Privacy statement for the collaboration with and coordination of decision-making bodies meetings and visits

What is our legal framework?

All personal data are processed in accordance with European Union data protection law, as set out in Regulation (EU) 2018/1725 (EUDPR).

Why do we process personal data?

Personal data are processed in the context of participation in meetings of decision-making bodies such as the ECB’s Governing Council and Supervisory Board. Personal data are also processed for organising visits to these decision-making bodies. The data are collected for collaboration with and coordination of meetings of the decision-making bodies, for contact management purposes and to satisfy the ECB’s security requirements for entering ECB buildings.

What is the legal basis for processing your personal data?

Your personal data are processed by the ECB:

• in the performance of a task carried out in the public interest, based on Article 5(1)(a) EUDPR, in conjunction with Article 3.3 of the ESCB Statute on the organisation of ESCB meetings, workshops, seminars and other formats that contribute to a smooth conduct of policies for its information sharing, coordinating nature and conduct, in conjunction with Articles 10.5 and 12. The organisation and preparation of Governing Council and General Council meetings is the responsibility of the Executive Board of the ECB, delegated to the Protocol team, which manages the logistical aspects and registration processes for these mandatory meetings;
• because you consented to this processing by providing the personal data requested. You may withdraw your consent at any time by contacting us as indicated below. All processing of your personal information will stop once you withdraw your consent; however, any processing that has already taken place remains lawful.

Who is responsible for processing your personal data?

The ECB is the controller for the processing of your personal data. The Public Communication Division in our Directorate General Communications is responsible for this processing. ADITO acts as a processor or sub-processor. It will process personal data only on documented instructions from the ECB (see ADITO’s privacy statement).

Who will be the recipients of your personal data?

The recipients of your personal data (including entities with access to the personal data) will be members of staff in the Public Communication Division in the Directorate General Communications, relevant external staff, dedicated expert staff from other divisions and internal and external security personnel at the ECB.

The recipients of the data will be staff responsible for event and contact management, including related activities such as the transportation of participants, processing access badges and plausibility checks.

What categories of personal data are collected?

The ECB processes the following personal data, collected via registration forms and email correspondence relating to the organisation of a meeting:

• Title
• First and last name
• Function
• Organisation
• Email address
• Telephone, mobile phone number
• Postal address
• Dietary requirements
• Nationality

Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

The ECB does not foresee any transfer of your personal data to third countries or international organisations. However, your personal data might exceptionally be processed in third countries or by international organisations based on the derogations for specific situations set out in Article 50(1) EUDPR.

How long will the ECB keep personal data?

Your personal data will be stored for a maximum of five years before being deleted.

Please note that personal data may be held in the ECB’s archives in accordance with Decision (EU) 2023/1610 of the European Central Bank of 28 July 2023 establishing the historical archives of the European Central Bank.

What are your rights?

You have the right to access your personal data and correct any data that are inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with the EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.

Who can you contact for queries or requests?

You can exercise your rights by contacting the ECB’s Protocol team in the Directorate General Communications at dgc-protocol@ecb.europa.eu. You can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu for all queries relating to your personal data.

Addressing the European Data Protection Supervisor

If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.