The European Data Protection Supervisor (hereinafter “EDPS”, “we”, “us”, “our”) processes your personal data to organise, manage and follow up to the EDPS 2022 Conference titled “The future of data protection: effective enforcement in the digital world” on 16 and 17 June 2022 (hereinafter the ‘Conference’).
We process your personal data based on Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by the Union institutions and bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (‘the Regulation’).
The controller is the EDPS. For more information on the EDPS please consult our website: https://edps.europa.eu.
Why do we process your personal data and under what legal basis?
We process your personal data for the following purposes:
- to alert you of registration for the Conference opening a week prior to the launching of the registration period, and a month prior to the Conference date to remind you to register
- to allow you to access the website
- to prepare aggregated statistical reports of website visitors’ activity
- to manage your participation in the event, following your registration
- to manage your participation in the Conference side events
- to invite organisations from the data protection and technology fields to present their organisation at one of our dedicated booths and manage their participation
- to perform any Conference follow-up actions (such as distribution of reports)
- to share conference content (i.e. audio-video recording) via the live streaming platform
- to share content from the conference and the social events organised by the EDPS (i.e. audio-video recording and photos) via communication channels (social media and the EDPS website)
- to manage dietary restrictions of participants attending the Conference in-person, if applicable
- to allow for accommodation of special health needs in case of attendance in person of the Conference
The lawfulness for the organisation, management and follow up of the Conference is Article 5(1)(a) of the Regulation (‘processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body’). The applicable legal basis is the Regulation, and in particular those provisions establishing the EDPS and its tasks (Article 57 (b) of the Regulation).
You will only receive alerts regarding the registration (as mentioned in a)) based on your consent (Article 5(1)(d) of the Regulation).
Your dietary restrictions and health personal data provided in order to accommodate health special needs related to in-person attendance of the conference are processed based on your consent.
You will only be photographed and video-recorded for communication purposes based on your consent. For photographs and video-recordings taken during the conference, your consent will be collected at the reception desk, when receiving your conference badge. For photographs taken during social events organised by the EDPS' your consent will be collected at the entrance. Photos taken under private capacity do not fall under the responsibility of the EDPS.
Video recordings of speakers will be published on the EDPS decentralised and open-source social media networks - EU Voice and EU Video, based on your consent.
When visiting the Conference website, your personal data will only be processed for aggregated statistics on the basis of your consent. For more information, please refer to the cookies notice.
What personal data do we process?
We process the following categories of personal data collected via the registration form:
- first and last name
- e-mail address
- phone number (only for representatives of organisations reserving dedicated booths)
- your organisational affiliation (optional)
- your occupation (optional)
- whether you plan to attend the conference virtually or in-person
- video recording and web streaming of speakers participating in the panel of the main conference hall, as well as of participants attending the conference in person and participate in the Q&A session of the said panel
- if you attend the conference or any social events organised by the EDPS in person, photographs and audio-video recording depicting you (optional)
- if you attend the conference in person, dietary restrictions (optional)
- if you attend the conference in person, special health needs (optional)
- if you attend the conference online and you are located outside of the EU/EEA area and in the absence of an adequacy decision pursuant to Article 45(3) of Regulation (EU) 2016/679, your consent for transfer of your personal data outside of the EU/EEA area to allow you to attend the conference remotely.
When you visit this website, we process your IP address, source Transmission Control Protocol (TCP) port associated to each HTTP request and date and time of the visit.
As mentioned in our cookies notice we collect, based on your consent, data regarding your browsing experience on our website for aggregated statistics.
Who has access to personal data?
The EDPS team organising the conference will have access to personal data submitted via the registration form. Also, a limited number of EDPS staff will have access on the basis of the need to know principle to aggregated statistics regarding the conference website.
A processor will process the name, surname, affiliation and occupation of the in-person attendees (participants, speakers, staff and exhibitors) for the pre-event production of conference badges.
The IT services of the European Commission (EC) may process website connection data for information security purposes.
How have we collected your personal data?
Your personal data are collected directly from you when you:
attend the conference in person and provided that you have given your consent for processing your photos and/or audio-video recordings;
visit the Conference website; and,
if applicable, when you submit a registration form.
The email address of the organisations invited to register one of our dedicated booths are collected from publicly available online sources. Additional personal data of the representatives of organisations reserving dedicated booths are collected via the relevant participation form submitted by their organisation to the EDPS.
How long do we keep your data?
We do not keep your personal information for longer than necessary for the purposes for which we collected it. However, we may keep your information for a longer period for statistical purposes with the appropriate safeguards in place (data aggregation).
Your contact details submitted via the registration form will be kept for six months following the conference or at the latest after the last follow-up action.
Your dietary restrictions and special health needs will be deleted after the end of the conference.
The personal data processed by the processor for the pre-event production of conference badges will be deleted by the processor once the production is completed.
Videos and photos of the conference and social events organised by the EDPS will be archived after 10 years and will not be available on the EDPS website any more after that period. Please note however that, once information, including personal data, is uploaded online, it can be used by third parties for their own purposes, in their own platforms, and sometimes without the EDPS being informed. In such cases, please note that it may not be possible for us, notwithstanding any implemented safeguards, to ensure removal from the internet after the retention period has expired.
If you would like us to delete your personal data provided via the registration form, we will erase your data from the main server two calendar weeks following your request. We will erase any remaining personal data pertaining to you from our backup server within maximum six weeks following your request. For more information, please see further down how you can withdraw your consent.
Technical website’s visitor logs are kept for one year.
Processing of personal data outside the EU/EEA
Personal data are processed as a rule within the EU.
If you attend the conference online from outside the EU/EEA area, some of your personal data (such as, IP or MAC address) will be transferred outside of the EU/EEA in order to allow for your participation at the conference. The legal basis for the transfer of personal data outside the EU/EAA in this case is article 50(1)(a) of the Regulation (‘the data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards’).
Transferring personal data outside of the EU/EEA may create additional risks, because there may be a lower level of protection in the non-EU/EEA country of destination. This may have an impact on your ability to exercise your data protection rights, in particular to protect your personal data from unlawful use or disclosure. Potential risks include:
- Unauthorised access to certain categories of personal data(such as IP or MAC address) could lead to profiling and discrimination for having participated in the event;
- The laws and practices of the non-EU/EEA country of destination may require to provide data to government agencies or permit access by such authorities.
Applicable security measures
The EDPS strives to ensure a high level of security for the information you may share with us via the registration or contact forms, such as using Hypertext Transfer Protocol Secure (HTTPS). This measure provides a high level of assurance for the confidentiality and integrity of the communications between your browser and the website. Nevertheless, a residual risk remains for communication over the internet, including email.
The security of our website and of the data collected is ensured by adequate technical and organisational measures. We protect data in transit between you and our website by using the SSL secure protocol ensuring their confidentiality and integrity.
Your rights when we process your personal data
You have the right to access your personal data and to relevant information concerning how we use your personal data. You have the right to request rectification of your personal data. You have the right to ask that we delete your personal data or restrict its use. Where applicable, you have the right to object to our processing of your personal data, on grounds relating to your particular situation. Where applicable, you the right to your data portability. We will consider your request, take a decision, and communicate it to you.
How to withdraw your consent and the consequences of doing this
You can withdraw your consent regarding alerts for registration at any time on the Conference website form at the same place where you have given it. If you withdraw your consent for one of the above-mentioned purposes regarding registration, we will not process your personal data for that specific purpose. If you withdraw your consent for all of the above-mentioned registration purposes, we will delete your personal data within the timeframes mentioned in the “how long do we keep your data” section above.
For information on how to withdraw your consent for cookies, please refer to the cookies notice.
You can also withdraw your consent regarding the processing of photographs and/or audio-video recording depicting you at any time by informing staff at the reception desk of the Conference.
Please note that withdrawing your consent does not affect the lawfulness of processing of your personal data based on your consent before its withdrawal.
Your rights on your personal data are provided for in Articles 17 to 24 of the Regulation. Please note that in some cases restrictions under Article 25 of the Regulation may apply.
You have the right to contact the EDPS Data Protection Officer (DPO) regarding the processing of your personal data by email: DPO@edps.europa.eu or a letter, marked for the attention of the EDPS DPO (see postal address below).
You have also the right to lodge a complaint with the EDPS as a supervisory authority: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en.
How to exercise your data protection rights at the EDPS
We encourage you to contact us using the EDPS contact form, selecting ‘My personal data’ as the relevant subject: https://edps.europa.eu/node/759.
If you wish to contact the EDPS DPO personally, you can send an e-mail to DPO@edps.europa.eu or a letter to the EDPS postal address marked for the attention of the EDPS DPO.
EDPS postal address: European Data Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium