DATA PROTECTION NOTICE
The protection of your personal data and privacy is of great importance to the EU institutions and bodies, including the European External Action Service (EEAS) with the Union Delegations and the Service for Foreign Policy of the European Commission (FPI). You have the right under EU law to be informed when your personal data is processed [collected, used, stored] as well as the purpose and details of that processing. When handling personal data, we respect the principles of the Charter of Fundamental Rights of the European Union, particularly Article 8 on data protection. Your personal data are processed in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and the free movement of such data, aligned with Regulation (EU) 2016/679, the General Data Protection Regulation. In this privacy statement, you find information about how the EEAS, EU Delegations and the FPI process your personal data and your rights as a data subject.
PURPOSE OF DATA PROCESSING: Why do we process your data?
The purpose of the data processing is to ensure proper organisation and management of the event “ASEAN-EU Higher Education Fair 2022” by the EU Delegation to ASEAN in order to disseminate information among participants and to the public, enhance cooperation, networking and facilitate the exchange of ideas and information. It is also intended to further contact participants and promote EU Public Diplomacy, permitting individuals to engage in public diplomacy activities and other events. You can find information on the legal basis in Point 7 of this Privacy Statement.
- The organisation of the event “ASEAN-EU Higher Education Fair 2022” includes the management of contact and mailing lists for invitations, handling of participation requests and feedback, preparing and distributing preparatory materials, meeting reports, and disseminating news items and publications to the participants.
- Publication and communication activity related to the event “ASEAN-EU Higher Education Fair 2022" for dissemination purposes includes the publication of information about the event on the EEAS Intranet and/or on the EEAS and FPI websites and the facilitation of photos and videos, web streaming, audio or video recording during the event.
DATA PROCESSED: What data do we process?
I. Personal data will be collected, used and kept only to the extent necessary for the purposes above. Data, including personal data that may be processed, includes:
- Identification and contact data, including name, title, profession, function, postal/e-mail address, phone numbers and any other administrative information and contact details
- Login credentials in case of online registrations
- Nationality and current location
II. In addition, data is also collected from the website during the event and processed to inform the public and promote EU public diplomacy in communications and publications:
- Photos, audio or video filming and web streaming of speakers, participants or organisers as well as feedback, surveys, reports and other information about the event.
Disclaimer: The organisers waive responsibility for videos/photos taken, shared and published by participants or other individuals, including journalists and other members of the press not contracted by the EEAS/EU Delegations.
III. Data collection by websites: when using online applications, websites may apply dynamic tools such as cookies for technical functioning, gathering statistics and providing a personalised experience for you as a user. More information about cookies can be found on the specific websites.
DATA CONTROLLER: Who is entrusted with processing your data?
The data controller determining the purpose and means of the processing is the EU Delegation to ASEAN The EU Delegation to ASEAN is responsible for managing the personal data processing under the supervision of the Head of Delegation and is the controller entity engaging the service providers NEWLOGIC PTE. LTD and Mitra Karya Kreasi, from which you received the invitation to the event “ASEAN-EU Higher Education Fair 2022”.
RECIPIENTS OF THE PERSONAL DATA: Who has access to your data?
The recipients of your data may be:
- Designated organising staff of the EEAS/EU Delegation ▪ FPI assigned staff and other European Commission staff members designated for the tasks to be implemented
- Assigned staff of other EU institutions and other assigned organiser team members, if required
- Security and other partners, contractors, service providers on behalf of the organiser
- Participants, Interpreters, Technical staff when relevant
- EEAS staff and other EEAS Intranet users (if data published on the EEAS intranet)
- General public (if data made public on the internet, the EEAS website or social media platforms)
- NEWLOGIC PTE. LTD, the service provider, including web services, of the EU Delegation to ASEAN
Mitra Karya Kreasi, the service provider, including communication services With the exception described above, no personal data is transmitted to third countries or international organisations. Data will not be shared with third parties for direct marketing. Access to the personal data by the Service Provider for management and maintenance of the Registration page is implemented in accordance with the provisions of Chapter V of Reg. (EU) 2018/1725, in particular Art. 50. The service providers are Newlogic and Mitra Karya Kreasi, sub-contracted by Agriconsulting Europe S.A., a Belgian Enterprise, part of the Agriconsulting Group, an EU-wide organisation. Contractual clauses bind the service providers to protect your data. Data will not be shared with third parties for direct marketing. The service provider abides by contractual clauses for the protection of your data. Under certain conditions outlined in law, we may disclose your information to third parties (such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities) if necessary and proportionate for lawful, specific purposes. Service providers will process data on documented instructions and on behalf of the EEAS/EU Delegation or FPI in accordance with Article 29 of Regulation (EU) 2018/1725. More information on how the provider processes personal data is on the website of the contracted organisation. Data will not be communicated to third parties, except where necessary for the purposes outlined above. Social Media The EEAS and the EU Delegations, including Regional Teams of the FPI, use social media to promote and inform about events and meetings through widely used and contemporary channels. In addition to the EEAS Webpage or FPI webpage, videos may be uploaded to the EEAS YouTube channel, and links from our website can appear on Twitter, Instagram, Flickr and Facebook. The use of social media does not in any way imply endorsement of them or their privacy policies. We recommend that users read the Twitter, Flickr, Facebook, Instagram and YouTube privacy policies, which explain their data processing policy, use of data, users' rights, and how users can protect their privacy when using these services.
ACCESS, RECTIFICATION AND ERASURE OF DATA: What rights do you have?
You have the right to access your personal data and correct inaccurate or incomplete personal data taking into account the purpose of the processing. The right of rectification can only apply to factual data processed. Under certain conditions, you have the right to ask for the deletion of your personal data or restrict its use and object at any time to the processing of your personal data on grounds relating to your particular situation. We will consider your request, take a decision and communicate it to you without undue delay within one month of receiving the request. That period may be extended by two further months where necessary. For more detailed legal references, you can find information in Articles 14 to 21, 23 and 24 of Regulation (EU) 2018/1725. In specific cases, restrictions under Article 25 of the Regulation may apply. If you wish to exercise your rights or have questions concerning the processing of your personal data, you may address them to the EU Delegation as Data Controller.
To contact the EU Delegation, please use the functional mailbox of the event – [email protected]
LEGAL BASIS: On what grounds do we collect your data?
The processing of personal data related to the event “ASEAN-EU Higher Education Fair 2022” organised by the EU Delegation to ASEAN is necessary for the performance of a task carried out in the public interest [Article 5(1)(a) of Regulation (EU) 2018/1725], as mandated by the Treaties, in particular by articles 5, 11, 20, 21-40, 42, 43 of the Treaty on European Union (TEU) and 2 (4) and (5), 205, 220-221, 326 – 334 of the Treaty on the Functioning of the European Union (TFEU). Further reference: Council Decision of 26 July 2010 establishing the organisation and functioning of the EEAS (2010/427/EU) (OJ L 201, 3/8/2010, p. 30) and Shared Vision, Common Action: A Stronger Europe - A Global Strategy for the European Union’s Foreign and Security Policy of June 2016 and Council Conclusions of October 2016 where the Council of the European Union emphasises "the need of joining up efforts in the field of public diplomacy including strategic communication, inside and outside the EU, to speak with one voice and ultimately promote its core values”. At the same time, data processing for EU communication activities and publications is based on your consent requested separately [Article 5(1)(d) of Regulation (EU) 2018/1725]. Your consent is required for:
- photos, video recordings and web streaming related to events/meetings, which may be shared in EU communications (see point 5)
- attendance list containing your name, affiliation and contact details, which may be shared among participants
- permanent contact list created and shared internally among EEAS services to promote EU activities/events and disseminate information.
If you do not wish for some personal data, including photos, to be published on the web, you also have the option not to provide consent. You can withdraw your consent at any time. You also have the option to give consent only to one or more data processing activities.
TIME LIMIT - DATA STORING: How long do we process your data?
We aim to keep your personal data no longer than necessary for the purposes we collect them. After the event, your data is kept as long as follow-up actions to the event are required. Reports and other material containing personal data are archived according to e-Domec policy.
Personal data will be deleted five years after the last action in relation to the event. However, personal data may be part of a contact list shared internally among EEAS services to promote future EU activities and disseminate information. The privacy statement on public diplomacy initiatives is also available on the EEAS website. Financial data related to the event will be kept for a maximum of 10 years after the event or meeting for auditing purposes. Sensitive personal data relating to dietary and/or access requirements will be deleted once it is no longer necessary for the purpose for which it was collected in the framework of the meeting or event, but no later than one month after the end of the meeting or event. Personal data may be kept for information and historical, statistical or scientific purposes for a longer period of time, including the publication on the EU Delegation webpage and EEAS Intranet or EEAS website with appropriate safeguards in place.
Security of data
The EEAS, the EU Delegation and FPI strive to ensure a high level of security for your personal data. Appropriate organisational and technical measures are ensured according to Article 33 of Reg. (EU) 2018/1725. The collected personal data is stored on servers that abide by pertinent security rules. Assigned staff members process data. Files have authorised access. Measures are provided to prevent unauthorised entities from accessing, altering, deleting and disclosing data. General access to personal data is only possible to recipients with a UserID/Password. Physical copies are securely stored. If a service provider is contracted as a processor, the collected data may be stored electronically by the external contractor, who has to guarantee the data protection and confidentiality required by the Reg. (EU) 2018/1725. These measures also provide a high level of assurance for the confidentiality and integrity of the communication between you [your browser] and the EEAS/EU Delegation. Nevertheless, a residual risk always exists for communication over the internet, including email exchange. The EEAS relies on services provided by other EU institutions, primarily the European Commission, to support the security and performance of the EEAS website.
EEAS DATA PROTECTION OFFICER: Any questions to the DPO?
If you have any enquiries, you can also contact the EEAS Data Protection Officer at [email protected]
You have, at any time, the right to have recourse to the European Data Protection Supervisor at [email protected]