Privacy statement for speaking engagement requests

What is our legal framework?

All personal data are processed in accordance with European Union data protection law, as set out in Regulation (EU) 2018/1725 (EUDPR).

Why do we process personal data?

Personal data are processed in the context of invitations extended to ECB Executive Board or Supervisory Board members and ECB subject matter experts to participate in events organised by parties outside the ECB. The data will be used for contact management purposes.

What is the legal basis for processing your personal data?

Your personal data are processed by the ECB:

• in the performance of a task carried out in the public interest, based on Article 5(1)(a) EUDPR, in conjunction with Articles 10 and 11 on transparency as one of the EU’s key principles;

• because you consented to this processing by providing the personal data requested. You may withdraw your consent at any time by contacting invitation@ecb.europa.eu. All processing of your personal information will stop once you withdraw your consent; however, any processing that has already taken place remains lawful.

Who is responsible for processing your personal data?

The ECB is the controller for the processing of your personal data. The Directorate General Communications and Directorate General Market Infrastructure and Payments are responsible for this processing. ADITO acts as a processor or sub-processor. It will process personal data only on documented instructions from the ECB (see ADITO’s privacy statement).

Who will be the recipients of your personal data?

The recipients of your personal data (including entities with access to the personal data) will be members of staff in the Directorate General Communications and the Directorate General Market Infrastructure and Payments, relevant external staff, dedicated expert staff from other divisions and internal and external security personnel at the ECB.

The recipients of the data will be members of staff who are responsible for interview, publication and contact management, including related activities such as building entrance checks, processing access badges and plausibility checks.

What categories of personal data are collected?

The ECB processes the following personal data based on the information provided by the requester in the webform or via email correspondence:

• Title
• First and last name
• Function
• Organisation
• Email address
• Telephone, mobile phone number
• Postal address
• Nationality

Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

The ECB does not foresee any transfer of your personal data to third countries or international organisations. However, your personal data might exceptionally be processed in third countries or by international organisations based on the derogations for specific situations set out in Article 50(1) EUDPR.

How long will the ECB keep personal data?

Your personal data will be stored for a maximum of five years before being deleted.

Please note that personal data may be held in the ECB’s archives in accordance with Decision (EU) 2023/1610 of the European Central Bank of 28 July 2023 establishing the historical archives of the European Central Bank.

What are your rights?

You have the right to access your personal data and correct any data that are inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with the EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.

Who can you contact for queries or requests?

You can exercise your rights by contacting the Directorate General Communications at invitation@ecb.europa.eu or the Directorate General Market Infrastructure and Payments at MIPCommunication@ecb.europa.eu.You can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu for all queries relating to your personal data.

Addressing the European Data Protection Supervisor

If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.