Your personal data is processed in accordance with Regulation (EU) No 2018/17251 on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data. 

The data controller of the processing operation is the Head of Unit I.02 SMP / COSME Pillar of the European Innovation Council and SMEs Executive Agency (EISMEA) - EISMEA-SMP-COSME-ENQUIRIES@ec.europa.eu

The following entities process your personal data on our behalf:  

  • its approved third-party authorised subprocessor Mailjet for the purpose mentioned below. 

The legal basis for the processing activities is/are: 

  • Article 5(1)(a) of Regulation EU 2018/1725 because processing is necessary for the performance of a task carried out in the public interest (or in the exercise of official authority vested in the Union institution or body)2; 

  • Article 5(1)(d) of Regulation EU 2018/1725 based on your explicit consent for your non-mandatory personal data indicated below whereby the data subject has unambiguously given his or her consent to provide the data necessary for the subscription to the newsletter.  

The purposes of this processing are to provide a platform for the network of cities and city stakeholders joining the Intelligent Cities Challenge (ICC), to deliver ongoing support throughout the initiative in order to provide the interested public with the most relevant information about the functioning of the ICC network, including events, news and publications, to reply to questions sent through the contact form and to manage the subscription to the network's e-mail newsletter. Via the home page of the website, ICC participants can also access the dashboard of the ICC.  

The following of your personal data is collected:  

  • For anyone registering as part of an ICC City Team, expert or support staff with access to the ICC Dashboard section: first name, last name, city, country, email address, IP address; 

  • For anyone registering to the ICC newsletter: email address, IP address; 

  • For all website visitors: IP address and cookies are gathered to monitor site traffic using Google Analytics. 

These elements are mandatory for the purposes outlined above and they are necessary for the verification of your data, the establishment of an account and for delivering the services requested (such as the subscription to the newsletter). 

For the purpose of sending newsletters, Mailjet, third party tool under Technopolis Group, Arctik, Vox Teneo, BCW, OFCORES (contractor) responsibility, will process the participants name and email address (mandatory). For more information on Mailjet’s privacy policy, please refer to: https://www.mailjet.com/dpa.    

The recipients of your personal data will be the EISMEA and European Commission staff in charge of the ICC initiative, the contractors above mentioned in charge of the ICC website management and the project dissemination and bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, Court of Auditors, European Anti-fraud Office (OLAF)).   

Your personal data will not be transferred to third countries or international organisations. 

The processing of your data will not include automated decision-making (such as profiling).  

The following technical and organisational security measures are in place to safeguard the processing of your personal data: 

  • All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of EISMEA, the European Commission (and of its contractors if contractors are engaged to assist the controller in the organisation and management of meeting(s) or event(s); 

  • All processing operations are carried out pursuant to Commission Decision (EU, Euratom) 2017/46 of 10 January 20117 on the security of communication and information systems in the European Commission; 

  • In order to protect your personal data, EISMEA and European Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of given processing operations; 

  • EISMEA and Commission contractors are bound by specific contractual clauses for any processing operations of your personal data on their behalf and by the confidentiality obligations deriving from the General Data Protection Regulation ('GDPR' - Regulation (EU) 201/679). 

 

From the contractor side, the following technical and organisational security measures are in place to safeguard the processing of your personal data:  

  • Software security measures providing that all software in use on the IT Systems are kept up to date, are duly approved and installed only where that installation poses no security risk to the IT Systems, for the protection of which suitable anti-virus, firewall and internet security software are in place;  

  • Hardware security measures requiring restricted access locations for IT Systems, in rooms which may be securely locked when not in use, secure transport and protection of mobile devices and the provision of all reasonable efforts to avoid such mobile devices from being left unattended at any location other than their users’ private homes or the company premises;  

  • Access security measures in the form of password policies applicable to all IT Systems, aimed at ensuring network security, data integrity and computer systems protection. 

Your personal data will be kept for the duration of the ICC initiative and no longer than 30 November 2030. 

You have the right to access your personal data and to request your personal data to be rectified if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal. 

Your request to exercise one of the above rights will be dealt with without undue delay and within one month. 

Your right to information, access, rectification, erasure, restriction or objection to  processing, communication of a personal data breach or confidentiality of electronic communications may be restricted only under certain specific conditions as set out in the applicable Restriction Decision in accordance with Article 25 of Regulation (EU) 2018/1725. 

If you have any queries concerning the processing of your personal data, you may address them to the Head of Unit I.02 SMP / COSME Pillar of the European Innovation Council and SMEs Executive Agency (EISMEA) – via the following e-mail address  EISMEA-SMP-COSME-ENQUIRIES@ec.europa.eu

You shall have right of recourse at any time to the EISMEA Data Protection Officer at EISMEA-DPO@ec.europa.eu and to the European Data Protection Supervisor at https://edps.europa.eu

 
Version February 2023