PRIVACY STATEMENT FOR ECCC WEBINARS
Your personal data are processed in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (1).
The data controller of the processing operation is the European Cybersecurity Competence Center (“ECCC”).
Note: During the transition period, the European Commission – DG CONNECT (“EC”) is responsible for the establishment and initial operations of the ECCC, i.e. until the ECCC has the operational capacity to implement its own budget (2).
The data processor of the processing operation is the European Cyber Security Organisation (“ECSO”) under the contract CNECT/2022/OP/0033 concluded between the EC and ECSO. ECSO will provide the teleconference platform for the online event (CISO Webex), under a License Agreement between ECSO and CISCO (sub-processor).
The legal basis for the processing operations is Article 5(1)(a) of Regulation (EU) 2018/1725 (EUDR), on the basis of Regulation EU) 2021/887 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres, especially the provisions establishing the tasks of ECCC. Moreover, article 5(1)(d) EUDPR shall be the legal basis for the distribution of the attendance list among the meeting participants (consent to be obtained upon registration to the event)
The purpose of this processing operation is to share the information about the content of the online event, to support the organization and management of the event and to compile the participants list.
The following personal data are collected:
- Contact data: first name, last name, function, organisation, country, e-mail.
- Data collected by CiscoWebex
- Personal data related to the connection/use of the teleconference platform such as: name / pseudonym, email address, organisation, IP address, MAC address, browser information, hardware type, operating system type and version. These data are processed by CISCO for analytics purposes;
- User generated information such as: discussion chat logs, meeting recordings, uploaded files. These data are produced through the CISCO Webex platform during the event
In addition, video recordings of specific sessions of the event will be performed upon the explicit consent of the speakers. The names and recordings of the meeting participants (apart from the speakers) will not be recorded
Access to your data is granted only to: designated ECCC and EC staff involved in the organisation of the online event, designated staff of the processor and sub-processor,and bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, European Anti-fraud Office – OLAF). The participants list will be distributed via email to those participants who will request it, including the following information: first name, last name, function, organisation, country, e-mail.
Contact data collected upon registration will be kept by ECCC for six months.
For the teleconference platform (CISCO Webex): User generated data are deleted by CISCO after each meeting. Analytics data are maintained by CISCO to the extent strictly necessary for the provision of the service. Any locally stored user data will be deleted by ECSO as soon as possible after the event is concluded.
Storage and transfers of personal data:
Contact data collected upon registration will be processed by ECCC and the EC only within EU/EEA.
The operation of the teleconference platform (CISCO Webex) may include the transfer of personal data outside the EU/EEA. In any such case, the transfer shall take place in accordance with the provisions laid out in Chapter V EUDPR.
You have the right of access to your personal data and to relevant information concerning how we use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. We will consider your request, take a decision and communicate it to you. If you have any queries concerning the processing of your personal data, you may address them to ECCC at CNECT-ECCC-ADMINec [dot] europa [dot] eu (CNECT-ECCC-ADMIN[at]ec[dot]europa[dot]eu).
You have the right of recourse at any time to the ECCC DPO at eccc-dpoenisa [dot] europa [dot] eu (eccc-dpo[at]enisa[dot]europa[dot]eu) and to the European Data Protection Supervisor at https://edps.europa.eu.
(1) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002.
(2) Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres, Article 46(1).