Privacy policy – Conference: Cybersecurity standardisation 2022

Your personal data are processed in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

The data controller of the processing operation is ENISA – Market, Certification and Standardisation Unit.

The data processors are:

  • ENISA’s contractor EaudeWeb, based in Romania, that hosts the ENISA’s web services;
  • CISCO, provider of the teleconference platform (Webex) under a contract with ENISA;
  • sli.do s. r. o. (part of Cisco Systems International B.V.) under its Terms of Service - https://www.sli.do/terms , provider of the Q&A and polling tool

The legal basis for the processing operations is article 5(1)(a) of Regulation (EU) 2018/1725, on the basis of Regulation (EU) 2019/881 (Cybersecurity Act), especially the provisions establishing the tasks of ENISA

The purpose of this processing operation is to register interested persons to ENISA’s conference on Cybersecurity standardisation, provide access to the conference venue, as well as allow the follow up of the conference, including feedback collection and specific communication activities.

The following personal data are collected:

  • Contact data: first name, last name, organisation, e-mail address.
  • Financial data for claims of reimbursement of costs associated with travel (only for invited speakers).
  • Connection details for virtual session: username, email address (optional), IP address, user agent identifer, hardware type, operation system type and version and further technical connection data. These data are processed by CISCO and sli.do (processors) in order to provide for the event and for analytics purposes.
  • User generated information: discussion chat logs, meeting recordings, uploaded files. These data are produced through the CISCO Webex and sli.do platforms during the event. They will be processed by ENISA and deleted from the CISCO Webex and sli.do platforms after the end of the event.

The recipients of your data will be designated ENISA staff involved in the organisation of the conference, designated staff of ENISA’s contractors involved in the event, and bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, European Anti-fraud Office – OLAF). The list of participants (first name, name, email address, organisation) may be provided to the European standardisation bodies (CEN, CENELEC, ETSI), which are contributing to the event, upon request. Operators of Cisco Webex and sli.do systems will have access to personal data related to the connection and use of the teleconference platform for the provision of the specific service. Data related to the connection/use of the teleconference platforms are stored within EU/EEA and may include transfers of personal data outside EU/EEA.

Storage of personal data: the contact data collected upon registration at the ENISA website are stored on the ENISA’s (and contractor’s EaudeWeb) servers and are only processed within EU/EEA. Personal data related to the connection/use of the teleconference platforms are stored on Cisco Webex and sli.do servers within EU/EEA and may include transfers of personal data outside EU/EEA, subject to the provisions of Chapter V Regulation (EU) 1725/2018.

The final participants list (name, surname, organisation, country) will be kept for a maximum period of 5 years after the end of the event for auditing purposes. Your contact data will be kept for a maximum period of six months after the end of the event for communication/follow-up of the event. Financial data related to the event will be kept for a maximum period of 7 years after the end of the event for auditing purposes. 

You have the right of access to your personal data and to relevant information concerning how we use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. We will consider your request, take a decision and communicate it to you. If you have any queries concerning the processing of your personal data, you may address them to ENISA at standardisation@enisa.europa.eu.  

You have the right of recourse at any time to the ENISA DPO at dataprotection@enisa.europa.eu and to the European Data Protection Supervisor at https://edps.europa.eu.

Please note that there will be photos and screenshots from the online platform taken during the panels’ discussions based on the prior consent of the speakers (panel participants). These photos may be published on ENISA’s website or on social media. Still, should your photo is taken in the context of this photo shooting, and you would like to have this photo removed, please contact us at standardisation@enisa.europa.eu and we will do so as soon as possible.