Skip to main content
European Union flag
English
European Citizens´ Initiative Forum

Protection of your personal data - Online events promoting and facilitating the European Citizens’ Initiative (ECI)

This privacy statement provides information about the processing and the protection of your personal data.

Processing operation: Online events promoting and facilitating the European Citizens’ Initiative (ECI)  

Data Controller: European Commission

Operational Data Controller:  Secretariat-General, Unit SG.DSG1.A.1 'Policy Priorities & Work Programme'

Record reference: DPR-EC-01063.1

1. Introduction

The European Commission (hereafter ‘the Commission’) is committed to protect your personal data and to respect your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

This privacy statement explains the reason for the processing of your personal data in the context of promoting and facilitating the European Citizens’ Initiative (ECI) through online events. It explains the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

The information in relation to processing operation promoting and facilitating the European Citizens’ Initiative (ECI) through online events, undertaken by the Secretariat-General, Unit SG.DSG1.A.1 'Policy Priorities & Work Programme' of the European Commission, is presented below.

The organisation of the online events is outsourced by the Commission to an external contractor ('the Contractor'). The contractor is EUROPEAN CITIZEN ACTION SERVICE, a non- profit organisation registered under the laws of Belgium, having its registered office at Avenue de la Toison d’or, 77, B-1060 Brussels, Belgium. On behalf of the Commission, the Contractor acts as Data Processor with regard to the personal data of speakers, moderators and participants at the online events.

2. Why and how do we process your personal data?

Purpose of the processing operation: The European Commission collects and further processes your personal data to provide you with information about online events promoting the European Citizens’ Initiative (before, during and after) and to process your application for participation in a specific online event.

The online event will be run using the WebEx web conferencing services provided to the  European Commission by BT Global Services Belgium BVBA.

To be registered at the online event, interested participants express their interest by sending an email to the Contractor providing their email for registration on the WebEx platform. They will receive a confirmation email from WebEx with the link via which they should join the online event on the day.

The online event will be recorded (audio-visual presentation, questions and answers involving speakers, moderators and participants, as well as the exchanges taking place in the chat functionality). The recording will be published on the event dedicated webpage on the European Citizens’ Initiative Forum.

The moderator(s) and speaker(s) will connect by video link, while participants can choose to connect either via the audio or video channels; they can also use a chat functionality. Participants who do not wish to be recorded can follow the presentation and exchanges and should refrain from intervening orally or in the chat functionality. During the event their name only will appear in the list of participants visible to all attendees; the list of participants will be visible after the event in the recording.

Your personal data will not be used for any automated decision-making including profiling.

The personal data processed may be reused for the purpose of procedures before the EU Courts, national courts, the European Ombudsman or the European Court of Auditors.

 

3. On what legal ground(s) do we process your personal data?

The processing of your personal data is based on your voluntary registration to the event as described under heading 2 above, and voluntary use of the Webex platform for the purpose of attending the online events. It is therefore lawful in accordance with Article 5(1)(d) of Regulation (EU) 2018/1725, which refers to a situation where 'the data subject has given consent to the processing of his or her personal data for one or more specific purposes'.

If you register to the online event, you are giving us your explicit consent under Article 5(1)(d) of Regulation (EU) 2018/1725 to process your personal data for those specific purposes.

Your consent for these services can be withdrawn at any time.

If you are the organiser of the online event, your data are processed on the contractual basis as referred to in Article 5(1)(c) and Article 5(1)(a) and (b) (Commission staff in charge of the ECI) of Regulation 2018/1725.

The processing operations on personal data of the speakers and moderators for the ECI online events with whom a contract is concluded, are carried out in line with the contractual provisions. Consequently, that processing is necessary and lawful under Article 5(1)(c) of Regulation (EU) 2018/1725 (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract).

4. Which personal data do we collect and further process?

The following personal data will be collected and processed by the Data Processor and the Data Controller:

  • name
  • e-mail address
  • organisation (optional)
  • image (if you connect via video link)
  • your views and comments made during the online event may contain personal data or be considered as such.

Cisco Webex is collecting and processing additional information in line with the Cisco privacy statement.

 

5. How long do we keep your personal data?

The Data Processor and Data Controller only keep your personal data for the time necessary to fulfil the purpose of collection or further processing.

For each of the categories of personal data that is processed, please find below the retention details and the reference to the relevant record of processing:

  • All personal data related to the organisation and management of the event (this includes the information given during the registration, before, during or after the event) will be deleted one year after the last action in relation to the event.
  • Recordings from the event will be kept online for 2 years before being deleted.

The retention periods applied by Cisco related to the use of the WebEx conference services are specified in the Cisco privacy statement.

6. How do we protect and safeguard your personal data?

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored either on the servers of the European Commission or of its contractors. All processing operations are carried out pursuant to Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your personal data on behalf of the Commission, and by the confidentiality obligations deriving from the General Data Protection Regulation (‘GDPR’ - Regulation (EU) 2016/679. The Contractor is contractually bound to process personal data on behalf of and in line with the instructions of the Data Controller, keep confidential any data they process and protect it from unauthorised access, use and retention.

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

The Data Controller is processing your personal data under Regulation (EU) 2018/1725 for the purposes of this online event. If you decide to take photographs/audio-visual recordings of the event and/or publish them online, you assume full responsibility for these actions. The same applies if you download the recordings that will be published online after the event and publish them on the Internet. The data controller shall not be held accountable for any processing of personal data that you might carry out on your own initiative during or after the event.

7. Who has access to your personal data and to whom is it disclosed?

Your personal data is collected by the authorised staff of the Contractor.

Access to your personal data is provided to the Commission staff responsible for carrying out this processing operation and to other authorised Commission staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

The recording of the online event will be published on the ECI Forum which is public.

Cookies

Cookies are short text files stored on a user’s device (such as a computer, tablet or phone) by a website. Cookies are used for the technical functioning of a website (functional cookies) or for gathering statistics (analytical cookies).

Information about the online events and the registration process is available via a Commission website. The cookies employed by the Commission on the registrant’s device for that purpose will be covered by the cookie policy of the Commission, which is available here: https://ec.europa.eu/info/cookies_en.

Cisco WebEx uses cookies in line with its privacy statement.

Third party IT tools, including Social Media

The Commission is using the WebEx conference services provided by BT Global Services Belgium BVBA. We recommend that users read the relevant privacy policies of Cisco Webex carefully before using them. These explain the company’s policy of personal data collection and further processing, their use of data, users' rights and the ways in which users can protect their privacy when using those services.

The use of a third party IT tool does not in any way imply that the European Commission endorses them or their privacy policies. In the event that one or more third party IT tools are occasionally unavailable, we accept no responsibility for lack of service due to their downtime.

Users understand and acknowledge that the conferencing service is delivered externally to the Commission IT infrastructure.  Part of the underlying infrastructure processing the audio, video and file sharing of this service might be located outside the European Union.  Therefore, users must be aware of the risk of a breach of confidentiality of the information shared via this service and must not use the service for sharing sensitive information.  

Users agree to not use the conference service to transmit any content that is unlawful and that contains software viruses or similar harmful components or routines.

International transfers

Users understand and acknowledge that the conferencing service is delivered externally to the Commission IT infrastructure. Part of the underlying infrastructure processing the audio, video and file sharing of this service might be located outside the European Union.   

 

8. What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.

You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) of Regulation (EU) 2018/1725 on grounds relating to your particular situation.

You have consented to provide your personal data to the Data Processor for the present processing operation. You can withdraw your consent at any time by notifying the Data Controller and /or the Data Processor. The withdrawal of your consent will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the Data Controller or the Data Processor, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 9 below.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified under Heading 10 below) in your request.

9. Contact information

  • The  operational Data Controller:

European Commission

Secretariat General

Directorate A 'Strategy, Better Regulation & Corporate Governance'

Unit A.1 'Policy Priorities & Work Programme '

B – 1049 Brussels, Belgium

Tel. +32 2 29 92165

Fax. +32 2 29 66655

E-mail: SG-ECI-mailing@ec.europa.eu

 

  • The Data Processor (ECI Platform Operator):

EUROPEAN CITIZEN ACTION SERVICE,

Avenue de la Toison d’or, 77

B-1060 Brussels, Belgium

Email: ECIforum@ecas.org

 

  • The Data Protection Officer (DPO) of the Commission

You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

 

  • The European Data Protection Supervisor (EDPS)

 

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the data controller.

 

10.  Where to find more detailed information?

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the European Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.

This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-01063.1.

General information on personal data protection in the context of the ECI implementation can be found at: https://citizens-initiative.europa.eu/how-it-works/data-protection      

 

 

Disclaimer: The opinions expressed on the ECI Forum reflect solely the point of view of their authors and can in no way be taken to reflect the position of the European Commission or of the European Union.
Ready to register your initiative?

Want to support an initiative? Need to know more about current or past initiatives?

Go to the European Citizens' Initiative website