EUROPEAN COMMISSIONPROTECTION OF YOUR PERSONAL DATA
This privacy statement provides information about
the processing and the protection of your personal data.
Processing operation: Interoperability Testing for EUDI Wallet – Test Management Platform
Data Controller: European Commission, Directorate-General for Communications Networks, Content and Technology (DG CNECT), Unit CNECT.H.4 "Digital Identity and Trust”
Record reference: DPR-EC-07046
Data Processors:
- Netcompany – Intrasoft S.A (2b, rue Nicolas Bové, L-1253, Luxembourg)
- Scytáles AB (Polygonvägen 53, Täby, 187 66, SE110 Stockholms län, Sweden)
- A4Advisory B.V. (Maresingel 67, 2316HE Leiden, Netherlands)
- Deloitte Consulting & Advisory BV (Gateway building Luchthaven Brussel Nationaal 1J, 1930, Zaventem, Belgium)
- DELOITTE ALEXANDER COMPETENCE CENTER (VEPE Technopolis – Building Z2, 555 35, Pylaia, Thessaloniki, Greece)
- Deloitte Consulting SB Srl (Via Tortona 25, 20144, Milan, Italy)
- NTT DATA Belgique SRL (Rue de Spa 8, 1000 Bruxelles, Belgium)
Table of Contents
- Introduction
- Why and how do we process your personal data?
- On what legal ground(s) do we process your personal data?
- Which personal data do we collect and further process?
- How long do we keep your personal data?
- How do we protect and safeguard your personal data?
- Who has access to your personal data and to whom is it disclosed?
- What are your rights and how can you exercise them?
- Contact information
- Where to find more detailed information?
1. Introduction
The European Commission (hereafter ‘the Commission’) is committed to protecting your personal data and to respecting your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council, of 23 October 2018, on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).
This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.
The information in relation to processing operation of the Test Bed undertaken by CNECT H.4, is presented below.
2. Why and how do we process your personal data?
CNECT H.4 collects and uses your personal information to provide you with testing service and to keep a record of actions taken in this regard.
The objective of the testing services is to give a possibility for stakeholders deploying EUDIW to give a possibility for EUDI Wallet stakeholders to verify that different systems or software can work together seamlessly and exchange data correctly. Personal data collected through the EUDIW testing service is related to the access management, registration and provision of testing services, and testing-related communication with users (e.g. notifying of passing test to specifications, testing related events, etc.).
The Test Bed, operated by Netcompany-Scytales, is a web-based test platform used to support the execution of testing. The objective of the testing is to verify that the EUDI Wallet solutions comply with the requirements set out in the technical specifications.
Your personal data will not be used for an automated decision-making including profiling.
3. On what legal ground(s) do we process your personal data
The lawfulness of the data processing for testing service is the consent of the user.
4. Which personal data do we collect and further process?
The Test Bed uses session "cookies" to ensure communication between your browser and the server. Therefore, your browser must be configured to accept "cookies".
Cookies are collected to establish an authenticated session upon login and authorise your actions. Processing of these is fully automatic by the Test Bed software and does not involve human intervention.
5. How long do we keep your personal data?
Cookies are automatically removed by your browser once sessions have been terminated by logging out.
6. How do we protect and safeguard your personal data?
The Commission’s processors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of the General Data Protection Regulation in the EU Member States (‘GDPR’ Regulation (EU) 2016/679).
In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed.
Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know basis for the purposes of this processing operation.
7. Who has access to your personal data and to whom is it disclosed?
Cookies used by the Test Bed to authenticate your connection are treated only by the Test Bed's software, are only stored on your local workstation and are automatically removed when you logout. No data from these cookies is ever shared with other parties.
8. What are your rights and how can you exercise them?
You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.
You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a) of Regulation (EU) 2018/1725 on grounds relating to your particular situation.
You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor.
Their contact information is given under Heading 9 below.
Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified under Heading 10 below) in your request.
9. Contact information
- The Data Controller
If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller at CNECT-H4@ec.europa.eu.
- The Data Protection Officer (DPO) of the Commission
You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.
- The European Data Protection Supervisor (EDPS)
You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.
10. Where to find more detailed information
The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.
This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-07046.