Specific Privacy Statement (SPS)
European Data Protection Board (EDPB) Single Contact List for EDPB Events
1. Introduction
In the context of its legal obligation to, where appropriate, consult interested parties and give
them the opportunity to comment within a reasonable period (article 70(4) GDPR), the EDPB
organises, where relevant, stakeholder events aimed at gathering feedback from stakeholders
from different fields.
Furthermore, in pursuit of its mission of ensuring a consistent application of the GDPR and, in
particular, to promote cooperation, as foreseen in the GDPR and in its rules of procedure, and
as part of its communication strategy, the EDPB engages itself in communication activities
involving stakeholders (i.e. individuals, businesses, academia, NGOs, sector associations),
other EU institutions and the general public.
Therefore, the EDPB intends to create a list of stakeholders and organisations, with the purpose
of sending them “save the date” information and invitations for events organised by the EDPB
in the context of its tasks. As such, in the course of its activities, and with the assistance of a
communications’ agency acting on its behalf, it has identified a set of individuals and
organisations whose information (including personal data) it would like to compile in said list,
by gathering their consent to do so.
The purpose of this privacy statement is therefore to provide individuals whose data is being
processed with the necessary information regarding the processing of their personal data,
including their data subject rights, in accordance with applicable legislation (Regulation
2018/1725 on the protection of natural persons with regard to the processing of personal data
by the EU institutions, bodies, offices and agencies). The EDPB acts as a sole controller for
the purposes of this processing operation.
2. What personal information do we collect, for what purpose and on which legal basis?
2.1. Processed personal information
Name, surname, contact details (email address and, where relevant and available, office phone
number), professional work title (where relevant), organisation’s name and address (where
relevant and available).
2.2. Purpose of the processing
To create a single contact list of stakeholders and organisations from different sectors and fields
with the purpose of sending them general or targeted invitations for events organised by the
EDPB in the context of its role and tasks.
2.3. Applicable legal basis
Personal data is collected through the consent of the individual, based on article 5(1)(d) of
Regulation 2018/1725, and taking into account the specific consent conditions foreseen in
article 7 of the same Regulation. Consent is generally collected through an email sent to the
data subject. It may also be collected in the context of other events organised by the EDPB and
resorting to specific IT tools (i.e. EUSurvey). Consent is only considered as given if the data
subject replies positively. Any absence of reply is not considered as a provision of consent.
3. Who has access to your information and to whom is it disclosed?
The following entities have access to your information for the abovementioned purposes:
All EDPB Members (31 national supervisory authorities (EEA) and the European Data
Protection Supervisor) on a need-to-know and need-to-do basis;
The EDPB Secretariat staff on a need-to-know and need-to-do basis;
The EUSurvey support team, where applicable;
Bodies charged with a monitoring or inspection task in application of EU law, e.g.
OLAF, IDOC, Internal Audit Service, as well as staff of other services, where necessary
in the context of official investigations or for audit purposes;
4. How do we protect and safeguard your information?
The list with your personal data is kept in a separate folder in a restricted access server,
available only to staff members of the EDPB Secretariat and, upon request, to EDPB members,
on a need-to-know and need-to-do basis and only in relation to the purposes for which it was
collected.
Where personal data and consent is collected through EUSurvey, your personal data is saved
in a restricted, password-protected space in EU Survey. EUSurvey is an online survey
management system for creating and publishing forms available to the public. It is the European
Commission's official survey management tool. Its main purpose is to create official surveys
of public opinion and forms for internal communication and staff management, e.g. staff
opinion surveys and forms for evaluation or registration. You can find out more about how
your data is processed in EUSurvey by consulting its privacy statement:
https://ec.europa.eu/eusurvey/home/privacystatement.
Your personal data will not be transferred to any third parties.
5. How can you verify, modify or delete your information?
You are entitled to withdraw your consent at any time, by sending an email to the EDPB DPO
(see section 8 below), expressing your desire to withdraw your consent. Once you have
withdrawn your consent, and if there is no other lawful basis justifying the processing of your
personal data, they will be deleted.
Please note that, if consent is withdrawn, all data processing operations that were based on
consent and took place before the withdrawal of consent remain lawful.
In addition, you have the right to request from the EDPB access to, rectification or erasure of
personal data, or restriction of processing concerning the data subject or, where applicable, the
right to data portability. To exercise your rights as a data subject, please use the contact details
of section 8 below.
6. For how long do we keep your data?
Your data is stored for no longer than necessary given the purposes for which it was collected,
after which it will be deleted. In the event of a consent withdrawal, and if there is no other
lawful basis justifying the processing of your personal data, your data will be deleted following
your request.
7. Time limit for addressing your data modification request
The time limit for treating the data subject’s request is four (4) weeks.
8. Contact information
In case you have questions, or wish to exercise your rights as a data subject, please contact the
European
Data
Protection
Board,
using
the
following
contact
information:
xxxx@xxxx.xxxxxx.xx. You can also directly contact the EDPB Data Protection Officer, at
xxxxxxxx@xxxx.xxxxxx.xx.
9. Resources
Complaints, in case of conflict, can be addressed to the European Data Protection Supervisor
(EDPS) at the following address:
European Data Protection Supervisor (EDPS)
Rue Wiertz 60
B-1047 Brussels
Belgium
Phone: +32 2 283 19 00 Fax: +32 2 283 19 50
Email: xxxx@xxxx.xxxxxx.xx