IDOM CONSULTING, ENGINEERING, ARCHITECTURE, S.A.U.
PricewaterhouseCoopers, Société cooperative
(the companies onwards to be referred as “LCBA Contractors”)
PRIVACY STATEMENT ▪ DATA PROTECTION NOTICE
FOR THE PURPOSE OF
PROCESSING PERSONAL DATA RELATED TO
EVENT “ONLINE LAUNCH OF THE LOW CARBON AND CIRCULAR ECONOMY BUSINESS ACTION IN THE AMERICAS”
The protection of your personal data and privacy is of great importance to the European External Action Service (EEAS), the Delegations of the European Union and the LCBA Contractors. You have the right under EU law to be informed when your personal data is processed (collected, used, stored) as well as about the purpose and details of that processing. When handling personal data, we respect the principles of the Charter of Fundamental Rights of the European Union, and in particular Article 8 on data protection. Your personal data are processed in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, aligned with Regulation (EU) 2016/679, the General Data Protection Regulation. In this privacy statement you find information about how the EEAS, EU Delegations and LCBA Contractors process your personal data and what rights you have as a data subject.
2. PURPOSE OF DATA PROCESSING: Why do we process your data?
The purpose of the processing is to ensure proper organisation and management of the event on “Low Carbon and Circular Economy Business Action in the Americas launching webinar”, facilitated by LCBA Contractors in collaboration with the European Commission and EU Delegations in Brazil, Canada and Mexico. EU Delegations work closely with the Regional Team of the Service for Foreign Policy Instruments (FPI) for the management of common actions in the area of foreign policy. This event is implemented under the Service Contract for European Union External Actions EuropeAid/140289/DH/SER/Multi.
With regard to the specific event, data is processed in order to disseminate information among participants and to the public, enhance cooperation, networking, facilitate exchange fora, often web based. It is also intended to further contact participants and to promote EU Public Diplomacy permitting to engage individuals in public diplomacy activities and other events.
You can find information on the legal basis in Point 7 of this Privacy Statement.
- Description of the event: official launching webinar of LCBA programme on 14th January 2021.
- The organisation of the 'events and meetings' includes the management of contact and mailings lists for invitations, handling of participation requests and feedbacks, the preparation and distribution of preparatory materials, meeting reports, news items and publications to the participants.
- Publication and communication activity related to event’ for dissemination purposes includes the publication of information about the event on LCBA Programme and LCBA Contractors communication channels and the facilitation of photos and videos, web streaming, audio or video recording during the event.
3. DATA PROCESSED: What data do we process?
I. Personal data will be collected, used and kept only to the extent necessary for the purposes above. Data, including personal data, that may be processed, are the following:
- Identification and contact data, including name, title, profession, function, postal/e-mail address, phone numbers and any other administrative information and contact details
II. In addition, data are also collected during the event and processed for the purpose of informing the public, promoting EU public diplomacy in communications and publications:
- Photos, audio or video filming and web streaming of speakers, participants or organisers as well as feedbacks, surveys, reports and other information about the event/meeting
Disclaimer: The organisers waive responsibility of videos/photos taken, shared, published by participants or other individuals, including journalists and other members of the press not contracted by the LCBA Contractors.
III. Data collection by websites: when using online applications, websites may apply dynamic tools such as cookies for technical functioning, gathering statistics and providing a personalised experience for you as a user. More information about cookies can be found on the specific websites.
4. DATA CONTROLLER: Who is entrusted with processing your data?
The data controller determining the purpose and means of the processing is the following entity:
Head of Unit for Budget, Finance and Relations with other Institutions (FPI.1)
of the Service for Foreign Policy Instruments.
Data processors responsible for processing personal data on behalf of the contracting authority are:
IDOM CONSULTING, ENGINEERING, ARCHITECTURE, S.A.U. (IDOM)
PricewaterhouseCoopers, Société cooperative (PWC)
ICF S.A (ICF)
And MEDIA RESPONSABLE S.L (subcontractor of IDOM)
5. RECIPIENTS OF THE PERSONAL DATA: Who has access to your data?
- Designated organising staff of Processors for the Service Contract for European Union External Actions No. EuropeAid/140289/DH/SER/Multi.
- Assigned Staff of the Service for Foreign Policy Instruments of the European Commission in Headquarters and Union Delegations
- Assigned staff of other EU institutions and other assigned organiser team members, if required
- Participants, Interpreters, Technical staff if relevant
- EEAS staff and other EEAS Intranet users
- General public (if data made public on the internet and social media platforms of the data controller and data processors)
- Security and other partners, contractors, service providers on behalf of the organiser:
With the exception of public domain data, no personal data is transmitted to third countries or to international organisations, which are outside the list of recipients and the legal framework mentioned above. Data will not be shared with third parties for direct marketing. Under certain conditions outlined in law, we may disclose your information to third parties, (such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes. Service providers will process data on documented instructions and on behalf of the EEAS/EU Delegation in accordance with Article 29 of Regulation (EU) 2018/1725. More information on how the provider processes personal data on the website of the contracted organisation, as indicate above. Data will not be communicated to third parties, except where necessary for the purposes outlined above.
LCBA Contractors, the FPI Regional Team for Americas, the EEAS, EU Delegations and DG GROW may use their websites and social media to promote and inform about the event. The use of social media does not in any way imply endorsement of them or their privacy policies. We recommend that users read the Twitter, Flickr, Facebook, Instagram and YouTube privacy policies which explain their data processing policy, use of data, users' rights and the way how users can protect their privacy when using these services.
6. ACCESS, RECTIFICATION, ERASURE OF DATA: What rights do you have?
You have the right of access to your personal data and the right to correct any inaccurate or incomplete personal data. The right of rectification can only apply to factual data processed. Individuals registering to events online can also update, delete their data or unsubscribe online. Under certain conditions, you have the right to ask the deletion of your personal data or restrict its use. Special attention is drawn to the consequences of a request for deletion, in which case any means to be able to contact you may be lost. You have the right to object on grounds relating to your particular situation to the publication of your personal data or to withdraw consent to the processing of data based on your consent (see point 7). We will consider your request, take a decision and communicate it to you. If you wish to exercise these rights, you can send an e-mail with a copy of an identification document (ID card or passport) to confirm your identity. This document should contain an identification number, country of issue, period of validity and your name, address and date of birth. Any other data contained in the copy of the identification document, such as a photo or any personal characteristics, may be blanked out. You find more information in articles 14 to 21, 23 and 24 of Regulation (EU) 2018/1725. If you have any questions you may contact the Data Controller.
Head of Unit for Budget, Finance and Relations with other Institutions (FPI.1)
of the Service for Foreign Policy Instruments
7. LEGAL BASIS: On what grounds we collect your data?
The processing of personal data related to events/meetings organised by the EEAS or EU Delegation is necessary for the performance of a task carried out in the public interest [Article 5(1)(a) of Regulation (EU) 2018/1725], as mandated by the Treaties, in particular by articles 5, 11, 20, 21-40, 42, 43 of the of the Treaty on European Union (TEU) and 2 (4) and (5), 205, 220-221, 326 – 334 of the Treaty on the Functioning of the European Union (TFEU).
Council Decision of 26 July 2010 establishing the organisation and functioning of the EEAS (2010/427/EU) (OJ L 201, 3/8/2010, p. 30) and Shared Vision, Common Action: A Stronger Europe - A Global Strategy for the European Union’s Foreign and Security Policy of June 2016 and Council Conclusions of October 2016 where the Council of the European Union emphasises "the need of joining up efforts in the field of public diplomacy including strategic communication, inside and outside the EU, to speak with one voice and ultimately promote its core values”.
At the same time, data processing for EU communication activities and publications is based on your consent requested separately [Article 5(1)(d) of Regulation (EU) 2018/1725]. Your consent is required for:
- photos, video recordings and web streaming related to events/meetings which may be shared in EU communications (see point 5)
- attendance list containing your name, affiliation and contact details which may be shared among participants
- name and contact details included in a contact list shared internally among EEAS/EU Delegation services for the purpose of promoting EU activities/events and disseminating information
If you do not wish for some personal data, including photos, to be published on the web, you also have the option not to provide consent. Participants that choose this option, depending on the type of event and available resources, may be take a seat in non-photographed areas, may follow the event/meeting by web streaming or wear an identifier including a colour code on stickers or badges. You can withdraw your consent at any time and you also have the option to give consent only to one or more data processing activities.
8. TIME LIMIT - DATA STORING: For what period and how we process your data?
Our aim is to keep your personal data not longer than necessary for the purposes we collect them. After the event, your data are kept as long as follow-up actions to the event are required. Reports and other material containing personal data are archived according to e-Domec policy.
Personal data will be deleted five years after the last action in relation to the event. Personal data may, however, be part of a contact list shared internally among LCBA Contactors, EEAS services and EU Delegations for the purpose of promoting future EU activities and disseminating information. The privacy statement on public diplomacy initiatives is also available on the EEAS website. Financial data related to the event/meeting will be kept for a maximum period of 10 years after the end of the event or meeting for auditing purposes. Personal data may be kept for information and historical, statistical or scientific purposes for a longer period of time including the publication on the LCBA Contractors websites and the EEAS Intranet or EEAS website with appropriate safeguards in place.
Security of data
The EEAS and EU Delegations strive to ensure a high level of security for your personal data. Appropriate organisational and technical measures are ensured according to Article 33 of Reg. (EU) 2018/1725. The collected personal data are stored on servers that abide by pertinent security rules. Data is processed by assigned staff members. Files have authorised access. Measures are provided to prevent unauthorised entities from access, alteration, deletion, disclosure of data. General access to personal data is only possible to recipients with a UserID/Password. Physical copies are stored in a secured manner. In case a service provider is contracted, as a processor, the collected data may be stored electronically by the external contractor, who has to guarantee data protection and confidentiality required by the Reg. (EU) 2018/1725. These measures also provide a high level of assurance for the confidentiality and integrity of the communication between you [your browser] and the EEAS/EU Delegation. Nevertheless, a residual risk always exists for communication over the internet, including email exchange. The EEAS relies on services provided by other EU institutions, primarily the European Commission, to support the security and performance of the EEAS website.
9. EEAS DATA PROTECTION OFFICER: Any questions to the DPO?
If you have an enquiry you can also contact the EEAS Data Protection Officer at firstname.lastname@example.org
You have the right to have recourse at any time to the European Data Protection Supervisor at email@example.com