Privacy statement

Articles 15 and 16 of Regulation (EU) 2018/1725 of the European Parliament and the Council of 23 October 2018 apply to the processing of personal data carried out by the European Parliament [1].

  1. Who processes your personal data?
    • The European Parliament is acting as the data controller [2] for the processing of personal data described in this statement and the entity responsible for the processing is the Civil Society Outreach Unit of the Directorate-General for Communication of the European Parliament, represented by the Head of Unit.
    • You can contact the controller/entity at:
  2. What is the purpose of the processing of your personal data?
    We will process your personal data to:
    • perform the rating count in order to determine the winner of 2023 LUX Audience Award
    • select the winners of the competition linked to 2023 LUX Audience Award and notify them
    • for statistical reasons in order to evaluate the popularity of each film in each country.
    • for organisation of the events such as screenings, networking events, seminars and conferences, to determine the attendance.
  3. What is the legal basis for the processing?
    • For the competitions, Article 5(1)(c) of Regulation (EU) 2018/1725 shall apply, which states that the processing of personal data is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.For the statistical purposes your personal information is treated in accordance with the conditions described in Article 5(1)(a) of Regulation (EU) 2018/1725.
    • For the organisation of the events Article 5(1)(d) of Regulation (EU) 2018/1725 shall apply.
  4. What personal data is processed?
    • For the rating of the films nominated films for the LUX Audience Award, we collect your email address or telephone number (depending which rating method you selected).
    • Data regarding the country of vote will be aggregated and anonymized, then processed for statistical purposes.
    • For the purpose of organising the events such as screenings, networking events, seminars and conferences we collect your name, surname, your position and email address.
  5. How will your personal data be processed?
    • Access to your personal data is provided to authorised Parliament staff members responsible for carrying out this processing operation according to the ‘need-to-know’ principle. These employees abide by statutory, and when required, additional confidentiality agreements. 
  6. For how long will your personal data be stored?
    • Your email address or your telephone number (collected during the rating period) will be processed until 1st September 2023 or until you ask your data to be deleted (note that in this case you participation will be cancelled).
    • Your name, surname and email address that we use for inviting you to events such as screenings, networking events, seminars and conferences, will be stored until you unsubscribe from our mailing list or until you contact us to express that you no longer wish to be invited to these events.
  7. Who are the recipients of your personal data?
    • The European Parliament does not transmit any data to third parties outside these recipients. The European Parliament does not share personal data with third parties for direct marketing. 
    • Only if requested by law, or in case of an audit or judicial procedures, could your data be transferred to the competent authorities (European Court of Auditors, Court of Justice of the European Union, European Data Protection Supervisor or European Anti-Fraud Office).
  8. Will your personal data be shared with a non-EU country or international organisation?
    • No, your personal data will not be shared with or transferred to a non-EU country or any international organisation.
  9. Are any automated processes[3] and/or profiling[4] used to make decisions which could affect you?
    • No automated processes or profiling methods are used in this project
  10. If personal data have not been provided by you, what is their source?
    • No external data sources are used for this project
  11. What rights do you have?
    • You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725. As regards this processing operation, you can exercise the following rights:
      • the right to access your personal data;
      • the right to rectify your personal data if it is inaccurate or incomplete;
      • the right to erase your personal data;
      • where applicable, the right to restrict the processing of your personal data;
      • the right to data portability;
      • the right to object to the processing of your personal data lawfully carried out pursuant to Article 5(1)(a);
      • if you have provided your consent for the present processing operation, the right to withdraw it at any time by notifying the Data Controller, without affecting the lawfulness of processing based on consent before its withdrawal.
    • Data subjects who wish to exercise their rights under Regulation (EU) 2018/1725 can send an email to
  12. Who should you contact if you have a query or complaint?
    • Your first point of contact is:
    • You may contact the European Parliament’s Data Protection Officer ( if you have any concerns/complaints about the processing of your personal data.
    • The European Parliament’s Data Protection Officer ensures the internal application of Regulation (EU) 2018/1725. The address of the Data Protection Officer is as follows:

      Data Protection Officer
      European Parliament
      2, rue Alcide De Gasperi
      L-1615 Luxembourg
    • You have the right to lodge a complaint with the European Data Protection Supervisor ( at any time concerning the processing of your personal data.
    • The European Data Protection Supervisor acts as an independent supervisory authority and ensures that all EU institutions and bodies respect people's right to privacy when processing their personal data.

[1] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, OJ L 295, 21.11.2018, p. 39.

[2] A controller is defined as the public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of the personal data. The controller is represented by the head of the entity.

[3] Automated processes involve making a decision solely by automated means and without any human involvement. (Hypothetical examples include: (1) selecting certain options on a web page will automatically place you on various mailing lists so that you are sent the corresponding monthly newsletter, or (2) using an automated system to mark multiple choice test answers and assign a pass mark according to the number of correct answers).

[4] Profiling analyses aspects of an individual’s personality, behaviour, interests and habits to make predictions or decisions about them. Profiling is typically used to analyse or predict aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, etc. (One hypothetical example is the data collected and record of your trends when you use social media tools. This data is then used to make various predictions about you).