BISE, The Biodiversity Information System for Europe is a joint initiative of the European Commission- DG Environment, and the European Environment Agency (EEA), to offer a single entry point for information and data to support the implementation of the EU biodiversity policy in support of the implementation of its actions and track progress towards both the EU and global biodiversity targets.

An introduction about BISE is provided here: /info

Personal data collected by the European BISE portal are processed in accordance with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

Collection and processing of data are under the responsibility of the European Environment Agency (EEA), NCE1 - Biodiversity and Nature (NCE - Natural Capital and Ecosystems Programme), acting as Data Controller. The BISE Data processor is the external contractor, in charge of the development of the BISE portal.

What personal information we collect and for what purpose

In the context of the BISE portal, we are not collecting and publishing personal data. We collect personal information only when we create an account in the Eionet User Directory (Eionet account) to authorise experts that might directly contribute to the BISE web content. Please see the privacy statement of the Eionet website for details on the Eionet User Directory.

For generic BISE users, as personal data we only process: IP-addresses, browser versions and other devices information (i.e. transactional data) that are necessary to securely deliver web pages to the internet client. These transactional data are also processed by the personnel at CERT-EU which provides security services for EEA and available to the EEA’s Internet Service Provider ( and  cloud provider Amazon in EU, therefore for them, their privacy policy applies.

BISE users can request information about BISE, providing feedback and reporting bugs by sending an email at:; this email is accessible and managed by authorised staff composed by the EEA Eionet helpdesk staff and the BISE administrators via the Eionet Help Desk system (OTRS). Authorised staff can directly reply and solve a request, close the ticket of a request, forward it to the EEA or the European Topic Centre on Biological Diversity (ETC/BD) experts that can also reply. Finally authorised staff prepare the annual anonymised statistics about the type of request.

We do not store personal data in cookies. By default, the browsing experience of BISE users is tracked by the EEA Matomo software in order to produce anonymised statistics. For example, EEA staff may collect some data on browsing experience such as masked IP address (anonymized by removing the last two bytes), the web pages visited by a user, the website page an user were redirected from. The statistics aims at improving BISE portal and the browsing experience.

The analytical reports generated by the EEA Matomo can only be accessed through the Eionet Directory authentication system by EEA staff, other relevant EU institutions’ staff or by duly authorised external contractors, who may be required to analyse, develop and/or regularly maintain BISE. By default, EEA software Matomo installation respects users’ preferences and do not track visitors which have specified "I do not want to be tracked" in their web browsers (aka "Do not track").

How long personal data are stored

Transactional data (security logs) are  stored for a maximum of 1 year for security audit purposes unless there is an individual reason to keep information for a longer period of time (e.g. when individual IP addresses are blocked if part of a DoS-attack).

How to contact EEA and right to appeal

BISE users may contact the EEA’s Data Protection Officer (DPO) in case of any enquiry relating to the processing of personal data at the following email address:

BISE users are entitled to have recourse at any time to the European Data Protection Supervisor (; if they consider that the rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of  personal data by the EEA.