EUROCONTROL protects your personal data in accordance with the EUROCONTROL Regulation on Personal Data Protection adopted by its Member States and published in 2008, and its Implementing Rules which were published in 2017.
Privacy and website terms of use
EUROCONTROL collects personal data via its public website (1) as well as via its system used to manage access of staff and visitors to its premises (2).
1/ Why do we collect, store and process your data on our website?
The EUROCONTROL website offers an insight into news, topics and activities of the Organisation to a wide range of people interested in European air traffic management (ATM). It also links visitors to EUROCONTROL’s project or programme sites which are of interest to the ATM community.
EUROCONTROL may collect and process your personal data for a number of reasons: subscription to newsletters, registration to events, website statistics, etc.
What personal data do we collect, store and process via the EUROCONTROL public website?
Some of the services offered on our website require the processing of your personal data. Here we give you an overview of the ways this website processes your personal data including the use of cookies and social media. The personal data we collect is divided into the following subsets: cookies data and subscription-related data.
Cookies data
Cookies are short text files stored on a user’s device (such as a computer, tablet or phone) by a website, which could be used for the technical functioning of a website, for gathering statistics on the use of the website or for other purposes, such as to provide a user with a more personalized experience. On the EUROCONTROL website we use only web analytics cookies.
Subscriptions data
When you subscribe to our e-news, register to our events, or submit a service request form, we gather in a dedicated database the personal data necessary to process your request. Furthermore, when launching emails or e-news campaigns, we gather data to assess the impact of a campaign. Hence, depending on the nature of the event or subscription, the following data might be gathered and stored in our dedicated database:
- Corporate profile:
Title, name, job title, function, company name, email, work phone, work address (street, zip code, city, country), the list of meetings or events in which you are participating or have participated, the meeting reports and your private address if you have agreed that it can be used for our interactions. - Other information about you:
Corporate profile fields as well as nationality, date of birth, company department, alternative email addresses, and private phone if you have given it, and visa information if you have asked for assistance in obtaining a visa for visiting our premises. - Tracking data:
This information is generated by our email campaigns is kept and used in anonymised form solely for statistical purposes, i.e. to establish the usefulness of a mailing. Personal tracking data will not be used except in cases where, after consultation with the subscriber and upon request, a staff member verifies that an email has been sent and arrived at its destination.
In the cases when you register for one of our online services via our website, the processing of personal data for the purposes of delivering the service is explained in a service specific privacy notice which can be found either as part of the service's registration process, the service's web page, or, more likely, on the service's interface.
Control the cookies on this website
Subscription data
The data gathered via the web-based subscription or event registration forms are stored within a database of stakeholder contact information. It might also contain information obtained from you at meetings at EUROCONTROL, on visits to your organisation, or at other events in which EUROCONTROL is involved.
This database enables the creation of mailing campaigns with a possibility to track if the mail has arrived and been opened by the recipient. This tracking data is kept and used solely for statistical purposes to establish the usefulness of a mailing. It is used in an aggregated and anonymised manner. The aim is to identify the information which is most relevant to users.
Who is your data disclosed to? Who has access to your data?
We either collect the data directly from you when you subscribe to one of our meetings, events or service or we create a record of you because you are part of a delegation from your State or Organisation which participates in our meetings. We also collect data from you when you ask for access to one of our services. Your name may also appear in reports of meetings where you have met our staff members.
The collected personal data is treated with confidentiality by the relevant staff of EUROCONTROL. In particular:
- Meeting secretariats and stakeholder relations assistants who keep distribution lists up-to-date will have access to full personal data
- All EUROCONTROL staff that need to contact you for professional reasons, to invite you to events or to inform you about relevant news and will have access to the corporate profile only.
Your rights
What are your rights under the EUROCONTROL Data Protection Regulation?
You have the right to access, rectify, complete and update your data and you may also ask an immediate update or deletion of your personal information by contacting srm admin support . You have the right to object to the use of your personal data in some circumstances. You have the right to request additional information about the handling of your personal data by contacting srm admin support.
How can you withdraw consent you have given to EUROCONTROL?
You may withdraw your consent at any moment by contacting srm admin support by mail or by unsubscribing directly via the marketing material. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) you originally agreed to.
What do we do to avoid misuse or unauthorised access to personal data concerning you?
EUROCONTROL is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, EUROCONTROL has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information collected online. Staff handling your data are bound by confidentiality obligations.
What safeguards do we apply when we transfer your data to third parties?
EUROCONTROL has implemented contractual safeguards that ensure your data is managed in accordance with EUROCONTROL Data Protection rules
We will not, under any circumstances, share with or sell your personal information to any third party for marketing purposes, and you will not receive offers from other companies or organisations as a result of giving your details to us.
2/ How do we manage access control at EUROCONTROL headquarters? Why do we collect, store and process your data?
As an international organisation hosting numerous meetings for our stakeholders and employers, EUROCONTROL has the responsibility of providing security for persons, assets and information on EUROCONTROL premises at all times, by implementing appropriate levels of protection. One of the physical and technical protective measures to fulfil this objective is to operate an access control system (hereinafter referred to as "the System") applicable to any person requiring access to EUROCONTROL Headquarters (HQ). The purpose of the System is to ensure that access to the HQ site and internal areas is granted on a "need-to-have" basis and only to authorised personnel and visitors (Office Notice No 01/22). The System collects, processes and stores personal data which is linked to personal QR codes or personal RFID badges used for granting or denying access.
What data do we collect, store and process about you?
Persons with permanent access to HQ
We collect, process and store a photograph of your face, your EUROCONTROL personal identification number, first name, last name, start and end date of employment, the directorate/unit/service where you work, and your clockings-in and clockings-out at HQ badge readers. We collect and process your fingerprint minutiae (the four fingers of each hand) in order to generate a hash code, which is stored on your badge only. The fingerprint details are not stored in our systems.
Visitors
We collect, process and store your first name, last name, date of birth, nationality, email address, job and organisation and clockings-in and clockings-out at HQ badge readers.
To whom is your data disclosed? Who has access to your data?
Access to your personal data is provided to EUROCONTROL security staff (HRS/CSS) and authorised contracted security guards in accordance with the “need-to-know” principle. Such staff abide by statutory agreements.
How long is your data kept?
EUROCONTROL keeps your personal data only for as long as is necessary for the purpose of collection or further processing, plus a reasonable retention period thereafter, provided that no contentious issues have occurred. In such cases, data might be kept until the end of the last possible legal proceedings.
The data will therefore be retained for a maximum period of the duration of employment with EUROCONTROL or of the need to access EUROCONTROL premises. Data recorded in the System will be removed at the end of this period, upon the surrendering of the badge. Surrendered and expired personal badges will be cancelled and destroyed. Only badges not containing personal data (i.e. those for visitors) may be reused.
Data collected for the release of daily badges will be retained for a maximum period of 5 years, for the purpose of protecting specific EUROCONTROL interests (e.g. in the case of events leading to contentious issues).
Data may be kept for longer periods than mentioned above only for the purpose of protecting EUROCONTROL interests. Once it is no longer necessary to retain the personal data to protect EUROCONTROL interests or the last legal proceedings have been completed, the personal data will be deleted.
What are your rights under the EUROCONTROL Data Protection Regulation?
You have the right to access, rectify, complete and update your data option by contacting [email protected]. Access, rectification, completion or updating of your data may be subject to the presentation of an ID document (ID card issued by a EUROCONTROL Member State or passport). You have the right to request additional information about the handling of your personal data by contacting [email protected].
What do we do to avoid misuse of or unauthorised access to data concerning you?
Except for biometric data, which is not stored, other personal data are encrypted on RFID badges and stored in servers hosted in secure premises, protected by physical and logical security measures.
Only the system administrator specifically appointed by the controller for this purpose is able to grant, alter or annul the access rights of any persons. Records of persons having access to the system are kept at all times.
As for the biometric data, an algorithm converts the minutia points into a binary code. An application then encrypts the binary code on your badge. Neither the biometric reader, nor the access control database, nor the enrolment device nor the badge keeps records of biometric data.
What safeguards do we apply when we transfer your data to third parties?
In the framework of a criminal or security investigation, upon duly justified request, EUROCONTROL may transfer data to law enforcement agencies from the host nation or other EUROCONTROL Member States. The transfer of data would occur only with the EUROCONTROL Director General's approval. Transferred data would be either encrypted (electronic transmission) or protected (paper transmission).
Who can you contact if you have questions or want to make a complaint?
For any queries related to your personal data, please contact [email protected], which is the entity responsible for the processing of the personal data concerning you.
Complaints can be addressed to EUROCONTROL's Data Protection Officer.
3/ Data Protection Officer
What are the contact points for questions and complaints?
For any queries related to your personal data, please contact: SRM admin support. Complaints can be addressed to EUROCONTROL's Data Protection Officer.
These are the data controllers responsible for their respective specific periodical newsletter and publications as mentioned below. If you cannot find your data processor, contact SRM admin support:
Publication | Controller | Contacts |
---|---|---|
PAS newsletter | Danny Debals | Contact |
LSSIP newsletter | Danny Debals | Contact |
SESAR PJ19 / PJ20 | Wim Post | Contact |
Special flash info | Wim Post | Contact |
EATMA newsletter | Wim Post | Contact |
ERNIP Monitoring report | Razvan Bucuroiu | Contact |
Skyway News - monthly digest | Kyla Evans | Contact |
Hindsight magazine | Antonio Licu | Contact |
ACAS bulletin | Antonio Licu | Contact |
Industry monitor | David Marsh | Contact |
All-causes delay report | David Marsh | Contact |
Network operations reports | Gerard Boydell | Contact |
ALC newsletter | Rik Dermont | Contact |
NM ATFM Daily briefing | Christopher Peregrine | Contact |
UAS community | Mike Lissone | Contact |
Digitalisation and information newsletter | Dennis Hart | Contact |