these members leave the team before that date, their information will be deleted right away.

The personal data collected for analytics purposes is immediately anonymised and deleted to ensure your privacy.

5) Who are the recipients of your personal data (message and language)? 

The recipients of your personal data are:

• Visitors of the website: if you decide to submit a comment about an idea, your name and comment will be visible by the visitors of the website.
• Staff members of our providers: we use trustworthy processors that only process your personal data on our behalf. This means that, even if they have access to the information, only the European Parliament has the initiative for the actions to be taken and has to approve the actions from the data processors. The particular providers may be subject to change over time. Currently we work with:
  • ICF Next: framework contractor. ICF Next subcontracts Minsky. They process information of members of the EP staff and other contractors for administrative purposes. Website: https://www.icf.com/next
  • Minsky: developers (front and back-end). They developed the youthideas platform and have access to all the information. They process the information on the platform for maintenance and improvements purposes. Website: https://www.minsky.be/en
  • Level 27: hosting company. Their servers host our content and process your IP address to provide users with the content and ensure the security on the website: https://level27.be/en
  • DDMC editors: The three editors work on the ideas proposed by the users and write content for the website. Website: http://www.ddmc.eu .

6) What rights do you have and how can you exercise them?

You have the following rights:

•  Right of access to your personal data.
•  Right to rectification of your personal data.
• If applicable, Right to erasure of your personal data.
•  If applicable, Right to restriction of processing.
• If applicable, Right to data portability. 
• If applicable, Right to object to processing.
•  Right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

If you would like to exercise your rights or have questions concerning the processing of your personal data, you may address them to the data controller via the functional youth@ep.europa.eu or by post, in a sealed envelope, to the attention of  the Head of Unit of Youth Outreach Unit of the Directorate-General for Communication, Rue Belliard 80, 1000 Brussels, Belgium.

We will consider your request, take a decision and communicate it to you.

• Right to lodge a complaint: If you have any remarks or complaints regarding the way we process your personal data, you can contact the European Parliament’s data protection officer at data-protection@europarl.europa.eu.

• You have, in any case, the right to lodge a complaint with our supervisory authority, the European Data Protection Supervisor, by writing to edps@edps.europa.eu.