This privacy policy governs the processing of your personal data on the basis of the European Regulation (EU) N°2018/1725 (“EU-DPR”) by Key Digital Technologies Joint Undertaking (“KDT JU”), set up by Council Regulation (EU) 2021/2085 of 19 November 2021. We may process your personal data as part of your:
- use of our website (www.kdt-ju.europa.eu) or our social media channels;
- communication with us;
- registration for and participation in our events;
- subscription to our newsletter;
- use of our services.
Who are we?
Your personal data are processed on the basis of applicable data protection legislation by KDT JU, located Avenue de la Toison d’Or, 1060 Brussels, Belgium. You can contact us via e-mail at dpo@kdt-ju.europa.eu
We reserve the right to change and adapt this privacy policy on our own initiative. In that case, those changes will be communicated to you via our website. If we have your e-mail address, we will try to communicate the changes to you through that channel.
Which of your personal data do we process?
When you use our website or our social media channels, we process:
- Technical information regarding your visit;
- Any other personal data you provide us with. However, we ask you not to provide us with any personal data from third parties without obtaining their valid consent.
When you communicate with us via e-mail, telephone, or social media channels, we process:
- Identity information you provide us with, such as your first name and last name;
- Contact details you provide us with, such as your e-mail address, postal address, country and (mobile) telephone number;
- Content of the communication, such as your question, idea or complaint;
- Technical information of the communication, such as with whom you communicate at our end, and date and time of the communication;
- Any other personal data you provide us with.
When you register for and participate in our events, we process:
- Identity information you provide us with, such as your first name, last name and job title;
- Contact details you provide us with, such as your e-mail address, postal address, country and (mobile) telephone number;
- Business card details, if you provide us with your business card before, during or after the event;
- Any other personal data you provide us with.
- Photos can also be taken during our events. In principle, only photos will be taken of the crowd. However, if you pose for our photographer, we will derive your permission from this. Your photo can then be distributed via our website or other channels for the promotion of the Joint Undertaking and the event in question. If you do not wish to do so, please contact our DPO via dpo@kdt-ju.europa.eu
When you use our services, we process:
- Identity information you provide us with, such as your first name and last name;
- Contact details you provide us with, such as your e-mail address, postal address, country and (mobile) telephone number;
- Any other personal data you provide us with.
We receive most of your personal data directly from you. If we receive personal data about you from a third party, we will inform you about this or ask the third party to inform you about this.
Our website provides link to third party sites. Since we do not control them, we encourage you to review their privacy policies. Also, each social media channel has its own policy on the way they process your personal data when you access their websites. For example, if you choose to watch one of our videos on YouTube, you will be asked for explicit consent to accept YouTube cookies; if you look at our Twitter activity on Twitter, you will be asked for explicit consent to accept Twitter cookies; the same applies for LinkedIn.
For what purposes do we process your personal data and what is the legal basis for this?
The purposes and legal bases justifying the processing operations carried out by the KDT JU vary. We rely on the following legal bases:
Your consent
We may process your personal data on the basis of your consent, in which you are informed of what this consent means before you freely give it. On the basis of your consent, we may process personal data to send you newsletters via e-mail if you subscribe to our newsletter via our website or by attending one of our events and explicitly expressing your wish to receive our newsletter.
A contract with you
We may process personal data in order to take steps prior to entering a contract with you, this is, to organize our events, provide you with our services or the information you request via our website, e-mail, telephone or social media channels. When we organize an event, we process your data, for example, in order to draw up a list of participants so we can, in certain cases, control access to the event.
A legal obligation
We may process your personal data on the basis of a legal obligation we have to comply with. Also:
- To comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including the European Data Protection Supervisor (EDPS).
- To transfer your personal data to the police or the judicial authorities upon our own initiative as evidence or if we have justified suspicions of an unlawful act or crime committed by you through your use of our website, our social media channels or other communication channels.
Our task carried out in the public interest
We may process your personal data on the basis of our task carried out in the public interest, such as the performance of our dissemination activities, continuous improvements of our website, social media channels and services to ensure that you have the best experience possible, to keep them safe from misuse and illegal activity, to promote them and to make them available to you, which may include from time to time inviting you to participate in polls or answer tests or enquiries. If you do not want us to use your personal data in this way, please indicate this when we collect your data.
To whom do we send your personal data?
We may share your personal data with third parties, such as the European Commission, in order to process your personal data for the purposes outlined in the section above. Third parties are only allowed to process your personal data on our behalf and upon our explicit written instruction. We also warrant that all those third parties are selected with due care and are committed to observing the safety and integrity of your personal data.
We may be legally obliged to share your personal data with competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies.
We do not send your personal data in an identifiable manner to any other third party than the ones abovementioned without your explicit consent to do so. However, we may send anonymized data to other organizations that may use those data for improving our activities or services.
Where do we process your personal data?
In principle, we process your personal data within the European Economic Area (EEA). In order to process your personal data for the purposes outlined above, we may also transfer your personal data to third parties who process on our behalf outside the EEA. Each third party outside the EEA that processes your personal data will be bound to observe adequate safeguards with regard to the processing of your personal data.
What quality assurances do we comply with?
We do our utmost best to process only those personal data which are necessary to achieve the purposes outlined above and only as long as needed to achieve these purposes, or up until such time where you withdraw your consent for processing them.
We will de-identify your personal data when they are no longer necessary for the purposes, unless there is:
- An overriding interest of the Joint Undertaking, or any other third party, in keeping your personal data identifiable; or
- A legal or regulatory obligation or a judicial or administrative order that prevents us from de-identifying them.
We will take appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss tampering or destruction. Access by our personnel or third parties’ personnel will only be on a need-to-know basis and be subject to strict confidentiality obligations. Also, access may be required by the rules and regulations to the European Commission. You understand, however, that safety and security are best efforts obligations which can never be guaranteed.
What are your rights?
As a data subject, you have the following rights:
- The right to request access to all your personal data processed by us.
- The right to rectification, i.e. to ask that any personal data pertaining to you that are inaccurate, are corrected.
- You have the right to withdraw your earlier given consent for processing of your personal data.
- You have the right to erasure, i.e. to request that your personal data is deleted if these data are no longer required in the light of the purposes outlined above or if you withdraw your consent for processing them.
- You have the right to restriction instead of deletion, i.e. to request that we limit the processing of your personal data.
- You have the right to object to the processing of personal data unless we demonstrate compelling legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- You have the right to data portability, i.e. to receive from us in a structured, commonly-used and machine-readable format all personal data you have provided to us if the processing is based on your consent or a contract with you and the processing is carried out by automated means.
Considering article 25(1) of the EU-DPR, we may restrict some of the above rights in duly justified cases. These justified cases entail processing operations in the performance of:
- administrative inquiries;
- disciplinary proceedings;
- preliminary activities related to cases of potential irregularities deported to OLAF;
- whistleblowing procedures;
- procedures of harassment;
- processing internal and external complaints;
- internal audits;
- investigations carried out by the Data Protection Officer; or
- security investigations.
These situations can create the necessity of a restriction on the right to information, the right of access to your processed data or the right of rectification. The restriction shall continue to apply as long as the reasons justifying it remain applicable.
If you wish to request any information about data protection of exercise any of your rights as a data subject, you can contact us via e-mail at dpo@kdt-ju.europa.eu. An e-mail requesting to exercise a right will not be construed as consent with the processing of your personal data beyond what is required for handling your request. Such request should meet the following conditions:
- State clearly which right you wish to exercise; and
- your request should be accompanied by a digitally scanned copy of your valid identity card proving your identity.
We will promptly inform you of having received your request. If the request meets the conditions above and proves valid, we will honour it as soon as reasonably possible and at the latest thirty (30) days after having received your request.
If you have any complaints regarding the processing of your personal data by us, you may always contact us by sending an e-mail to dpo@kdt-ju.europa.eu. If you remain unsatisfied with our response, you are free to file a complaint with the European Data Protection Supervisor (https://edps.europa.eu).
More information on Data Protection at the JU can be obtained in the Record of Processing Operations and in the privacy notices published on the JU’s website.