Data Protection Notice

Your personal data is processed in accordance with Regulation (EU) No 2018/1725¹ on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

The data controller of the processing operation is Head of Unit I.03 of the European Innovation Council and SMEs Executive Agency (EISMEA) and can be contacted at EISMEA-CONS-PROCUREMENT@ec.europa.eu.  

The following entities process your personal data on our behalf as data processor: ICF Next, 17 Avenue Marnix, 1000 Brussels, Belgium.

In addition WebEx, B2Match, vimeo and Slido are used to support the organisation of the event as well as Zoom (only for speakers).

The legal basis for the processing activities are:

• Article 5(1)(a) of Regulation (EU) 2018/1725 because processing is necessary for the performance of a task carried out in the public interest (or in the exercise of official authority vested in the Union institution or body)²;
• Article 5(1)(d) of Regulation (EU) 2018/1725 based on your explicit prior consent for your non-mandatory personal data indicated below.

The purposes of this processing are to:

• register and manage the participation to the online event;
• provide the participants access to the online event;
• include participants in the list of participants;
• collect live feedback and to facilitate visual collaboration between event attendees;
• inform participants about follow-up activities of the event/related to the topic of the event, including feedback collection and specific, related communication activities, such as e-mailing, monitoring and evaluation of an event;
• evaluate the service contract mentioned above.

The following of your personal data are collected for all event participants: your full name, telephone number, job title, professional contact details and information, organization, country and city. All personal data are mandatory for the purpose(s) outlined above.

Additional non mandatory personal data may be collected by the video conferencing tools used for the organisation of this event as outlined below under each tool.

Please note that the event will be (partly) web-streamed and it is possible that you will be recorded. It is also possible that photographs of you will be taken during the event and might be used for related communication purposes and published e.g. on Commission press, websites or social media or related publications.

Upon registration, you can give your explicit consent to have your image/voice recorded and published on related communication channels such as Commission press, websites or social media or related publications. If you do not agree to appear in the recording you can switch off your camera and mute your micro yourselves.

The recipients of your personal data will be authorised staff of EISMEA and Commission in charge of the organisation and follow-up of the event, authorised staff of the Agency and Commission contractors in charge of organising the event and bodies in charge of monitoring or inspection tasks in application of Union or national law (e.g. internal audits, Court of Auditors, European Anti-fraud Office (OLAF), law enforcement bodies).   

The event will be organised online using the following third party tools:

• For the purpose of hosting the digital event and managing the different side activities, including networking, virtual exhibitions, Q&A, quizzes, and polls, B2match.com, third party tool may collect from participants the following data: their title, first name, last name, age range, gender, job position, professional and personal e-mail address, professional and personal phone number(s), Twitter and LinkedIn accounts, areas of interest (for networking), profile picture, IP address, website data, geolocation, and browser-generated information (including device information, operating system, device type, system, cookies or other technologies used to analyse users’ activity).

Moreover, B2match.com also collects the following information: time zone, organisation name, organisation description, logo and website, organisation address, city and country. It hosts the collected personal data on servers in Germany.

For information on how B2match.com uses cookies and processes personal data, please consult this link https://www.b2match.com/privacy-policy.

• For the purpose of hosting web meetings, Cisco WebEx, third-party tool collects data when the participant registers and uses the Cisco WebEx service. It collects name, email address, password, public IP address, browser, phone number (optional), mailing address (optional), geographic region, avatar (optional), user information included in the customer’s active directory (if synched), Unique User ID (UUID). CISCO and the contractor have access to the data. It hosts the collected personal data within the European Union.

Detailed information on CISCO WebEx’s data privacy policies is also available here: https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf.

• For the purpose of hosting web meeting (last session only), Zoom, third-party tool collects data from Speakers only when they register and use the Zoom platform: Name of the speaker.

Zoom operates globally, which means personal data may be transferred, stored (for example, in a data center), and processed outside of the country or region where it was initially collected. Your personal data may be transferred to or stored in the United States where we are established, as well as in other countries outside of the EEA, Switzerland, and the UK.

Detailed information on Zoom’s data privacy policies is also available here: ZOOM PRIVACY STATEMENT - Zoom .

• For the purpose of watching the videos on the event website, YouTube (Google), third party tool collects the following personal data:  information about the apps, browsers and devices that you use to access Google services, which helps them provide features such as automatic product updates and dimming your screen if your battery runs low.

The information Google collects, and how that information is used, depends on how you use Google services and how you manage your privacy controls. Find more information about Privacy Policy – Privacy & Terms – Google.

• For the purpose of web streaming, Vimeo, webstreaming platform, third party tool collects from event participants: IP address, website data, geolocation, cookies, and browser generated information. It hosts the collected personal data on servers around the world and transfers personal based on Articles 46 to 51 of GDPR Regulation GDPR.

 For information on how Vimeo uses cookies and processes personal data, please consult this link https://vimeo.com/privacy.

• For the purpose of Q&A, quizzes, and polls, Sli.do, third party tool collects the following personal data: first name (optional), last name (optional), email (optional), company (optional); IP address, language, website data, geolocation, and browser-generated information (including device information, operating system, device type, system, cookies or other technologies used to analyse users’ activity).

It hosts the collected personal data on servers in Europe. For information on how Sli.do uses cookies and processes your personal data, please consult this link: Legal | Slido - Audience Interaction Made Easy.

Your personal data will not be transferred to third countries or international organisations, with the exception of data collected by third-party tools WebEx, Vimeo and Sli.do:

WebEx user-generated information is stored in the data center in customer’s region Cisco Webex Analytics Platform data, which utilizes Host and Usage Information, is stored in the United States. For free user accounts, the data may be stored in a Webex data center outside the account holder’s region. For more information, please see: https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf and https://www.icf.com/legal/privacy-statement#international

Vimeo user-generated information, in accordance with the GDPR, Vimeo may transfer your personal information from your home country to the U.S. (or other countries) based upon Legitimate business interests as Vimeo could not provide its services or comply with its legal obligations without transferring your personal information to the U.S. andVimeo uses Standard Contractual Clauses where appropriate.

Slido may transfer your personal information outside of the EU based on the location of sub-providers, if there are sufficient controls in place to protect your data and uses Standard Contractual Clauses where appropriate.

The processing of your data will not include automated decision-making (such as profiling).

The following technical and organisational security measures are in place to safeguard the processing of your personal data: ICF Next as data processor stores data in certified data centres within the EU. ICF Next has implemented and will maintain appropriate administrational, technical, organizational, security and physical safeguards designed to ensure the confidentiality, integrity, availability, and resiliency of personal data. ICF Next will also protect personal data against any anticipated threats or hazards to confidentiality, integrity, availability and resiliency of personal data. ICF Next is subject to specific contractual clauses on confidentiality and for the processing of data on behalf of the Agency or Commission, and subject to legal obligations deriving from Regulation (EU) 2018/1725 and the General Data Protection Regulation (‘GDPR’ Regulation (EU) 2016/679).

Your personal data will be kept for a maximum period of 3 years from 29 September 2021. Data will be manually deleted at the end of this period.

You have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal.

Your request to exercise one of the above rights will be dealt with without undue delay and within one month.

Your right to information, access, rectification, erasure, restriction or objection to processing, communication of a personal data breach, or confidentiality of electronic communications may be restricted only under certain specific conditions as set out in the applicable Restriction Decision in accordance with Article 25 of Regulation (EU) 2018/1725.

If you have any queries concerning the processing of your personal data, you may address them to Head of Unit I.03 of the European Innovation Council and SMEs Executive Agency (EISMEA) via EISMEA-CONS-PROCUREMENT@ec.europa.eu.

You shall have the right of recourse at any time to the EISMEA Data Protection Officer at EISMEA-DPO@ec.europa.eu and to the European Data Protection Supervisor at https://edps.europa.eu.

Version 28 September 2021

___________________________

¹ Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295/39 of 21.11.2018).

² EISMEA Establishment Act: Commission Implementing Decision (EU) 2021/173 of 12 February 2021 establishing the European Innovation Council and SMEs Executive Agency (OJ L 50/9 of 15.2.2021) and Single Market Regulation (EU) 2021/690 of the European Parliament and of the Council of 28 April 2021 (OJ L 153/1 of 3.5.2021).