EMA collects personal data from users visiting this website. These data include IP addresses and visitor logs. EMA processes the personal data in line with EU law.
For details on how EMA handles your data in relation to other activities, see our full list of data protection notices:
EMA only collects your personal data to the extent necessary to perform its tasks in the public interest and to make this website work properly.
EMA collects personal data in accordance with the regulations found in the 'Related EU legislation' section on this page.
You have the right to object to the processing as explained below.
EMA collects and shares personal data to ensure a secure connection between your device and the server.
EMA shares your IP address (internet protocol address) or device ID (such as your IMEI number or WiFi MAC address) with the European Commission's Directorate-General for Digital Services (DIGIT).
DIGIT is responsible for managing the European Commission’s computer and network infrastructure.
Sharing your IP address or device ID with DIGIT protects the integrity of the network. The IP address may be specific to your device or to your internet service provider. This depends on a configuration beyond the control of EMA.
DIGIT also processes your IP address that Europa Analytics then uses anonymously to track your user behaviour as a user of this website. You can withdraw your consent at any time by opting out of this website's non-essential cookies.
DIGIT performs these actions in line with the European Commission's IT security policies.
For more information, see:
EMA is ultimately responsible for complying with your data protection rights and freedoms.
EMA’s Head of Stakeholders and Communication acts as internal controller, ensuring lawful conduct in data processing operations.
Use this address to contact the internal controller:
The data processor is the European Commission’s Directorate-General for Digital Services (DIGIT).
DIGIT is responsible for:
DIGIT also processes your IP address for use by Europa Analytics. This processing is based on your consent, which you can withdraw at any time.
Contact DIGIT:
EMA deletes IP addresses and device ID data immediately after each browsing session. DIGIT may store these data on behalf of EMA for 12 months for security operations and services.
Europa Analytics keeps visitor logs for 13 months before deleting them. These logs only contain randomly generated unique visitor IDs. These do not contain any personal data.
For more information, see:
Duly authorised EMA and European Commission staff, and contractors can access your data. DIGIT is responsible for storing visitors’ IP addresses, device IDs and user authentication data on its servers.
The IT services of the European Commission may process website-connection data for information security purposes. These include the IP address of the web client and of the requested web resource.
When necessary for lawful and specific purposes, EMA may share your information with third parties, such as the European Anti-Fraud Office, the Court of Auditors and law enforcement authorities. This may happen under certain conditions outlined in law.
As data subject (i.e. the individual whose personal data is processed), you have a number of rights. You can read about each individual right below.
This data protection notice provides information on how EMA collects and uses your personal data. Requests for other information regarding the processing may also be directed to the internal controller.
You have the right to access your personal data. You have the right to request and obtain a copy of your personal data if they are handled by EMA.
You have the right to obtain - without undue delay - the rectification or completion of your personal data if they are incorrect or incomplete.
You have the right to require EMA to delete or stop handling your data, for example where the data are no longer necessary for the purposes of processing. In certain cases, your data may be kept to the extent necessary, for example, to comply with a legal obligation of EMA or for reasons of public interest in the area of public health.
In a few, codified cases, you have the right to obtain restriction of processing, meaning that your data will only be stored, but not actively processed, for a limited period of time.
You have the right to obtain from the data controller the restriction of the processing (Article 20 of Regulation (EU) 2018/1725) where:
Restriction means the blocking of data by the data controller at a given moment and for a specific period of time.
EMA may process blocked personal data, with the exception of their storage, only with the data subject's consent or for the purposes of legal claims or the protection of the rights of a third party.
You have the right to object at any time to this processing on grounds related to your particular situation. If you do so, EMA may only continue handling your personal data if it demonstrates overriding legitimate grounds to do so or if this is necessary for the establishment, exercise or defence of legal claims.
You have the right to withdraw your consent to the processing of your personal data. However, this will not affect the lawfulness of any processing carried out before consent is withdrawn.
You can exercise your rights in accordance with the provisions of Regulation (EU) 2018/1725.
Some pages on this website offer additional services that require processing of your personal data.
These services include:
Find out more on these and other data processes:
To be able to access the content management system and work on this website, staff members need to provide user authentication data. These data consist of surnames, e-mail addresses, usernames, login credentials and usage data.
EMA shares the data with the Directorate-General for Digital Services (DIGIT). It applies to authorised EMA and European Commission staff, as well as contractors with an active EU Login account.
DIGIT stores these data for as long as an individual has an active assignment in one of the European Union institutions, agencies or bodies. EMA does not store them.
For more information, see:
Contact EMA's internal controller or thedata protection officer if you have any questions about the processing of your personal information. You can find their email addresses below:
Please also contact them if you think that the processing is unlawful or not in compliance with this data protection notice or EMA's general privacy statement.
You also have the right to make a complaint with the European Data Protection Supervisorat any time. Find the contact details in the following link: