Data Protection Notice

Date: 27 June 2019


Your personal data are processed in accordance with Regulation (EU) No 2018/17251 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.

The data controller of the processing operations for the needs of this event is Head of Unit DEFIS A.1, European Commission.

The following entities process your personal data on behalf of the data controller: the Head of Unit A.1 COSME2 of the Executive Agency for Small and Medium-sized Enterprises (EASME)3, the contractor, ICF NEXT as data processor,, and GetResponse, sub-processor of the contractor.

These entities process your personal data in accordance with Regulation (EU) No 2018/1725.

The legal basis for the lawfulness of processing operations is Article 5(a) of Regulation (EU) No 2018/1725 whereby processing of your personal data is necessary for the performance of a task carried out in the public interest on the basis of the Treaties or other legal instruments adopted on the basis thereof; and Article 5(d) of Regulation (EU) No 2018/1725 whereby the data subject has unambiguously given his or her consent to provide the data necessary for the subscription to the newsletter.

The purpose of this processing operation is to register regional organisations, clusters or similar bodies in the EU interested in joining the European Network of Defence-Related Regions (ENDR); to collect information on dual use strategies, developments and relevant events in order to provide the interested public with the most relevant information about the functioning of the Network and to manage the subscription to the Network's e-mail newsletter and alerts. The website serves also as an access point to the Network where regional organisations and interested third parties can find respective information (info-sheets) on registered organisations. Via the home page of the site, registered users can also access the Intranet of the European Network of Defence-Related Regions whose access is restricted to Network members.

The following of your personal data are collected: your name, position, professional e-mail address, phone number, IP address, website data, geolocation, and browser-generated information, cookies or other technologies used to track users’ activity. These elements are mandatory for the purposes outlined above and they are necessary for the verification of your data, the establishment of an account and for delivering the services requested (such as the subscription to the newsletter).

For the purpose of sending newsletters, GetResponse, third party tool under ICF NEXT (contractor) responsibility, hosts the collected personal data within European Economic Area4 servers. For information on how GetResponse uses cookies, please see GetResponse Cookie Policy available at Please also see GetResponse privacy policy at:

In addition, the following non-mandatory personal data are collected: your social media accounts. These can only be processed based on your explicit prior consent.

The recipients of your data will be European Commission and EASME Agency staff members (in charge of the project and responsible for EU Defence Policy), the partners of the ENDR (regional organisations, clusters and/or other bodies which are members of the Network), ENDR staff members (the Contractor), and the system operator (the Contractor and its sub-processors) who are respectively responsible for the dissemination activity of the programme and for the management of the website. The information in question can be communicated to bodies charged of monitoring or inspection tasks in application of Union law (e.g. internal audits, European Anti-fraud Office-OLAF).

Your personal data will not be transferred to third countries or international organisations.

The processing of your data will not include automated decision-making (such as profiling).

You have the right to request that your data will be removed immediately after your request has been made.

Your personal data will be kept until 5th of May 2022. Data will be deleted at the end of this period.

You have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal.

Your request to exercise one of the above rights will be dealt with without undue delay and within one month.

If you have any queries concerning the processing of your personal data, you may address them to Head of Unit DEFIS A.1 (entity acting as data controller).

You shall have right of recourse at any time to the Commission Data Protection Officer at and to the European Data Protection Supervisor at


1 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L295/39 of 21.11.2018).

2 Regulation (EU) No 1287/2013 of the European Parliament and of the Council of 11 December 2013 establishing a Programme for the Competitiveness of Enterprises and small and medium-sized enterprises (COSME) (2014 - 2020)

3 Please note this is the obligation to implement the Programme for the Competitiveness of Enterprises and small and medium-sized enterprises (COSME) 2014-2020 (see Commission Implementing Decision 2013/771/EU establishing the ‘Executive Agency for Small and Medium-sized Enterprises’ and repealing Decisions 2004/20/EC and 2007/372/EC)

4 European Economic Area countries include Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom.