Privacy statement for the ECB websites

The ECB is committed to user privacy. It only processes your personal data for the purposes described below; it does not divulge them for marketing purposes.

This privacy statement applies for all the websites we publish and make available on the internet under:

All personal information is processed in line with EU data protection law and the ECB's information technology (IT) security and confidentiality rules.

What is our legal framework?

All personal data are processed in accordance with applicable European Union data protection law, in particular Regulation (EU) 2018/1725 (‘EUDPR’).

Why do we process personal data?

Personal data are processed in order to keep track of the number of visits and visitors to the various parts of the website, manage visitor traffic and improve functionality and usability. While we collect certain information (such as IP addresses and login details) to provide and secure our services, we do not use this data to personally identify individual visitors.

Personal data are also processed for maintenance, performance, and security purposes.Some information are relevant for the technical security of our website. Myra Security GmbH, which is a Germany-based IT security provider, is responsible for the processing of limited categories of personal data (e.g. IP addresses). This is necessary for the technical security of our website.

More detailed information on Myra Security GmbH’s privacy policy can be found on Myra Security GmbH’s website.

What is the legal basis for processing your personal data?

We process your personal data because you consented to this processing by accepting the cookies of this website, in accordance with Article 5(1)(d) EUDPR, for the purposes described above. You may withdraw your consent at any time by changing your cookies preferences on our cookie policy page. All processing of your personal information will stop once you withdraw your consent; however, any processing that has already taken place remains lawful. Moreover, data processing will start again if you consent to it once again in the future.

Who is responsible for processing your personal data?

The ECB is the controller for the processing of your personal data. The Design and Digital Division and the Strategic Communication Section, both in the Directorate General Communications, and the ECB MYRA support team in the Directorate General Information Systems are responsible for this processing.

Who will be the recipients of your personal data?

The recipients of your personal data (including entities who have access to that personal data) are:

• Piano Analytics: Piano Analytics provides the ECB with deep insights into user behaviour across digital platforms, like websites, mobile apps, and other digital touchpoints. It focuses on tracking and analysing customer interactions, enabling the ECB to make data-driven decisions aimed at optimizing user experience, boosting engagement, and driving business growth.
• Myra Security GmbH: Myra is a cloud-based platform designed to enhance digital security, performance, and reliability for websites, applications, and networks. It focuses on protecting digital assets from cyber threats, optimizing web performance, and ensuring high availability, especially for businesses with high traffic and security needs.
• ECB staff members in the Directorate General Communications and the Directorate General Information Systems: specifically, the information collected by Directorate General Information Systems are only used for security purposes. Data collected by the Directorate General Communication have the improving of websites’ performance as the only scope.

What categories of personal data are collected?

Cookies

Our website uses functional, analytics, and third-party cookies.

Functional cookies are used to store user preferences, such as language selection, to enhance the user experience. Analytics cookies collect information about how you use our website and help us, for example, to understand the interests of our users and measure the effectiveness of our communications. Finally, third-party cookies are set by third-party services integrated into the website.

This is to offer you a better browsing experience.

To learn more about cookies and why do we collect them, read our cookie policy.

Log information

Servers automatically record information that your browser sends whenever you visit a website. These data are not used for performance purposes (e.g improving user experience and website performance). These data are used only in case of security incidents or for trouble-shooting but always after a request from an user. These server logs may include information such as the date and time of your visit, your IP address, browser type, browser language, browser screen size, and one or more cookies that identify your browser. Such logs are stored for a maximum of ten months and then deleted.

Personal information communicated via the website or by email

We will only collect further personal data with additional and specific consent from the user for the envisaged processing of additional categories, such as an email address if you wish to sign up to a mailing list. Information on personal data that we collect through subscription forms and dedicated privacy statements is available on the website's relevant pages.

Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

We do not foresee any transfers of your personal data to third countries or international organisations. However, your personal data might exceptionally be processed in third countries or by international organisations based on the derogations for specific situations set out in Article 50(1) EUDPR.

How long will we keep personal data?

Your personal data will be stored for a maximum of 14 months (starting from the moment from which the data is collected) before being deleted.

What are your rights?

You have the right to access your personal data and correct any data that is inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with the EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.

Who can you contact for queries or requests?

You can exercise your rights by contacting the Strategic Communication Analytics and Research team at stcanalytics@ecb.europa.eu.

You can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu for all queries relating to your personal data.

Addressing the European Data Protection Supervisor

If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.