Privacy notice

Call for proposal of sessions for the event “Fundamental Rights Forum”, hereinafter “the Event”; taking place on 11-12 October 2021 in a hybrid setting.

The European Union Agency for Fundamental Rights (FRA or Agency) processes the personal data of a natural person in compliance with Regulation 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

This privacy notice explains FRA’s policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognise that information privacy is an ongoing responsibility, and we will update this notice where necessary.

Why do we collect personal data?
What kind of personal data does the Agency collect?
How do we collect your personal data?
Who is responsible for processing your personal data?
Which is the legal basis for this processing operation?
Who can see your data
Do we share your data with other organisations?
Do we intend to transfer your personal data to Third Countries/International Organizations
When will we start the processing operation?
How long do we keep your data?
How can you control your data?
1. The value of your consent
2. Your data protection rights
What security measure are taken to safeguard your personal data?
What can you do in the event of a problem?
How do we update our privacy notice?

Why do we collect personal data?

FRA is responsible for the overall organisation of the event. For that reason FRA is organising a call for sessions proposals inviting in a targeted way potential contributors to submit a proposal via the Forum 2021 website. These sessions will run in parallel during the Forum as live or recorded online events - panel debates, presentations, discussions, etc. The call for proposals aims to open the floor and provide space for proposals of hybrid/virtual sessions by organisations from the human rights sector, civil society, social partners etc. These Forum sessions hosts/contributors are given the opportunity and the responsibility to implement single sessions or an entire strand of sessions.

Session hosts will be listed with their name in the Forum programme. Proposals for sessions are on ‘invitation only’ basis by the FRA, and to be detailed by potential contributors in the ‘form for submitting proposals for sessions’.

The purpose of the processing of personal data is handling the call for proposal of sessions for the Fundamental Rights Forum taking place on 11-12 October.

What kind of personal data does the Agency collect?

We will collect only the following general personal data necessary for the processing operation described above:

Name, surname, email, phone number, affiliated organization and position, photo and biography.

How do we collect your personal data?

Personal data will be collected through the following means:

Via the website: https://fundamentalrightsforum.eu

And by email: FRA-RightsForum21@fundamentalrightsforum.eu, visitors of the website can sign up for a pre-registration list and be ‘first in line when registrations at the platform opens.

Who is responsible for processing your personal data?

The Agency is the legal entity responsible for the processing of your personal data and determines the objective of this processing activity. The Head of Communication and Events department is responsible for this processing operation.

Which is the legal basis for this processing operation?

The processing operations on personal data linked to the organization, management, follow – up and promotion of the event is necessary for the management and functioning of the Agency. FRA is tasked with promoting dialogue with civil society under Article 4(1)(h) of its founding regulation (EC) 168/2007. Therefore, the processing is lawful under Article 5(a) of the Regulation (EU) No 2018/1725.

In addition, since the participation in the call for proposal of sessions is not mandatory, the processing of the personal data is also in accordance with Article 5(d) of Regulation (EU) No 2018/1725.

Who can see your data?

Access to your data is granted to authorised staff of FRA and service providers bound by confidentiality clauses, involved in the organisation of the event, without prejudice to a possible transmission to the bodies in charge of a monitoring or inspection task in accordance with Union legislation.

Neither FRA nor its service providers share personal data with third parties for direct marketing.

Do we share your data with other organisations?

Personal data is processed by FRA via TIPIK Communication Agency conference@tipik.eu as the data processor, which supports the call for proposal of sessions and later on the registration and the logistics of the organisation of the hybrid event through a framework contract with DG SCIC and a specific contract with FRA.

Do we intend to transfer your personal data to Third Countries/International Organizations

No.

When we will start the processing operation?

We will start the processing operation on 2 March 2021.

How long do we keep your data?

Personal data related to the call for proposal of sessions will be retained by FRA for a maximum of one year after the end of the event, that is 12 October 2022.

Photos, audio and video recordings are stored in FRA Communication and events Unit drive for three years. Within this time, the files to be used for communication purposes and/or be archived for historical purposes shall be selected. The remaining files shall be deleted.

Information concerning the event on the FRA corporate website will be retained for 10 years.

How can you control your data?

Under Regulation 2018/1725, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. You are not required to pay any charges for exercising your rights except in cases were the requests are manifestly unfounded or excessive, in particular because of their repetitive character.

We will reply to your request without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

You can exercise your rights described below by sending an email request to event@fra.europa.eu .

How valuable is your consent for us?

Participation in the call for proposal of sessions is not mandatory. By proposing a session you give your consent to the processing of your data. Yet, you have the right to withdraw your consent at any time, and we will delete your data or restrict its processing. All processing operations up until the withdrawal of consent will still be lawful.

Your data protection rights

Can you access your data?
You have the right to receive information on whether we process your personal data or not, the purposes of the processing, the categories of personal data concerned, any recipients to whom the personal data have been disclosed and their storage period. Furthermore, you can have access to such data, as well as obtain copies of your data undergoing processing.
Can you modify your data?
You have the right to ask us to rectify your data you think is inaccurate or incomplete at any time.
Can you restrict us from processing your data?
You have the right to block the processing of your personal data when you contest the accuracy of your personal data or when the Agency no longer needs the data for completing its tasks. You can also block the processing activity when the operation is unlawful, and you oppose to the erasure of the data.
Can you delete your data?
You have the right to ask us to delete your data when the personal data are no longer necessary for the purposes for which they were collected, when you have withdrawn your consent or when the processing activity is unlawful. In certain occasions we will have to erase your data in order to comply with a legal obligation to which we are subject.
We will notify to each recipient to whom your personal data have been disclosed of any rectification or erasure of personal data or restriction of processing carried out in accordance with the above rights unless this proves impossible or involves disproportionate effort from our side.
Can you request the transfer of your data to a third party?
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or for the performance of a contract or for entering into a contract and the processing is automated.
Do you have the right to object?
Yes, you have the right to object when you have legitimate reasons relating to your particular situation. Moreover, you will be informed before your information is disclosed for the first time to third parties, or before it is used on their behalf, for direct marketing purposes.
Do we do automated decision making, including profiling?
Your personal data will not be used for an automated decision-making including profiling.

What security measures are taken to safeguard your personal data?

The Agency has several security controls in place to protect your personal data from unauthorised access, use or disclosure. We keep your data stored on our internal servers with limited access to a specified audience only.

What can you do in the event of a problem?

The first step is to notify the Agency by sending an email to event@fra.europa.eu and ask us to take action.

The second step, if you obtain no reply from us or if you are not satisfied with it, contact our Data Protection Officer (DPO) at dpo@fra.europa.eu.

At any time you can lodge a complaint with the EDPS at http://www.edps.europa.eu , who will examine your request and adopt the necessary measures.

How do we update our privacy notice?

We keep our privacy notice under regular review to make sure it is up to date and accurate.