Members of the Subgroup on Platforms of the Project Group on Import and Export
Customs Formalities Related to Low Value Consignments
MEMBER STATES:
BE, CZ, EE, FR, HU, IE, IT, LT, NL, PL, PT, RO, SE
MARKETPLACES:
ALIBABA, ALLEGRO, AMAZON, EBAY, ETSY, RAKUTEN, WISH
POSTAL OPERATORS:
DEUTSCHE POST, LA POSTE, MAGYAR POSTA, POSTNL, POSTA SLOVENIJE
D.O.O.
EXPRESS CARRIERS:
DHL, FEDEX, UPS
OTHER TRADE REPRESENTATIVES ORGANISATION:
CLECAT, EUROCOMMERCE, IPC
ANNEX II
3
Draft agenda for the 4th meeting of the Subgroup on Platforms of the Customs 2020
Project Group on the Import and Export Customs Formalities Related to Low
Value Consignments
(Brussels, 4 March 2021)
1. Adoption of the agenda
2. Presentation of the data protection and data privacy rules
3. Analysis of the data needs and data availability for the purpose of the new
customs filing by the platforms
4. Any other business
ANNEX III
4
ONLINE MEETINGS ETIQUETTE
x
Participants are asked to join 20 minutes before the actual meeting time in
order to settle a connection, audio or video issue.
x
When joining, participants will add their Member State or Organisation in front
of their name.
x
When joining all participants will be muted. Meeting host has also an option to
mute participants manually (everybody and individually).
x
Meeting and its transcript (chat log) will be recorded.
x
Questions should be written down in the chat channel also stating the MS or
Organisation from where the questions comes – Commission will decide which
questions to answer directly (as the answer may require coordination which is
not possible during VC).
x
When participants want to intervene on their own initiative, they can use the
“Raise hand” option or use the WebEx chat to write the question.
x
If clarification about the question asked in the chat is needed, the host can ask
the person to unmute and explain further via audio.
x
One colleague will moderate the online meeting and another colleague will
monitor the chat and ‘raised hands’ to ensure smooth online meeting.
You can find more detailed information on how to join a WebEx meeting on the WebEx
official page:
https://help.webex.com/en-us/8bzter/Cisco-Webex-Meetings-Video-Tutorials
5
EUROPEAN COMMISSION
ANNEX IV
PROTECTION OF YOUR PERSONAL DATA
This privacy statement provides information about the processing and the protection of
your personal data.
Processing operation: Organisation and management of meetings in the context of the Customs
and Fiscalis 2020 programmes for meetings that are not linked to expert groups.
Data Controller: European Commission, Directorate- General Taxation and Customs Union,
Unit TAXUD.A.2
Record reference: DPO-3078-5
Table of Contents
1. Introduction
2. Why and how do we process your personal data?
3. On what legal ground(s) do we process your personal data?
4. Which personal data do we collect and further process?
5. How long do we keep your personal data?
6. How do we protect and safeguard your personal data?
7. Who has access to your personal data and to whom is it disclosed?
8. What are your rights and how can you exercise them?
9. Contact information
10. Where to find more detailed information?
6
1. Introduction
The European Commission (hereafter ‘the Commission’) is committed to protect your personal
data and to respect your privacy. The Commission collects and further processes personal data
pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of
23 October 2018 on the protection of natural persons with regard to the processing of personal
data by the Union institutions, bodies, offices and agencies and on the free movement of such
data.
This privacy statement explains the reason for the processing of your personal data, the way we
collect, handle and ensure protection of all personal data provided, how that information is used
and what rights you have in relation to your personal data. It also specifies the contact details of
the responsible Data Controller with whom you may exercise your rights, the Data Protection
Officer and the European Data Protection Supervisor.
This privacy statement concerns the processing operation
Organisation and management of
meetings in the context of the Customs and Fiscalis 2020 programmes for meetings that are not
linked to expert groups undertaken by
the European Commission
Directorate- General Taxation
and Customs Union
, unit TAXUD.A.2, as presented below.
2. Why and how do we process your personal data?
Purpose of the processing operation: The European Commission collects and uses your personal
information only for the organisation, preparation, management and follow-up of meetings
financed through the Customs and Fiscalis 2020 and successor programmes that are not expert
group meetings. More specifically, this concerns the following processing activities:
x communication activities such as sending e-mails and invitations (this entails the
management of contact lists for correspondence);
x exchange of meeting documents (notably through information sharing and circulation of
documents via
o e-mail, and/or
o the Advanced Gateway to EU Meetings (AGM) online system for meeting
organisation (see Record of processing DPR-EC-01141 - Information system
supporting the organisation of meetings (former notification DPO-3911)), and/or
o CIRCABC (see Record of Processing DPR-EC-01666 - CIRCA and CIRCABC
– Global User Directory (former notification DPO-1008))) and/or,
o ART2 (see DPR-EC-04047.1).
x organisational and administrative activities to ensure the participants' access to
Commission premises (see Record of Processing DPR-EC-00655 (Commission Physical
Access Control System (PACS)));
x reimbursement of travel, subsistence costs or payment of special allowances in the sense
of Article 21 of Commission decision C(2016) 3301 (see Record of Processing DPR-EC-
00301 - Legal Entities and Bank Accounts (former notifications DPO-372 and DPO-300
and ART2 (see DPR-EC-04047.1));
x audio-visual recording of the meetings for the purpose of drafting minutes (see Record of
Processing DPR-EC-01937 (Audio-visual recording of meetings));
Your personal data will
not be used for an automated decision-making including profiling.
3. On what legal ground(s) do we process your personal data
We process your personal data, because processing is necessary for the performance of a task
carried out in the public interest (Article 5(1)(a) of Regulation (EU) No 2018/1725).
Bringing together customs and tax officials in different types of meetings plays an important role
in enabling the Member States' authorities to improve cooperation, exchange expertise, build
confidence, share knowledge as a basis for respectively supporting the functioning and
7
modernisation of the customs union (customs) and improving the proper functioning of the
taxation systems in the internal market (Fiscalis-taxation).
4. Which personal data do we collect and further process?
In order to carry out this processing operation the Data Controller may collect the following
categories of personal data:
Personal data necessary for organising and managing meetings such as gender (Mr/Ms),
name, organisation to which he/she belongs, e-mail address, phone/fax number;
Personal data necessary for security (access control to Commission premises) such as ID
card/Passport number and date of birth, name, surname, organisation he/she belongs to,
gender;
Personal data necessary for reimbursements purposes such as name, means of transport, hotel
accommodation and banking details;
Personal data necessary for payment of special allowances, such as name and banking
details;
Personal data included in the minutes of meetings, such as names of meeting participants and
their positions expressed (in case of representatives of organisations, Member States’
authorities and other public entities, only based on their prior freely given, specific, informed
and unambiguous consent, if at all).
Personal data necessary for establishing the attendance list and the minutes: signature, audio-
visual recording of the meeting.
If you do not provide these personal data, possible consequences are the impossibility to attend
meetings and/or to be reimbursed or paid.
We have obtained your personal data either directly from you, via the competent National
department, another public entity or organisation that you work for or via the Permanent
Representation of your country in Brussels.
5. How long do we keep your personal data?
The Data Controller only keeps your personal data for the time necessary to fulfil the purpose of
collection or further processing, namely for a maximum of 5 years after closure of the file to
which the personal data processed belongs.
The ‘administrative retention period’ of five years is based on the retention policy of Commission
documents and files (and the personal data contained in them), governed by the common
Commission-level retention list for European Commission files (SEC(2019)900).
It is a regulatory document in the form of a retention schedule that establishes the retention
periods for different types of Commission files. That list has been notified to the European Data
Protection Supervisor.
The ‘administrative retention period’ is the period during which the Commission departments are
required to keep a file depending on its usefulness for administrative purposes and the relevant
statutory and legal obligations.
This information is without prejudice to longer retention periods which may apply to personal
data processed for the purpose of reimbursing travel and subsistence costs, payment of special
allowances and ensuring the participant's access to Commission premises based on the dedicated
processing operations notified to the DPO by the responsible Commission departments (Records
of Processing DPR-EC-00655 (Commission Physical Access Control System (PACS)) and DPR-
EC-00301 - Legal Entities and Bank Accounts (former notifications DPO-372 and DPO-300)).
8
6. How do we protect and safeguard your personal data?
All personal data in electronic format (e-mails, documents, databases, uploaded batches of data,
etc.) are stored
on the servers of the European Commission All processing operations are carried
out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the
security of communication and information systems in the European Commission.
The Commission’s contractors are bound by a specific contractual clause for any processing
operations of your data on behalf of the Commission, and by the confidentiality obligations
deriving from the General Data Protection Regulation in the EU Member States (‘GDPR’
Regulation (EU) 2016/679).
In order to protect your personal data, the Commission has put in place a number of technical and
organisational measures. Technical measures include appropriate actions to address online
security, risk of data loss, alteration of data or unauthorised access, taking into consideration the
risk presented by the processing and the nature of the personal data being processed.
Organisational measures include restricting access to the personal data solely to authorised
persons with a legitimate need to know for the purposes of this processing operation.
7. Who has access to your personal data and to whom is it disclosed?
Access to your personal data is provided to the Commission staff authorised for carrying out this
processing operation and to other authorised Commission staff according to the “need to know”
principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
More specifically, the following Commission staff have access to certain parts of the personal
data:
-
Authorised staff of the European Commission's Directorate-General for Human
Resources and Security have access to the personal data necessary for providing access
to European Commission premises;
-
Authorised staff of the European Commission's Directorate-General for Budget and the
Paymaster Office (PMO) have access to the personal data needed for reimbursement
purposes and payment of special allowances;
-
Authorised staff of the European Commission's Directorate-General for Interpretation
(SCIC) as meeting room and equipment providers have access to the audio-visual
recordings of the meetings;
-
Authorised staff of other European Commission departments involved in the policy
follow-up to a specific meeting.
-
Authorised staff in the Member States responsible for the management of the Customs
and Fiscalis 2020 and successor programmes.
Please note that pursuant to Article 3(13) of Regulation (EU) 2018/1725, public authorities
(e.g. Court of Auditors, EU Court of Justice) which may receive personal data in the framework
of a particular inquiry in accordance with Union or Member State law shall not be regarded as
recipients. The further processing of those data by those public authorities shall be in compliance
with the applicable data protection rules according to the purposes of the processing.
The information we collect will not be given to any third party, except to the extent and for the
purpose we may be required to do so by law.
9
8. What are your rights and how can you exercise them?
You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU)
2018/1725, in particular the right to access your personal data and to rectify them in case your
personal data is inaccurate or incomplete. Under certain conditions, you have the right to erase
your personal data, to restrict the processing of your personal data, to object to the processing and
the right to data portability.
You have the right to object to the processing of your personal data, which is lawfully carried out
pursuant to Article 5(1)(a) of Regulation (EU) 2018/1725, on grounds relating to your particular
situation.
To the extent you consented to the publication of some of your personal data, you can withdraw
your consent at any time by notifying the Data Controller. The withdrawal will not affect the
lawfulness of the processing carried out before you have withdrawn the consent.
You can exercise your rights by contacting the Data Controller, or in case of conflict the Data
Protection Officer. If necessary, you can also address the European Data Protection Supervisor.
Their contact information is given under Heading 9 below.
Where you wish to exercise your rights in the context of one or several specific processing
operations, please provide their description (i.e. their Record reference(s) as specified under
Heading 10 below) in your request.
Any request for access to personal data will be handled within one month. Any other request
mentioned above will be addressed within 15 working days.
9. Contact information
-
The Data Controller If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have
comments, questions or concerns, or if you would like to submit a complaint regarding the
collection and use of your personal data, please feel free to contact the Data Controller:
European Commission, Directorate- General Taxation and Customs Union,
unit A.2 at
TAXUD-
xxxxxxx@xx.xxxxxx.xx .
-
The Data Protection Officer (DPO) of the Commission You may contact the Data Protection Officer (xxxxxxxxxxxxxxxxxxxxxxx@xx.xxxxxx.xx)
with regard to issues related to the processing of your personal data under Regulation (EU)
2018/1725.
-
The European Data Protection Supervisor (EDPS)
You have the right to have recourse (i.e. you can lodge a complaint) to the European Data
Protection Supervisor (xxxx@xxxx.xxxxxx.xx) if you consider that your rights under Regulation
(EU) 2018/1725 have been infringed as a result of the processing of your personal data by the
Data Controller.
10. Where to find more detailed information?
The Commission Data Protection Officer (DPO) publishes the register of all processing
operations on personal data by the Commission, which have been documented and notified to
him. You may access the register via the following link: https://ec.europa.eu/dpo-register/.
This specific processing operation has been included in the DPO’s public register with the
following Record reference: DPO-3078-5.
10
(OHFWURQLFDOO\ VLJQHG RQ 87& LQ DFFRUGDQFH ZLWK DUWLFOH RI &RPPLVVLRQ 'HFLVLRQ &