Skip to main content

Privacy Policy

1. Introduction

Since 11 December 2018, the processing of an individual’s personal data by the EU institutions has been governed by Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018[1]. This regulation follows the same principles and rules as those established in the General Data Protection Regulation[2].

The information that follows is based on Articles 15 and 16 of Regulation (EU) 2018/1725.


2. Who processes your personal data?

The European Parliament is acting as the data controller[3] and the entity responsible for processing of your personal data is the Youth Outreach Unit represented by its Head of Unit.

You can contact the data controller at


3. What are the purposes of the processing of your personal data?

The European Parliament processes your personal data to organise and manage the EYE (European Youth Event). The EYE brings together at the European Parliament in Strasbourg and online thousands of young people from all over the European Union and the world, to share and shape their ideas on Europe’s future.

Event organisation

Your personal data will be processed to organise and manage the European Youth Event. The event management includes:

  • Registering to the events
  • Communication about the events (before and after the events)
  • Statistical reports


Your personal data might be processed in to inform you about future similar events or to promote events on websites or social media platforms.

Social media platforms

In order to advertise the events and inform the citizens, social media platforms will be used.

The list of the social media platforms is:

  • Facebook
  • Twitter
  • Instagram


The European Parliament may also process your personal data to organise a series of competitions intended to select a number of participants for the European Youth Event. Participation in the competitions and data collection might entail the use of the European Commission platform EU Survey.


4. What is the legal basis for the processing?

For keeping your contact details in order to invite you to future similar events and communication actions of the European Parliament, for taking and publishing photos and videos and other event material, and for collecting information about your means of transport for the calculation and offset of the carbon emissions linked to the event, the lawfulness is based on Article 5(1)(d) of the Regulation, i.e. on your consent.

For competitions and event management, Article 5(1)(c) of Regulation (EU) 2018/1725 shall apply, which states that the processing of personal data is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.

Parliament will process your personal data as necessary for the performance of the aforementioned tasks and, when applicable, only if you have unambiguously consented to the processing. Your personal data will be processed only to the extent necessary to fulfil the purposes for which it was transmitted.


5. What personal data is processed?

Event organisation

For the purpose of event registration, its management and follow-up, we process the following personal data:

  • your gender
  • first name
  • last name
  • date of birth
  • nationality ID card/passport number
  • contact details (phone number, address (street and number, postal code, town, country), email address)
  • age
  • preferred language
  • characteristics concerning special needs (disability)
  • Pictures/videos
  • Information about your transport used (for CO² carbon emissions statistics)


For the purpose of communication we process the following data:

  • Your name
  • Your surname
  • your email address
  • your social media profiles

Social media platforms

Depending of the social media platforms, we have access to different types of personal data:

  1. Provided data

Identification data: name and surname, username, user identification, geographical area, age, gender and other personal characteristics such as the marital status, nationality provided by the user to the platform. Professional and educational background: occupation, employment history, academic record etc…

  1. Observed data

Personal data available about users of social media platforms through their networks and connections: engagement, reach and sentiment, comments, shares, and other actions of users on a specific topic, networks and connections. Personal data available via audiovisual content that might be published on the social media platforms: information in or about the content provided by a user (e.g. metadata), such as the location of a photo or the date a file was created, voice recordings, video recordings, or an image of a data subject.

However, for statistical and analytical purposes, we only use aggregated data provided by the social media platforms or other dedicated statistical platforms for our accounts (number of likes, shares, comments, videos views, clicks).


For the competitions, we will collect the following information:

  • name
  • surname
  • email address
  • date of birth
  • country of origin and country of residence

If you are a competition winner, we will further collect information about

  • your country of residence
  • identification document number
  • phone number


6. For how long will your personal data be stored?

Event organisation

The personal data of participants will be retained for six months following the event. The data will be retained to allow us to communicate about any post event activities such as reporting, communicating outcomes and providing results of surveys.


The personal data will be kept until the end of this project which is six months after the event.


In the context of the competition, your personal data will be kept for the duration of the specific competition period and will then be deleted (as per terms and conditions of the specific competition). If you are a competition winner, your data will be retained for six months following the end of the European Youth Event and will then be deleted.


7. Who are the recipients of your personal data?

Your personal data can be shared with other recipient in certain situations.


Five days before the event, your personal data will be further processed by the Directorate-General for Security and Safety of the European Parliament to grant you access to the premises of the event and provide you with a specific access badge for the event (a coloured bracelet). You will find more information about the processing of your personal data for security purposes in the dedicated privacy statement.

Member of the Opinion Multiplier Group (OMG)

If you are a member of one of the groups selected under the Opinion Multiplier Group (OMG) programme, your personal data will also be further processed by the Visits and Seminars Unit of the European Parliament’s Directorate-General for Communication for the payment of the related financial contribution. You will find more information about the processing of your personal data for security purposes in the dedicated privacy statement.

Only if requested by law, or in case of an audit or judicial procedure, could your personal data be transferred to EU bodies charged with monitoring or inspection tasks in application of national or EU law (European Court of Auditors, Court of Justice of the European Union, European Data Protection Supervisor, and European Anti-Fraud Office (OLAF).


8. Will your personal data be shared with a non-EU country or international organisation?



9. Are any automated processes[4] and/or profiling[5] used to make decisions which could affect you?

No automated processes or profiling are used in this process.


10. What rights do you have?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation

(EU) 2018/1725. As regards this processing operation, you can exercise the following rights:

  • the right to access your personal data
  • the right to rectify your personal data if it is inaccurate or incomplete
  • the right to erase your personal data
  • where applicable, the right to restrict the processing of your personal data
  • the right to data portability
  • the right to object to the processing of your personal data lawfully carried out pursuant to Article 5(1)(a)

if you have provided your consent for the present processing operation, the right to withdraw it at any time by notifying the Data Controller, without affecting the lawfulness of processing based on consent before its withdrawal.

Data subjects who wish to exercise their rights under Regulation (EU) 2018/1725 can send an email to


11. Who should you contact if you have a query or complaint?

Your first point of contact is

You may contact, at any time, Parliament’s Data Protection Officer ( if you have any concerns/complaints about the processing of your personal data. Parliament’s Data Protection Officer ensures the internal application of Regulation (EU) 2018/1725. The address of the Data Protection Officer is as follows:

Data Protection Officer

European Parliament

2, rue Alcide De Gasperi

L-1615 Luxembourg

You have the right to lodge a complaint with the European Data Protection Supervisor ( at any time concerning the processing of your personal data. The European Data Protection Supervisor acts as an independent supervisory authority and ensures that all EU institutions and bodies respect people’s right to privacy when processing their personal data.


[1] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

[2] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

[3] Controller: the public authority, agency or other body which, alone or jointly with others, determines the

purposes and means of the processing of the personal data. The controller is represented by the head of the entity.

[4] Making a decision solely by automated means and without any human involvement. {Theoretical Examples: internet page where selecting certain options will automatically place you in different mailing lists via which you are sent the corresponding monthly newsletter / using an automated system to mark “Multiple Choice” test answers and assign a pass mark according to the number of correct answers}.

[5] Profiling analyses aspects of an individual’s personality, behaviour, interests and habits to make predictions or decisions about them. Used to analyse or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, etc. {Theoretical Example: when using social media tools data is collected and your trends registered. This data is then used to form new/different predictions on you.}