Privacy Policy

This notice describes how European OpenSource (europeanopensource.eu) collects and processes users' data through the use of TWIPLA (twipla.com) for website analytics and Brevo (brevo.com) for newsletter management.

1. Data Controller

The data controller for this website is Fabrizio Cafolla, acting as the maintainer of the European OpenSource project (a personal, non-commercial initiative). For any privacy-related requests or to exercise your rights, contact:
support \[@\] europeanopensource \[.\] eu

2. Data Collected

2.1 Website Analytics (TWIPLA)

TWIPLA is a website analytics service that tracks traffic on our site and collects general information from visitors. It uses this data to generate statistics that help optimize the experience for our visitors. Importantly, we do not use cookies for this process.

• Information collected: We may process data related to your device and its characteristics, technical details of the website visit (operating system, browser type, country), page visit count, and visitor behavior patterns.
• No personal identification: This technology does not use the data to identify specific individuals or associate it with other personal information. Depending on your location, TWIPLA may not collect any device-related information due to the technical settings.
• Data processing: All data is processed in aggregate form and cannot be linked to any specific individual.

2.2 Newsletter (Brevo)

• Email address: Collected directly from you upon your explicit subscription via the subscription form on our website. Providing your email address is entirely voluntary; if you choose not to subscribe, you will simply not receive our newsletter but can continue to use all other features of the website.
• Engagement data: Generated through your interaction with our newsletter emails (opening, clicking links). We monitor delivery rates, opening rates, and link clicks to improve our content. This data is associated with your email address via tracking pixels provided by Brevo.

3. Purpose and Legal Basis of Processing

3.1 Website Analytics (TWIPLA)

Processing is based on our legitimate interest (Art. 6(1)(f) GDPR) to monitor and improve website performance through anonymous, aggregated metrics. Our legitimate interests are:

• Understanding how visitors use our website to improve content and user experience.
• Measuring reach and engagement to evaluate the project's impact.
• Technical optimization and performance monitoring.

We have assessed that this processing does not override your fundamental rights and freedoms because: (i) TWIPLA does not use cookies; (ii) no data allowing direct or indirect identification is processed; (iii) data is processed in aggregate form only; (iv) IP addresses are not stored in a way that allows identification; (v) depending on your location, device information may not be collected at all.

Your right to object: You have the right to object to this processing at any time. To exercise this right, contact us at support \[@\] europeanopensource \[.\] eu or use browser settings to block analytics scripts.

3.2 Newsletter

Processing is based on your explicit consent (Art. 6(1)(a) GDPR), obtained through an active opt-in (unticked checkbox) when you voluntarily submit the subscription form. By subscribing, you also consent to the use of tracking pixels in emails for engagement measurement.

• Sending periodic communications about project updates, blog articles, news, and events (maximum two emails per month).
• Measuring engagement to improve the quality and relevance of our communications.
• Building and maintaining a community interested in European open-source initiatives.

You can withdraw this consent at any time via the "unsubscribe" link in any email or by contacting us directly. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

4. Cookies

TWIPLA does not use cookies for analytics. Our website uses only the following essential technical cookies:

• Consent preference cookie (if implemented): Stores your preferences regarding optional services. Duration: 12 months. Legal basis: Art. 6(1)(c) GDPR (legal obligation to record consent for newsletter subscription).

No profiling or marketing cookies are used. Brevo may use tracking pixels in newsletter emails to measure opening and engagement rates, but these do not involve cookies on our website.

5. Data Recipients and Retention

• TWIPLA: Analytics data is processed by TWIPLA within the EU for the sole purpose of providing analytics services to European OpenSource. The data is not shared with other third parties for marketing or profiling purposes. Retention: maximum 14 months.
• Brevo (Sendinblue SAS): Our newsletter service provider based in France. They act as a Data Processor under a signed Data Processing Agreement (DPA). Your email address and engagement data are retained until you unsubscribe or request deletion. After unsubscription, data is deleted within 30 days, except where retention is required by law (e.g., for legal claims or accounting purposes).
• We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

6. Users' Rights

Under the GDPR, you have the following rights:

6.1 Website Analytics

Since TWIPLA data is fully anonymous and aggregated, it is not possible to exercise traditional data subject rights (access, rectification, deletion) as the data cannot be linked to any specific individual. However, you have the right to object to the processing at any time by contacting us or blocking analytics via browser settings.

6.2 Newsletter

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate personal data.
• Erasure (Right to be forgotten): Request permanent deletion of your email address and all associated data.
• Restriction of Processing: Request that we limit how we use your data.
• Data Portability: Receive your data in a structured, commonly used, machine-readable format.
• Withdrawal of Consent: Unsubscribe at any time via the link in any email or by contacting us.
• Right to Lodge a Complaint: You can file a complaint with your local Data Protection Authority if you believe your rights have been violated.

To exercise these rights, contact: support \[@\] europeanopensource \[.\] eu

7. Data Security and International Transfers

We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (HTTPS) and industry-standard security practices.

TWIPLA: Data is processed and stored within the EU/EEA.

Brevo: Data is stored primarily within the EU/EEA. In limited cases, Brevo may transfer data to service providers located outside the EU/EEA (e.g., cloud infrastructure providers). When this occurs, Brevo ensures adequate protection through:

• EU-US Data Privacy Framework (if the recipient is certified), or
• Standard Contractual Clauses (SCCs) approved by the European Commission.

For more information about Brevo's data protection practices and international transfers, see their Privacy Policy.

8. Automated Decision-Making and Profiling

We do not use automated decision-making (including profiling) that produces legal effects or similarly significantly affects you. Brevo may analyze aggregate engagement metrics (open rates, click rates) to suggest optimal sending times, but these suggestions do not produce legal or similarly significant effects on individual subscribers.

9. Changes to this Policy

We may update this notice to reflect changes in our tools, practices, or legal requirements. The "Last Updated" date at the top of this page will be revised accordingly. Material changes that affect how we process your personal data will be notified to newsletter subscribers via email where required by law.

For further information or questions about privacy, please contact us using the contact details provided in Section 1.