Privacy Statement
Self‐Nomination application for external users of ECDC's information systems
1. PURPOSE OF THE PROCESSING OPERATION
ECDC processes the personal data collected in accordance with Regulation (EU) 2018/1725. The purpose of the processing is
the following:
The Self‐Nomination application facilitates the registration and authentication of external users and to control their access to
restricted ECDC information systems.
2. IDENTITY OF THE DATA CONTROLLER
European Centre for Disease Prevention and Control (ECDC), Gustav III:S Boulevard 40, 16973 Solna, Sweden
Digital Transformation Services (DTS), Infrastructure, francois.mestre@ecdc.europa.eu
3. LEGAL BASIS FOR THE PROCESSING
The legal basis of the processing operation is
- Article 5 (1) (d): the processing is based on consent
4. CATEGORIES OF PERSONAL DATA COLLECTED
The categories of data collected and used for the processing operations are the following:
- Name (first name and surname)
- E‐mail
- Details related to the user's link with an organisation
- additional information relating to the activity on the user account
- log files
- cookies.
The provision of the personal data is not mandatory.
The processing of your data will not be used for an automated decision making, including profiling.
5. WHO HAS ACCESS TO YOUR INFORMATION AND TO WHOM IS IT DISCLOSED?
The recipients of the data are the following:
-
Staff and personnel of the ECDC Digital Transformation Services Unit. Exceptionally: 1) the duly authorised support group
responsible for the domain in which you are registered
-
2) duly authorised application owners or 3) ECDC IT security officer, disciplinary bodies or the ECDC data protection officer.
6. HOW LONG DO WE KEEP YOUR DATA?
ECDC will keep the data as long as users are recorded as an active user and for a period of one year thereafter.
7. HOW DO WE PROTECT AND SAFEGUARD YOUR INFORMATION?
In order to protect your personal data, a number of technical and organisational measures have been put in place. Technical
measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access,
taking into consideration the risk presented by the processing and the nature of the data being processed. Organisational
measures include restricting access to the data to authorised persons with a legitimate need to know for the purposes of this
processing operation.
8. WHAT ARE YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM?
The controller may be contacted at any time by the data subjects for exercising the right of access, to rectify, to block, to
erase, to transmit or to object to the processing of the data. Where the legal basis for the processing is consent, this consent
can be withdrawn at any time. The Controller can be contacted on:
francois.mestre@ecdc.europa.eu
Data subjects can request the deletion of their personal data by the data controller, who will do so within 30 working days.
Data subjects can also contact the ECDC Data Protection Officer (DPO) in case of any difficulties or for any questions relating
to the processing of their personal data at the following email address: dpo@ecdc.europa.eu. The data subject has the right
of recourse at any time to the European Data Protection Supervisor: www.edps.europa.eu and at edps@edps.europa.eu
Exceptions based on Regulation (EU) 2018/1725 may apply.