EU Flag

EEAS PRIVACY STATEMENT - DATA PROTECTION NOTICE

FOR THE PURPOSE OF

PROCESSING PERSONAL DATA RELATED TO THE EVENT

EUROPEAN HIGHER EDUCATION FAIR 2021 (EHEF)

ORGANISED BY THE EU DELEGATION TO THE PHILIPPINES

1. INTRODUCTION

The protection of your personal data and privacy is of great importance to the EU institutions and bodies, including the European External Action Service (EEAS) with the Union Delegations and the Service for Foreign Policy of the European Commission (FPI). You have the right under EU law to be informed when your personal data is processed [collected, used, stored] as well as about the purpose and details of that processing.

When handling personal data, we respect the principles of the Charter of Fundamental Rights of the European Union, and in particular Article 8 on data protection. Your personal data are processed in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, aligned with Regulation (EU) 2016/679, the General Data Protection Regulation. In this privacy statement you find information about how the EEAS, EU Delegations and the FPI process your personal data and what rights you have as a data subject.

2. PURPOSE OF DATA PROCESSING: Why do we process your data?

The purpose of the data processing is to ensure proper organisation and management of the event “EUROPEAN HIGHER EDUCATION FAIR 2021 (EHEF)” by the EU Delegation to the Philippines in order to disseminate information among participants and to the public, enhance cooperation, networking, facilitate exchange fora, often web-based. It is also intended to further contact participants and to promote EU Public Diplomacy permitting to engage individuals in public diplomacy activities and other events.

You can find information on the legal basis in Point 7 of this Privacy Statement.

  • The organisation of event “EUROPEAN HIGHER EDUCATION FAIR 2021 (EHEF)” includes the management of contact and mailings lists for invitations, handling of participation requests and feedbacks, the preparation and distribution of preparatory materials, meeting reports and news items and publications to the participants.

  • Publication and communication activity related to the event “EUROPEAN HIGHER EDUCATION FAIR 2021 (EHEF)" for dissemination purposes includes the publication of information about the event on the EEAS Intranet and/or on the EEAS and FPI websites and the facilitation of photos and videos, web streaming, audio or video recording during the event.

3. DATA PROCESSED: What data do we process?

I. Personal data will be collected, used and kept only to the extent necessary for the purposes above. Data, including personal data, that may be processed, are the following:

  • Identification and contact data, including name, title, profession, function, postal/e-mail address, phone numbers and any other administrative information and contact details

  • Biography or CV if needed

  • Login credentials in case of online registrations

II. In addition, data are also collected from the website during the event and processed for the purpose of informing the public, promoting EU public diplomacy in communications and publications:

  • Photos, audio or video filming and web streaming of speakers, participants or organisers as well as feedbacks, surveys, reports and other information about the event.

Disclaimer:

The organisers waive responsibility of videos/photos taken, shared, published by participants or other individuals, including journalists and other members of the press not contracted by the EEAS/EU Delegations.

III. Data collection by websites: when using online applications, websites may apply dynamic tools such as cookies for technical functioning, gathering statistics and providing a personalised experience for you as a user. More information about cookies can be found on the specific websites.

4. DATA CONTROLLER: Who is entrusted with processing your data?

The data controller determining the purpose and means of the processing is the EU Delegation to the Philippines.

The EU Delegation to the Philippines is responsible for managing the personal data processing under the supervision of the Head of Delegation and is the controller entity engaging the service providers:

Comm&Sense and Newlogic - from which you received the invitation to the event

EUROPEAN HIGHER EDUCATION FAIR 2021 (EHEF).

5. RECIPIENTS OF THE PERSONAL DATA: Who has access to your data?

The recipients of your data may be:

  • Designated organising staff of the EEAS/EU Delegation

  • FPI assigned staff and other European Commission staff members designated for the tasks to be implemented

  • Assigned staff of other EU institutions and other assigned organiser team members, if required

  • Security and other partners, contractors, service providers on behalf of the organiser

  • Participants, Interpreters, Technical staff if relevant

  • EEAS staff and other EEAS Intranet users (if data published on the EEAS intranet)

  • General public (if data made public on the internet, the EEAS website or social media platforms)

  • Comm&Sense and Newlogic, the service providers, including web services, of the EU Delegation to the Philippines

With the exception described above, no personal data is transmitted to third countries or to international organisations. Data will not be shared with third parties for direct marketing. Access to the personal data by the Service Provider for the purpose of management and maintenance of the Registration page is implemented in accordance with the provisions of Chapter V of Reg. (EU) 2018/1725, in particular Art. 50. The service providers are Comm&Sense and Newlogic, sub-contracted by Agriconsulting Europe S.A., a Belgian Enterprise, part of the Agriconsulting Group, an EU-wide organisation. The service providers are bound by contractual clauses for the protection of your data.

Data will not be shared with third parties for direct marketing. The service providers abide by contractual clauses for the protection of your data. Under certain conditions outlined in law, we may disclose your information to third parties, (such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes. Service providers will process data on documented instructions and on behalf of the EEAS/EU Delegation or FPI in accordance with Article 29 of Regulation (EU) 2018/1725. More information on how the providers process personal data on the website of the contracted organisation. Data will not be communicated to third parties, except where necessary for the purposes outlined above.

Social Media

The EEAS and the EU Delegations, including Regional Teams of the FPI, use social media to promote and inform about events and meetings through widely used and contemporary channels. In addition to the EEAS Webpage or FPI webpage, videos may be uploaded to the EEAS YouTube channel and links from our website can appear on Twitter, Instagram, Flickr and Facebook. The use of social media does not in any way imply endorsement of them or their privacy policies. We recommend that users read the Twitter, Flickr, Facebook, Instagram and YouTube privacy policies which explain their data processing policy, use of data, users' rights and the way how users can protect their privacy when using these services.

6. ACCESS, RECTIFICATION AND ERASURE OF DATA: What rights do you have?

You have the right of access to your personal data and the right to correct your inaccurate, or incomplete personal data taking into account the purpose of the processing. The right of rectification can only apply to factual data processed. Under certain conditions, you have the right to ask the deletion of your personal data or restrict their use as well as to object at any time to the processing of your personal data on grounds relating to your particular situation. We will consider your request, take a decision and communicate it to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary. For more detailed legal references, you can find information in Articles 14 to 21, 23 and 24 of Regulation (EU) 2018/1725. In specific cases, restrictions under Article 25 of the Regulation may apply. If you wish to exercise your rights or have questions concerning the processing of your personal data, you may address them to the EU Delegation, as Data Controller.

To contact the EU Delegation to Philippines please use the functional mailboxes of:

or

7. LEGAL BASIS: On what grounds we collect your data?

The processing of personal data related to event “EUROPEAN HIGHER EDUCATION FAIR 2021 (EHEF)” organised by the EU Delegation to the Philippines is necessary for the performance of a task carried out in the public interest [Article 5(1)(a) of Regulation (EU) 2018/1725], as mandated by the Treaties, in particular by articles 5, 11, 20, 21-40, 42, 43 of the of the Treaty on European Union (TEU) and 2 (4) and (5), 205, 220-221, 326 – 334 of the Treaty on the Functioning of the European Union (TFEU).

Further reference:

Council Decision of 26 July 2010 establishing the organisation and functioning of the EEAS (2010/427/EU) (OJ L 201, 3/8/2010, p. 30) and Shared Vision, Common Action: A Stronger Europe - A Global Strategy for the European Union’s Foreign and Security Policy of June 2016 and Council Conclusions of October 2016 where the Council of the European Union emphasises "the need of joining up efforts in the field of public diplomacy including strategic communication, inside and outside the EU, to speak with one voice and ultimately promote its core values”.

At the same time, data processing for EU communication activities and publications is based on your consent requested separately [Article 5(1)(d) of Regulation (EU) 2018/1725]. Your consent is required for:

  • photos, video recordings and web streaming related to events/meetings which may be shared in EU communications (see point 5)

  • attendance list containing your name, affiliation and contact details which may be shared among participants

  • permanent contact list created and shared internally among EEAS services for the purpose of promoting EU activities/events and disseminating information.

If you do not wish for some personal data, including photos, to be published on the web, you also have the option not to provide consent. You can withdraw your consent at any time and you also have the option to give consent only to one or more data processing activities.

8. TIME LIMIT - DATA STORING: For what period and how we process your data?

Our aim is to keep your personal data not longer than necessary for the purposes we collect them. After the event, your data are kept as long as follow-up actions to the event are required. Reports and other material containing personal data are archived according to e-Domec policy.

Personal data will be deleted five years after the last action in relation to the event. Personal data may, however, be part of a contact list shared internally among EEAS services for the purpose of promoting future EU activities and disseminating information. The privacy statement on public diplomacy initiatives is also available on the EEAS website. Financial data related to the event will be kept for a maximum period of 10 years after the end of the event or meeting for auditing purposes. Sensitive personal data relating to dietary and/or access requirements will be deleted as soon as they are no longer necessary for the purpose for which they have been collected in the framework of the meeting or event, but no later than within 1 month after the end of the meeting or event. Personal data may be kept for information and historical, statistical or scientific purposes for a longer period of time including the publication on the EU Delegation webpage and EEAS Intranet or EEAS website with appropriate safeguards in place.

Security of data

The EEAS, the EU Delegation and FPI strive to ensure a high level of security for your personal data. Appropriate organisational and technical measures are ensured according to Article 33 of Reg. (EU) 2018/1725. The collected personal data are stored on servers that abide by pertinent security rules. Data is processed by assigned staff members. Files have authorised access. Measures are provided to prevent unauthorised entities from access, alteration, deletion, disclosure of data. General access to personal data is only possible to recipients with a UserID/Password. Physical copies are stored in a secured manner. In case a service provider is contracted, as a processor, the collected data may be stored electronically by the external contractor, who has to guarantee data protection and confidentiality required by the Reg. (EU) 2018/1725. These measures also provide a high level of assurance for the confidentiality and integrity of the communication between you [your browser] and the EEAS/EU Delegation. Nevertheless, a residual risk always exists for communication over the internet, including email exchange. The EEAS relies on services provided by other EU institutions, primarily the European Commission, to support the security and performance of the EEAS website.

9. EEAS DATA PROTECTION OFFICER: Any questions to the DPO?

If you have enquiries you can also contact the EEAS Data Protection Officer at [email protected]

10. RECOURSE

You have, at any time, the right to have recourse to the European Data Protection Supervisor at [email protected].