Skip to main content
Logo
EnglishEnglish
European Cybersecurity Competence Centre and Network

Online Events

Online Events

Record of processing activity
Title ECCC ONLINE EVENTS
Name and contact details of controller

ECCC

EC DG CNECT

Note: During the transition period, the European Commission – DG CONNECT (“EC”) is responsible for the establishment and initial operations of the ECCC, i.e. until the ECCC has the operational capacity to implement its own budget.[1]

 

[1] Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres, Article 46(1).
Name and contact details of DPO ECCC-DPOatenisa [dot] europa [dot] eu (ECCC-DPO[at]enisa[dot]europa[dot]eu)
Name and contact details of Joint Controller N/A
Name and contact details of processor

European Cyber Security Organisation (“ECSO”) nccs_contactatlist [dot] cyber-ecco [dot] eu (nccs_contact[at]list[dot]cyber-ecco[dot]eu) (on the basis of Service Agreement with European Commission - CNECT/2022/OP/0033).

ECSO sub-processor is the teleconference platform CISCO Webex Meetings, under a License Agreement between ECSO and CISCO.
Purpose of the processing The purpose of this processing operation is to share the information about the content of the online event, to support the organization and management of the event, to share information (such as presentations) to participants, to distribute the participants list among the meeting participants and to make publicly available the recordings of the presentations, talks and interventions made during the online event.
Description of data subjects

Registered participants
Description of data categories
  1. Contact data: first name, last name, function, organisation, country, e-mail.
  2. Personal data related to the connection/use of the teleconference platform processed by CISCO Webex Meetings such as: name / pseudonym, email address, IP address, MAC address, browser information, hardware type, operating system type and version.
  3. User generated information processed by CISCO Webex Meetings during the online event such as: discussion chat logs, uploaded files.
  4. Recorded (audiovisual material) presentations, talks and interventions from speakers and panelists.
Time limits (for the erasure of data)

One month

 

Contact data collected upon registration will be kept by ECSO for one month after the online event.

The participants list will be kept by ECSO for one month after the online event.

For the teleconference platform (CISCO Webex Meeting): User generated data are deleted by CISCO after each meeting. Analytics data are maintained by CISCO to the extent strictly necessary for the provision of the service. Any locally stored user data will be deleted by ECSO within one month after the online event is concluded.
Data recipients Designated ECCC, EC and ECSO staff involved in the organisation of the online events.
Transfers to third countries

The collection of contact data may include the transfer of personal data outside the EU/EEA as registration is performed via the teleconference platform (CISCO Webex).

Contact data collected upon registration will be further processed by ECCC and ECSO only within EU/EEA.

The operation of the teleconference platform (CISCO Webex) may include the transfer of personal data outside the EU/EEA.

 

Transfers of personal data outside the EU/EEA as part of the teleconference platform (CISCO Webex) are performed in line with Chapter V EUDPR. CISCO participates in the EU-US Data Privacy Framework[1].

 

[1]For further information see: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf; https://www.dataprivacyframework.gov/
Security measures – General description
  1. Article 1.21 of Cisco Customer Master Data Protection Agreement: “Security Measures” means the technical and organizational measures designed to protect the Personal Data as set forth in Attachment A.

 

  1. Attachment A “Information Security Exibit” Trust Portal - Cisco
Privacy statement DATA PROTECTION NOTICE FOR ECCC ONLINE EVENT

 

Compliance check + High risk identification (internal)
Legal basis and necessity for processing

The legal basis for the processing operation is article 5(1)(a) of Regulation (EU) 2018/1725 (EUDR), on the basis of Regulation EU) 2021/887 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres, especially the provisions establishing the tasks of ECCC. Moreover, article 5(1)(d) EUDPR shall be the legal basis for:

  • the distribution of the attendance list among the meeting participants (consent to be obtained upon registration to the webinar);
  • recording of presentations, talks and interventions from speakers and panelists (consent to be obtained upon invitation of the speakers and panelists to the online event).
Purpose definition To share the information about the content of the online event, to support the organization and management of the event, to share information (such as presentations) to participants, to distribute the participants list among the meeting participants and to make publicly available the recordings of the presentations, talks and interventions made during the online event.

Data minimisation

 The collection of personal data is limited to what is directly relevant and necessary to accomplish the specified purpose above. The personal data will be retained only for as long as is necessary to fulfil that purpose.
Accuracy The data are provided directly by the participants upon registration to the event.
Storage limitation

Personal data will be kept by ECSO for one month.

User generated data are deleted by CISCO after each event/meeting.
Transparency: How do you inform people about the processing Privacy statement is be made available in the event announcement and registration page.
Access and other rights of persons whose data you process

The data subject will have been provided the relevant information in the privacy statement.

If data subjects wish to make use of their rights, they can contact ECCC-DPOatenisa [dot] europa [dot] eu (ECCC-DPO[at]enisa[dot]europa[dot]eu). Requests will be replied as per standard deadlines in Regulation (EU) 1725/2018.
High Risk Identification

Does the process involve any of the following?

  • data relating to health, (suspected) criminal offences or otherwise considered sensitive (‘special data categories’);
  • evaluation, automated decision-making or profiling;
  • monitoring data subjects;
  • new technologies that may be considered intrusive.
 N/A

 

Compliance check + High risk identification (internal)
(where applicable) links to threshold assessment and DPIA N/A
Where are your information security measures documented?

1- Cisco Data Protection Agreement:

https://trustportal.cisco.com/c/dam/r/ctp/docs/dataprotection/cisco-master-data-protection-agreement.pdf

  • Article 1.21 and

 

2- Cisco Webex Meetings Security White Paper - Cisco
Other linked documentation

Cisco End User License Agreement

  • Reference article 5.2

Related links

Privacy Compliance
Online Events
Governing Board (GB) meetings, GB members communication and exchange of documents