Data Protection Notice

1. Introduction

The European Economic and Social Committee (EESC) and European Committee of the Regions (CoR) is committed to protecting your personal data and to respecting your privacy. The EESC and CoR collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

This data protection notice explains the reason for the processing of your personal data for EU Open Day 2024 at the EESC and CoR in Brussels, organised by the EESC and CoR. It explains the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

The information in relation to the processing of personal data linked to meetings and events, organised by the services of the EESC and CoR, is presented below.

Processing operation: Processing of personal data linked to the EU Open Day 2024 at the European Economic and Social Committee and European Committee of the Regions in Brussels

Data Controller: The European Economic and Social Committee and European Committee of the Regions are the joint data controllers in charge of the processing of your personal data.

The services responsible for processing your personal data on behalf of the joint controllers are the Visits and Publications unit at the European Economic and Social Committee (openday@eesc.europa.eu) and the Events and local dialogues unit at the European Committee of the Regions (opendays@cor.europa.eu).

2. Why and how do we process your personal data?

Purpose of the processing operation: the EESC and CoR collect and further process your personal data to provide you with information about EU Open Day 2024 at the EESC and CoR in Brussels (before, during and after) and for your participation in this event.

Your personal data will not be used for any automated decision-making, including profiling.

Panorama photographs or videos of participants and organisers will be taken and may be published in the context of the event on the EESC and CoR websites, the EU Open Day webpages (https://europeday.europa.eu) and various social media platforms of the EESC and CoR.

Participants who do not wish to be part of the panorama photographs or videos may indicate their objection by wearing a special lanyard which will be provided at a stand at the entrance of the event.

Participants may be photographed/videotaped individually or in groups if they agree to that.

The EESC and CoR are not responsible for recordings (such as photographs or videos) made by participants in a private capacity.

For the service providers contracted for the organisation and/or delivery of the event personal data are also collected for accreditation and financial purposes.

3. On what legal ground(s) do we process your personal data?

The processing operations on personal data, linked to the organisation, management, follow-up and promotion of the meeting or event, including web-streaming, photos, audio-visual recording, are necessary for the management and functioning of the EESC and CoR, as mandated by the Treaties.

Consequently, those processing operations are lawful under Article 5(1)(a) of Regulation (EU) 2018/1725 (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body, in particular for the management and functioning of the Union institutions and bodies as referred to in Recital 22 thereof).

Article 5(1)(d) of Regulation (EU) 2018/1725 (data subject has given consent to the processing of his or her personal data) is applicable for the photos and videos.

Your consent for appearing in photos or videos can be withdrawn at any time and detailed information on how to withdraw consent can be found under point 8 of the data protection notice.

If you do not wish to appear in pictures and/or videos, we ask you to get a lanyard at the desk on the ground floor when you enter the building and wear that badge for the duration of your visit.

Please remember that without the lanyard, the photographer will not be aware of your wish not to have your photos taken and/or not to appear in videos and therefore your image might appear in the EU Open Day pictures and/or videos.

4. Which personal data do we collect and further process?

The following personal data may be processed in the context of the EU Open Day 2024 at the EESC and COR in Brussels:

i) General public (visitors)

• Photos and/or videos of identifiable persons or groups being taken by CoR and EESC communication department
• Photo Booth data: Pictures and email addresses are entered into the booth by visitors during the Open Day if visitors would like to have the photos emailed to them. They are under no obligation to enter these details and the photo booth does not retain nor transfer the email addresses.

ii) Service providers (legal person)

• Organisation Name
• Country Represented             
• Email Address
• Website         
• Phone Number           
• Street, Number, P.O. Box     
• Postal Code   
• City, Town, Area       
• Country         
• Key contacts from the organisation

iii) Service providers (natural person)

• Last Name
• First name
• Gender
• Organisation
• Country Represented
• Job Title
• Email Address
• Phone Number
• Mobile phone
• Street, Number, P.O. Box
• Postal Code
• City, Town, Area       
• Country
• Number of ID card or passport, if accreditation is needed
• Date of birth
• Nationality

​iv) Data of staff and members (for the organisation and management of Open Day)

Title, name, surname, unit, email address, size of t-shirt required, duration of availability on Open Day.

5. How long do we keep your personal data?

The Data Controller only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing.

For each of the categories of personal data that may be processed, please find below the retention details:

• Pictures and videos that are going to be used as communication material will be kept for a period of 30 years in accordance with EESC Decision No. 206/17 A and CoR Decision No 15/2018);
• Pictures and videos that are not going to be used as communication material will be kept for 12 months after the event.
• Data of staff and members necessary for the organisation and management of Open Day will be kept for 12 months after the event.
• Data of contractors are to be retained in the department in charge of  the procedure  until  it is  finalised,  and  in the archives for a period of at least five years following the date on which the European Parliament gives discharge for the financial year of the last payment (see Article 75 of the Financial Regulation), or, as the case may be, until the end of a possible audit, administrative or judicial procedure, if one such procedure started before the end of the above period.

6. How do we protect and safeguard your personal data?

In order to protect your personal data, the EESC and CoR have put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

The EESC and CoR processors (external contractors) are bound by a specific contractual clause for any processing operations of your personal data on behalf of the controllers. The processors have to put in place appropriate technical and organisational measures to ensure the level of security, required by the EESC and CoR.

7. Who has access to your personal data and to whom is it disclosed?

Access to your personal data is provided to the EESC and CoR staff responsible for carrying out this processing operation and to other authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

8. Third party IT tools, including Social Media

We may use third party IT tools to inform about and promote EU Open Day through widely used communication channels, including social media.

You may be able to watch EESC and CoR videos, which may be also uploaded to one of our social media pages and follow links from our websites to other relevant social media.

In order to protect your privacy, our use of third party IT tools to connect to those services does not set cookies when our website pages are loaded on your computer (or other devices), nor are you immediately redirected to those social media or other websites. Only in the event that you click on a button or “play” on a video to watch it, a cookie of the social media company concerned will be installed on your device. If you do not click on any social media buttons or videos, no cookies will be installed on your device by third parties.

In order to view such third-party content on our websites, a message will alert you that you need to accept those third parties’ specific Terms and Conditions, including their cookie policies, over which the EESC and CoR have no control.

We recommend that users carefully read the relevant privacy policies of the social media tools used. These explain each company’s policy of personal data collection and further processing, their use of data, users' rights and the ways in which users can protect their privacy when using those services.

The use of a third party IT tool does not in any way imply that the EESC or CoR endorses them or their privacy policies. In the event that one or more third party IT tools are occasionally unavailable, we accept no responsibility for lack of service due to their downtime.

9. What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.

You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) of Regulation (EU) 2018/1725 on grounds relating to your particular situation.

The EESC and CoR will ensure that the data subjects can exercise their right to object to processing on the spot by wearing a special lanyard which will be provided at a stand at the entrance of the event.

If you have agreed to your photos/videos being taken by signing the consent form, you are able to withdraw your consent at any time by notifying the data controller. The withdrawal of your consent will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the data controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 11 below.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description in your request.

10.             Are your personal data transferred to a third country (non-EU Member State) or international organisation?

Your personal data will not be transferred to a third country or international organisation.

11.             Contact information

• The Data Protection Officer(s)

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please contact the Data Protection Officers at the EESC and CoR with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725:

data.protection@eesc.europa.eu and data.protection@cor.europa.eu

• The European Data Protection Supervisor (EDPS)

You have the right to have recourse i.e. you can lodge a complaint to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the data controller.