Privacy Policy

This notice describes how European OpenSource (europeanopensource.eu) collects and processes users' data through the use of TWIPLA (twipla.com) for website analytics and Brevo (brevo.com) for newsletter management.

1. Data Controller

The data controller for this website is Fabrizio Cafolla, based in Italy, acting as the maintainer of the European OpenSource project (a personal, non-commercial initiative). For any privacy-related requests or to exercise your rights, contact:
support [@] europeanopensource [.] eu

The competent supervisory authority is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

2. Data Collected

2.1 Website Analytics (TWIPLA)

TWIPLA is a website analytics service that tracks traffic on our site and collects general information from visitors. It uses this data to generate statistics that help optimize the experience for our visitors. Importantly, we do not use cookies for this process.

• Information collected: TWIPLA may initially process technical data (such as truncated IP addresses, operating system, browser type, country) and visitor behavior patterns. This data is immediately aggregated and anonymized so that it cannot be linked to any specific individual.
• No personal identification: This technology does not use the data to identify specific individuals or associate it with other personal information. Depending on your location, TWIPLA may not collect any device-related information due to the technical settings.
• Data processing: All data is processed in aggregate form. Once aggregated, the data is anonymous and no longer constitutes personal data under the GDPR.

2.2 Newsletter (Brevo)

• Email address: Collected directly from you upon your explicit subscription via the subscription form on our website. Providing your email address is entirely voluntary; if you choose not to subscribe, you will simply not receive our newsletter but can continue to use all other features of the website.
• Engagement data: Generated through your interaction with our newsletter emails (opening, clicking links). We monitor delivery rates, opening rates, and link clicks to improve our content. This data is associated with your email address via tracking pixels provided by Brevo.

3. Purpose and Legal Basis of Processing

3.1 Website Analytics (TWIPLA)

The initial processing of technical data before aggregation is based on our legitimate interest (Art. 6(1)(f) GDPR) to monitor and improve website performance. Once aggregated, the data is anonymous and no longer subject to the GDPR. Our legitimate interests are:

• Understanding how visitors use our website to improve content and user experience.
• Measuring reach and engagement to evaluate the project's impact.
• Technical optimization and performance monitoring.

We have assessed that this processing does not override your fundamental rights and freedoms because: (i) TWIPLA does not use cookies; (ii) no data allowing direct or indirect identification is processed; (iii) data is processed in aggregate form only; (iv) IP addresses are not stored in a way that allows identification; (v) depending on your location, device information may not be collected at all.

Your right to object: You have the right to object to this processing at any time. To exercise this right, contact us at support [@] europeanopensource [.] eu or use browser settings to block analytics scripts.

3.2 Newsletter

Processing of your email address is based on your explicit consent (Art. 6(1)(a) GDPR), obtained through an active opt-in (unticked checkbox) when you voluntarily submit the subscription form.

The use of tracking pixels in newsletter emails to measure engagement (open rates, click rates) is based on our legitimate interest (Art. 6(1)(f) GDPR and Art. 5(3) of the ePrivacy Directive 2002/58/EC, as implemented in national law) in evaluating and improving the quality of our communications. We have assessed that this processing does not override your rights because: (i) tracking is limited to aggregate engagement metrics; (ii) it does not involve profiling or automated decision-making; (iii) you can opt out at any time by unsubscribing or disabling image loading in your email client.

• Sending periodic communications about project updates, blog articles, news, and events (maximum two emails per month).
• Measuring engagement to improve the quality and relevance of our communications.
• Building and maintaining a community interested in European open-source initiatives.

You can withdraw this consent at any time via the "unsubscribe" link in any email or by contacting us directly. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

4. Cookies

TWIPLA does not use cookies for analytics. Our website does not use profiling or marketing cookies.

Brevo may use tracking pixels in newsletter emails to measure opening and engagement rates, but these do not involve cookies on our website.

5. Data Recipients and Retention

• TWIPLA: Analytics data is processed by TWIPLA within the EU for the sole purpose of providing analytics services to European OpenSource. The data is not shared with other third parties for marketing or profiling purposes. Retention: maximum 14 months.
• Brevo (Sendinblue SAS): Our newsletter service provider based in France. They act as a Data Processor under a signed Data Processing Agreement (DPA). Your email address and engagement data are retained until you unsubscribe or request deletion. After unsubscription, data is deleted within 30 days, except where retention is required by law (e.g., for legal claims or accounting purposes). Records proving your subscription consent (timestamp, IP address, form data) are retained for the duration of the applicable statute of limitations (up to 5 years under Italian law) for our legitimate interest in demonstrating compliance with consent requirements.
• We do not sell, rent, or share your personal data with third parties for their own marketing purposes.

6. Users' Rights

Under the GDPR, you have the following rights:

6.1 Website Analytics

Since TWIPLA data is fully anonymous and aggregated, it is not possible to exercise traditional data subject rights (access, rectification, deletion) as the data cannot be linked to any specific individual. However, you have the right to object to the processing at any time by contacting us or blocking analytics via browser settings.

6.2 Newsletter

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate personal data.
• Erasure (Right to be forgotten): Request permanent deletion of your email address and all associated data.
• Restriction of Processing: Request that we limit how we use your data.
• Data Portability: Receive your data in a structured, commonly used, machine-readable format.
• Withdrawal of Consent: Unsubscribe at any time via the link in any email or by contacting us.
• Right to Lodge a Complaint: You can file a complaint with the Garante per la protezione dei dati personali (www.garanteprivacy.it) or with your local Data Protection Authority if you believe your rights have been violated.

To exercise these rights, contact: support [@] europeanopensource [.] eu

7. Data Security and International Transfers

We implement appropriate technical and organizational measures to protect your personal data, including encrypted connections (HTTPS) and industry-standard security practices.

TWIPLA: Data is processed and stored within the EU/EEA.

Brevo: Data is stored primarily within the EU/EEA. In limited cases, Brevo may transfer data to service providers located outside the EU/EEA (e.g., cloud infrastructure providers). When this occurs, Brevo ensures adequate protection through:

• EU-US Data Privacy Framework (if the recipient is certified), or
• Standard Contractual Clauses (SCCs) approved by the European Commission.

For more information about Brevo's data protection practices and international transfers, see their Privacy Policy.

8. Automated Decision-Making and Profiling

We do not use automated decision-making (including profiling) that produces legal effects or similarly significantly affects you. Brevo may analyze aggregate engagement metrics (open rates, click rates) to suggest optimal sending times, but these suggestions do not produce legal or similarly significant effects on individual subscribers.

9. Children

Our services are not directed to individuals under 16 years of age (or the applicable age of digital consent in your Member State). We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us so we can promptly delete it.

10. Changes to this Policy

We may update this notice to reflect changes in our tools, practices, or legal requirements. The "Last Updated" date at the top of this page will be revised accordingly. Material changes that affect how we process your personal data will be notified to newsletter subscribers via email where required by law.

For further information or questions about privacy, please contact us using the contact details provided in Section 1.