Privacy statement for accreditation, invitation, and registration of media contacts for press events

If you are a journalist and would like to attend ECB press events such as the monetary policy press conference, you must accredit yourself with the Directorate General Communications. This means that you must provide a copy of your passport/personal ID and your press ID, a photo and a letter from your editor confirming your employment/assignment to the ECB. The accreditation documents must be provided at least ten working days before the event. They will then be reviewed and processed by the ECB.This privacy statement explains how the ECB processes, stores and manages personal data it has received for this purpose.

What is our legal framework?

All personal data are processed in accordance with European Union data protection law, as set out in Regulation (EU) 2018/1725 (EUDPR).

Why do we process personal data?

Personal data are processed to facilitate accreditation, invitation and registration of journalists for ECB press events, such as the monetary policy press conference and media briefings on specific topics. The processing of personal data is necessary to verify employment as a journalist and to satisfy security requirements, including control and access to ECB premises. Personal data processing is mandatory. Personal data are collected to facilitate all relevant communication and organisational activities including: the exchange of correspondence; emails, notifications, invitations and the relevant follow-up (which entails managing contact lists for correspondence); online registration; processing access badges and plausibility checks.

What is the legal basis for processing your personal data?

Your personal data are processed by the ECB:

• in the performance of a task carried out in the public interest, based on Article 5(1)(a) EUDPR, in conjunction with Article 22 of the Rules of procedure of the European Central Bank (ECB/2004/2);
• because you consented to this processing by providing the personal data requested. You may withdraw your consent at any time by contacting us as indicated below. All processing of your personal information will stop once you withdraw your consent; however, any processing that has already taken place remains lawful.

Who is responsible for processing your personal data?

The ECB is the controller for the processing of your personal data. The Design and Digital Division and Newsroom Division of the Directorate General Communications are responsible for this processing. ADITO is a sub-processor of your personal data. It will process personal data only on documented instructions from the ECB (see ADITO’s privacy statement).

Who will be the recipients of your personal data?

The recipients of your personal data will be members of staff responsible for event and contact management, including related activities such as the transportation of participants, processing access badges and plausibility checks, including:

• staff members from the Directorate General Communications;
• internal and external security staff members at the ECB;
• staff members of other institutions such as the European Commission, national central banks or national competent authorities, and/or international organisations such as the International Monetary Fund and the Bank for International Settlements that organise events with the ECB.

The accreditation documents are stored in a dedicated space in the ECB's document and records management system and access to these documents is limited to a small number of expert staff from the Design and Digital Division in the Directorate General Communications.

What categories of personal data are collected?

The ECB processes the following personal data, obtained from you through the exchange of email correspondence, accreditation documents and online registration:

• First and last name, title
• Email address
• Telephone number (landline and mobile)
• X (formerly known as Twitter) handle
• Job title/function
• Organisation
• Postal address
• Date of birth
• Photo
• Additional personal data as indicated on your personal ID/passport and your press ID.

Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

Your data are processed by the ECB and stored in an internal customer relationship management (CRM) tool, hosted on secure ECB servers located in Germany, as well as in our internal document and records management system, as mentioned above, and Outlook.

The ECB does not foresee any transfer of your personal data to third countries or international organisations. However, your personal data might exceptionally be processed in third countries or by international organisations based on the derogations for specific situations set out in Article 50(1) EUDPR.

How long will the ECB keep personal data?

Your personal data will be stored for as long as you are accredited with the ECB and receive invitations to ECB press events such as the ECB press conference. If you no longer wish to receive invitations to ECB press events, you may request to be taken off the invitation list and your data will be deleted within three months of receipt of the request.

For other events, your personal data will be stored for a maximum of five years before being deleted.

Please note that personal data may be held in the ECB’s archives in accordance with Decision (EU) 2023/1610 of the European Central Bank of 28 July 2023 establishing the historical archives of the European Central Bank.

What are your rights?

You have the right to access your personal data and correct any data that are inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with the EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.

Who can you contact for queries or requests?

You can exercise your rights by contacting the Design and Digital Division in the Directorate General Communications at media@ecb.europa.eu. You can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu for all queries relating to your personal data.

Addressing the European Data Protection Supervisor

If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.