In this respect:
- for each e-service, the purposes and means of the processing of personal data are specified in their corresponding privacy statement;
- within KDT JU, the Data Protection Officer (DPO, firstname.lastname@example.org) ensures that the provisions of the EU-DPR are applied and advises controllers on fulfilling their obligations;
- as for all the institutions, the European Data Protection Supervisor (EDPS) will act as an independent supervisory authority.
This policy is based on the EU-DPR. It may be modified by KDT JU from time to time, on its own initiative or on the advice of the EDPS.
KDT JU's websites may provide links to third-party sites. Since we do not control them, we encourage you to review their privacy policies.
Which personal data do we process?
When you express your interest or submit a tender or request to participate, we process:
- Identity information you provide us with, such as your first name, last name and job title;
- Contact details you provide us with, such as your e-mail address, postal address, country and (mobile) telephone number;
- Professional details, such as your function and bank account details;
- Education and career details;
- Financial details and certificate for social security contributions and taxes paid (only if natural person);
- Other information for the evaluation of selection criteria, such as your professional experience;
- Any other personal data you provide us with, such as information for the evaluation of the exclusion criteria;
We receive most of your personal data directly from you. If we receive personal data about you from a third party, we will inform you about this or ask the third party to inform you about this.
In principle, special categories of personal data are not processed, unless these data appear spontaneously in the CV. If you nevertheless provide us with such information on your own initiative, we will derive your explicit, freely given, specific, informed and unambiguous consent to the processing of this data. We might also request you to remove such sensitive data from the pertaining documents.
Why do we process your personal data and what is the legal basis for this?
The purposes and legal bases justifying the processing operations carried out by KDT JU vary. Our processing operations may be based on:
- Your consent;
- A contract with you, in order to perform that contract or in order to take steps prior to concluding a bilateral agreement with you;
- A legal obligation we must comply with;
- The public interest.
We may process your personal data to send you newsletters via e-mail if you subscribe to our newsletter via our website or by attending one of our events and explicitly expressing your wish to receive our newsletter. For this purpose, we rely on your consent.
We process your personal data for public procurement procedures and for managing the resulting contracts, to evaluate your tender, and to provide you with our services or the information you request via our website, e-mail, telephone, fax or social media channels. For this purpose, we rely on a contract with you and the performance of a task carried out in the public interest.
We may process your personal data to perform statistical analyses and to evaluate our dissemination activities. If you do not want us to use your personal data in this way, please indicate this when we collect your data. For this purpose, we rely on our task carried out in the public interest, in particular Article 5 (a), (d), (h) of Council Regulation 2021/2085 setting up the Joint Undertakings.
We may process your personal data to comply with legal obligations that we have to comply with. For this purpose, we rely on a legal obligation that we have to comply with. Certain of our legal obligations come from the following legislative documents:
- Council Regulation (EU) 2021/2085 establishing the Joint Undertakings under Horizon Europe;
- Regulation (EU, Euratom) 2018/1046 of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013;
- Early Detection and Exclusion System (EDES).
We may process your personal data to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including the EDPS, or to transfer your personal data to the police or the judicial authorities upon our own initiative as evidence or if we have justified suspicions of an unlawful act or crime committed by you through your use of our website, our social media channels or other communication channels. For these purposes, we rely on a legal obligation that we have to comply with.
Whom do we share your personal data with?
We may share your personal data with third parties, such as the European Commission. Third parties are allowed to process your personal data on our behalf on our explicit written instruction, only. We ensure that third parties are committed to observing the safety and integrity of your personal data.
We may be legally obliged to share your personal data with competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies.
We do not send your personal data in an identifiable manner to any other third party than the ones mentioned in this section without your explicit consent to do so. However, we may send anonymised data to other organisations that may use those data for improving our activities or services.
Where do we process your personal data?
In principle, we process your personal data within the European Economic Area (EEA). In order to process your personal data for the purposes outlined above, we may also transfer your personal data to third parties who process on our behalf outside the EEA. Each third party outside the EEA that processes your personal data will be bound to observe adequate safeguards with regard to the processing of your personal data.
What quality assurances can be expected?
We do our utmost to process only those personal data which are necessary to achieve the purposes listed above.
Your personal data are only processed for as long as needed to achieve the purposes listed above or until such time you withdraw your consent for processing them. Files of successful tenderers and grant applications are kept for 10 years after the end of the contract or closing of the action. If unsuccessful, the personal data is may be kept up to 5 years after closure of the procedure to allow for all possible appeals. We will delete your personal data when they are no longer necessary for the purposes outlined above, unless there is:
- An overriding interest of the Joint Undertaking, or any other third party, in keeping your personal data identifiable, or;
- A legal or regulatory obligation or a judicial or administrative order that prevents us from deleting them.
We will take appropriate technical and organisational measures to keep your personal data safe from unauthorised access or theft as well as accidental loss, tampering or destruction. Access by our personnel or third parties’ personnel will only be on a need-to-know basis and be subject to strict confidentiality obligations.
What are your rights?
- The right to request access to all your personal data processed by us.
- The right to rectification, i.e. to ask that any of your personal data that are inaccurate, are corrected.
- You have the right to withdraw your earlier given consent for processing of your personal data.
- You have the right to erasure, i.e. to request that your personal data is deleted if these data are no longer required in the light of the purposes outlined above or if you withdraw your consent for processing them.
- You have the right to restriction instead of deletion, i.e. to request that we limit the processing of your personal data.
- You have the right to object to the processing of personal data unless we demonstrate compelling legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
- You have the right to data portability, i.e. to receive from us in a structured, commonly-used and machine-readable format all personal data you have provided to us if the processing is based on your consent or a contract with you and the processing is carried out by automated means.
Considering Article 25(1) of the EU-DPR, KDT may restrict some of the above rights, such as the right to object to the processing of personal data or the right to erasure, after the closing date of the application for tenders. The restriction shall continue to apply as long as the reasons justifying it remain applicable.
If you wish to submit a request to exercise one or more of the rights listed above, you can contact us by sending an e-mail to email@example.com. An e-mail requesting to exercise a right will not be construed as consent with the processing of your personal data beyond what is required for handling your request.
More information on Data Protection at the JU can be obtained in the record of processing activities and in the privacy notices published on the JU’s website.