European Migration Network Information Exchange System Terms and Conditions of Use
(valid as of 10 July 2019)
1. Scope of application and approval of the terms and conditions of use
The European Commission (hereinafter “the Commission”) owns and operates this Website and the Services on it. These terms and conditions of use are applied to the use of the European Migration Network Information Exchange System Website and all Services on it (hereinafter together referred to as “EMN IES”), unless otherwise provided. These terms and conditions of use are without prejudice to laws binding on the Commission.
By accepting these terms and conditions of use or using the EMN IES, you agree to all of these terms and conditions of use, the EMN IES Access Protocol and consent to the processing, including transmission and transfer, of certain personal data, and undertake to comply with them. If you do not accept and comply with these terms and conditions of use and the record of processing activities, you may not use the EMN IES.
2. Amendments to the Terms and Conditions of Use
The Commission reserves the right to amend these terms and conditions of use at any time. Amendments to the terms and conditions of use are published on the EMN IES, and the terms and conditions enter into force immediately after publication. By continuing the use of EMN IES, you accept the amendments to the terms and conditions of use.
3. Use of EMN IES
The EMN IES consists of various Workspaces with different purposes. EU Member State (+NO, CH) authorities and EU bodies may exchange information with one another on migration and asylum issues. Some workspaces are also open to non-governmental and non-EU bodies such as international organisations, non-governmental organisations and other service providers.
The availability of certain services on EMN IES may require registration as a user, authorisation by the user’s employing entity and validation by the Commission. All EMN IES services are free of charge. Upon registration as user, the user declares that the information they have provided is correct. If incorrect information is provided, the Commission may terminate the agreement granting access to EMN IES and block the user.
Each user has to specifically request access to the EMN IES and determine their role. All users of EMN IES use the system as an employee of an organisation and not in a personal capacity. Upon registration as a user, a personal account is created for the user and a password is needed to login to the account. User credentials shall not be disclosed to third parties. The EMN IES account is personal, and the associated right of use may not be sold, leased or otherwise transferred to a third party under any circumstances. If the user account is transferred to a third party, the Commission may terminate the agreement granting access to EMN IES, block the account and initiate legal proceedings.
The user and his or her employing entity shall be liable for losses incurred by the Commission or any other user due to misuse of EMN IES and breach of these terms and conditions of use.
The EMN IES may have special technical requirements. The user of EMN IES is responsible for ensuring the technical compatibility relating to the use of EMN IES. The Commission is not responsible for temporary obstacles or hindrances relating to the availability of EMN IES caused by technical malfunctions, other disturbances in the service or updates.
More detailed rules on access to the EMN IES and roles of different users are laid down in Annex 2.
4. Ownership of Data and user’s liability for unauthorised use
The ownership of each data entry, file or any other document uploaded to the EMN IES by a user shall continue to vest with the original owner. Users may attach additional restrictions and conditions for using information uploaded to the EMN IES by them. These restrictions and conditions shall be binding on all other users. Access to some Workspaces may be reserved for users employed by national authorities and EU institutions and agencies only. Users have the right to use for official purposes the information on the EMN IES, unless restrictions or other conditions apply.
More detailed rules on access to documents containing sensitive and restricted information are laid down in Annex 2.
Where applicable and allowed by applicable law, sensitive documents of the EU institutions may only be uploaded by the Commission or the EU agencies on EMN IES Workspaces that are reserved only for users employed by national authorities and EU institutions and agencies.
5. Processing of personal data
Personal data of users
The Commission processes and is the controller of certain personal data of users in accordance with these terms and conditions of use, the European Commission Data Protection Records Management System record, privacy statement and applicable law, notably Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC. EMN IES may use cookies.
The processing of personal data of users in EMN IES is based on point (d) of Article 5(1) of Regulation 1725/2018. Each individual user is required to give his or her consent to the processing of their personal data for the purposes listed in these terms and conditions of use. Processing of users’ personal data is further based on points (a) and (b) of Article 5(1) of Regulation 1725/2018. The basis for creating the EMN IES and processing personal data in EMN IES is laid down in Council Decision 2008/381/EC.
Personal data of users shall only be processed in EMN IES in order to provide the service, verify the identity of users, manage permissions and enable contacts between users. Mandatory user data is limited to that which is strictly necessary for these purposes as well as the visibility of those data to other users. Personal data of users processed in EMN IES shall be limited to first name, last name, e-mail address, telephone number, work address, organisation of employment and job title and log data (e.g. IP address and location, browser details, operating system, timestamps on creation of account, most recent use, and other actions within the EMN IES). The personal data of users is kept for no longer than is necessary and is deleted when the user account to which those data pertain is deleted. Certain sub-categories of log data are kept for a shorter period. All personal data of users processed in EMN IES are collected from the individual data subject users.
Users are also required to upload a scanned copy of their passport identification page in order to verify their identity and approve first time access to log on to EMN IES. The file containing the scanned copy of a user’s passport identification page shall be automatically deleted following the decision by the Commission to accept or decline the registration of the user account.
Users, including those in Member States, Schengen Associated Countries, third-countries or those operating as representatives of international organisations, in a Community can view these categories of personal data of other users in the same Community, which may constitute a transfer of personal data. By agreeing to these terms and conditions, users explicitly consent to the transmission and transfer of these personal data to other user recipients in the same Community. The transfer is also necessary for important reasons of public interest. The Commission shall inform the European Data Protection Supervisor of the application of Article 50 of Regulation 1725/2018. Transfers of personal data may moreover be covered by, in certain cases and where applicable, adequacy decisions adopted by the Commission.
If a person other than the Commission processes personal data in EMN IES, they undertake to comply with these terms and conditions of use, the European Commission Data Protection Records Management System record, the privacy statement and applicable laws.
Users have the right to request from the Commission access to and rectification or erasure of personal data or restriction of processing concerning that user. Users have the right to withdraw consent for processing their personal data. If a user exercises their right to erasure, right to restriction of processing or right to object or if a user withdraws consent to process their personal data, the user account will be disabled and all personal data will be deleted.
Third party personal data
Personal data of third parties that do not have an EMN IES user account shall only be transmitted or transferred via the EMN IES in encrypted form and by users and to users other than those employed by EU institutions. Documents possibly containing third party personal data shall be sent by the user to the intended recipient user via EMN IES for purposes determined by the user acting as controller of those data. Such encrypted data shall only be stored on the EMN IES until the recipient has downloaded the file containing the encrypted data.
The role of the Commission in processing such personal data is strictly limited to providing the secure platform for transmitting and transferring such third party personal data. The Commission shall comply with all applicable laws and not process such data for any other purpose. The Commission shall not have access to third party personal data nor can it access such data or identify a third party data subject legally or practically. The Commission shall not appoint or disclose any third party personal data to any subprocessor. The Commission ensures that persons authorised to process third party personal data have committed themselves to confidentiality.
The Commission shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and severity for the rights and freedoms of third party data subjects.
Taking into account the limited nature of the processing of third party personal data, the Commission cannot respond to requests to exercise data subject rights under the applicable EU data protection acquis.
The Commission shall notify the user controller without undue delay upon becoming aware of a third party personal data breach and provide the user controller with sufficient information to allow the user controller to meet any obligations to report or inform third party data subjects of the personal data breach.
The Commission may not transfer or authorise the transfer of third party personal data to any recipient.
The investigative powers, corrective powers, authorisation and advisory powers of the European Data Protection Supervisor are provided in Article 58 of Regulation 1725/2018. The European Data Protection Supervisor may have access to encrypted documents possibly containing third party personal data. The European Data Protection Supervisor shall not have the ability to decrypt such documents and identify third party data subjects.
6. Liability for content and limitation of liability
The Commission may update the EMN IES and create or remove functionalities at its discretion, while ensuring that Article 8(3) of the Council Decision is respected. Some of the Services or functionalities may be static and not updated at all. The Commission or other users uploading information on the EMN IES do not guarantee that the information is up to date or correct. The Commission is not liable for direct or indirect losses incurred by any user of EMN IES due to the use and application of EMN IES or its content.
The information included on EMN IES is intended to be used as is, and the Commission gives no explicit, implicit, compelling or other guarantees of their suitability for any user’s purpose. The Commission is not liable for any direct or indirect losses incurred as a result of information being uploaded on EMN IES by any user.
The Commission is not liable for the functioning of links in EMN IES to external sites, or the content of such sites and it exercises no control over the posting of such links.
The Commission may use third parties for technical development of the EMN IES.
7. Severability
If any part of these terms and conditions of use is found to be unlawful or unenforceable, said part shall be severed from these terms and conditions. All other parts shall remain in force without the severance of said part affecting them.
8. Annexes
Annexed to these terms and conditions of use are:
Annex 1: European Commission Data Protection Records Management System record
Annex 2: EMN IES Access Protocol
Annex 3: Privacy Statement