List of active policies

Name Type User consent
Privacy policy Privacy policy Authenticated users
Site policy Site policy Authenticated users

Summary

Non-mandatory data collected.

Full policy

In addition, the following non-mandatory personal data are collected: your photo and your Linkedin account to include your profile information inside the Learning Platform. Your name, email and organisation so to be included in the mailing list and/or to be contacted in case of similar initiatives/programmes/newsletters subscriptions run by EC services (this can also imply giving contacts to 3rd parties who are contracted by EC services to run the afore mentioned initiatives) and can only be processed based on your explicit prior consent1.

The non- mandatory personal data will be originally collected at two specific moments: in the selection process and by means of the completion of a registration form in the Learning Platform.


  1. Processing of non-compulsory personal data can only be based on consent and individual tick boxes have to be provided when data is collected to document the consent.  

Summary

 

Data Protection Notice for Learning Platform of Procure Innovation EU- Training Programme- EISMEA/2023/OP/0012 - Lot 1

Your personal data is processed in accordance with Regulation (EU) No 2018/1725 on the protection of individuals regarding the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.

Full policy

The data controller of the processing operation is Head of Unit I.02 of the European Innovation Council and SMEs Executive Agency (EISMEA).

The following entity/ies process your personal data on our behalf:

  • SCIENCE & INNOVATION LINK OFFICE S.L. (SILO)- contractor

CLAUDIO COELLO 52, 1ST FLOOR, 28001 MADRID, SPAIN. SB86407319

  • ESCUELA21, INNOVACIÓN, APRENDIZAJE Y TECNOLOGÍA S.L.- contractor

SAN ESTEBAN, 9, 09400 ARANDA DE DUERO, SPAIN. ESB01784479

  • VB GLOBAL GROUP S.L.- subcontractor (Travel Agency).

ESPRONCEDA 40, 28003 MADRID, SPAIN. CIF B83782284

  • MICROSOFT OFFICE 365 FUNCTIONALITIES—Third party

THE DATA IS HOSTED BY THIRD PARTIES, IN THIS CASE MICROSOFT SERVERS. THE LOCATION OF MICROSOFT DATA IN EUROPE IS HOSTED IN THE EUROPEAN UNION.

  • BREVO PLATFORM —Third party

THE DATA IS HOSTED BY THIRD PARTIES. THE HOSTING SERVERS ON WHICH BREVO PROCESSES AND STORES DATABASES ARE LOCATED EXCLUSIVELY IN THE EUROPEAN UNION, ON OWN GOOGLE CLOUD SERVERS. BREVO RENTS RACKS IN DATA CENTRES LOCATED IN FRANCE, THE EQUIPMENT IS SPECIFIC TO BREVO. THE DATA STORED IN THE CLOUD IS LOCATED IN THE GOOGLE CLOUD IN BELGIUM.

The legal basis for the processing activities is/are:

- Article 5(1)(a) of Regulation (EU) 2018/1725 because processing is necessary for the performance of a task carried out in the public interest (or in the exercise of official authority vested in the Agency) laid down in Union law;

- Article 5(1)(d) of Regulation (EU) 2018/1725 based on your explicit prior consent for your non-mandatory personal data indicated below.

The purpose(s) of this processing is/are to: (1) Collect the necessary information to carry out the evaluation process, selection and/or registration of candidates to participate in the Procure Innovation EU- Training Programme*. (2) Arrange the travels covered by the programme, only for individuals that participate in the Level 1 training, (3) Registration in the Learning Platform**, creation of a profile for each participant and participation in the forums and other networking activities.

*Procure Innovation EU – Training programme is divided into two training levels: Level 1 (5-day schedule on site training programme addressed to Public Buyers’s staff), and Level 2 (online training programme addressed to Decision Makers).

**Learning Platform: The Learning Platform is a Moodle tool that will facilitate the delivery of the trainings by providing a centralised access to the training materials.

The following of your personal data are collected: your first name, last name, title, organisation, function, (professional / personal) e-mail, address, phone number, ID/Passport number (only for Level 1 participants), and nationality. All personal data are mandatory for the purpose(s) outlined above.

The mandatory personal data will be originally collected at two specific moments: in the selection process and for the arrangement of travels for Level 1 participants.

The recipients of your personal data will or may authorised Agency and Commission staff in charge of contract, and authorised staff of Agency or Commission contractors and bodies in charge of monitoring or inspection tasks in application of Union or national law (e.g. internal audits, Court of Auditors, European Anti-fraud Office (OLAF), law enforcement bodies).   

Your personal data will not be transferred to third countries or international organisations.

The processing of your data will not include automated decision-making (such as profiling).

The following technical and organisational security measures are in place to safeguard the processing of your personal data: Personal data are processed on a need-to-know basis by authorised staff only, with limited access rights; files are stored on secured Servers subject to the European Commission's security Decision 2017/46 of 10 January 2017. Electronic communication and files are secured for internal communication purposes. In principle, no paper files are stored, but if needed, they will be stored in locked cupboards. The information is managed through private access to the storing system. Backups are done regularly once a file is modified.

Your personal data will be kept until June 2029. Data will be manually deleted at the end of this period.

You have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal.

Your request to exercise one of the above rights will be dealt with without undue delay and within one month.

Your right to information, access, rectification, erasure, restriction or objection to  processing, communication of a personal data breach or confidentiality of electronic communications may be restricted only under certain specific conditions as set out in the applicable Restriction Decision in accordance with Article 25 of Regulation (EU) 2018/1725.

If you have any queries concerning the processing of your personal data, you may address them to Head of Unit I.02entity acting as data controller) via EISMEA-SMP-COSME-ENQUIRIES@ec.europa.eu.

You shall have the right of recourse at any time to the EISMEA Data Protection Officer at EISMEA-DPO@ec.europa.eu and to the European Data Protection Supervisor at https://edps.europa.eu.

Version May - 2024


Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L295/39 of 21.11.2018).

EISMEA Establishment Act: Commission Implementing Decision (EU) 2021/173 of 12 February 2021 establishing the European Innovation Council and SMEs Executive Agency (OJ L 50/9 of 15.2.2021)

EISMEA Act of Delegation: Commission Decision C(2021)949 delegating powers to the European Innovation Council and SMEs Executive Agency with a view to the performance of tasks linked to the implementation of Union programmes in the field of Innovative Europe, Single Market and Interregional Innovation Investments comprising, in particular, implementation of appropriations entered in the general budget of the Union.

  Single Market Programme.