Data Protection Notice to manage subscriptions to receive the Digital Skills and Jobs Digest sent in the context of the Digital Skills and Jobs Platform - 2 project
The European Health and Digital Executive Agency (HaDEA) processes your personal data in line with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of personal data by the European Union's institutions, bodies and agencies and on the free movement of such data.
Introduction
This Data Protection Notice concerns the Digital Skills and Jobs Digest (“Digest”) which is a bi-weekly newsletter that brings you the latest and most relevant news, notifications, events, initiatives, publications, training, and funding opportunities in connection with the Digital Skills and Jobs Platform – 2 (“DSJP2”) project. The Digest also features the most popular discussion topics and activities from the Digital Skills and Jobs Community, helping you stay up to date with your favourite themes and remain connected with colleagues and peers. An online subscription area is available on the Digital Skills and Jobs Platform (“DSJP”) where anyone can subscribe on a voluntary basis to the Digest.
The Digital Skills and Jobs Platform-2 project is implemented by the DSJP2 Contractors (Data Processors) on behalf of HaDEA, the European Health and Digital Executive Agency (Data Controller).
For details on the processing of your personal data on the DSJP itself, including IP addresses please refer to the dedicated privacy statement on the portal: https://digital-skills-jobs.europa.eu/en/privacy-policy. This data protection notice covers processing of your personal data in the context of Digest.
This specific data protection notice explains the reason and purpose for the processing, the way we collect, handle and ensure protection of all personal data gathered, stored, how that information is used and how you can exercise your rights in relation to your data.
General description of the processing, including the means:
On behalf of the DSJP2 project, the DSJP2 Contractors collect your personal data solely for the purpose of managing your subscription to the Digital Skills and Jobs Digest (“Digest”) and delivering it to you on a bi-weekly basis. Personal data is obtained directly from you as the subscriber through the online subscription area. The processing is carried out exclusively by the designated DSJP2 team members, and access to your data is strictly restricted to these members including authorized recipients listed under section “Who has access to the personal data of data subjects and to whom can they be disclosed?”. You can unsubscribe from the Digest at any time via the Platform: https://digital-skills-jobs.europa.eu/en/newsletter/subscription. Additionally, each email we send to you in relation to the Digest includes an unsubscribe link, allowing you to opt out of future communications easily and at any time.
What is the purpose(s) of this processing activity?
The purpose is:
To manage your subscription to the Digital Skills and Jobs Digest (i.e. bi-weekly newsletter) sent in the context of the DSJP2 project.
Who is the data controller?
The data controller of the processing operation is the Head of Unit. B.2 DIGITAL of the European Health and Digital Executive Agency (“HaDEA”), Place Charles Rogier 16, 1210 Saint-Josse-ten-Noode, Belgium.
Contact details: HADEA-DEP-DIGITAL@ec.europa.eu
The following entities process your personal data on our behalf (i.e. each acting as data processor):
The consortium (“DSJP2 Contractors”) consisting of:
- EUN Partnership aisbl (“European Schoolnet”), Rue de Trèves, 61, 3rd floor, 1040 Brussels, Belgium. Consortium coordinator and lead on business analysis, content production and research, reachable at: privacy@eun.org.
- Tremend by Publicis Sapient, Splaiul Unirii, 165, 4th Floor, Building offices TN Office 2, District 3, Bucharest 030134, Romania. Consortium partner and lead on web application development, reachable at ps-cee-data-management@publicissapient.com.
- DIGITALEUROPE aisbl, Rue de la Science 37, 1040 Brussels, Belgium. Consortium partner and lead on community management and communications activities, reachable at DPO@digitaleurope.org.
- LIKTA, Dzirnavu street 91 – 3, Riga, LV-1011, Latvia. Consortium Partner and contributor to community management and content production activities, reachable at office@likta.lv.
- European DIGITAL SME Alliance aisbl, Rue Marie Thérèse 21, bte. 5, 1000 Brussels, Belgium. Consortium partner and contributor to community management and content production activities, reachable at privacy@digitalsme.eu.
Public Libraries 2030 aisbl, Rue Maximilien 16, 1050 Brussels, Belgium. Consortium partner and contributor to community management and content production activities, reachable at ilona@pl2030.eu.
The European Commission services:
- The European Commission’s Directorate-General for Informatics (“DIGIT”) provides the IT hosting service for the Digest. Reachable at DIGIT-DATA-PROTECTION-COORDINATOR@ec.europa.eu.
Which personal data is collected?
The following mandatory personal data are collected:
- Your e-mail address
This personal data is needed to ensure the delivery of the Digest to you as a subscriber.
Please note that HaDEA, as Data Controller, does not request that subscribers to the Digest include (i) special categories of data under Article 10(1) of Regulation 2018/1725 (that is “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”) or (ii) personal data related to criminal convictions and offences as provided for in Article 11 of Regulation 2018/1725, related to themselves or to third persons in their application. Any inclusion of special categories of personal data voluntarily provided by subscriber is the responsibility of the subscriber. HaDEA will disregard any such personal data. Such personal data can be deleted by the data subject either directly or upon the data subject’s request.
Who has access to the personal data of data subjects and to whom can they be disclosed?
The recipients of your personal data will be the relevant European Commission and HADEA staff that deal with the management of this file, as well as the authorised staff members of the abovementioned data processors.
Within HaDEA:
Authorised staff, in particular HaDEA Unit. B2 staff in charge of the DSJP2 project.
Outside HaDEA:
Authorised staff of the DSJP2 Contractors in charge of implementing the project.
The DG CNECT authorised staff (Unit G.2 as collaborator on the implementation of the project).
DIGIT authorized staff in charge of IT hosting service for the Digest.
On a need to know basis and in compliance with the relevant current legislation, bodies charged with monitoring or inspection tasks in application of EU law (e.g. EC internal audit, Court of Auditors, European Anti-fraud Office (OLAF), the European Ombudsman, the European Data Protection Supervisor, the European Public Prosecutor).
Your personal data will not be transferred to third countries or international organisations.
The processing of your data will not include automated decision-making (such as profiling).
Which is the legal basis for processing your personal data?
The legal basis for the processing activities is Article 5(1)(d) of Regulation EU 2018/1725 based on your explicit consent for your personal data indicated above.
You have expressed your consent by ticking the appropriate box in the Platform subscription area.
How to withdraw your consent and the consequences of doing this
You can unsubscribe from the Digest at anytime via the Platform: https://digital-skills-jobs.europa.eu/en/newsletter/subscription. Additionally, each email communication we send to you as a subscriber includes an unsubscribe link, allowing you to opt out at any time.
If you are unable to access the unsubscribe form for any reason, please contact us using the details provided in the final section of this Privacy Notice. We will process your request without undue delay and in any event within a maximum of one month of receipt of the request.
Please note that withdrawing your consent does not affect the lawfulness of any processing based on your consent before this consent is withdrawn. Attention is drawn to the consequences of a delete request, which means that all your contact details will be lost.
How long do we keep your personal data?
Your personal data will be kept until you unsubscribe from the Digest.
It is possible that your data may be kept for 5 years after the un-subscription for the sole purpose of generating anonymised statistics, in a fully anonymised format, ensuring that it can no longer be used to identify you.
How do we protect your personal data?
All data in electronic format (e-mails, documents, uploaded sets of data, etc.) are stored on the servers of the European Commission, HaDEA (Data Controller) as specified in this notice. Personal data is not stored in servers outside the EU.
In order to protect your personal data, European institutions and its bodies and the DSJP2 contractors processing data on behalf of HaDEA have put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
Procurement award procedures between the EU Institutions, its bodies and the Contractors (Data Processors) - incorporate personal data protection clauses pursuant to Regulation 2018/172.
What are your rights regarding your personal data?
You have a number of rights as articulated in Regulation 2018/1725, such as:
Article 17 - Right of access by the data subject.
Article 18 - Right to rectification.
Article 19 - Right to erasure (right to be forgotten).
Article 20 - Right to restriction of processing.
Article 21 - Notification obligation regarding rectification or erasure of personal data or restriction of processing.
Article 22 - Right to data portability.
Article 23 - Right to object.
Article 24 - Rights related to automated individual decision making, including profiling.
As a subscriber you have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. Processing is based on your consent and you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal.
Your request to exercise one of the above rights will be dealt with without undue delay and within one month.
If you have any queries concerning the processing of your personal data or wish to exercise any of the rights described above, you contact the DSJP2 Contractors (data processors) at Contact | Digital Skills and Jobs Platform or via info@digitalskillsjobs.eu. Your query will be transferred to HADEA (data controller if applicable. You can also contact the data controller directly.
The HaDEA Data Protection Officer is at your disposal for any clarification you might need on your rights under Regulation (EU) 2018/1725 at the following e-mail address: HADEA-DATA-PROTECTION@ec.europa.eu.
You shall have right of recourse at any time to the European Data Protection Supervisor at EDPS@edps.europa.eu.