e-Services on JRC Websites (DPO-2176) Privacy Statement
An e-Service is made available on web pages in order to offer an online electronic registration for: ERNCIP INVENTORY
e-Services are tools on the internet websites of the Joint Research Centre (JRC) enabling a given research community (e.g. committee, working group, project group, etc.) geographically spread across Europe (and beyond) to maintain a private space on Internet where they can share information, documents, participate in discussion fora, download software, subscribe JRC publications etc.
Your personal data will be collected and further processed for the purposes detailed hereafter under point 2. This processing of personnel data is under the responsibility of the Head of Unit Internal and external communication at the JRC. The Unit Head of the Unit "Technology Innovation in Security", who manages the processing itself, acts as personal data processor.
As this processing collects and further processes personal data, Regulation (EC) 45/2001, of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, is applicable.
2. What personal information do we collect, what is the legal basis, for what purpose and through which technical means?
First name and last name of person, job title, institution, address, country, e-mail address, phone, preferred data format, and preferred coordinate format. A username and password could also be set up at the first registration.
Legal Basis of Processing:
- The Framework Programme for Research and Innovation (2014-2020) - Horizon 2020.
- Registration and participation of data subjects are provided on a purely voluntary basis.
Purpose of Processing:
The purpose of the processing of personal data for the e-Services is to provide secure access and information exchange, management of data bases, including management of communications to users.
The user data are collected through web forms and stored inside a SQL database.
3. Who has access to your information and to whom is it disclosed?
The access to all personal data is only granted through user_Id / Password to a defined population of users. These users typically are: the Unit Head acting as controller of the processing of personal data, the system administrators of the software. No personal data is transmitted to parties, which are outside the recipients and the legal framework mentioned.
4. How do we protect and safeguard your information?
The collected personal data is stored on the servers of JRC and underlie the Commission Decision C (2006) 3602 of 17/08/2006 "concerning the security of information systems used by the European Commission" defines IT security measures in force. Annex I defines the security requirements of EC Information Systems. Annex II defines the different actors and their responsibilities. Annex III defines the rules applicable by users. See notification DPO-1946.
5. How can you verify, modify or delete your information?
Registered users have direct password-protected web access to their profile and are able to update it or to cancel their registration.
6. How long do we keep your data?
The time limit for storing personal data is fixed to max. 4 years starting from filling in the registration form on the Internet, unless the Controller launches an update of the registrations, asking the Data subjects to update or cancel the stored information including their personal data. Registered users have password protected direct web access to their profile and can cancel their registration at any moment.
7. Contact Information
Should you have any queries concerning the processing of your personal data, please address them to the controller or to the following processor address:
On questions relating to the protection of personal data, you can contact:
- DG JRC Data Protection Co-ordinator: firstname.lastname@example.org
- Commission's Data Protection Officer: email@example.com
In the event of a dispute, you can send a complaint to:
- European Data Protection Supervisor: firstname.lastname@example.org