You have a complaint against an EU institution or body?

Make a complaint
Make a complaint
HomeData protectionRegister of recordsDPO Record
Available languages: 
  • English

Privacy Statement of European Ombudsman’s Public Events

DPO Record - Date Wednesday | 12 May 2021

The European Ombudsman’s Public Events

Public record of processing activity[1]: Handling of personal and contact details, photos, video and audio recordings of speakers at and participants in the public events, either offline or online, of the European Ombudsman

1. Last update of this record: 12-05-2021

2. Reference number[2]: 4/2021

3. Name and contact details of the controller[3]: European Ombudsman, 1 avenue du Président Robert Schuman, CS 30403, F-67001 Strasbourg Cedex. Contact: Communications Unit, e-mail: eo-comm-contact@ombudsman.europa.eu

4. Name and contact details of the Data Protection Officer:

Ms Francesca Pavesi - Deputy DPO: Mr Nicholas Hernanz

Email: Dpo-Euro-Ombudsman@ombudsman.europa.eu

5. Name and contact details of the processor[4]: There may be processors for specific events: contractors and sub-contractors used for general organisation, management and payment of registration, travel organisation, etc.

Contractual clauses ensure that the data processors process the names, and contact and bank details of speakers and other participants in the Ombudsman’s events only on the Ombudsman’s instructions. The same clauses ensure that photographers may transfer photographs taken at an Ombudsman’s event only to the Communications Unit. All data processors must have received certification from recognized international data protection professionals.

In case of events streamed online, such as a webinar, the relevant web platform (i.e. WebEx) acts as the processor of your personal data for the technical provision of the online event, whether through a browser or a mobile application. The relevant privacy statements apply.

In case of using polling and questioning tools added to the digital platform (i.e. Slido), the relevant tool acts as a processor of certain data, such as the IP addresses of the participants. The relevant cookie policy and privacy statements apply.

6. Name and contact details of the joint controller(s)[5]:

For events organised on:

  • European Parliament (EP) premises: the EP is joint controller for the processing of authorisation to access its buildings for security purposes.
  • European Commission (EC) premises: the EC is joint controller for the processing of authorisation to access its buildings for security purposes.
  • private commercial premises (such as hotels): the private commercial entity is joint controller for the verification of event guests’ identities.

7. Purpose(s) of the processing[6]: The Communications Unit coordinates, organises and manages different types of public events in accordance with the Ombudsman’s strategy and the office’s annual management plan. Its objectives are to maintain high visibility of the office’s public interest work.

Data are therefore collected with a view to sending invitations and information to potential speakers and participants, enabling registration for the event, following up the event, and facilitating and improving the exchange of views and future cooperation with and among speakers and participants.

Data are also collected for the sake of facilitating financial and contractual relations with speakers and other participants and suppliers, making travel and hotel arrangements and meeting security requirements.

Images, such as photos and video and audio recordings, taken at events are used to communicate the Ombudsman’s activities.

8. Description of the categories of data subjects and of the categories of personal data[7]:

Data subjects

All persons (internal and external) invited to and participating in the events, i.e.:

  • members of the European Network of Ombudsmen;
  • representatives of EU institutions, bodies or agencies;
  • representatives of civil society organisations, associations and NGOs;
  • academics/individuals who closely follow the Ombudsman’s work;
  • journalists;
  • external suppliers such as moderators and photographers;
  • staff members of the Ombudsman’s office;
  • any participant in an Ombudsman event.

Data fields

  • Names of potential speakers, participants and external suppliers;
  • E-mail addresses and telephone numbers of speakers, participants and external suppliers;
  • Job titles, CVs of speakers;
  • Bank account details of speakers and external suppliers;
  • Names of employers of speakers (where applicable), participants and external suppliers;
  • Images, such as photos and video and audio recordings taken at events;
  • Images and audio and video recordings supplied by potential speakers;
  • Questions asked during online events by the participants via polling and questioning tools.

9. Time limit for keeping the data and, where possible, for erasure[8]: Names, e-mail addresses, telephone numbers, bank account details, CVs and names of employers (where applicable) of participants shall be kept for five years, after which they shall be deleted, while names, contact details, and images of speakers shall be archived for historical purposes.

Data, notably names, titles and images of speakers are published on the Ombudsman’s website and social media channels and remain there indefinitely.

Photos and video or audio recordings from public events are stored internally for five years, after which they are deleted. Those deemed relevant to the office’s activities are subsequently archived for historical purposes.

10. Recipients of the data[9]:

The Communications Unit, which coordinates, organises and manages public events in accordance with the Ombudsman’s strategy and the office’s annual management plan.

The Secretariat-General and the Personnel, Administration and Budget Unit, which handle the financial and contractual aspects of public events.

The Ombudsman’s Cabinet, which supplies the names and contact details of speakers or participants.

Names, job titles, and images of speakers and participants in events may appear on the Ombudsman’s website, on the Network’s Extranet and in the Annual Report, available to the public. The said data may also appear in Network in Focus, a newsletter of the European Network of Ombudsmen, which is available on the Network’s Extranet and on the Ombudsman’s website.

The data may also appear on the Ombudsman’s social media channels, which are publicly available.

The lists of speakers at and participants in an event are distributed to all speakers and participants.

Names, titles and images of speakers and participants in an event may be published in the internal newsletter of the Ombudsman’s office.

11. Are there any transfers of personal data to third countries and/or to International Organisations?[10]: N/A

12. General description of security measures[11]: Personal data of the Ombudsman’s staff, and of external data subjects – collected in the context of event organisation – are protected by security measures set up by the Information and Communication Technologies sector to preserve the integrity and confidentiality of the institution's electronic property.

13. Information on how data subjects can exercise their rights of access and rectification, and where applicable, of erasure, restriction and data portability[12]:

  • A data subject can exercise his/her rights, for example, by requesting access to and rectification or erasure of personal data, by sending an e-mail to eo-comm-contact@ombudsman.europa.eu. The request shall be dealt with without undue delay and in any case within a month.
  • When registering for an event, potential participants are informed that images of them might be taken during the event and used by the Ombudsman’s office for communication purposes. If they have any concerns, they may contact the Communications Unit via eo-comm-contact@ombudsman.europa.eu. The Unit will try to accommodate their concerns to the extent possible (for example, depending on the configuration of the room, or by darkening/covering their picture on collective printscreens taken during webinars and digital conferences).
  • Potential participants are also asked whether they want their contact details to be added to the Ombudsman’s contacts lists to be kept informed about future activities. All future communications allow them to unsubscribe from such lists, if they so wish.

Privacy Statement

relating to the collection of names, contact details, photos, video, audio recordings and photo and audio-visual aids, by the Communication Unit of the European Ombudsman's office

This privacy statement explains what personal data the European Ombudsman’s Office collects, why and how it collects, processes, uses and stores them. The statement also describes how data subjects can exercise their rights.

The data controller is the European Ombudsman.

1. What personal data does the European Ombudsman process?

  • Names of potential speakers, participants and external suppliers.
  • E-mail addresses and telephone numbers of speakers, participants and external suppliers.
  • Job titles, CVs of speakers.
  • Bank account details of speakers and external suppliers.
  • Names of employers of speakers (where applicable), participants and external suppliers.
  • Images, such as photos and video and audio recordings taken at events.
  • Images and audio and video recordings supplied by potential speakers.

2. Why does the European Ombudsman process these personal data?

For the sole purpose of coordinating, organising and managing the Ombudsman’s public events.

3. What are the legal bases and need for processing these data?

We process data in the performance of the European Ombudsman’s duties in the public interest in accordance with the Statute of the European Ombudsman, and Article 5(1)(a) of Regulation 2018/1725. We also ask potential participants whether they want their contact details to be added to our database.

4. Who is responsible for processing the data?

The European Ombudsman is responsible for data processing, which the Personnel, Administration and Budget, and Communication Units carry out. The Communication Unit may commission external professionals to take photos and make audio and video recordings of the Ombudsman’s public events.

5. Who is the processor?

There may be processors for specific events: contractors and sub-contractors used for general organisation, management and payment of registration, etc.

Contractual clauses ensure that the data processors process the names, and contact and bank details of speakers and other participants in the Ombudsman’s events only on the Ombudsman’s instructions. The same clauses ensure that photographers may transfer photographs taken at an Ombudsman’s event only to the Communications Unit. All data processors must have received certification from recognized international data protection professionals.

In case of events streamed online, such as a webinar, the relevant web platform (i.e. WebEx) acts as the processor of your personal data for the technical provision of the online event, whether through a browser or a mobile application. The relevant privacy statements apply.

In case of using polling and questioning tools added to the digital platform (i.e. Slido), the relevant tool acts as a processor of certain data, such as the IP addresses of the participants. The relevant cookie policy and privacy statements apply.

6. Who receives the data?

  • Team members of the Communications Unit, Secretariat-General, Personnel, Administration and Budget Unit, and the Ombudsman’s Cabinet, whose work requires them to handle the personal data in relation to the organisation of public events.
  • The Ombudsman’s website and Annual Report, available to the public. The Network’s Extranet, a website available only for Network members. The data may also appear in Network in Focus, a newsletter of the European Network of Ombudsmen, which is available on the Network’s Extranet and on the Ombudsman’s website.
  • The data may also appear on the Ombudsman’s social media channels, which are publicly available.
  • The lists of speakers at and participants in an event are distributed to all speakers and participants.
  • Names and images of speakers at and participants in an event may be published in the internal newsletter of the Ombudsman’s office.

7. How long will the data be kept?

  • Names and job titles of speakers at events, and names of their employers (where applicable), are published on the Ombudsman’s website.
  • Images and audio/video recordings from events are published on the Ombudsman’s website, used in her publications and distributed via the official social media accounts. They are also stored internally for five years, after which they are deleted. Those deemed relevant to the office’s activities are subsequently archived for historical purposes.

8. How do we protect your data?

Personal data are protected by security measures, set up by the Information and Communication Technologies sector at the Ombudsman’s office to preserve the integrity and confidentiality of the institution's electronic property.

9. What are your rights and how can you exercise them?

  • A data subject can exercise his/her rights, for example, by requesting access to and rectification or erasure of personal data, by sending an e-mail to eo-comm-contact@ombudsman.europa.eu. The request shall be dealt without undue delay and in any case within a month of receipt of the request.

a) When registering for an event, we inform potential participants that images of them might be taken during the event and used by the Ombudsman’s office for communication purposes. If they have any concerns, they may contact the Communications Unit via eo-comm-contact@ombudsman.europa.eu. The Unit will try to accommodate their concerns to the extent possible (for example, depending on the configuration of the room or by darkening their picture on collective print screens taken during webinars and digital conferences).

  • We also ask potential participants whether they want to be added to our contacts lists so that we can inform them about our activities. All future communications will allow them to unsubscribe from such lists, if they so wish.

10. Who to contact in case of queries or complaints concerning data protection issues?

At any time, a data subject may send data protection-related questions to:
eo-comm-contact@ombudsman.europa.eu

Head of Personnel, Administration and Budget Unit
European Ombudsman
1 avenue du Président Robert Schuman CS 30403
F-67001 Strasbourg Cedex

You may also contact the Data Protection Officer of the European Ombudsman: dpo-euro-ombudsman@ombudsman.europa.eu

or lodge a complaint with the European Data Protection Supervisor: edps@edps.europa.eu

Strasbourg, 12/05/2021

 

[1] To be filled in by the controller. See Article 31(1) and (5) on records of processing activities of Regulation 2018/1725: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018R1725

[2] For tracking. If the office decides to keep a central register, contact the keeper of that register to obtain a reference number.

[3] Use functional mailboxes as far as possible to ensure business continuity.

[4] Where applicable. If you use a processor (contractor) to process personal data on your behalf, please indicate so (e.g. 360° evaluations, outsourced IT services or pre-employment medical checks).

[5] Where applicable. If you are jointly responsible with another EU institution, please indicate so here (e.g. two institutions with shared medical service). If this is the case, make sure to mention in the description who is in charge of what and who people can address for their queries.

[6] Very concise description of what you intend to achieve; if you do this on a specific legal basis, mention it as well (e.g. staff regulations for selection procedures).

[7] In case data categories differ between different categories of persons, please explain as well (e.g.: suspects vs. witnesses in administrative inquiries)

[8] Indicate your administrative retention period including its starting point; differentiate between categories of persons or data where needed (e.g. in selection procedures: candidates who made it onto the reserve list vs. those who did not).

[9] Who will have access to the data within the European Ombudsman? Anyone outside the office? No need to mention entities that may have access in the course of a particular investigation (e.g. OLAF, EDPS, Court of Auditors).

[10] If yes, include the identification of the country or International Organisation and the documentation of suitable safeguards (e.g. processor in a third country using standard contractual clauses, a third-country public authority you cooperate with based on a treaty).

[11] Where possible. Include a general description of your security measures that you could also provide to the public. See Article 33 on security of processing of Regulation 2018/1725: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018R1725

[12] Consider publishing the relevant part of the privacy statement and providing a link. See Articles 15 and 16 on the information to be provided to the data subject(s) and Article 17 to 22 on the rights of data subjects of Regulation 2018/1725: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32018R1725

Download this publication in PDF format (417.89 KB)

Related documents

Other