PRIVACY STATEMENT: PROTECTION OF YOUR PERSONAL DATA
Table of Contents
- Why do we process your data?
- Which data do we collect and process?
- How long do we keep your data?
- How do we protect your data?
- What are your rights and how can you exercise them?
- Contact information
- Where to find more detailed information
This privacy statement explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).
The European institutions are committed to protecting and respecting your privacy. As this service collects and further processes personal data, Regulation (EC) N°45/2001 , of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, is applicable.
This privacy statement concerns the delivery of training services, including face-to-face trainings, webinars and eLearning events, by a Consortium of organisations led by Fondazione punto.sud (hereinafter the Consortium) in implementation of the framework contract ECHO/A2/SER/2018/03 for the supply of training and support services to the Directorate-General for Civil Protection and Humanitarian Aid Operations (DG ECHO), hereinafter referred to as the operating DG.
2. Why do we process your data?
Purpose of the processing operation: the Consortium, acting on behalf of DG ECHO, collects and uses your personal information to ensure an adequate organisation and follow-up of the training services delivered and to send you DG ECHO Flash (newsletter), if requested.
Lawfulness of the processing operation:
The processing operations on personal data for the organisation and follow-up of the training services are necessary and lawful under the following article of the Regulation (EC) 45/2001:
article 5 (a): processing is necessary for the performance of a task carried out in the public interest on the basis of the Treaties establishing the European Communities or other legal instruments adopted on the basis thereof.
3. Which data do we collect and process?
Only data necessary for the organisation and management of training services and for sending the DG ECHO Flash (newsletter), such as gender, nationality, name and country of the Organisation, position, your country office, email of your reference person at HQ.
4. How long do we keep your data?
Personal data is kept as long as its processing is necessary for the organisation and management of the training events. All personal data will generally be deleted from databases 10 years after the last action in relation to this training. Reports containing personal data will be archived according to the relevant Commission legal framework.
5. How do we protect your data?
All data in electronic format are stored on the servers of the Consortium providing the training services and its service providers (Docebo SPA and Kudu srl. Benefit Corporation). These operations abide by the Commission's security decisions and provisions established by the Directorate of Security for this kind of servers and services and/or of its contractor organising the training.
The Commission’s external contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Only the European Commission and the Consortium members have access to your data. Other participants in the training events do not have access to the personal data you have disclosed.
6. What are your rights and how can you exercise them?
According to Regulation (EC) n°45/2001, you are entitled to access your personal data and rectify, block or delete it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the data controller by explicitly specifying your request, or in case of conflict the Data Protection Officer and if necessary the European Data Protection Supervisor using the contact information given at point 7 below.
7. Contact information
If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:
The Data Controller:
Head of Unit in charge of Policy Coordination, International & Multilateral Relations and Legal Affairs, Directorate-General for European Civil Protection and Humanitarian Aid Operations (DG ECHO)
The Data Protection Officer (DPO) of the Commission: DATA-PROTECTION-OFFICER@ec.europa.eu The European Data Protection Supervisor (EDPS): email@example.com.
8. Where to find more detailed information?
The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link : http://ec.europa.eu/dpo-register
This specific processing has been notified to the DPO with the following reference: DPO-3445.