Your personal data is processed in accordance with Regulation (EU) No 2018/1725 on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data. 

The data controller of the processing operation is the Head of Unit I.02 SMP / COSME Pillar of the European Innovation Council and SMEs Executive Agency (EISMEA) - EISMEA-COSME-DP@ec.europa.eu.  

The following entities process your personal data on our behalf:  

  • the contractor as data processor: Technopolis Group ,WAAT Ltd, BCW, OFCORES  - helpdesk_icc@technopolis-group.com
  • Its approved third-party authorised subprocessors, Teams, WebEx, CheckMarket, Conceptboard, Mailjet, Mentimeter, Slido, Zoom used to organise and support event activities on behalf of EISMEA and the European Commission. 

The legal basis for the processing activities is/are: 

  • Article 5(1)(a) of Regulation EU 2018/1725 because processing is necessary for the performance of a task carried out in the public interest (or in the exercise of official authority vested in the Union institution or body)2; 
  • Article 5(1)(d) of Regulation EU 2018/1725 based on your explicit consent for your non-mandatory personal data indicated below. 

The purposes of this processing are: 

  • to register interested persons to ICC events and meetings and to include them on participant lists, 
  • to set up networking activities for event participants (bilateral meetings) (if applicable) 
  • to inform you about the Intelligent Cities Challenge (ICC) events and meetings, 
  • to give you access to the documents created for the ICC community and exchange with the ICC community members as part of any events organised, 
  • to inform participants about follow-up activities of the events related to the topic of the event or meeting, including feedback collection and specific, related communication activities, such as e-mailing, monitoring and evaluation of an event or meeting, 
  • to reimburse travel and/or accommodation costs where applicable. 

The following of your personal data are collected:  

  • for event participants: first name, last name, organisation name, organisation, (professional/personal) e-mail address, country, city, IP address.   
  • for event speakers: first name, last name, organisation name, organisation, (professional/personal) e-mail address, IP address, biography, photo and CV, bank account information (for travel imbursements, if applicable). 

 
In addition, the following non-mandatory personal data are collected based on your explicit prior consent: photo or video materials depicting you, your social media account handles, comments you decide to share, feedback, questions, contributions during the event or meeting.  

Please note that the event or the meeting may be recorded or web-streamed if so indicated by the organisers. This means it is possible that you will be recorded. It is also possible that photographs of you will be taken during the event and might be used for online and offline communication activities related to the ICC. Upon registration to the event or meeting, you can give your explicit consent to have your images recorded and published on related communication channels. For the meetings not requiring a registration, organisers will inform the participants at the start of the meeting about alternatives on how to take part in the event without being recorded. Moderators and speakers will be contacted by the contractor to obtain their explicit consent to have their image recorded in the knowledge that any audio-visual materials may be used for the creation of offline communication material and published online on communication channels, such as social media accounts, image hosting sites and websites linked to the promotion of EISMEA’s activities (European Commission, European Innovation Council and SMEs Executive Agency (EISMEA) social media accounts and web pages). In the absence of consent, moderators and speakers have the possibility to remain unseen by not activating their video during the event or meeting.  

The recipients of your personal data will be the EISMEA and Commission staff in charge of the ICC initiative, the contractors above mentioned in charge of the organisation of the event or meeting and in charge of the follow-up communication activities and bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, Court of Auditors, European Anti-fraud Office (OLAF)).    

The following third-party tools might be used for the organisation of the ICC events and meetings

  • For the purpose of hosting the events, updating news, informing people about the events organisation and streaming recorded sessions, storing and sharing of material, uploading of deliverables, working together on content, Teams, a third-party tool under contractor’s responsibility collects email, title, first name, last name, country, company and job, phone number, IP address, and browser-generated information (including device information, operating system, device type, cookies or other technologies used to analyse users’ activity). It hosts the collected personal data within the European Union. Teams privacy statement can be found at https://docs.microsoft.com/en-us/microsoftteams/teams-privacy.  
  • For the purpose of hosting web meetings, WebEx, third-party tool under contractor’s responsibility, collects data when the participant registers and use the Cisco WebEx service. It collects name, email address, password, public IP address, browser, phone number (optional), mailing address (optional), geographic region, avatar (optional), user information included in the customer’s active directory (if synched), Unique User ID (UUID). CISCO and the contractor have access to the data. It hosts the collected personal data within the European Union. Detailed information on CISCO WebEx’s data privacy policies is also available here: https://trustportal.cisco.com/c/dam/r/ctp/docs/privacydatasheet/collaboration/cisco-webex-meetings-privacy-data-sheet.pdf
  • CheckMarket, a third-party tool under contractor’s responsibility, is used as a survey platform to collect data relevant also to event participation from ICC participants and externals, including for participation in events and workshop sessions, thematic preferences, event feedback. Respondents to surveys powered by CheckMarket, provide manually entered information for the purpose of responding to the survey by the organiser. Subject to the survey, personal data may include name, address, phone, email, employer and position. CheckMarket processes all data provided by its users with accounts in its European Data Region, in the European Economic Area (EEA) only. For more information on CheckMarket’s privacy policy, please refer to https://www.checkmarket.com/privacy-policy/.  
  • Conceptboard, a third-party tool under the contractor’s responsibility might be used as part of events to collect live feedback and to facilitate visual collaboration between event attendees. Conceptboard processes use information on pages and files accessed, the date and time of access, data volumes transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page) and, as a general rule, IP addresses and the requesting provider. For users who chose to register, Conceptboard also collects a user’s name, password and an e-mail address (optional). It collects these data to provide contractual and services support, to provide online services and for security purposes. User data will not be stored for longer than 28 days. For more information on Conceptboard’s privacy policy, please refer to: https://conceptboard.com/privacy/  
  • Mailjet, a third-party tool under the contractors’ responsibility will be used for the purpose of sending emails to inform participants about the event, follow-up activities related to the topic of the event or meeting, feedback collection and specific, related communication activities such as monitoring and evaluation of an event or meeting. Mailjet will process the participants name and email address (mandatory). For more information on Mailjet’s privacy policy, please refer to: https://www.mailjet.com/dpa/  
  • For the purpose of collecting feedback and survey responses from ICC participants before, during and after events, Mentimeter, a third-party tool under contractor’s responsibility, collects data from the participants. What data is collected depends on how the participant interacts with Mentimeter. A participant will typically be a ‘visitor’ who visits Mentimeter, attends webinars, participates in contests, surveys or in any other way interacts with Mentimeter. Mentimeter collects interaction information (how you use the services and your system activities), device information (IP address, browser settings, operative system and platform). Depending on how you engage with Mentimeter, it may collect non-mandatory contact information (name, email address), third-party information (may use third-party sites and third-party platforms as well as publicly available information to collect and add some information to the information provided in order to provide relevant communication for marketing purposes) and cookie information. For Mentimeter’s privacy policy, please refer to https://www.mentimeter.com/privacy.
  • For the purpose of collecting feedback and survey responses from ICC participants before, during and after events, Slido, a third-party tool under contractor’s responsibility, collects data from the participants. For provision of these services Slido collects collect the minimum personal data necessary and does not use automated decision making or profiling techniques. This data includes participant profile data such as name, email address and company (optional). For Slido’s privacy policy, please refer to https://www.sli.do/terms#privacy-policy
  • Zoom, a third-party tool under contractor's responsibility, is used for the purpose of hosting web meetings. It collects data when the participant registers and uses the videoconferencing tool. Zoom processers personal data on for the purposes of providing the services in accordance with the agreement with the customer. Type of personal data depends on the use of the services include: cloud recordings (optional) of video, audio, whiteboards, captions, presentations text file of meeting chats, meeting notification content and text message alerts (optional) covering name and contact of message recipient and any free text meeting details input by the user, meeting and webinar title, data and time, pools, chat logs, attendee information (screen name, join/leave time), registration details (optional) such as name and contact details of meeting or webinar registration invitee, questions and answers as well as survey information, chat messages and in-chat image sharing. For more information on Zoom’s privacy policy, please consult: https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf.   

Your personal data will not be transferred to third countries or international organisations, with the exception of data collected by third-party tools Conceptboard, Mailjet, Mentimeter, Slido and Zoom:  

  • If Conceptboard transfers data to a third country, it does so in accordance with European law. It transfers data only to third countries with a recognised level of data protection, or on the basis of special guarantees, such as a contractual obligation through so-called standard protection clauses of the EU Commission, (Article 44 to 49 GDPR, information page of the EU Commission). For more information, please see: https://conceptboard.com/privacy/
  • If Mailjet transfers data to third countries, it does so in accordance with EU law and puts in place the following safeguards: (1) Standard Contractual Clauses as per European Commission’s Decision 2010/87/EU and, (2) additional safeguards with respect to security measures including data encryption and data minimisation principles. For more information, please see: https://www.mailjet.com/dpa/ 
  • Mentimeter might transfer your personal data to countries other than the one in which you live. Most transfers are made to processors within the United States, under the provisions of the Standard Contractual Clauses as adopted by the European Commission or any other appropriate safeguard such as the Binding Corporate Rules in order to ensure and provide for an adequate level of protection in relation to data privacy. Mentimeter does not sell personal data to processors. For more information, please see: https://www.mentimeter.com/privacy.
  • Slido will only transfer data to third countries if there are sufficient controls in place to protect it (e.g., they may make the recipients promise they will protect your data in their contracts with them). For more information, please see: https://www.sli.do/terms#privacy-policy.  
  • Zoom may transfer and process personal data to and in the United States and anywhere else in the world where Zoom, its affiliates, or its authorised subprocessors maintain data processing operations. Zoom shall ensure that such transfers are made in compliance with Applicable Data Protection Law and the global data processing addendum, which is available at: https://zoom.us/docs/doc/Zoom_GLOBAL_DPA.pdf.   

The processing of your data will not include automated decision-making (such as profiling).  

Your personal data will be kept for the duration of the ICC initiative and no longer than 29 May 2025. Data will be deleted at the end of this period.   

You have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal. 
 
Your request to exercise one of the above rights will be dealt with without undue delay and within one month.  

If you have any queries concerning the processing of your personal data, you may address them to the Head of Unit I.02 SMP / COSME Pillar of the European Innovation Council and SMEs Executive Agency (EISMEA)  (entity acting as data controller) via the following email address: EISMEA-COSME-DP@ec.europa.eu

You shall have right of recourse at any time to the EISMEA Data Protection Officer at EISMEA-DPO@ec.europa.eu and to the European Data Protection Supervisor at https://edps.europa.eu

Version April 2021