Privacy Statement

Self‐Nomination application for external users of ECDC's information systems

1. PURPOSE OF THE PROCESSING OPERATION

ECDC processes the personal data collected in accordance with Regulation (EU) 2018/1725. The purpose of the processing is the following: The Self‐Nomination application facilitates the registration and authentication of external users and to control their access to restricted ECDC information systems.

2. IDENTITY OF THE DATA CONTROLLER

European Centre for Disease Prevention and Control (ECDC), Gustav III:S Boulevard 40, 16973 Solna, Sweden Digital Transformation Services (DTS), Infrastructure, francois.mestre@ecdc.europa.eu

3. LEGAL BASIS FOR THE PROCESSING

The legal basis of the processing operation is

4. CATEGORIES OF PERSONAL DATA COLLECTED

The categories of data collected and used for the processing operations are the following:
The provision of the personal data is not mandatory.
The processing of your data will not be used for an automated decision making, including profiling.

5. WHO HAS ACCESS TO YOUR INFORMATION AND TO WHOM IS IT DISCLOSED?

The recipients of the data are the following:

6. HOW LONG DO WE KEEP YOUR DATA?

ECDC will keep the data as long as users are recorded as an active user and for a period of one year thereafter.

7. HOW DO WE PROTECT AND SAFEGUARD YOUR INFORMATION?

In order to protect your personal data, a number of technical and organisational measures have been put in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the data being processed. Organisational measures include restricting access to the data to authorised persons with a legitimate need to know for the purposes of this processing operation.

8. WHAT ARE YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM?

The controller may be contacted at any time by the data subjects for exercising the right of access, to rectify, to block, to erase, to transmit or to object to the processing of the data. Where the legal basis for the processing is consent, this consent can be withdrawn at any time. The Controller can be contacted on: francois.mestre@ecdc.europa.eu
Data subjects can request the deletion of their personal data by the data controller, who will do so within 30 working days.
Data subjects can also contact the ECDC Data Protection Officer (DPO) in case of any difficulties or for any questions relating to the processing of their personal data at the following email address: dpo@ecdc.europa.eu. The data subject has the right of recourse at any time to the European Data Protection Supervisor: www.edps.europa.eu and at edps@edps.europa.eu
Exceptions based on Regulation (EU) 2018/1725 may apply.