Skip to Content

Privacy Statement


for the purpose of processing personal data RELATED to communication campaigns and other promotional activities by the EU delegation to Yemen and designated contractors for boosting content on social media Platforms  by means of the advertisement services of the social media platforms, including Facebook, Twitter, and Instagram

Specific campaign: a communication campaign on Human  rights by the EU delegation Yemen

The protection of your personal data and privacy is of great importance to the European External Action Service (EEAS), including the Union Delegations. You have the right under EU law to be informed when your personal data is processed [e.g. collected, used, stored] as well as about the purpose and details of that processing. When handling personal data we respect the principles of the Charter of Fundamental Rights of the European Union and Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, aligned with Regulation (EU) 2016/679, the General Data Protection Regulation. In this Data Protection Notice, you find information about how the EEAS and EU Delegations process your personal data and what rights you have as a data subject.
2. PURPOSE OF DATA PROCESSING: Why do we process your data?
The purpose of social media activities is to ensure promoting EU values and disseminate information among the widest range of public, actively involving various groups of society using a number of social media platforms. This permits to the engagement of individuals and reaches users of various platforms. The aim of these campaigns is to expand the overall scope, knowledge, and impact around various topics of interest to the public.

Description of the processing: These awareness campaigns are rolled out bottom-up through videos, photos, or other creative content posted on the platforms, including Instagram, Facebook, TikTok, Twitter, LinkedIn, or others. The EEAS uses the advertising services of the various social media platforms. Users – drawn attention by the advertisements of the social media platforms – are encouraged to share content. Users of the platforms learn about the content of the campaign through the advertisements or from other users and contribute to distribute the messages among contacts and peers. EU Delegations may get in contact with local enterprises through their social media account or pre-established contact channels to reach out to the public.  The EEAS or the EU Delegations may also contact other users through their social media account or other prior-used contact means to ask them to endorse sharing their content through the EEAS or EU Delegation social media channels.

The EU Delegation to Yemen works together with a communications contractor to produce and manage the communication and visibility material of the Delegation. This includes a provision for “boosting” content in social media outlets. In order to boost content on these platforms, the Delegation provides for the contractor to be an associate editor of our Facebook portal (with the role of the advertiser as explained in and is to provide full credential rights in Twitter and Instagram.

3. DATA PROCESSED: What data do we process?
The data, including personal data, which may be processed for that purpose are the following:

  • User Name (avatar names and/or real names)
  • Nationality
  • Age
  • Contact data (Influencers and users are primarily contacted via their social media profiles. In Delegations former contacts could be followed up using pre-established contact channels)
  • Interest in specific topics, domains
  • Promotion material, including videos, communicated for further sharing
  • Information about accounts, such as profile name, age, number of followers in different social media channels, and potential reach/pick-up of posts.
  • Material shared in social media if the influencers or users give their consent to use it in the communication activities of the EEAS or EU Delegations on social media.
4. DATA CONTROLLER: Who is entrusted with processing your data?
The data controller determining the purpose and the means of the processing activity is the European External Action Service (EEAS). The  EEAS Directorate entrusted with managing the personal data processing under the supervision of the Head of Division is the following organizational entity:

Campaign e-mail:

Contractor e-mail:

5. RECIPIENTS OF THE PERSONAL DATA: Who has access to your data?
The recipients of your data may be:

  • Designated staff of the EU Delegation YEMEN/ EEAS
  • Assigned staff of other EU institutions and other assigned organizer team members, if required
  • Security and other partners, contractors, service providers on behalf of the organizer
  • The Contractor is the Yemen-based contactors:  Youth of the World Together (YWT) and Dotnotion Advertising & Production

Twitter and Instagram and Facebook –  used in the role of advertisers

With the exception of public domain data, no personal data is transmitted to third countries or to international organizations, which are outside the recipients and the legal framework mentioned.

Data will not be shared with third parties for direct marketing. Under certain conditions outlined in law, we may disclose your information to third parties, (such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes. Service providers will process data on documented instructions and on behalf of the EEAS/EU Delegation in accordance with Article 29 of Regulation (EU) 2018/1725. More information on how the provider processes personal data is available on the website of the contracted organization. Data will not be communicated to third parties, except where necessary for the purposes outlined above.

 Social Media: The EEAS and EU Delegations use social media to promote EU values and disseminate information among the widest range of public through broadly used contemporary channels. Your use of social media implies that the providers of social media channels, which may be located in countries outside the scope of the EU data protection legal framework, process your personal data that you share according to their own privacy policies. We recommend that you read the relevant privacy policies (for example Twitter, Facebook, Instagram, YouTube) which explain their data processing terms, the data use, users’ rights and the way how users can protect their privacy when using these services.

You have the right of access to your personal data and the right to correct your inaccurate, or incomplete personal data taking into account the purpose of the processing. The right of rectification can only apply to factual data processed. Under certain conditions, you have the right to ask the deletion of your personal data or restrict their use as well as to object at any time to the processing of your personal data on grounds relating to your particular situation. We will consider your request, take a decision and communicate it to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary. For more detailed legal references, you can find information in Articles 14 to 21, 23 and 24 of Regulation (EU) 2018/1725. In specific cases, restrictions under Article 25 of the Regulation may apply. If you wish to exercise your rights or have questions concerning the processing of your personal data, you may address them to the Data Controller via the functional mailbox:

EU Delegation Yemen:

7. LEGAL BASIS: On what grounds we collect your data?
The lawfulness of processing personal data

Processing of your data is necessary for the performance of a task carried out in the public interest, namely communication to promote European values, as mandated by the Treaties, in particular by articles 5, 11, 20, 21-40, 42, 43 of the Treaty on European Union (TEU) and 2 (4) and (5), 205, 220-221, 326 – 334 of the Treaty on the Functioning of the European Union (TFEU).

The legal ground for data transfer to Third Countries

It is an important reason of public interest that the European External Action Service, which is the diplomatic service of the European Union, shall raise awareness and promote EU values, in particular through communication activities. In order to reach out to the wider public, active on social media, including all generations, campaigns are organized by not only traditional means but also using various social media platforms. The use of social media implies that the providers of social media channels, which may be located in countries outside the scope of the EU data protection legal framework, process the personal data of users.

Relevant legal references:

  • EEAS vision for social media Ref. Ares(2016)6738179 – 01/12/2016
  • Para 6 of Article 9 of 2010/427/EU: Council Decision of 26 July 2010 establishing the organization and functioning of the European External Action Service OJ L 201, 3.8.2010, p. 30–40
  • Para (3) b of Article 4 of 2010/427/EU: Council Decision of 26 July 2010 establishing the organization and functioning of the EEAS
  • Shared Vision, Common Action: A Stronger Europe: A Global Strategy for the European Union’s Foreign and Security Policy (June 2016): Chapter 1. A Global Strategy to Promote our Citizens’ Interests
  • Council Conclusions, October 2016: On that occasion the Council of the European Union stressed “the need of joining up efforts in the field of public diplomacy including strategic communication, inside and outside the EU, to speak with one voice and ultimately promote its core values ”Service OJ L 201, 3.8.2010, p. 30–40
8. TIME LIMIT FOR DATA STORED & SECURITY MEASURES: For what period and how we process your data?
Personal data is kept only for the period of time preparing the communication activities, i.e. campaigns.

Data, including user credentials, are not processed for any other purpose than for providing the advertisement material to the platforms via the contractor responsible for the communication campaign.

Security of data: For the limited period while the EEAS or EU Delegations process your personal data, appropriate organizational and technical measures are taken to prevent unauthorized entities from access, altering, deletion, disclosure of data. Data are stored on servers that abide by pertinent security rules and are processed by assigned staff members. General access to personal data is only possible for recipients with a UserID/Password. In case a service provider is contracted, as a data processor, the collected data may be stored by the external contractor, who has to guarantee data protection and confidentiality required by Reg. (EU) 2018/1725.

9. EEAS DATA PROTECTION OFFICER: Any questions to the DPO?
If you have inquiries you can also contact the EEAS Data Protection Officer at
You have, at any time, the right to have recourse to the European Data Protection Supervisor at