- PRIVACY STATEMENT
Privacy statement for the 25th anniversary of the ECB
In relation to the 25th anniversary of the European Central Bank (ECB) on 24 May 2023, we collect personal data such as your first name, last name, email, organisation, country of residence and dietary requirements. We also ask about travel where relevant. ECB staff collects data manually via email or via ECB and EuropeanCommission IT systems.
What is our legal framework?
All personal data are processed in accordance with EU data protection law, that is to say in line with Regulation (EU) 2018/1725 (‘EUDPR’).
Why do we process personal data?
Personal data are processed for organisational purposes related to this event. We collect data to ensure visitors’ security while on the premises and to keep track of and monitor who is visiting the ECB’s premises. Upon consent, contact details may be registered for follow-up emails.
Personal data are also processed for the purpose of external communication. By joining the event, participants consent to having their photo taken, appearing in video and audio recordings and to the publication of resulting media files by the ECB on its website and official social media channels (Instagram, YouTube, Twitter, Flickr and LinkedIn). The use of social media by the ECB does not in any way imply endorsement of individual social media sites or their privacy policies. The ECB recommends that users read the Instagram, YouTube, Twitter, Flickr and LinkedIn privacy policies, which explain each company’s policy of data collection and processing, their use of data, user rights and the ways in which users can protect their privacy when using these services. If a participant does not consent or withdraws their consent, prior notification thereof to the ECB Directorate General Communications – Public Communication Division – Protocol Team must be explicitly given via e-mail ([email protected]). A photo/film-free zone, which photographers will respect, will be available on the premises where the dinner will be held.
What is the legal basis for processing your personal data?
Your personal data are processed by the ECB:
- in the performance of a task carried out in the public interest, based on Article 5(1)(a) of the EUDPR, in conjunction with the house rules of the ECB; or
- because you consented to this processing by providing the personal data requested. You may withdraw your consent at any time by contacting [email protected]. All processing of your personal information will stop once you withdraw your consent; however, any processing that has already taken place remains lawful.
Who is responsible for processing your personal data?
The ECB is the controller for the processing of your personal data. The Directorate General Communications is responsible for this processing.
Who will be the recipients of your personal data?
The recipients of your personal data (including entities that have access to that personal data) will be the teams in the Directorate General responsible for event and contact management, including related activities such as the transportation of participants, processing of access badges and plausibility checks.
Please note that this event is attended by members of the German federal constitutional bodies, amongst others, and their protection is a statutory task of the German Federal Criminal Police Office Bundeskriminalamtes (BKA) in accordance with point 1(a) of Section 6(1) of the Bundeskriminalamtgesetz (BKAG).
To fulfil this legal protection mandate, the BKA collects personal data from those who, during the event, come or can come into the physical vicinity of the persons to be protected by the BKA or into their common rooms. The authority to collect data derives from the first sentence of Section 9(2) of the BKAG, under which the BKA can collect personal data insofar as this is necessary to fulfil its protective tasks in accordance with Section 6 of the BKAG and accordingly does not require consent from the data subject. BKA asks that the persons affected by the data collection are informed accordingly.
The further processing of the collected data is usually limited to storage for the purpose of data comparison in accordance with the first sentence of Section 16(4) of the BKAG and for the purpose of access control and, if necessary, the creation of ID cards.
After the end of the event, the data will be deleted by the BKA, unless special circumstances require further processing in accordance with point 1 of Section 12(1) or point 1 of Section 12(2) of the BKAG or the deletion must be omitted due to an obligation to provide evidence pursuant to sentence 2 of Section 25(3) of the BKAG or the reasons pursuant to sentence 3 of Section 25(3) of the BKAG (in particular due to an initiated data protection control procedure).
What categories of personal data are collected?
The ECB processes the following personal data:
- First name
- Last name
- Contact details
- Country of residence
- Organisation
- Dietary requirements
- Travel details
Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?
Your personal data might exceptionally be processed in third countries/international organisations based on the derogations for specific situations set out in Article 50(1) EUDPR.
How long will the ECB keep personal data?
Your personal data will be stored for a maximum of five years.
What are your rights?
You have the right to access your personal data and correct any data that is inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with the EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.
Who can you contact for queries or requests?
You can exercise your rights by contacting [email protected]. You can also directly contact the ECB’s Data Protection Officer at [email protected] for all general queries relating to your personal data.
Addressing the European Data Protection Supervisor
If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.