PROTECTION OF YOUR PERSONAL DATA

This privacy statement provides information about the processing and the protection of your personal data in the framework of the Climate Pact Day of Action

Processing operation: European Climate Pact activities delivered by the European Commission and appointed contractors.

Data Controller: Directorate-General for Climate Action, Directorate A, Unit A.3.

1. Introduction
2. Purpose of the processing operation
3. What is the legal basis for processing your data?
4. What personal information do we collect, for what purpose and through which technical means?
5. How long do we keep your personal data?
6. How do we protect and safeguard your personal data?
7. Who has access to your personal data, to whom is it disclosed and who will process personal data?
8. What are your rights and how can you exercise them?
9. Contact information
10. Where to find more detailed information?

1. Introduction

The European Commission (hereafter ‘the Commission’) is committed to protecting your personal data and to respecting your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reasons for the processing of your personal data, the way we collect, handle, and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

This privacy statement concerns the processing of personal data by the Commission when managing the specific event Climate Pact Day of Action in the framework of the European Climate Pact, administered by the Directorate-General for Climate Action, Unit A.3. (CLIMA.A.3).

2. Purpose of the processing operation

The purpose of the processing is the organisation, management, evaluation and/or follow-up of the digital event Climate Pact Day of Action. For example, we may send participants an anonymous questionnaire for the evaluation of the event by participants and event follow-up.

Upon your specific consent by checking the appropriate consent box on the registration form, you will receive future mailing, newsletters, and event invitations from the European Commission. Please do read the Privacy Statement on this additional processing activity that will be accessible through a link, next to the check box. 

The data are solely collected and further processed for the specific purposes mentioned in this privacy statement and shall not be used for any other purpose.  

3. What is the legal basis for processing your data?

The lawfulness of the processing of personal data for the purposes of the digital event is based on Article 5(1)(a) of the Regulation and Article 5(1)(d) of the Regulation, i.e., your consent.

4. What personal information do we collect, for what purpose and through which technical means?

For event participants, the personal data collected and further processed are: full name, e-mail address, country, city, date of birth and organisation type function.

For event speakers, the personal data collected and further processed are: first name, surname, profile, picture, short CV and presentation(s), if provided voluntarily by the speaker.

Be aware that this event is recorded. Photographs/pictures, presentations, live online streaming and/or audio (voice) and video (image) recording of speakers and participants may be processed/ included in the recording. Some of your personal data (photographs, pictures, video recording and live online streaming, presentations) may be published online, such as on the Streaming Service of the European Commission Website and possibly on Climate Pact campaign website.

• For event participants:

When joining the event, your audio and video is turned off by default. You can choose if want to unmute/mute your microphone and turn on or turn off your video anytime during the event.

You are advised not to activate your webcam/audio during the event. Enabling your webcam/audio during the event web streaming will constitute a clear and affirmative action establishing your unambiguous consent to be recorded and broadcasted.

• For event speakers:

Your full speeches or parts of them may be reused for internal documentation or in any public communication activity. No restriction fee can be requested for any use or reuse of the images. These data are collected via the on-line event platform/application or at a later stage via e-mail exchange or by any other appropriate means.

If you do not agree to be recorded and/or with the use of your image/ voice recording please let us know at the following email address: CLIMA-EU-CLIMATE-PACT-EVENTS@ec.europa.eu.

• For all participants:

The following additional information may be automatically collected while registering to virtual events and during the virtual event: event activity (such as joining or leaving), together with the date, time, person engaged in the activity, and other participants in the event with the date, time, duration, quality ratings that you may provide, IP data, location data, data about the web browser, data collected using cookies or other tracking technologies, if applicable. Please check the relevant Cookie Notice that will be published on the registration/event page).

5. How long do we keep your personal data?

The Data Controller only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing as described above.

After initially being processed by the Data Controller or its processors, personal data may be stored for a maximum period of 5 (five) years.

Please be advised that the retention period is only an estimate and, it may vary depending on the nature of the data, the purpose of the processing and relevant retention requirements prescribed by EU law.

Selected audiovisual content may be archived for permanent preservation, in line with the provisions of the Common Commission Level Retention List (SEC(2019)900/2), for historical purposes to document, preserve and make available the history and audio-visual heritage of the Commission and the European Union.

6. How do we protect and safeguard your personal data?

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are either on the servers of the European Commission (located on the premises of the Directorate-General in Brussels and in the DG DIGIT datacentre in Luxembourg), or of its contractors, all inside the EU. Where necessary, personal data are also held by external service providers for the purpose of providing services in this privacy statement (e.g., event registration and streaming purposes) who may be located outside of the EU. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the Commission.

The Commission’s contractors are bound by a specific contractual clause for any processing operations of personal data on behalf of the Commission, and by the confidentiality obligations deriving from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

7. Who has access to your personal data, to whom is it disclosed and who will process personal data?

Access to your personal data is provided to all authorised personnel of the EU institutions, and to approved contractors and partners linked to the European Climate Pact. These parties are responsible for carrying out processing operation based on a “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

We may also share your information with our external service providers for the purposes of registration to this event and managing the event, some of which may be based or process data outside of the EU (such as third-party virtual event platforms providers as B2match, Zoom, Sli.do etc.).

We use the following social media Twitter, Facebook, Instagram,LinkedIn,…) to promote the event. These social media may use cookies that collect your personal data in the event that you click on the social media link. The Data Controller has no control or responsibility on third-party cookies collected by these social media platforms. Therefore, we recommend you read these social media privacy policies before clicking on the social media links. When you register or attend to an event, be aware that the controller may transfer your personal data to recipients outside the EU, where the local law may grant you fewer rights than you have in your own country. Where transfers of data to a third country or to an international organisation apply, the controller transfers your data in accordance with Regulation (EU) 2018/1725, therefore based:

• on an adequacy decision of the Commission for a specific country / commercial sector (Article 47 of Regulation (EU) 2018/1725), and
• in the absence of an adequacy decision, on appropriate safeguards (Article 48 of Regulation (EU) 2018/1725), such as standard contractual clauses that can obtained by sending an email to the.

Please note that pursuant to Article 3(13) of Regulation (EU) 2018/1725 public authorities (e.g. Court of Auditors, EU Court of Justice) which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The further processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

The information we collect will not be given to any other third party, except to the extent and for the purpose we may be required to do so by law, including the possible transmission of personal data to EU bodies or institutions in charge of audit or inspection in accordance with the EU Treaties.

8. What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725. As regards this processing operation and depending on the lawfulness base of the data requested, you can exercise the following rights:

• the right to access your personal data (Article 17 of Regulation (EU) 2018/1725);
• the right to rectification in the case that your personal data is inaccurate or incomplete (Article 18 of Regulation (EU) 2018/1725);
• the right to erasure of your personal data (Article 19 of Regulation (EU) 2018/1725);
• where applicable, the right to restrict the processing of your personal data (Article 20 of Regulation (EU) 2018/1725);
• the right to data portability (Article 22 of Regulation (EU) 2018/1725);
• and the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a).

You can exercise your rights by contacting the Data Controller, or in case of conflict, the Data Protection Officer of the European Commission. In case of formal complaint, you can also address the European Data Protection Supervisor. The contact information can be found under Section 9.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description, i.e. Record reference in your request.

9. Contact information

The Data Controller

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller, Directorate-General for Climate Action, Unit A.3, at CLIMA-EU-CLIMATE-PACT-EVENTS@ec.europa.eu.

The Data Protection Officer (DPO) of the Commission

You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

10. Where to find more detailed information?

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.

This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-01063.