Table of Contents

Terms of Use

Protection of Your Personal Data

TERMS OF USE

code.europa.eu is the code development platform for open source projects shared by the institutions of the European Union.

The European Union is the owner of the copyright and other intellectual and industrial property rights, trade secrets, and know-how related to code.europa.eu over which it has the power of disposal regardless geographical or other limitations. The platform is managed by DG DIGIT, the Directorate-General for Informatics of the European Commission, Unit B.2.

Applicable terms

Access to, and use of, any part of code.europa.eu (hereinafter "the Platform"), any document, material or other Content, including code, data, text, images, sound and video (hereinafter "Content") made available on the website and any of the informatics tools provided as services via the website (hereinafter "Tools") are governed by these terms and conditions of use (hereinafter " Terms of Use") and constitute acceptance of these Terms of Use by the User.

BY USING THE PLATFORM, YOU (HEREINAFTER "THE USER") AGREE TO BE BOUND TO THESE TERMS OF USE. IF YOU DO NOT AGREE TO ANY OF THE TERMS OR CONDITIONS PROVIDED HEREIN, PLEASE DO NOT USE THE PLATFORM OR ANY CONTENT OR TOOLS HEREIN.

Specific terms and conditions may apply to specific parts of the Platform as indicated for those concerned parts. Where provided, specific terms shall supersede any differing provision of the Terms of Use in respect to those services or parts.

The European Commission reserves the right to amend these Terms of Use and any other specific terms on the Platform at any time by posting amended terms and conditions on the website. Such amendments will take effect on the date on which they are posted.

Ownership

Content and Tools contained in the Platform may be protected by intellectual property rights. Proprietary rights, including copyright, subsisting in any of the Content available via this website are vested in their respective owners, being these the European Union or any other third-party credited as such. Access to the Platform does not give the User any ownership title in the Content and Tools made available to them via the Platform. All rights not specifically granted herewith are reserved by the respective owner(s).

Any third-party materials which may be offered in the website, as may have been identified in the accompanying release notes, copyright notices or within any other written documentation provided along, are the properties of their respective owners and their use may be subject to separate or additional terms which the User accepts. In particular, the User undertakes to carefully observe the rights and obligations applicable to each of the projects' repositories available on the Platform. For any questions on the terms governing a certain repository, the User may address project owners or open an issue. When contacting the owner or opening an issue is not possible, the User may contact DIGIT OSPO (DIGIT-OSPO@ec.europa.eu) who will facilitate the communication with the project's owner.

Rights and limitations

1. General provisions

Subject to the Terms of Use provided herein, access to Platform is granted to the User on a non-exclusive, non-transferrable and royalty-free basis within the scope and objectives pursued by the Platform and in accordance with any applicable law thereto.

The User may not use the Platform in a manner which may mislead or confuse people into believing that any products and services provided by the User are in some way endorsed or certified by the European Union. Under no circumstance shall the User use the European Commission logo or otherwise spend the official name and credentials of the European Commission to imply affiliation, endorsement or other official link to European Commission unless explicitly permitted under the European Commission's visual identity policy ([https://ec.europa.eu/info/resources-partners/european-commission-visual-identity_en]).

The User shall comply with any all applicable laws and regulations. The User must refrain from attempting or performing any activity that could harm or violate the website's network performance and/or security, or any other activity driven by unlawful purposes.

The European Union reserves any other right not expressly granted herein to the User. Any violation of these Terms of Use shall automatically terminate the licence granted herein.

2. User Generated Content]

By submitting any Content through the Platform the User warrants that he/ she holds all necessary rights in the Content provided including but not limited to copyright where applicable and, therefore, that he/ she is entitled to submit the said Content for the purposes listed herein and for its use by the European Commission and by all users of the Platform. The User also warrants that he/ she is fully compliant with any third-party rights or licenses relating to the Content and have taken all necessary steps to successfully pass through any required terms.

By making Content available, the User represents and warrants that:

  • The Content does not contain or install any viruses, worms, malware, trojan horses or other harmful or destructive Content;

  • The Content is not used for political activism or propaganda.

  • The Content is not spam, is not machine or randomly-generated, and does not contain unethical or unwanted commercial Content designed to drive traffic to third party sites or boost the search engine rankings of third party sites, or to further unlawful acts (such as phishing) or mislead recipients as to the source of the material (such as spoofing);

  • The Content is not pornographic, does not contain threats or incite violence, and does not violate the privacy or publicity rights of any third party;

If the User contributes Content to other projects or repositories, such Content is covered by the open source licence of the project or repository concerned, and the User implicitly confirms that he/she has the right to make the contribution available under the specific open source licence. If there is a separate agreement between one or several users and a project or repository (such as a Contributor Licence Agreement), this agreement shall take precedence over the provision mentioned above.

For special rules on contributions, please read these Guidelines.

Users uploading or otherwise submitting Content to the Platform, grant the European Union a worldwide licence to use, host, store, reproduce, modify, create derivative works (such as those resulting from analysis, translations, adaptations or other changes), communicate, publish, publicly present, publicly display and distribute such Content, within the scope and objectives pursued by the Platform and in accordance with any applicable law thereto.

Without limiting any of those representations or warranties, the European Commission has the right (though not the obligation) to, in the European Commission sole discretion (i) refuse or remove any Content that, in the European Commission's opinion, violates any official policy or is in any way harmful or objectionable, or (ii) terminate or deny access to and use of the Platform to any individual or entity for any reason.

I. Access to code.europa.eu

The Platform may be visited both by registered users and guests. The features available on the Platform, however, differ depending on the user status.

A distinction is made between the following user statuses:

  1. Guest status is granted to Users visiting the platform without being registered. They can use only a limited range of functions because they have read-only access. It is to be noted that Users with this status cannot view all Content, which means, for example, that they cannot access Content which is provided exclusively for the public administration.

  2. Registered user status is granted to Users who have registered an account on the platform. They can use an extended range of functions as they have read and write access. It is to be noted that Users with this status cannot view all Content, which means, for example, that they cannot access Content which is provided exclusively for the public administration.

  3. Identified user status is granted to Users who have registered an account on the platform and have clearly identified themselves as members of the public administration or as government contractors. They can use an extended range of functions as they have read and write access; they may also use functions that are provided exclusively for the public administration.

Users with a registered account may perform different roles on the platform. The different roles and specific permissions can be found in the GitLab documentation available here.

II. Deleting and closing an account

The User has the right to delete his/ her own account.

The User's personal data is deleted in accordance with the platform's privacy policy. Data that is relevant for software development will not be deleted (e.g. information regarding authorship). For more information, please refer to the privacy policy here.

The European Commission may terminate access to all or any part of the Platform with or without cause, with or without notice, effective immediately. In order to terminate this agreement or any account, the User may simply discontinue using the Platform. The termination shall not relieve the User from its liability to respect all the obligations claimable before the termination date. In particular, the provisions of the obligations relating to the performance, the disclaimer of guarantees and warranties and limitations of liabilities shall survive the termination of the authorisation under these Terms of Use, howsoever caused, but this shall not imply or create any continued right to use the Platform after the termination.

In case of any violation of these Terms of Use, the European Commission is entitled to close a user account at any time and without prior notice, either temporarily or permanently.

Acknowledgement

Unless otherwise indicated (e.g. in individual copyright notices and disclaimers), Content owned by the European Union on the Platform is made available to the User under the terms of the Commission's reuse policy, implemented by Commission Decision 2011/833/EU of 12 December 2011 on the reuse of Commission documents and is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) licence. Reuse is authorised, provided the source is acknowledged. Any modifications shall be clearly indicated. The European Commission shall not be liable for any consequence stemming from the reuse.

The User may be required to clear additional rights if a specific Content depicts identifiable private individuals or includes third-party works. To use or reproduce Content that is not owned by the European Union the User may need to seek permission directly from the right holders. Software or documents covered by industrial property rights, such as patents, trade marks, registered designs, logos and names, are excluded from the Commission's reuse policy and are not licensed to the User.

In addition to the above, where Content generated or retrieved via the Platform is utilised by the User in a publication of scientific, technical or academic nature, the User undertakes to duly reference the Content and the Platform in accordance with standard academic practices.

Liability and warranty disclaimer

The Content of the Platform is provided "as is" without warranty of any kind, either expressed or implied, including, but not limited to, completeness, accuracy, reliability, continuity, non-infringement, merchantability or fitness for a particular purpose. By contributing Content to the Platform, the User remains solely responsible for the accuracy and reliability of the data and Content provided.

While it strives to keep the Content and Tools timely and accurate, the European Commission makes no claims, assurances, or guarantees about the accuracy, completeness, or adequacy of the Content and Tools available via the Platform and, therefore, expressly disclaims its liability for errors and omissions to the maximum extent permitted by law.

The European Commission has not reviewed, and cannot review, all of the Content and Content made available on the Platform, and cannot, therefore, be responsible for that material's Content, use or effects. By operating the Platform, the European Commission does not represent or imply that it endorses the material there created, or that it believes such material to be accurate, useful or non-harmful.

Except where otherwise required under statutory rules or applicable provisions of law, the Content accessed via the website is of a general nature only. Under no circumstance shall the Content be construed as constituting professional advice.

The European Commission accepts no responsibility for any loss or damage that may arise from reliance on the Content and Tools provided via the Platform, including Content or services hyperlinked from the website which are and shall remain the under the sole control and responsibility of concerned third-parties.

Should errors or omissions concerning the Content and Tools provided via this website be brought to its attention, the European Commission will promptly endeavour to correct them directly or, where necessary, refer the matter to the concerned partner data-holder or third-party.

Whilst the European Commission is committed to ensuring that the availability of the Platform and the access to the Content and the Tools will be essentially uninterrupted and that transmissions will be error-free, this cannot be guaranteed.

Access to the Platform may also occasionally be suspended, restricted or impeded in order to perform repairs, maintenance operations or to introduce new services. The European Commission will not be liable for any incidental, consequential, direct or indirect damages including but not limited to the loss of data, lost profits, or any other financial loss arising from the use of, or inability to use, the Tools even if the European Commission has been notified of the possibility of such loss, damages, claims or costs or for any claim by any third party. The entire risk as to the use, quality, and performance of the Platform is with the User.

III. Copyright Infringement

Copyright Infringement. As the European Union asks others to respect its intellectual property rights, it respects the intellectual property rights of others. If you believe that material located on or linked to by a survey violates your copyright, you are encouraged to notify the European Commission. We will respond to all such notices, including as required or appropriate by removing the infringing material or disabling all links to the infringing material. The European Commission will terminate a User's access to and use of the application if, under appropriate circumstances, the User is determined to be a repeat infringer of the copyrights or other intellectual property rights of the European Union or others. Please send your requests at EC DIGIT OSPO (DIGIT-OSPO@ec.europa.eu).

PROTECTION OF YOUR PERSONAL DATA

This privacy statement provides information about the processing and the protection of your personal data.

Processing operation: code.europa.eu

Data Controller: European Commission, Directorate-General for Informatics (DG DIGIT), Unit B.3 Reusable solutions (hereinafter referred to as "DG DIGIT Unit B.3" or "data controller")

Record reference: DPR-EC-17414

Introduction

The European Commission (hereafter 'the Commission') is committed to protect your personal data and to respect your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

Code.europa.eu is a free service offered by DG DIGIT, Unit B.3 to the Commission and/or European Union Institutions, bodies, offices and agencies (EUIs) and their code-contributors. This service facilitates public access to and reuse of source code of software and related information such as build and install scripts, bill of materials, copyright, attribution, and licence documentation, for which the Commission and - at their request - other EUIs hold the intellectual property rights.

The information in relation to processing operation "code.europa.eu" undertaken by DG DIGIT, Unit B.3 of the European Commission is presented below.

Why and how do we process your personal data?

All users, including non-registered users:

The purpose of the code.europa.eu is to openly collaborate on the development on free and open source software solutions. Therefore, please be aware that any information you share on code.europa.eu may be publicly available and you should consider this when interacting with code.europa.eu.

Code.europa.eu can be visited by any user and does not require registration.

Your personal data will not be used for an automated decision-making including profiling.

For all visitors, including non-registered users, code.europa.eu is collecting IP addresses for technical purposes, which are essential for the operation of the services. An additional processing targets requests introduced by users via email or fediverse messages. The purpose of this processing is to answer users' questions and to solve any technical issue on the platform.

Registered users:

Registration and login are used to allow users to voluntary contribute to the projects on code.europa.eu.

On code.europa.eu, groups of projects can only be created by teams working for EUIs. On request, project owners working for the Commission and EUIs, get permission from the controller to create groups.

Inside a group, the project owner(s) decide on the role of contributors, which can be either Guest, Reporter, Developer, Maintainer, or Owner. The permissions of each role are explained here.

Registered users can set-up, edit and change their profile by voluntarily providing more personal information about them. Such users can set up their own notifications and preferences, and post in projects. Registered users can also choose to make their profile visible to the administrators, only. However, this setting does not hide all public resources.

On what legal ground(s) do we process your personal data

The creation of code.europa.eu follows Commission Decision of 8 December 2021 on the open source licensing and reuse of Commission software (C(2021) 8759 final).

Therefore, we process your personal data because processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body according to Article 5(a) of Regulation (EU) 2018/1725.

For the purpose of processing personal data to register yourself to code.europa.eu, to contribute as voluntary contributor to the projects on code.europa.eu, to edit your profile and to set-up preferences and notification as well as to respond to request for support the controller's processing operation is based on consent under Article 5(d) of Regulation (EU) 2018/1725.

Which personal data do we collect and further process?

In order to carry out this processing operation the data controller collects the following categories of personal data:

  • Identification data of registered users: email address and username, first and family name;
  • Voluntary information submitted by registered users such as photos, preferences, job title, bio and social media accounts;
  • Technical data such as IP address, date and time of authentication.

How long do we keep your personal data?

The Data Controller keeps your personal data as long as you remain an active member of code.europa.eu. Once your profile remains inactive for three years, your data will be deleted automatically.

You also have the possibility at any moment to request your account to be deleted. As explained here, the code.europa.eu administrator can delete user accounts and associated records. However, this will not remove all associated records. Commits made by a deleted user will continue to display the username, and some other records will be moved to system-wide 'Ghost User' account, until automatic deletion is carried out

Based on copyright law, all public contributions to the platform will remain public.

How do we protect and safeguard your personal data?

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored either on the servers of the European Commission or of its contractor, All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

The Commission's contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of the General Data Protection Regulation in the EU Member States ('GDPR' Regulation (EU) 2016/679.

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

Who has access to your personal data and to whom is it disclosed?

All information you voluntary and publicly contribute to code.europa.eu can be publicly accessed and are made explicitly available to other users.

Access to your personal data is provided to the Commission staff responsible for carrying out this processing operation and to authorised staff according to the "need to know" principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

Access to your personal data is provided to GitLabHost B.V. located in Europe and responsible for carrying out processing operations concerning hosting and support cases on behalf of the controller. The information we collect will not be given to any third party, except to the extent and for the purpose we may be required to do so by law.

What are your rights and how can you exercise them?

You have specific rights as a 'data subject' under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability. You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) on grounds relating to your particular situation.

You have consented to provide your personal data to the Data Controller, DG DIGIT, Unit B.3, for the present processing operation. You can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 9 below.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description in your request.

Contact information

  • The Data Controller

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller, DIGIT-OSPO@ec.europa.eu.

  • The Data Protection Officer (DPO) of the Commission

You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

  • The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

Where to find more detailed information?

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.

This specific processing operation has been included in the DPO's public register with the following Record reference: DPR-EC-17414