European Central Bank - eurosystem
Search Options
Home Media Explainers Research & Publications Statistics Monetary Policy The €uro Payments & Markets Careers
Sort by

Privacy statement for ECB Webex

What is our legal framework?

All personal data are processed in accordance with EU Data Protection Law, that is to say in line with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

Why do we process personal data?

Personal data are processed to provide the service to you, to perform troubleshooting and to allow billing of ECB usage by Cisco Systems.

What is the legal basis for processing your personal data?

Your personal data are being processed by the ECB:

  • in the performance of a task in the public interest, based on Article 5(1)(a) of Regulation (EU) 2018/1725. Limited categories of personal data (user name, email address, meeting password, name of billing contact/department, duration of meeting, meeting host name, log-in time/date) are processed by Cisco Systems for billing and troubleshooting purposes.
  • because you consent to the processing by providing the personal data requested. Participation in Webex meetings is voluntary, and you can withdraw your consent at any time by ceasing to use the service. Future processing of your personal information will stop once you have withdrawn your consent, but processing of personal data based on Article 5(1)(a) of Regulation (EU) 2018/1725 will remain lawful.

Who is responsible for processing your personal data?

The ECB is the controller for the processing of the personal data. The ECB’s Directorate General Information Systems ( is responsible for the processing.

Who will receive your personal data?

The recipients of the data are the ECB’s Directorate General Information Systems and Cisco Systems (including its subsidiaries for billing information only and its partners for troubleshooting).

Where are your data transferred to, processed and stored?

Your data are/will be:

  • processed by Cisco Systems (including its US subsidiaries for billing information only) and its partners located in all countries where Cisco and Cisco partners perform troubleshooting, based on
    • the inclusion of special clauses in the contract with Cisco Systems which ensure that the company complies with EU data protection standards (standard contractual clauses approved by the European Commission);
    • Cisco’s Binding Corporate Rules – Controller (BCR-C) which provide that transfers made by Cisco worldwide of European personal information benefit from adequate safeguards.

How long will the ECB and Cisco Systems keep personal data?

Most of the personal data collected will only be stored until the end of the Webex session and for three months for troubleshooting purposes. The personal information needed for billing will be retained by Cisco Systems for a period of six years.

What are your rights?

You have the right to access your personal data and correct any data that are inaccurate or incomplete. You also have (with some limitations) the right to:

  • delete your personal data;
  • restrict or object to the processing of your personal data in line with the relevant provisions of Regulation (EU) 2018/1725.

Who can you contact in case of queries or requests?

You can exercise your rights by contacting the ECB’s Directorate General Information Systems ( You can also directly contact the ECB’s Data Protection Officer at regarding all queries relating to personal data.

Addressing the European Data Protection Supervisor

If you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.