One of your rights under EU law is that you must be informed when your personal data - also known as personal information - is processed (collected, used, stored) by any organisation including one of the EU institutions. You also have the right to know the details and purpose of that processing.
On these pages you will find information about the processing of personal data associated with this website including the use of cookies and social media; about the processing of your personal data through the conference app; and the processing of personal data in general if you are an attendee of the 2018 international conference. As joint hosts of the 2018 international conference, the EDPS and the Bulgarian Commission for Privacy and Data Protection may collect your personal data only to the extent necessary for organisational purposes, to provide you with information about the conference (before, during and after) and process your application to participate. Where necessary, we may also share your information with service providers for the purposes of organising the conference and associated events.
• The following personal data will be collected and processed:
o contact details (title, first name, last name, city, country, e-mail, phone number, name of organisation);
o financial information such as payment card number or bank account, necessary to pay the fees of the conference or for possible refunds;
o dietary requests (if any);
o relation to an accompanying guest;
Login credentials are created for use on the conference website and app, unless the registrant does not wish so.
Except for dietary requests and relation to an accompanying guest, providing this information is necessary for your registration and access to the conference premises.

• Your consent is required for:
o photos, video recordings and web streaming related to the conference;
o conference attendee list containing your name and affiliation which will be shared among participants;
o invitations to future events the EDPS may organise.

• More detail is outlined in the following sections.
o Under certain conditions outlined in law, we may disclose your information to third parties, (such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes.
o We will never divulge your personal data for direct marketing purposes.
o You have the right of access to the personal data we hold regarding you, and to rectify them, if necessary. We recommend that you use our secure online contact form  selecting ‘My personal data’ as the relevant subject or send it by post in a sealed envelope.
o You can contact the EDPS DPO for any enquiry or complaint. You also have the right to recourse at any time if you believe your data protection rights have been breached; you should contact the EDPS as a Supervisory Authority.
o We do not keep your personal information for longer than necessary for the purposes for which we collected it. You will find specific information in the sections below.
o However, we may keep your information for a longer period for historical, statistical or scientific purposes with the appropriate safeguards in place.
Visit the Data Protection Officer at the EDPS page on this website for more information on your rights and how to exercise them.

Your personal data and this website


Cookies are short text files stored on a user’s device (such as a computer, tablet or phone) by a website.
Cookies are used for the technical functioning of a website or for gathering statistics.
Cookies are also typically used to provide a more personalised experience for a user, for example, when an online service remembers your user profile without you having to login.
When you visit this website, we may collect some data on your browser experience such as your IP address, the page you visited, when you visited and the website page you were redirected from.
This information is used to gather aggregated, anonymous statistics with a view to improving our services and enhancing your user experience.
When you visit this website, we will keep the browser history of your visit for a maximum of 13 months. This information will then be deleted.
The collection, aggregation and anonymising operations are performed in the data centre of the European Commission under adequate security measures.
Should you wish to opt your data out of our anonymised, aggregated statistics, you can do so on our cookies page.
Visit our cookies page for more information about the types of cookies this website uses.

Social Media

We use social media to inform about and promote the 2018 international conference through widely used and contemporary channels.
For instance, you can watch videos, which we upload to the EDPS YouTube page and follow links from our website to Twitter, Instagram and LinkedIn.
Cookies are not set by our display of Twitter, Instagram, YouTube and LinkedIn buttons to connect to those services when our website pages are loaded on your computer (or other devices).
You can watch videos related to the conference on our website. These will be played using YouTube player.
In the event that you click “play” on a video to watch it, a YouTube cookie will be installed on your computer or device. If you do not click on any videos at all, no cookie will be installed.
The use of social media does not in any way imply endorsement of them or their privacy policies. In the event that one or more social media are occasionally unavailable we accept no responsibility for lack of service due to their downtime.
We recommend that users read the Twitter, LinkedIn, Instagram and YouTube privacy policies. These explains each company’s policy of data collection and processing, their use of data, users' rights and the ways in which users can protect their privacy when using these services.

Security and the online contact form

The EDPS strives to ensure a high level of security for the information you may share with us in the contact form on this website, such as using Hypertext Transfer Protocol Secure (HTTPS). This measure provides a high level of assurance for the confidentiality and integrity of the communications between your browser and the EDPS. Nevertheless, a residual risk always exists for communication over the internet, including email.
The EDPS relies on services provided by other EU institutions (the European Parliament and the European Commission) to support the security and performance of the EDPS website.

How we use your personal data if you are a conference delegate


If you register to attend the 2018 international conference, we will collect some of your personal data for the purposes of processing your registration and for organisational matters, including the arrangement of meals.
When submitting the registration form for the conference, registrants are asked to choose whether or not they would like their details to be added to the conference attendee list which will be shared with all attendees. The EDPS will retain the attendee list for a period of six months after the conference. The EDPS is not responsible for its further use by conference participants.
The personal data may be shared with selected service providers and the Executive Committee of the ICDPPC as necessary for organisational purposes.
Any and all service providers selected for the organisation of the 2018 international conference are contractually bound to process personal data on behalf of us, keep confidential any data they handle and protect it from unauthorised access, use and retention.
The EDPS will delete these data six months following the conference or at the latest after the last follow-up action, unless you explicitly agree that we keep your contact details in order to invite you to future similar events. We provide you with the option to express your consent in the registration form.
If you want us to delete these data from our internal repositories at any time after you have given your consent please contact us by using the contact form on the EDPS website and we will do so within ten working days upon receipt of your request or after the latest correspondence with you about your request.
Any financial data collected for the payment of registration fees will be deleted 5 years following the conference for legal and audit purposes and for any possible refund of fees. See the notification to the EDPS DPO of 15.07.2015 for more detail.

ICDPPC accredited members and observers

Unless specified otherwise by you in your registration form, an account will be created for each accredited member and observer. This account will contain first name, last name, organisation name, job title and email address. Registrants can edit their own profiles and you can choose to add, amend or delete the personal information contained in your account.
The login credentials to access your account will also give you access to the secure zone of this website for more detailed information and documents related to the closed session of the conference.
These credentials will be shared individually and securely with you; upon registration, you will receive an email to connect to the secure zone of the website with a temporary link to login. Upon login on the website or through the conference app (see below), you are obliged to set your password. The EDPS will never send or be able to access secure zone passwords.

Conference App

The EDPS has created a conference app, ICDPPC2018, for mobile devices. The app is designed to help registrants to participate in the 2018 International Conference in Brussels by taking part in polls, sharing views and asking questions. Registrants are encouraged to but are under no obligation to download or use the conference app.

Accredited members and observers may login to the conference app using the credentials described above. For other registrants, unless specified otherwise by you in your registration form, an account will be created for you. The account will contain first name, last name, organisation name, job title and email address.

The login credentials for accounts will be shared individually with you in the way described for the secure zone above. You must set your own password for your account yourself; it is encrypted and neither the EDPS nor any third parties supporting us will have access to it.

You can use this login on the conference app to access your account and edit your ‘About me’ information which will be displayed in the conference participants list; to identify yourself (although there is no obligation to do so) when sending comments or questions to speakers; and see the conference participants list. You can edit the personal information contained in your account either via the conference app or the conference website.

Once logged into the conference app, you will remain logged in for a period of two months, unless you log out earlier.

The ask/comment/vote section of the conference app allows attendees to participate in the conference. The questions and comments from participants and the aggregates of the results of any polling that takes place during the public session of the conference will be displayed on a screen in the conference room. Before this information is displayed, it will be analysed by moderators (the service provider and the EDPS) to verify, as far as practically possible, the authenticity of the identity of the sender and the relevance of the content of the message/question.

The conference app enables to get directions to the different conference and side events locations. By selecting one of those locations on the map the by default directions service of the app operating system opens (e.g. Google Maps in Android). These services are not under the responsibility of the EDPS and we suggest that you refer to the data protection notices of those services.


Account deletion

If you change your mind about having an account and would like to delete, it, you may request deletion by using the above mentioned contact form.

Account information is stored on the conference website. The EDPS will delete the data six months after the conference or at the latest after the last follow-up action, unless you have explicitly agreed in your registration form that the EDPS can keep your contact details in order to invite you to future events.