Transparency Statement for Data Subjects

The European Broadcasting Union (EBU) is committed to protecting the privacy of individuals whose personal information may be processed through EBU's EuroVOX platform and associated services. This transparency statement provides an overview of how we handle and protect personal information submitted by our Members ("Controllers") or their authorized users, in compliance with applicable Privacy Laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other relevant laws.

Who Are We?

EBU acts as a service facilitator connecting Members to third-party AI technologies for processing of Member content, including transcription, translation, and voice synthesis. In respect of personal data contained within that content, EBU acts as data Processor under the instructions of its Members, who act as Controllers and are responsible for ensuring that data subjects have been informed about the use of their data.

For inquiries, you can contact us:
European Broadcasting Union (EBU)
Address: L'Ancienne-Route 17A - 1218 Grand-Saconnex - Switzerland
Email: privacy@ebu.ch

Why Might EuroVOX Contain Personal Data and Where Does It Come From?

EuroVOX services may involve the processing of personal data included in audio recordings, texts, or videos (such as voices, names, or identifiable images) provided by EBU Member or other third-party content owners.

The personal data processed through EuroVOX originates from input data or materials submitted by EBU Members or third parties who act as independent data controllers. Members and third parties collect, verify, and publish media content as part of their professional activities before submitting such data for processing via EuroVOX Services. Therefore, Members and third parties are primarily responsible for ensuring transparency towards the individuals identifiable in the submitted content, in compliance with applicable data protection laws. The EBU does not collect personal data directly from those individuals but processes the data submitted by Members strictly within the scope of services agreed with them.

Why Is No Individual Notice Provided to Individuals in Submitted Content?

The EBU does not provide individual privacy notices to each person appearing in the content processed through EuroVOX because:

The EBU therefore relies on Article 14(5)(b) GDPR, which establishes that data controllers may be exempt from individual notification for purposes such as processing for transcription and translation, archiving in the public interest, or historical research, where providing such notice would involve disproportionate effort.

What Personal Information Is Processed?

The type of personal information processed depends on the service requested by our Members and may include:

Member-submitted content may be stored temporarily in EBU-managed cloud storage as an intermediate step in processing, including as a staging area for sub-processors that do not maintain their own storage infrastructure. Where content is processed through EuroVOX Studio, it may additionally be assembled and served from EBU-managed storage for the duration of processing. Such storage is transient and limited to what is necessary for service delivery. Details of the storage sub-processors used are available at https://www.eurovox.io/subprocessors.html. EBU separately retains operational data (including user identifiers, usage records, and platform logs) as necessary for service delivery and security, in its capacity as data Controller for such data.

Why Is Personal Information Processed?

Personal information submitted by our Members may be processed for the following purposes:

EBU ensures that personal information processed through its services is handled securely and only under the specific instructions of its Members.

Third-Party Providers

EBU engages vetted third-party sub-processors to deliver transcription, translation, voice synthesis, and related services. These sub-processors may process personal data contained within Member-submitted content as part of service delivery. A full list of approved sub-processors, including details of the services they provide and the data they process, is available at https://www.eurovox.io/subprocessors.html.

Who Controls the Data?

EBU's Members act as data controllers, determining which personal information is submitted for processing. Members have responsibility for:

EBU acts as data Processor and follows Members' instructions in processing the data submitted.

Data Security

EBU and its third-party Providers implement technical and organizational measures to protect personal information, in compliance with GDPR and other relevant legal protections.

If a data breach occurs within EBU's scope, we will notify Members promptly and assist in mitigation efforts.

International Data Transfers

Certain services facilitated by EBU may involve cross-border transfers of data, particularly to third-party Providers located outside the European Economic Area (EEA). Where necessary, transfers will rely on GDPR-approved mechanisms such as Standard Contractual Clauses (SCCs) or adequacy decisions.

Rights of Data Subjects

Under applicable Privacy Laws, data subjects have the right to:

EBU facilitates these requests through its Member Controllers. If you are a data subject and wish to exercise these rights, please contact the Member organization that submitted your data.

Retention of Data

EBU does not retain personal data submitted by Members beyond what is necessary for processing or legal obligations. Data deletion policies are governed by agreement terms with Members and/or Providers.

Questions or Complaints

If you have questions or concerns regarding the processing of your personal information, you can contact:

You may also file complaints with your local data protection authority if you believe your rights have been violated.