Online Events
Record of processing activity | ||
---|---|---|
Title | ECCC ONLINE EVENTS | |
Name and contact details of controller | ECCC EC DG CNECT Note: During the transition period, the European Commission – DG CONNECT (“EC”) is responsible for the establishment and initial operations of the ECCC, i.e. until the ECCC has the operational capacity to implement its own budget.[1]
[1] Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres, Article 46(1). | |
Name and contact details of DPO | ECCC-DPO![]() | |
Name and contact details of Joint Controller | N/A | |
Name and contact details of processor | European Cyber Security Organisation (“ECSO”) nccs_contact ECSO sub-processor is the teleconference platform CISCO Webex Meetings, under a License Agreement between ECSO and CISCO. | |
Purpose of the processing | The purpose of this processing operation is to share the information about the content of the online event, to support the organization and management of the event, to share information (such as presentations) to participants, to distribute the participants list among the meeting participants and to make publicly available the recordings of the presentations, talks and interventions made during the online event. | |
Description of data subjects |
| |
Description of data categories |
| |
Time limits (for the erasure of data) | One month
Contact data collected upon registration will be kept by ECSO for one month after the online event. The participants list will be kept by ECSO for one month after the online event. For the teleconference platform (CISCO Webex Meeting): User generated data are deleted by CISCO after each meeting. Analytics data are maintained by CISCO to the extent strictly necessary for the provision of the service. Any locally stored user data will be deleted by ECSO within one month after the online event is concluded. | |
Data recipients | Designated ECCC, EC and ECSO staff involved in the organisation of the online events. | |
Transfers to third countries | The collection of contact data may include the transfer of personal data outside the EU/EEA as registration is performed via the teleconference platform (CISCO Webex). Contact data collected upon registration will be further processed by ECCC and ECSO only within EU/EEA. The operation of the teleconference platform (CISCO Webex) may include the transfer of personal data outside the EU/EEA.
Transfers of personal data outside the EU/EEA as part of the teleconference platform (CISCO Webex) are performed in line with Chapter V EUDPR. CISCO participates in the EU-US Data Privacy Framework[1].
[1]For further information see: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework_en.pdf; https://www.dataprivacyframework.gov/ | |
Security measures – General description |
| |
Privacy statement | DATA PROTECTION NOTICE FOR ECCC ONLINE EVENT |
Compliance check + High risk identification (internal) | |
---|---|
Legal basis and necessity for processing | The legal basis for the processing operation is article 5(1)(a) of Regulation (EU) 2018/1725 (EUDR), on the basis of Regulation EU) 2021/887 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres, especially the provisions establishing the tasks of ECCC. Moreover, article 5(1)(d) EUDPR shall be the legal basis for:
|
Purpose definition | To share the information about the content of the online event, to support the organization and management of the event, to share information (such as presentations) to participants, to distribute the participants list among the meeting participants and to make publicly available the recordings of the presentations, talks and interventions made during the online event. |
Data minimisation | The collection of personal data is limited to what is directly relevant and necessary to accomplish the specified purpose above. The personal data will be retained only for as long as is necessary to fulfil that purpose. |
Accuracy | The data are provided directly by the participants upon registration to the event. |
Storage limitation | Personal data will be kept by ECSO for one month. User generated data are deleted by CISCO after each event/meeting. |
Transparency: How do you inform people about the processing | Privacy statement is be made available in the event announcement and registration page. |
Access and other rights of persons whose data you process | The data subject will have been provided the relevant information in the privacy statement. If data subjects wish to make use of their rights, they can contact ECCC-DPO |
High Risk Identification | |
Does the process involve any of the following?
| N/A |