EUVP Privacy Statement

PROTECTION OF YOUR PERSONAL DATA

This privacy statement provides information about the processing and the protection of your personal data.

Processing operation: Selection of participants and implementation of the European Union Visitors Programme (EUVP)

Data Controllers: European Parliament, Office of the Secretary General, EUVP Unit & European Commission, Service for Foreign Policy Instruments, FPI.5 Unit

Record reference: DCR-EC-03427.1 for the European Commission and 431 for the European Parliament

Table of Contents:

1. Introduction
2. Why and how do we process your personal data?
3. On what legal ground(s) do we process your personal data?
4. Which personal data do we collect and further process?
5. How long do we keep your personal data?
6. How do we protect and safeguard your personal data?
7. Who has access to your personal data and to whom is it disclosed?
8. What are your rights and how can you exercise them?
9. Contact information
10. Where to find more detailed information?

1. Introduction

The European Union Visitors Programme (hereafter, ‘EUVP’) is jointly managed by the European Commission (Service for Foreign Policy Instruments) and the European Parliament (Office of the Secretary General). The EUVP Unit is composed of staff from the two EU Institutions and the day-today management of the programme and of the EUVP team is ensured by a Head of unit from European Parliament. The European Commission and the European Parliament act as joint controllers in relation to the selection of participants and implementation of the European Union Visitors Programme and are hereafter collectively referred to as the ‘Joint Controllers’.

The Joint Controllers are committed to protect your personal data and to respect your privacy. The Joint Controllers collect and further process personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controllers with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

The information in relation to the processing operation “Selection of participants and implementation of the European Union Visitors Programme” undertaken by the joint controllers is presented below. Please note that the Commission and the Parliament are not involved in the initial stage of applications, which falls under the remit of EU Delegations and European Parliament Liaison Offices (“pre-selection phase”). This privacy statement covers exclusively the selection procedure by the EUVP Management
Committee and the implementation of the programme.

A separate privacy statement covers the processing undertaken in relation to the “Implementation of the Alumni Platform dedicated to the former participants of the European Union Visitors Programme (EUVP)”.

2. Why and how do we process your personal data?

Purpose of the processing operation: We collect and use your personal data in the context of:

1. The selection of participants to the programme;
2. The implementation of the programme, which includes the organisation of the travel and accommodation arrangements for the participants, as well as the administrative and financial management of visits/meetings;
3. Communication purposes, such as publication of photos and other EUVP materials (statements of the visitors, quotes, testimonials, summaries of the visits and others) on the EUVP website and EUVP social media channels.

Your personal data is processed and used to:

• Select the participants using as criteria: country of origin, age, educational background and professional function and activities;
• Purchase flights (thus, they may be transferred to the official travel agency of the European Parliament and airline companies);
• Acquire visas (as the EUVP may have prepare a Visa Invitation Letter to be transferred by you to the relevant Embassy and support your visa application);
• Arrange your accommodation during the programme (thus, they may be transferred to the official travel agency of the European Parliament and its partner hotels)
• Ensure your insurance coverage (thus, they may be transferred to the partner insurance company);
• Acquire accreditations to the EU institutions’ buildings during your visit;
• Manage the administrative and financial aspects of visits;
• Ensure security of the Commission’s staff, information and assets;
• (Upon your explicit agreement) communicate and promote activities through the EUVP website and social media channels.

Your personal data is:

• Retrieved from your application documents: your CV, Statement of Purpose of the EUVP visit, Nomination Form prepared by the EU Delegation during the pre-selection; Such data is forwarded to the EUVP by the EU Delegations, which are in charge of the pre-selection of participants.
• Directly requested from you by the EUVP to arrange the logistical aspects of your visit;
• Provided by you on voluntary basis to participate in the EUVP communication activities through the EUVP website and social media channels.

Your personal data will not be used for an automated decision-making including profiling.

3. On what legal ground(s) do we process your personal data?

The EUVP was established by the “Reglementation administrative pour l’année 1974 du Comité de direction du programme communautaire d’invitation de ressortissants américains” in 1974 following a resolution of the European Parliament. The role of EUVP is to explain and promote EU values to citizens of third countries and strengthen long-term bilateral relations between the EU and the respective third countries. This role is also attained by the creation of an external network of contacts
for the EU Institutions.

This objective of the programme is reflected in articles 3(5) and article 21(1) subparagraphs one and two of the Treaty of the EU¹.

For this reason, processing of your data in the context of EUVP is necessary for the performance of a task carried out in the public interest (article 5(1)(a) of Regulation (EU) 2018/1725). Processing of data for selecting the candidates and for the implementation of the programme is necessary to fulfill the overall objective of the EUVP.

Processing of your personal data for the security purpose is necessary for the performance of a task carried out in the public interest as laid down in Article 5(1)(a) of Regulation (EU) 2018/1725 and the legal basis has been laid down in the Commission Decision (EU, Euratom) 2015/443 of 13 March 2015 on Security in the Commission.

For communication/visibility material (e.g. publication of photos, quotes), data is processed based on your explicit consent (article 5(1)(d) of Regulation (EU) 2018/1725).

4. Which personal data do we collect and further process?

In order to carry out this processing operation, we collect the following categories of personal data:

• Identification data: First and last name, postal address, professional and private e-mail addresses, phone numbers, date and place of birth, copy of ID Card / Passport, country of residence.
• HR data: CV & Statement of Purpose details: your professional experience, educational background, professional interests;
• Nomination forms filled in by the EU Delegations

Your personal data may be provided to the duly mandated staff of the Security Directorate of the European Commission as explained in the privacy statements concerning records DPR-EC-00676 and DPR-EC-00677 published at: https://ec.europa.eu/info/about-european-commission/servicestandards-and-principles/security-commission_en.

Based on your consent, we may collect additional personal data for communication purposes (e.g photos and information about yourself to be published in the EUVP communication channels (website and social media).

The EUVP does not ask you to provide any data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. In case you voluntarily include such data in your CV, they will not be taken into consideration during the selection process or at any point during the EUVP programme.

5. How long do we keep your personal data?

We only keep your personal data for the time necessary to fulfil the purpose of collection or further processing.

• If you are an EUVP participant, your personal data will be stored by the European Commission and Parliament for a 5-year period after budgetary discharge in line with the Financial Regulation (art.75)²
• If you submitted a nomination, but you have not been selected to take part in the EUVP, your personal data will be kept for 1 year and 6 months after the date of the final decision of the management committee, which is in charge of selecting participants;
• Personal data published on the EUVP website and on EUVP social media channels (e.g. photos/quotes) will remain published unless your specific consent is withdrawn.

6. How do we protect and safeguard your personal data?

Your data will be manually processed. All personal data in electronic format are stored and transferred on the servers of the European Commission and the European Parliament. Concerning data stored at the Commission servers, all processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

Data stored at the European Parliament servers, are stored on the IT infrastructure that is either owned by the European Parliament (DG ITEC - DG for Innovation and Technological Support), and hence meets DG ITEC’s security standards, or on third party’s infrastructure that has been approved by DG ITEC and that meets their security requirements.

We may keep hard copies of the data provided to us electronically. Access to hardcopy documentation is limited to EUVP staff having access to storage areas, which are always locked when unattended.
These hard copies are destroyed after the retention period.

In order to protect your personal data, we have put in place a number of technical and organisational measures in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for
the purposes of this processing operation.

7. Who has access to your personal data and to whom is it disclosed?

Access to your personal data is provided to Commission, Parliament and EEAS staff members responsible for carrying out this processing operation and to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

Recipients of your personal data are the following:

• CVs, statements of purpose and nomination forms of the candidates pre-selected by the EU Delegations are forwarded to the EUVP Management Committee. The Management Committee is composed by members of the European Commission and European Parliament with an observer from the EEAS. Members of the EUVP Management Committee will be given access to your personal data for the purpose of the selection process;
• Access to your personal data is provided to the European Commission and European Parliament staff responsible for carrying out this processing operation and to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
• Your personal data (CV and Statement of Purpose) may also be transferred to staff members in the European Economic and Social Committee, the European Committee of the Region and other EU bodies. All these recipients are individuals professionally and institutionally located within the EU institutions. They are given access to your data (CV and Statement of Purpose) to best match your background and interests to their expertise. Such access is, therefore, essential for the organisation of your EUVP programme;
• On an exceptional basis, interlocutors from non-EU organisations including Brussels-based think tanks and Non-Governmental Organisations are also, on occasions, given access to your personal data (CV and Statement of Purpose) for the same as above purpose of programme organisation;
• Accreditation Units/Security contractors responsible for managing the security of the European Institutions’ premises will be provided with the personal data contained in your passport for identification and security purposes;
• Travel agencies, insurance companies, contracted by the Parliament, as well as hotels collaborating with the Parliament or its contractors, are given access to your personal data (passport information including name, gender, date of birth, country of origin) for logistical purposes;

Based on your consent, communication material which includes your personal data (eg photos) is published on the EUVP Facebook page and EUVP website.

Your data will not be transferred to a non-EU/EEA country or international organisation.

8. What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the
right to data portability.

You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) on grounds relating to your particular situation.

For processing based on your consent, you have the right to withdraw your consent at any time by notifying the joint controller at EUVP@ec.europa.eu. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 11 below.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified under Heading 12 below) in your request.

9. Contact information

- The Data Controller(s)

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the joint controllers at EUVP@ec.europa.eu

- The Data Protection Officer (DPO) of the Commission and of the European Parliament

You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) of the Commission and/or the Data Protection Officer (data-protection@ep.europa.eu) of the European Parliament with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

- The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

10. Where to find more detailed information?

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register. You may access the European Parliament public Register of records at the following URL: https://www.europarl.europa.eu/dataprotect/index.do

This specific processing operation has been included in the EC DPO’s public register with the following Record reference: DCR-EC-03427.1 and in the EP DPO’s public Register with the following Record Reference: 431.
 

---

¹ Article 3(5) of the Treaty of the European Union, states that “in its relations with the wider world, the Union shall uphold and promote its values and interests(…)”. Article 21(1) subparagraphs one and two of the Treaty of the European Union, which state that “The Union’s action on the international scene shall be guided by the principles which have inspired its own creation, development and enlargement, and which it seeks to advance in the wider world(…)” and “The Union shall seek to develop relations and build partnerships (…) which share the principles referred to in the first subparagraph"

² Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012