Your personal data is processed in accordance with Regulation (EU) No 2018/1725 on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.
The data controller of the processing operation is the Head of Unit I.02 SMP / COSME Pillar of the European Innovation Council and SMEs Executive Agency (EISMEA) - EISMEA-COSME-DP@ec.europa.eu.
The following entities process your personal data on our behalf:
- the contractor as data processor: Technopolis Group ,WAAT Ltd, BCW, OFCORES - firstname.lastname@example.org.
- Its approved third-party authorised subprocessors, Teams, WebEx, CheckMarket, Conceptboard, Mailjet, Mentimeter, Slido, Zoom used to organise and support event activities on behalf of EISMEA and the European Commission.
The legal basis for the processing activities is/are:
- Article 5(1)(a) of Regulation EU 2018/1725 because processing is necessary for the performance of a task carried out in the public interest (or in the exercise of official authority vested in the Union institution or body)2;
- Article 5(1)(d) of Regulation EU 2018/1725 based on your explicit consent for your non-mandatory personal data indicated below.
The purposes of this processing are:
- to register interested persons to ICC events and meetings and to include them on participant lists,
- to set up networking activities for event participants (bilateral meetings) (if applicable)
- to inform you about the Intelligent Cities Challenge (ICC) events and meetings,
- to give you access to the documents created for the ICC community and exchange with the ICC community members as part of any events organised,
- to inform participants about follow-up activities of the events related to the topic of the event or meeting, including feedback collection and specific, related communication activities, such as e-mailing, monitoring and evaluation of an event or meeting,
- to reimburse travel and/or accommodation costs where applicable.
The following of your personal data are collected:
- for event participants: first name, last name, organisation name, organisation, (professional/personal) e-mail address, country, city, IP address.
- for event speakers: first name, last name, organisation name, organisation, (professional/personal) e-mail address, IP address, biography, photo and CV, bank account information (for travel imbursements, if applicable).
In addition, the following non-mandatory personal data are collected based on your explicit prior consent: photo or video materials depicting you, your social media account handles, comments you decide to share, feedback, questions, contributions during the event or meeting.
Please note that the event or the meeting may be recorded or web-streamed if so indicated by the organisers. This means it is possible that you will be recorded. It is also possible that photographs of you will be taken during the event and might be used for online and offline communication activities related to the ICC. Upon registration to the event or meeting, you can give your explicit consent to have your images recorded and published on related communication channels. For the meetings not requiring a registration, organisers will inform the participants at the start of the meeting about alternatives on how to take part in the event without being recorded. Moderators and speakers will be contacted by the contractor to obtain their explicit consent to have their image recorded in the knowledge that any audio-visual materials may be used for the creation of offline communication material and published online on communication channels, such as social media accounts, image hosting sites and websites linked to the promotion of EISMEA’s activities (European Commission, European Innovation Council and SMEs Executive Agency (EISMEA) social media accounts and web pages). In the absence of consent, moderators and speakers have the possibility to remain unseen by not activating their video during the event or meeting.
The recipients of your personal data will be the EISMEA and Commission staff in charge of the ICC initiative, the contractors above mentioned in charge of the organisation of the event or meeting and in charge of the follow-up communication activities and bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, Court of Auditors, European Anti-fraud Office (OLAF)).
The following third-party tools might be used for the organisation of the ICC events and meetings:
- For the purpose of hosting the events, updating news, informing people about the events organisation and streaming recorded sessions, storing and sharing of material, uploading of deliverables, working together on content, Teams, a third-party tool under contractor’s responsibility collects email, title, first name, last name, country, company and job, phone number, IP address, and browser-generated information (including device information, operating system, device type, cookies or other technologies used to analyse users’ activity). It hosts the collected personal data within the European Union. Teams privacy statement can be found at https://docs.microsoft.com/en-us/microsoftteams/teams-privacy.
- For the purpose of hosting web meetings, WebEx, third-party tool under contractor’s responsibility, collects data when the participant registers and use the Cisco WebEx service. It collects name, email address, password, public IP address, browser, phone number (optional), mailing address (optional), geographic region, avatar (optional), user information included in the customer’s active directory (if synched), Unique User ID (UUID). CISCO and the contractor have access to the data. It hosts the collected personal data within the European Union. Detailed information on CISCO WebEx’s data privacy policies is also available here: https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf.
Your personal data will not be transferred to third countries or international organisations, with the exception of data collected by third-party tools Conceptboard, Mailjet, Mentimeter, Slido and Zoom:
- If Conceptboard transfers data to a third country, it does so in accordance with European law. It transfers data only to third countries with a recognised level of data protection, or on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission, (Article 44 to 49 GDPR, information page of the EU Commission). For more information, please see: https://conceptboard.com/privacy/.
- If Mailjet transfers data to third countries, it does so in accordance with EU law and puts in place the following safeguards: (1) Standard Contractual Clauses as per European Commission’s Decision 2010/87/EU and, (2) additional safeguards with respect to security measures including data encryption and data minimisation principles. For more information, please see: https://www.mailjet.com/dpa/
- Mentimeter might transfer your personal data to countries other than the one in which you live. Most transfers are made to processors within the United States, under the provisions of the Standard Contractual Clauses as adopted by the European Commission or any other appropriate safeguard such as the Binding Corporate Rules in order to ensure and provide for an adequate level of protection in relation to data privacy. Mentimeter does not sell personal data to processors. For more information, please see: https://www.mentimeter.com/privacy.
- Slido will only transfer data to third countries if there are sufficient controls in place to protect it (e.g., they may make the recipients promise they will protect your data in their contracts with them). For more information, please see: https://www.sli.do/terms#privacy-policy.
- Zoom may transfer and process personal data to and in the United States and anywhere else in the world where Zoom, its affiliates, or its authorised subprocessors maintain data processing operations. Zoom shall ensure that such transfers are made in compliance with Applicable Data Protection Law and the global data processing addendum, which is available at: https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf.
The processing of your data will not include automated decision-making (such as profiling).
Your personal data will be kept for the duration of the ICC initiative and no longer than 29 May 2025. Data will be deleted at the end of this period.
You have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal.
Your request to exercise one of the above rights will be dealt with without undue delay and within one month.
If you have any queries concerning the processing of your personal data, you may address them to the Head of Unit I.02 SMP / COSME Pillar of the European Innovation Council and SMEs Executive Agency (EISMEA) (entity acting as data controller) via the following email address: EISMEA-COSME-DP@ec.europa.eu.
Version April 2021