- PRIVACY STATEMENT
Privacy statement for virtual and on-site ECB Visitor Centre activities
The European Central Bank (ECB) Visitor Centre offers virtual and on-site guided visits and lectures (“activities”).
These activities are organised by the Directorate General Communications of the ECB and, in the case of virtual activities, hosted via an external platform, e.g. Cisco Webex Events/Cisco Webex Meetings, or Microsoft Teams.
When you sign up for visits or lectures, the ECB Visitor Centre collects the following data: first name, last name, organisation (if applicable), age, email address of the (group) organiser, and date and time of scheduled visit or lecture. These data are collected manually via email by ECB staff.
What is our legal framework?
All personal data are processed in accordance with EU Data Protection Law, that is to say in line with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
Why do we process personal data?
Personal data are processed for organisational purposes related to the virtual and on-site activities only. For on-site activities, personal data are processed for the additional purpose of ensuring visitors’ security while on the premises, and to keep track of who is visiting the ECB’s premises.
What is the legal basis for processing your personal data?
Your personal data are being processed by the ECB:
- in the performance of a task in the public interest, based on Article 5(1)(a) of Regulation (EU) 2018/1725 in conjunction with the house rules of the European Central Bank.
Who is responsible for processing your personal data?
The ECB is the controller of all collected personal data. The Directorate General Communications is the processor for the personal data collected manually via email by ECB staff.
Who will receive your personal data?
The recipients of the data are staff from the Visitor Centre Team in the Directorate General Communications.
For on-site activities, the recipients of the data will also be the teams in the Directorate Administration responsible for event and contact management, including related activities such as processing of access badges and plausibility checks.
What types of personal data are collected through the Visitor Centre?
The ECB processes the following personal data:
- first and last name;
- organisation (if applicable);
- age;
- email address of the (group) organiser;
- date and time of scheduled visit or lecture.
To attend a virtual lecture or virtual guided visit, Cisco Webex Events/Cisco Webex Meetings requires attendees to provide their first name, last name and email address. Microsoft Teams only requires attendees to provide a first name and last name.
Microsoft’s privacy statement can be found at https://privacy.microsoft.com/en-us/privacystatement
The Cisco online privacy statement can be found at https://www.cisco.com/c/en/us/about/legal/privacy-full.html
How long will the ECB keep personal data?
Personal data collected for virtual activities are stored for a maximum of one month, before being deleted.
Personal data collected for the purposes of keeping track of who is visiting the ECB’s premises are stored for up to one year, after which time they are deleted.
What are your rights?
You have the right to access your personal data and correct any data that is inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data or to restrict or object to the processing of your personal data in line with Regulation (EU) 2018/1725.
Who can you contact in case of queries or requests?
You can exercise your rights by contacting the Visitor Centre at visitor.centre@ecb.europa.eu. You can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu regarding all queries relating to personal data.
Addressing the European Data Protection Supervisor
If you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.