Privacy policy – Conference: Cybersecurity standardisation 2024
ENISA processes your personal data in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.
CEN, CENELEC and ETSI process your personal data in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The joint data controllers of the processing operation are: ENISA (Market, Certification and Standardisation Unit), CEN, CENELEC and ETSI.
The legal basis for the processing operation is:
- article 5(1)(a) of Regulation (EU) 2018/1725, on the basis of Regulation (EU) 2019/881 (Cybersecurity Act), especially the provisions establishing the tasks of ENISA;
- article 6(1)(c) of Regulation (EU) 2016/679
The legal basis for the recording of presentations and panel discussions and making them publicly available is:
- article 5(1)(d) of Regulation (EU) 2018/1725 and
- article 6(1)(a) of Regulation (EU) 2016/679
The purpose of this processing operation is to register interested persons to the Cybersecurity Standardisation Conference, provide access to the conference venue the teleconference platform, as well as allow the follow up of the conference, including feedback collection, sharing conference material among participants and making publicly available recorded sessions from the conference.
The data processors are:
- Billbomatica, provider of ENISA web site services, under a contract with ENISA
- CISCO, provider of the teleconference platform (Webex webinars) under a contract with ENISA;
- sli.do s. r. o. (part of Cisco Systems International B.V.), provider of the Q&A and polling tool, under a contract with CEN and CENELEC
The following personal data are collected:
- Contact data: first name, last name, organisation, position, e-mail address
- Participation data: Type of participation to the conference (online, physical), dietary requirements (optional)
- Connection details for virtual session: username, email address (optional), IP address, user agent identifer, hardware type, operation system type and version and further technical connection data. These data are processed by CISCO and sli.do
- User generated information: Data processed through the CISCO Webex platform during the event, such as discussion chat logs, uploaded files etc. Data processed by sli.do s. r. o. during the event, such as (poll and Q&A participation).
The recipients of your data will be designated ENISA, CEN, CENELEC and ETSI staff involved in the organisation of the conference and bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, European Anti-fraud Office – OLAF).
Data related to the connection/use of the teleconference platforms are stored within EU/EEA and may include transfers of personal data outside EU/EEA.
Storage of personal data: the contact data collected upon registration at the ENISA website are within EU/EEA. Personal data related to the connection/use of the teleconference platforms are stored on Cisco Webex and sli.do servers within EU/EEA and may include transfers of personal data outside EU/EEA, subject to the provisions of Chapter V Regulation (EU) 1725/2018.
The final participants list (name, surname, organisation, country) will be kept for a maximum period of 5 years after the end of the event for auditing purposes. Your contact data will be kept for a maximum period of six months after the end of the event for communication/follow-up of the event. Financial data related to the event will be kept for a maximum period of 7 years after the end of the event for auditing purposes.
You have the right of access to your personal data and to relevant information concerning how we use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. We will consider your request, take a decision and communicate it to you. If you have any queries concerning the processing of your personal data, you may address them to ENISA at standardisation@enisa.europa.eu.
You have the right of recourse at any time to the ENISA DPO at dataprotection@enisa.europa.eu and to the European Data Protection Supervisor at https://edps.europa.eu.
Please note that during the conference there will be photos taken from the speakers and panelists (subject to their prior consent) and the talks and panel discussions will be recorded (subject to speakers and panelists prior consent). The recordings and the photos may be published on organizers website or on social media. Attention will be paid to not include any of the participants in the pictures or the recordings. Still, should you appear in any of them and you would like to have it removed, please contact us at standardisation@enisa.europa.eu and we will do so as soon as possible.