EU4Digital Facility is a programme funded by the European Union to promote key areas of the digital economy and society, in line with EU norms and practices. The programme is implemented by a consortium led by Ernst & Young Baltic UAB.
The European Commission’s Directorate-General for Neighbourhood and Enlargement Negotiations (hereafter referred to as DG NEAR), is the data controller and the consortium members Ernst & Young Baltic UAB (company code: 110878442, address: Aukštaičių st. 7, LT-11241 Vilnius, Lithuania),Ernst & Young Advisory Services SCRL/CVBA (company code: BE 0467.239.793, address: De Kleetlaan 2, B-1831 Diegem, Belgium) and Action Global Communications Limited Cyprus (company code: HE1 16495, address: Kondilaki st.1090, Nicosia, Cyprus) (hereafter referred to as the EU4Digital Facility Partners) act under instructions and on behalf of the European Commission as data processors for the EU4Digital Facility programme.
The EU4Digital Facility Partners are committed to protect your personal data and to respect your privacy. The European Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).
This privacy statement explains the reasons for the processing of your personal data by the EU4Digital Facility Partners, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.
This statement concerns the EU4Digital Facility programme, undertaken by DG NEAR of the European Commission in its capacity of the Data Controller, which appointed the EU4Digital Facility Partners to act as the Data Processors.
The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of the General Data Protection Regulation in the EU Member States (‘GDPR’ Regulation (EU) 2016/679).
Data subjects have the right to have recourse (i.e. can lodge a complaint) to the European Data Protection Supervisor (firstname.lastname@example.org) if they consider that their rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of their personal data by the Data Controller.
2. WHY WE PROCESS YOUR DATA?
We exclusively collect and process your data in order to be able to distribute periodic updates and newsletters via email address.
3. WHICH DATA WE COLLECT AND PROCESS?
We collect and process the following (personal) information directly from you:
Collecting and processing this personal contact data allows us to contact, obtain and register communication preferences and where applicable consent of data subjects in regard to the implementation of EU4Digital Facility activities and marketing communications.
Email data are collected through the use of the online marketing platform Mailchimp. Collecting emails allows us to send recipients newsletters, reports and other material related to our website.
- Cookies and web analytics
When you visit our website, we collect certain personal data automatically from your device, such as:
- Your IP address.
- The domain name you requested.
- The name of your internet service provider (ISP) is sometimes captured depending on the configuration of your ISP connection.
- The date and time of your visit to the website.
- The length of your session.
- The pages which you have accessed.
- The number of times you access our website within any month.
- The file URL you look at and information relating to it.
- The website which referred you to our website.
- The operating system which your computer uses.
- We are using Google Analytics for tracking of our website traffic and the user data retention period is 26 months.
4. HOW WE COLLECT PERSONAL DATA
We mainly collect personal information directly from you when you provide it to us by subscribing to our newsletter.
5. ON WHICH LEGAL GROUNDS DO WE PROCESS YOUR PERSONAL DATA?
In the context of data processing, Regulation (EC) No 2018/1725 applies. The processing of your data is lawful under Article 5 a) and d).
We process your personal data, because:
- 5(a) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body;
- 5(d) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
6. HOW LONG DO WE KEEP YOUR DATA?
We will keep your personal data for the entire operational time of the EU4Digital Facility programme (indicatively, until February 2022) unless:
- the data subject specifically requests deactivation and deletion of the information;
- the contacts have been out of active use for a period that lasts beyond 18 months.
If you no longer want us to use your personal information or to provide you with any services, you can request that we erase your personal information by sending a request to EU4Digital@lt.ey.com.
7. HOW DO WE PROTECT YOUR DATA ?
All data in electronic format (e-mails, documents, contact details) are stored on our database. All processing operations are carried out pursuant to the Commission Decision 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission. The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of the General Data Protection Regulation in the EU Member States (‘GDPR’ Regulation (EU) 2016/679).
We are committed to making sure your personal data is secure. To prevent unauthorized access or disclosure, all EU4Digital Facility Partners have technical and organisational measures to safeguard and secure your personal data. All personnel and third parties engaged to process your personal data are obliged to respect your data’s confidentiality.
Unauthorized access to personal data has been ensured through the implementation of a restricted access policy, limiting access to the database containing personal data to accredited persons based on necessity for the execution of their tasks.
We are committed to ensuring that your information is secure. To prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
8. WHO HAS ACCESS TO YOUR DATA AND TO WHOM IS IT DISCLOSED?
Your information is disclosed to the Data Controller and Data Processors for information and potentially for communication purposes.
Information can be shared with:
- the Data Controller for the purpose of executing their task in the public interest or in the exercise of official authority vested in the Union institution or body;
- the Data Controller and the Data (Sub-)Processors (for performing the administrative and maintenance tasks required by their roles).
9. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access your personal data and to rectify them in case your personal data are inaccurate or incomplete.
Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.
You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) on grounds relating to your particular situation.
Where you have consented to provide your personal data to DG NEAR or directly to the EU4Digital Facility Partners for the present processing operation, you can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.
Data Subjects can request modification, correction or deletion of their profiles from the EU4Digital Facility programme by sending an e-mail.
If you believe your data protection rights have been infringed by the EU institution you can lodge a complaint with the European Data Protection Supervising Authority.
10. CONTACT INFORMATION
If you have comments or questions, any concerns or complaints regarding the collection and use of your personal data, please feel free to contact us (the EU4Digitial Facility Partners), the Data Controller or the Data Protection Officer (DPO).
If necessary, you can also address the European Data Protection Supervisor.
Their contact information is given below:
The EU4Digital Facility Partners:
Functional mailbox: EU4Digital@lt.ey.com
The Data Controller:
European Commission, Directorate-General NEAR
Functional mailbox: NEAR-A2@ec.europa.eu
The European Data Protection Officer:
You may contact the Data Protection Officer with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725: