The European Union Agency for Network and Information Security (ENISA) and the University of Rome Tor Vergata process your personal data to organise and manage the Annual Privacy Forum (APF) 2019, which will take place on 13 and 14 of June 2019 in Rome.

The joint data controllers are ENISA (Core Operations Department) and University of Rome Tor Vergata, who are responsible for the overall organisation of the event, the communication with the participants before and after the end of the event, as well as the reimbursement of expenses of invited participants.  ENISA is also responsible for the online registration of the event’s participants through its website. University of Rome Tor Vergata is also responsible for the management of the event’s venue (local organiser), as well as the management of the payments of the event’s participants. The data processor is Pezzilli & Company S.r.l., which supports the local registration and payment process for the event’s participants (through specific contract with University of Rome Tor Vergata).

ENISA processes personal data in accordance with the Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.[1] The legal basis for the processing operation is article 5(1)(a) of Regulation (EU) 2018/1725, on the basis of Regulation (EU) No 526/2013, in particular the provisions establishing the tasks of ENISA.

University of Rome Tor Vergata processes personal data in accordance with the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR)[2]. The legal basis is article 6(1)(e) GDPR, according to the institutional Statute of University of Rome Tor Vergata (D.R. n. 3427 del 12/12/2011, as modified in D.R. n. 803 del 08/04/2014, D.R. n. 141 del 24/01/2017 and D.R. n. 1530 del 02/08/2018).

The purpose of the processing of your personal data is: handling invitations and participation requests, reporting on the event, as well as event follow-up actions, such as sharing presentations among participants and feedback collection.

The following personal data are processed:

• Contact data, such as first name, last name, title (optional), function (optional), organisation, e-mail address, phone number (optional).
• Financial data: bank details and other legally required financial information for the payment of registration fees (processed under the responsibility of University Rome Tor Vergata) or related to the reimbursement of expenses of invited participants.

Please note that there will be photos taken during the workshop’s presentations (keynotes/panels) based on the prior consent of the speakers (presenters/panel participants). These photos may be published on ENISA’s and University’s Tor Vergata websites and/or relevant social media channels.

The focus of the photos will be on the speakers only and not on general views of the audience or specific views/pictures of workshop’s participants (other than speakers). 

Still, should your photo be taken in the context of this photo shooting, and you would like to have this photo removed, please contact ENISA at isdp@enisa.europa.eu and we will do so as soon as possible. 

Access to your data is granted only to ENISA and University Rome Tor Vergata staff, who are involved in the organisation of the workshop, the data processor’s staff involved in the registration and payment service, event organisers contracted by ENISA or University Tor Vergata (involved in the reimbursement of expenses of invited participants), as well as competent financial institutions (for the payment of the registration fees).  Access to the data can also be granted to national and EU bodies charged with monitoring or inspection tasks in application of national or EU law (e.g. internal audits, European Anti-fraud Office – OLAF).

The final participants list (name, surname, organisation, country) will be kept by ENISA for a maximum period of 5 years after the end of the event for auditing purposes. Your contact data will be kept for a maximum period of six months after the end of the event. Financial data related to the event will be kept for a maximum period of 10 years after the end of the event for auditing purposes. All data will be deleted after the end of their respective retention periods.

You have the right of access to your personal data and to relevant information concerning how we use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. We will consider your request, take a decision and communicate it to you. If you have any queries concerning the processing of your personal data, you may address them to ENISA at isdp@enisa.europa.eu. You may also contact at any time the ENISA DPO at dataprotection@enisa.europa.eu.

You have right of recourse at any time to the competent supervisory authorities: European Data Protection Supervisor (https://edps.europa.eu) and Italian Data Protection Authority (https://www.garanteprivacy.it/home_en ).

[1] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002.

[2] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).