Privacy and data protection policy

Administrative management of the Radio Spectrum Policy Group (RSPG)

  • Introduction

The European Commission (hereafter ‘the Commission’) is committed to protecting personal data and to respecting privacy. When the Commission collects and further processes personal data it does so pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018, on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reason for the processing of personal data related to the activities of the Radio Spectrum Policy Group (RSPG), the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights data subjects  have in relation to their personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

The information in relation to processing operation “administrative management of the Radio Spectrum Policy Group (RSPG)” undertaken by DG CONNECT/B4 is presented below.

  • Why and how do we process your personal data?

Purpose of the processing operation: the European Commission collects and uses personal information for the administrative management of the Radio Spectrum Policy Group (RSPG). This involves keeping lists with contact details for sending invitations, documents, security (access control to Commission premises) and reimbursements purposes:

Personal data will not be used for any automated decision-making including profiling.

  • On what legal ground(s) do we process your personal data

We process personal data, because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body ( Article 5(1)(a) of Regulation 2018/1725), namely as regards the activities of the Radio Spectrum Policy Group (RSPG), as set out in Commission Decision of 11 June 2019.

  • Which personal data do we collect and further process?

In order to carry out this processing operation the European Commission collects the following categories of personal data:

• Data necessary for organising and managing meetings such as gender (Mr/Ms), name, organisation to which the data subject belongs, e-mail address, phone/fax number.

• Data necessary for security (access control to Commission premises) such as ID card/Passport number and date of birth, name, surname, organisation the data subject belongs to, gender.

• Data necessary for reimbursements purposes such as means of transport, hotel accommodation and banking details, as per Commission’s rules. No personal data of individuals are included in the summary records of meetings. Due to the transparency policy of the European Institutions, summary records of meetings and list of authorities represented at the meetings are published in the Comitology Register.

The provision of personal data is mandatory to participate in the meetings.

  • How long do we keep personal data?

The European Commission only keeps personal data for the time necessary to fulfil the purpose of collection or further processing, normally for no longer than 5 years after last meeting attended by the data subject.

  • How do we protect and safeguard personal data?

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of the European Commission. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

In order to protect personal data, the Commission has put in place a number of technical and organisational measures in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

  • Who has access to personal data and to whom is it disclosed?

Access to personal data is provided to the Commission staff responsible for carrying out this processing operation and to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional, confidentiality agreements.

The information we collect will not be given to any third party, except to the extent and for the purpose we may be required to do so by law.

  • What are your rights and how can you exercise them?

Data subjects have specific rights under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, rectify or erase their personal data and the right to restrict the processing of their personal data. Where applicable, they also have the right to object to the processing or the right to data portability.

Data subjects have the right to object to the processing of their personal data, which is lawfully carried out pursuant to Article 5(1)(a).

Data subjects can exercise tehir rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 9 below.

Where a data subject wishes to exercise their rights in the context of one or several specific processing operations, they are invited to provide their description (i.e. their Record reference(s) as specified under Heading 10 below) in their request.

  • Contact information

The Data Controller

If a data subject wishes to exercise their rights under Regulation (EU) 2018/1725, or if they have comments, questions or concerns, or if they would like to submit a complaint regarding the collection and use of their personal data, they should in the first instance contact the Data Controller, DG CONNECT/ B4 at the following email address:

cnect-rspg@ec.europa.eu

  • The Data Protection Officer (DPO) of the Commission

Data subjects may also contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

  • The European Data Protection Supervisor (EDPS)

Data subjects also have the right to have recourse to (i.e. they can lodge a complaint with) the European Data Protection Supervisor (edps@edps.europa.eu) if they consider that their rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of their personal data by the Data Controller.

  • Where to find more detailed information?

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.