Date: 18 November 2020
SPECIFIC PRIVACY STATEMENT FOR THE EUROPEAN NETWORK OF DEFENCE-RELATED REGIONS (ENDR) WEBSITE
Your personal data are processed in accordance with Regulation (EU) No 2018/17251 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.
The data controller of the processing operations for the needs of this event is Head of Unit DEFIS A.1, European Commission. DEFIS-A1@ec.europa.eu
The following entities process your personal data on behalf of the data controller: the Head of Unit A.1 COSME2 of the Executive Agency for Small and Medium-sized Enterprises (EASME)3 EASME-COSME-DP@ec.europa.eu, the contractor, The Walking Nerds as data processor, firstname.lastname@example.org, and Sendiblue, sub-processor of the contractor.
These entities process your personal data in accordance with Regulation (EU) No 2018/1725.
The legal basis for the lawfulness of processing operations is Article 5(a) of Regulation (EU) No 2018/1725 whereby processing of your personal data is necessary for the performance of a task carried out in the public interest on the basis of the Treaties or other legal instruments adopted on the basis thereof; and Article 5(d) of Regulation (EU) No 2018/1725 whereby the data subject has unambiguously given his or her consent to provide the data necessary for the subscription to the newsletter.
The purpose of this processing operation is to register regional organisations, clusters or similar bodies in the EU interested in joining the European Network of Defence-Related Regions (ENDR); to collect information on dual use strategies, developments and relevant events in order to provide the interested public with the most relevant information about the functioning of the Network and to manage the subscription to the Network's e-mail newsletter and alerts. The website serves also as an access point to the Network where regional organisations and interested third parties can find respective information (info-sheets) on registered organisations. Via the home page of the site, registered users can also access the Intranet of the European Network of Defence-Related Regions whose access is restricted to Network members.
The following of your personal data are collected: your name, position, professional e-mail address, phone number, IP address, website data, geolocation, and browser-generated information, cookies or other technologies used to track users’ activity. These elements are mandatory for the purposes outlined above and they are necessary for the verification of your data, the establishment of an account and for delivering the services requested (such as the subscription to the newsletter).
For the purpose of web traffic anaytics, we use Matomo, third party tool under The Walking Nerds (contractor) responsibility, hosts the collected personal data within European Economic Area4 servers.
Matomo is an open source web analytics platform. A web analytics platform is used by a website owner in order to measure, collect, analyse and report visitors data for purposes of understanding and optimizing their website. If you would like to see what Matomo looks like, you can access a demo version at: https://demo.matomo.org.
Matomo is used to analyse the behaviour of the website visitors to identify potential pitfalls; not found pages, search engine indexing issues, which contents are the most appreciated… Once the data is processed (number of visitors reaching a not found pages, viewing only one page…), Matomo is generating reports for website owners to take action, for example changing the layout of the pages, publishing some fresh content… etc.
Matomo is processing the following personal data: User ID ; and also: Date and time , Title of the page being viewed, URL of the page being viewed, URL of the page that was viewed prior to the current page, Screen resolution, Time in local timezone, Files that were clicked and downloaded, Link clicks to an outside domain, Pages generation time ,Country, region, city, Main Language of the browser, User Agent of the browser.
The personal data received through Matomo are sent to our web hosting provider: Amazon Web Service, in Paris Zone, France.
Matomo data is hosted in France.
We are keeping the personal data captured within Matomo for a period of 12 months.
As Matomo is processing personal data on legitimate interests, you can exercise the following rights:
- Right of access: you can ask us at any time to access your personal data.
- Right to erasure: you can ask us at any time to delete all the personal data we are processing about you.
- Right to object: you can object to the tracking of your personal data by using the following opt-out feature:
In addition, the following non-mandatory personal data are collected: your social media accounts. These can only be processed based on your explicit prior consent.
The recipients of your data will be European Commission and EASME Agency staff members (in charge of the project and responsible for EU Defence Policy), the partners of the ENDR (regional organisations, clusters and/or other bodies which are members of the Network), ENDR staff members (the Contractor), and the system operator (the Contractor and its sub-processors) who are respectively responsible for the dissemination activity of the programme and for the management of the website. The information in question can be communicated to bodies charged of monitoring or inspection tasks in application of Union law (e.g. internal audits, European Anti-fraud Office-OLAF).
Your personal data will not be transferred to third countries or international organisations.
The processing of your data will not include automated decision-making (such as profiling).
You have the right to request that your data will be removed immediately after your request has been made.
Your personal data will be kept until 5th of May 2022. Data will be deleted at the end of this period.
You have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal.
Your request to exercise one of the above rights will be dealt with without undue delay and within one month.
If you have any queries concerning the processing of your personal data, you may address them to Head of Unit DEFIS A.1 DEFIS-A1@ec.europa.eu (entity acting as data controller).
You shall have right of recourse at any time to the Commission Data Protection Officer at DATA-PROTECTION-OFFICER@ec.europa.eu and to the European Data Protection Supervisor at https://edps.europa.eu.
1 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L295/39 of 21.11.2018).
2 Regulation (EU) No 1287/2013 of the European Parliament and of the Council of 11 December 2013 establishing a Programme for the Competitiveness of Enterprises and small and medium-sized enterprises (COSME) (2014 - 2020)
3 Please note this is the obligation to implement the Programme for the Competitiveness of Enterprises and small and medium-sized enterprises (COSME) 2014-2020 (see Commission Implementing Decision 2013/771/EU establishing the ‘Executive Agency for Small and Medium-sized Enterprises’ and repealing Decisions 2004/20/EC and 2007/372/EC)
4 European Economic Area countries include Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom.