For communication and dissemination activities delivered under the European Maritime, Fisheries and Aquaculture Fund (EMFAF) programme.
In accordance with Regulation (EU) 2018/1725 of 23 October 2018 on data protection (hereinafter the Regulation), the European Climate, Infrastructure and Environment Executive Agency (hereafter CINEA) collects your personal data only to the extent necessary to fulfil the precise purpose related to its tasks.
1. The controller is CINEA:
The Head of Unit
Unit D.3 – Sustainable Blue Economy
European Climate, Infrastructure and Environment Executive Agency – CINEA
Email: CINEA-EMFAF-CONTRACTS [at] ec.europa.eu
2. The purpose of the processing is for the controller and its contractor for the MSP Assistance Mechanism and Blue Forum (Contractor to deliver ‘Support and expert services on maritime spatial planning (MSP) and for the establishment of a European Blue Forum’) Application Européenne de Technologies et de Services (AETS)1 to promote the EMFAF programme (2021-2027) to relevant target audiences by performing communication and dissemination actions with - where applicable - the support of contractors working on its behalf and acting as processors. These processes may include:
a. Set-up and operation of online websites, user directories, contact forms, platforms or maps that will facilitate cooperation and exchange among partners, stakeholders, Member States and other relevant players (i.e.: online interaction, networking and business matchmaking between stakeholders, etc.);
b. Organisation of physical and virtual events, targeted workshops, conferences, seminars, networking events, trainings, knowledge sharing, assistance mechanism related activities, prize awards, etc.;
c. Organisation of physical and virtual events, targeted workshops, conferences, seminars, networking events, trainings, knowledge sharing, assistance mechanism related activities, prize awards, etc.;
d. Production and delivery of the visual and audio-visual content such as promotional videos, factsheets, leaflets, brochures, publications, newsletters, pod-casts, blogs, roll-ups and other promotional material used for communication and dissemination activities;
e. Compiling, maintenance, development and management of the databases or registers in different sectors such as the sustainable blue economy and fisheries, and international ocean governance, etc.;
f. Identifying and selecting projects or SMEs that could receive awards and other prizes;
g. Obtaining experts’ views and/or additional and necessary information on a subject matter relevant for the EMFAF programme implementation where only very limited information is available;
h. Use of web-based tools to support the day-to-day management of the above services by the European Commission and the controller including but not limited to collecting data for reporting and business intelligence (research and market analysis, etc.), statistics, management of dashboards, databases, maps, etc.
3. The data subjects concerned by this notice are:
a. The natural persons, who are the legal representatives and/or the contact persons of the entities involved in the implementation of EMFAF programme actions (selected beneficiaries, coordinators, affiliated entities, contractors, subcontractors, etc.);
b. The staff of the European Commission and Executive Agencies involved in the EMFAF programme;
c. Stakeholders invited to participate to the events, studies, communications and other dissemination actions organised under EMFAF programme;
d. Visitors or users to EU websites/interactive platforms or services relating to EMFAF programme.
4. The categories of personal data collected and used for the processing operations are:
a. Identification data: first name, last name, position/function, etc.;
b. Date of birth; nationality; ID/Passport number (may be requested only if physical meetings in the European Commission buildings are organised for security reasons); food-related allergies in case of physical events for the catering;
c. Contact details: telephone, mobile, e-mail, website, street address, post code, country; social media handles or accounts;
d. EU login to access certain areas and functionalities of Europa domain managed by CINEA and/or its contractors;
e. Profile created by the user in the User directory where applicable
f. Curriculum vitae of the contractors’ staff or other stakeholders (experts, speakers, etc.) involved in the projects, trainings or event organisation (relevant experience, employment history, education, academic background, training, personal skills, competences, languages, technical skills, photo);
g. Responses to interview/survey questions:
- If you agree to provide contact information for potential interviewees, that information will be managed with the same level of care and confidentiality as your own personal data. These potential interviewees will only participate to this exercise if they explicitly consent to do so. If these persons decline to participate to the consultation, their personal data will be immediately deleted;
- The collected responses to interviews/surveys will be presented in anonymized manner and/or as aggregated data in the reports including interview/survey results. These reports will be publicly available but will not allow for the identification of the data source. This means that you will not be identifiable in any of these reports and your personal data will not be made public.
Personal data will not be used for an automated decision-making including profiling and will not be transferred outside the European Economic Area.
In addition, personal data, which is not mandatory for the purpose of the project implementation may be collected for communication activities: e.g.: pictures, web streaming of events or video, full or short CVs but only with the prior consent of the data subject concerned.
5. All recipients are on a "need to know" basis. The recipients to whom the personal data will or might be disclosed are:
a. CINEA Services & their authorised staff in charge of managing the projects (grant agreements and contracts) funded under the EMFAF programme (such as project officers and managers, financial officers, legal officers, auditors in charge of audit, etc.);
b. CINEA contractor’s authorised staff and their subcontractors’ authorized staff, in charge of performing and managing the tasks or studies within framework of signed contracts under EMFAF programme;
c. External experts bound by confidentiality clauses;
d. Relevant staff of the EC services (e.g. DG MARE, DG DIGIT to manage EU Login as part of the EC Identity Access Management Service (IAMS)2, etc.);
e. Commission staff as members of Ad hoc & Review Committees;
f. Members of the public but only for information for which you have given your prior consent and which is published on the project websites, managed by CINEA and its contractors.
Only persons relevant for the performance of the services, including accredited staff, SME beneficiaries of the assistance services, large enterprises, investors and other service providers selected by CINEA and the European Commission might have access to a limited subsection of your data if needed.
In case of reviews, proceedings, personal data may be provided to CINEA’s Internal Controller, DPO, etc.
In addition, data may be disclosed to public authorities such as for instance the below ones, which may not be regarded as recipient in accordance with Union and Member State law. The processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purpose of the processing:
a. Bodies in charge of a monitoring or an inspection task in application of Union law (e.g. internal audit, IAS, Court of Auditors, etc.);
b. The European Court of Justice or a national judge as well as the lawyers and the agents of the parties in case of a legal procedure;
c. OLAF in case of an investigation conducted in application of Regulation (EC) No 1073/1999;
d. The European Ombudsman within the scope of the tasks entrusted to it by Article 228 of the Treaty on the Functioning of the European Union;
e. The European Data Protection supervisor in accordance with Article 58 of the Regulation (EC) 2018/1725;
f. The European Public Prosecutor’s Office within the scope of Article 4 of Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office.
The contractors will not share your personal data with any third parties without your express consent, except where we may be required to do so by law.
2 The record concerning the IAMS data processing is registered under number DPR-EC-03187.1 in the EC DPO’s public register. For the IAMS Privacy statement see: https://webgate.ec.europa.eu/cas/privacyStatement.html
6. Use of third-party IT tools
Some events or services may refer to the use of third-party tools, which may collect personal data and have their own cookies and privacy policies. They may also transfer personal data outside the EU and abide to specific data protection terms, which may be outside of the control of the controller. For additional information, you may consult the following links:
Data Subjects rights
You have the right at any time to access, rectify, erase ('right to be forgotten') your personal data. You are also entitled to object to the processing or request for the restriction of the processing.
When processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such a withdrawal.
Depending on the on-line service you are accessing, you can either:
- Access, check, modify, update, and delete your personal profile online yourself at any time;
- Ask the data controller for the removal of your account.
You can exercise your rights by sending an email with the requested change(s) to the controller via the functional mailbox indicated here above in Section 1.
However, web users may have the functionality to remove their profile any time they want from the website. In this case, their data will be removed from database and will no longer appear in the Users Directory.
To ensure the consistency of the platforms and the coherence of its content, your contributions and comments may be kept on the platforms but anonymised, even in case of an eventual removal of your profile.
In any case, your data will be modified or removed accordingly and as soon as practicable (maximum within 15 working days).
However, these rights can be restricted in line with Decision SC (2020) 26 of the Steering Committee of 14 October 2020 (OJEU L 45 on 9.2.2021, p. 80) on internal rules concerning restrictions of certain rights of data subjects in relation to the processing of personal data. This is to safeguard the rights of other data subjects and to respect the principles of equal treatment among applicants and the secrecy of deliberations.
In order to grant or not the data subjects rights, CINEA will carry out a case-by-case assessment of each individual request and give the reasons underlying its decision, considering the type of information held and whether any exceptions of the internal rules are applicable.
The restrictions will continue applying as long as the reasons justifying them remain applicable and may be lifted if these reasons would no longer apply, if the exercise of the restricted right would no longer negatively impact the applicable procedure or adversely affect the rights or freedoms of the data subjects.
7. How does CINEA protect and safeguard your data?
All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of the European Commission, CINEA or of its contractors (and possibly their subcontractors).
All processing operations are carried out pursuant to Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.
In order to protect your personal data, CINEA has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
The processors (contractors and their sub-contractors) are bound by a specific contractual clause for any processing operations of your personal data on behalf of the data controller. The processors have put in place appropriate technical and organisational measures to ensure the required level of security.
Some events maybe be held using IT services provided by sub-contractors (e.g. CiscoWebEx,TEAMS,Sli.door alternative tools to interact with the audience), which may collect personal data and have more specific cookies and privacy policies. We encourage you to read their privacy statements.
The registration for the event may take place via EU Survey website or other alternative tools. For information on how EU Survey processes personal data, please consult this link.
8. The legal basis of the processing are:
in accordance with Article 5(1)(a) of the Regulation (processing is necessary for the performance of a task carried out in the public interest including for the management and functioning of CINEA) and Article 5(1)(d) of the Regulation (consent of the data subject), notably:
- Council Regulation 58/2003 of 19 December 2002, laying down the Statute for executive agencies to be entrusted with certain tasks in the management of EU programmes;
- Regulation (EC) n° 1653/2004 of 21 September 2004 on a standard Financial Regulation for the executive agencies pursuant to Council Regulation (EC) n°58/2003 of 19 December 2002 laying down the statute for executive agencies to be entrusted with certain tasks in the management of Community programme;
- Regulation (EU) 2021/1139 of the European Parliament and of the Council of 7 July 2021 establishing the European Maritime, Fisheries and Aquaculture Fund and amending Regulation (EU) 2017/1004;
- Regulation 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, repealing Regulation No 966/2012;
- Commission Implementing Decision (EU) 2021/173 of 12 February 2021 establishing the European Climate, Infrastructure and Environment Executive Agency, the European Health and Digital Executive Agency, the European Research Executive Agency, the European Innovation Council and SMEs Executive Agency, the European Research Council Executive Agency, and the European Education and Culture Executive Agency and repealing Implementing Decisions 2013/801/EU, 2013/771/EU, 2013/778/EU, 2013/779/EU, 2013/776/EU and 2013/770/EU;
- Commission Decision C(2021)947 of 12 February 2021 delegating powers to the European Climate, Infrastructure and Environment Executive Agency with a view to the performance of tasks linked to the implementation of Union programmes in the field of transport and energy infrastructure; climate, energy and mobility research and innovation; environment, nature and biodiversity; transition to low-carbon technologies; and maritime and fisheries.
9. The time limits for keeping the data are the following:
CINEA keeps data in accordance with the 2022 Retention List of the Commission3 (2 years for website related data and communication activities and 5 years for events). Your personal data will remain in the contractors and subcontractors databases only for the duration of the relevant event or maximum one year after its closure and will be deleted afterwards.
If the user has not logged in even once in the last 2 years period to the relevant website, the user will receive an email warning that his/her account will be removed due to the non-usage with a grace period of 2 weeks. If the user does not reply with a positive answer to keep the account active, the data will be removed from the website.
3 SEC (2022) 400 – ARES (2022)8801492 – 19/12/2022
10. Contact information
In case you have any questions about the collection/processing of your personal data, you may contact the data controller who is responsible for this processing activity by using the email address mentioned here above in Section 1.
You may contact at any time the Data Protection Officer of CINEA (CINEA-DPO [at] ec.europa.eu (CINEA-DPO[at]ec[dot]europa[dot]eu)). You have the right to have recourse at any time to the European Data Protection Supervisor (edps [at] edps.europa.eu (edps[at]edps[dot]europa[dot]eu)).