Data Protection Notice - APF 2021
The Annual Privacy Forum 2020 (APF 2021) will take place as an online event on the 17th and 18th of June 2022. It is co-organized by the European Union Agency for Cybersecurity (ENISA), DG Connect and the University of Oslo. The virtual organisation of APF2021 is supported by an online teleconference platform (Cisco Webex).
Your personal data in the context of APF2021 shall be processed in accordance with the Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.
The data controller is ENISA (Policy Development and Implementation Unit).
The legal basis for the processing operation is article 5(1)(a) of Regulation (EU) 2018/1725, on the basis of Regulation (EU) No 881/2019, in particular the provisions establishing the tasks of ENISA.
The purpose of the processing of personal data is to organise the APF2021 as an online event, register the event’s participants through ENISA’s website, provide registered participants’ access to the virtual sessions through the teleconference platform, as well as communicate with the registered participants within the scope of the APF2021.
The data processors involved in the processing operation are:
- EaudeWeb, established in Romania, who is responsible for ENISA’s web site hosting under specific service contract with ENISA;
- CISCO Webex that provides the online teleconferencing platform that ENISA uses under the European Commission’s DG DIGIT SIDE II Framework Contract .
The following personal data are processed for the events’ participants:
- Contact data: first name, last name, organisation and email address (collected upon registration at ENISA’s website and further processed by ENISA and processor EaudeWeb).
- Connection details for virtual session: username, email address (optional), IP address, user agent identifer, hardware type, operation system type and version and further technical connection data. These data are processed by Cisco (processor) in order to provide for the event and for analytics purposes.
- User generated information: discussion chat logs, meeting recordings, uploaded files. These data are produced through the Cisco Webex platform during the event. They will be processed by ENISA and deleted from the Cisco Webex platform after the end of the event
Note: APF 2021 will not be audio/video recorded. Audio/video will only be activated for the event organisers and the presenters/panellists (video is optional). Group chats will not be activated. Participants will only be able to send chat messages to the event organisers and presenters/panellists.
The retention periods for the personal data are as follows: the participants’ contact data will be kept by ENISA for a maximum period of 6 months after the end of APF2020, unless the participants have provided their consent upon registration for further processing by ENISA (in order for the participants to get informed about future ENISA activities and events). In the latter case, ENISA will keep the contact data until the participants withdraw their consent . The personal data related to the connection and use of the teleconference platform, will be retained by the relevant processor (Cisco Webex) for the period necessary for the provision of the teleconferencing service. Personal data will be deleted after the end of the retention periods.
Recipients of personal data: access to your contact data is granted only to designated ENISA staff, who are involved in the organisation of the event, as well as designated staff of ENISA’s contractor EaudeWeb. ENISA’s processor Cisco Webex will have access to personal data related to the connection and use of the teleconference platform for the provision of the specific service. Access to the personal data may be provided to EU bodies charged with monitoring or inspection tasks in application of national or EU law (e.g. internal audits, European Anti-fraud Office – OLAF).
Storage of personal data: the contact data collected upon registration at the ENISA website are stored on the ENISA’s (and contractor’s EaudeWeb) servers and are only processed within EU/EEA. Personal data related to the connection/use of the teleconference platform are stored /Cisco Webex servers within EU/EEA and may include transfers of personal data outside EU/EEA, subject to the provisions of Chapter V Regulation (EU) 1725/2018.
You have the right of access to your personal data and to relevant information concerning how we use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. We will consider your request, take a decision and communicate it to you. If you have any queries concerning the processing of your personal data, you may address them to ENISA at email@example.com. You may also contact at any time the ENISA DPO at firstname.lastname@example.org.
You have right of recourse at any time to the European Data Protection Supervisor (https://edps.europa.eu).
 ENISA will provide additional information on further processing directly to those participants that give their consent.