Reintegration Assistance Tool (RIAT) - Terms and Conditions of Use
(valid as of dd Mon YYYY)
1. Scope of application and approval of the terms and conditions of use
The European Commission (hereinafter “the Commission”) owns and operates this Website and the Services on it. These terms and conditions of use are applied to the use of the Reintegration Assistance Tool and all Services on it (hereinafter together referred to as “RIAT”), unless otherwise provided. These terms and conditions of use are without prejudice to laws binding on the Commission.
By accepting these terms and conditions of use or using RIAT, you agree to all of these terms and conditions of use and consent to the processing, including transmission and transfer, of certain personal data, and undertake to comply with them. If you do not accept and comply with these terms and conditions of use and the record of processing activities, you may not use RIAT.
2. Amendments to the Terms and Conditions of Use
The Commission reserves the right to amend these terms and conditions of use at any time. Amendments to the terms and conditions of use are published on RIAT, and the terms and conditions enter into force immediately after publication. By continuing the use of RIAT, you accept the amendments to the terms and conditions of use.
3. Use of RIAT
RIAT is a case management tool offered to the EU Member States and Schengen Associated States to manage return and reintegration of Third Country Nationals. RIAT is also open to EU Agencies, non-governmental and non-EU bodies such as international organizations, non-governmental organizations and reintegration partners.
The availability of certain services on RIAT requires registration as a user, authorization by the user’s employing entity and validation by the Commission. All RIAT services are free of charge. Upon registration as user, the user declares that the information they have provided is correct. If incorrect information is provided, the Commission may terminate the agreement granting access to RIAT and block the user.
Each user has to specifically request access to RIAT and determine their role(s). All users of RIAT use the system as an employee of an organization and not in a personal capacity. Upon registration as a user, a personal account is created for the user and a password is needed to login to the account. User credentials shall not be disclosed to third parties. The RIAT account is personal, and the associated right of use may not be sold, leased or otherwise transferred to a third party under any circumstances. If the user account is transferred to a third party, the Commission may terminate the agreement granting access to RIAT, block the account and initiate legal proceedings.
The user and his or her employing entity shall be liable for losses incurred by the Commission or any other user due to misuse of RIAT and breach of these terms and conditions of use.
RIAT may have special technical requirements. The user of RIAT is responsible for ensuring the technical compatibility relating to the use of RIAT. The Commission is not responsible for temporary obstacles or hindrances relating to the availability of RIAT caused by technical malfunctions, other disturbances in the service or updates.
4. Ownership of Data and user’s liability for unauthorized use
The ownership of each data entry, file or any other document uploaded in RIAT by a user is linked to a specific case and will remain available in RIAT as long as the case is not closed.
5. Processing of personal data
Personal data of users
The Commission processes and is the controller of certain personal data of users in accordance with these terms and conditions of use, the European Commission Data Protection Records Management System record, privacy statement and applicable law, notably Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC. RIAT may use cookies.
The processing of personal data of users in RIAT is based on point (d) of Article 5(1) of Regulation 1725/2018. Each individual user is required to give his or her consent to the processing of their personal data for the purposes listed in these terms and conditions of use. Processing of users’ personal data is further based on points (a) and (b) of Article 5(1) of Regulation 1725/2018. The basis for creating the RIAT and processing personal data in RIAT is laid down in Council Decision 2008/381/EC.
Personal data of users shall only be processed in RIAT in order to provide the service, verify the identity of users, manage permissions and enable contacts between users. Mandatory user data is limited to that which is strictly necessary for these purposes as well as the visibility of those data to other users. Personal data of users processed in RIAT shall be limited to first name, last name, e-mail address, telephone number, work address, organization of employment and job title and log data (e.g. IP address and location, browser details, operating system, timestamps on creation of account, most recent use, and other actions within RIAT). The personal data of users is kept for no longer than is necessary and is deleted when the user account to which those data pertain is deleted. Certain sub-categories of log data are kept for a shorter period. All personal data of users processed in RIAT are collected from the individual data subject users.
Users are also required to upload a scanned copy of their passport identification page in order to verify their identity and approve first time access to log on to RIAT. The file containing the scanned copy of a user’s passport identification page shall be automatically deleted following the decision by the Commission to accept or decline the registration of the user account.
Users, including those in Member States, Schengen Associated Countries, third-countries or those operating as representatives of international organizations, in a Community can view these categories of personal data of other users in the same Community, which may constitute a transfer of personal data. By agreeing to these terms and conditions, users explicitly consent to the transmission and transfer of these personal data to other user recipients in the same Community. The transfer is also necessary for important reasons of public interest. The Commission shall inform the European Data Protection Supervisor of the application of Article 50 of Regulation 1725/2018. Transfers of personal data may moreover be covered by, in certain cases and where applicable, adequacy decisions adopted by the Commission.
Users processing personal data in RIAT make sure to comply with these terms and conditions of use, the European Commission Data Protection Records Management System record, the privacy statement and applicable laws.
Users have the right to request from the Commission access to and rectification or erasure of personal data or restriction of processing concerning that user. Users have the right to withdraw consent for processing their personal data. If a user exercises their right to erasure, right to restriction of processing or right to object or if a user withdraws consent to process their personal data, the user account will be disabled and all personal data will be deleted.
Third party personal data
Personal data of third parties that do not have an RIAT user account shall only be transmitted or transferred via RIAT in encrypted form. Documents possibly containing third party personal data shall be sent by the user to the intended recipient user via RIAT for purposes determined by the user acting as controller of those data. Such encrypted data shall only be stored on the RIAT as long as needed.
The role of the Commission in processing such personal data is strictly limited to providing the secure platform for transmitting and transferring such third party personal data. The Commission shall comply with all applicable laws and not process such data for any other purpose. The Commission shall not have access to third party personal data nor can it access such data or identify a third party data subject legally or practically. The Commission shall not appoint or disclose any third party personal data to any sub processor. The Commission ensures that persons authorized to process third party personal data have committed themselves to confidentiality.
The Commission shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk and severity for the rights and freedoms of third party data subjects.
Taking into account the limited nature of the processing of third party personal data, the Commission cannot respond to requests to exercise data subject rights under the applicable EU data protection acquis.
The Commission shall notify the user controller without undue delay upon becoming aware of a third party personal data breach and provide the user controller with sufficient information to allow the user controller to meet any obligations to report or inform third party data subjects of the personal data breach.
The Commission may not transfer or authorize the transfer of third party personal data to any recipient.
The investigative powers, corrective powers, authorization and advisory powers of the European Data Protection Supervisor are provided in Article 58 of Regulation 1725/2018. The European Data Protection Supervisor may have access to encrypted documents possibly containing third party personal data. The European Data Protection Supervisor shall not have the ability to decrypt such documents and identify third party data subjects.
6. Liability for content and limitation of liability
The Commission may update the RIAT and create or remove functionalities at its discretion. Some of the Services or functionalities may be static and not updated at all. Users uploading information on the RIAT guarantee that the information is up to date and correct. The Commission is not liable for direct or indirect losses incurred by any user of RIAT due to the use and application of RIAT or its content.
The information included on RIAT is intended to be used as is, and the Commission gives no explicit, implicit, compelling or other guarantees of their suitability for any user’s purpose. The Commission is not liable for any direct or indirect losses incurred as a result of information being uploaded on RIAT by any user.
The Commission is not liable for the functioning of links in RIAT to external sites, or the content of such sites and it exercises no control over the posting of such links.
The Commission may use third parties for technical development of RIAT, under Commission's control.
7. Severability
If any part of these terms and conditions of use is found to be unlawful or unenforceable, said part shall be severed from these terms and conditions. All other parts shall remain in force without the severance of said part affecting them.
8. Annexes
Annexed to these terms and conditions of use are:
Annex 1: European Commission Data Protection Records Management System record
Annex 2: Privacy Statement