the European Maritime and Fisheries Fund (EMFF) programme
In accordance with Regulation (EU) 2018/1725 of 23 October 2018 on data protection (hereinafter the Regulation), the European Climate, Infrastructure and Environment Executive Agency (hereafter CINEA) collects your personal data only to the extent necessary to fulfil the precise purpose related to its tasks.
1. The controller is CINEA:
The Head of Unit
Unit D.3 – Sustainable Blue Economy
European Climate, Infrastructure and Environment Executive Agency – CINEA
2. The purpose of the processing is for the controller to promote the EMFF programme (2014-2020) to relevant target audiences by performing communication and dissemination actions with - where applicable - the support of contractors working on its behalf and acting as processors. These processes may include (the list is nonexhaustive):
a. Set-up and operation of online websites, platforms or maps that will facilitate cooperation and exchange among partners, stakeholders, Member States and other relevant players (i.e.: online interaction, networking and business matchmaking between stakeholders, etc.);
b. Organisation of physical and virtual events, targeted workshops, conferences, seminars, networking events, etc.;
c. Consultations or interviews with stakeholders within the framework of the contracts or studies relating to the EMFF programme via physical meetings, online surveys or questionnaires, via phone and/or email;
d. Production and delivery of the visual and audio-visual content such as promotional videos, factsheets, leaflets, brochures, publications, newsletters, podcasts, blogs, roll-ups and other promotional material used for communication and dissemination activities;
e. Compiling, maintenance, development and management of the databases or registers in different sectors of the sustainable blue economy; 2
f. Identifying and selecting projects or SMEs that could receive awards and other prizes;
g. Obtaining experts’ views and/or additional and necessary information on a subject matter relevant for the EMFF programme implementation where only very limited information is available; h. Use of web based tools to support the day-to-day management of the above services by the European Commission and the controller including but not limited to collecting data for reporting and business intelligence (research and market analysis, etc.), management dashboards, databases, maps, etc.
3. The data subjects concerned by this notice are:
a. The natural persons, who are the legal representatives and/or the contact persons of the entities involved in the implementation of EMFF programme actions (selected beneficiaries, coordinators, affiliated entities, contractors, subcontractors, etc.);
b. The staff of the European Commission and Executive Agencies involved in the EMFF programme;
c. Stakeholders invited to participate to the events, studies and other dissemination actions organised under EMFF programme;
d. Visitors or users to EU websites/interactive platforms or services relating to EMFF programme.
4. The categories of personal data collected and used for the processing operations are:
a. Identification data: first name, last name, position/function, etc.;
b. Date of birth; nationality; ID/Passport number (may be requested only if physical meetings in the European Commission buildings are organised for security reasons);
c. Contact details: telephone, mobile, e-mail, website, street address, post code, country; social media handles or accounts;
d. Curriculum vitae of the contractors’ staff or other stakeholders (experts, speakers, etc.) involved in the projects, trainings or event organisation (relevant experience, employment history, education, academic background, training, personal skills, competences, languages, technical skills, photo);
e. Responses to interview/survey questions:
- If you decide to provide contact information for potential interviewees, that information will be managed with the same level of care and confidentiality as your own personal data. These potential interviewees will only participate to this exercise if they explicitly consent to do so. If these persons declines to participate to the consultation, their personal data will be immediately deleted;
- The collected responses to interviews/surveys will be presented in anonymized manner and/or as aggregated data in the reports including interview/survey results. These reports will be publicly available but will not allow for the identification of the data source. This means that you will not be identifiable in any of these reports and your personal data will not be made public.
Personal data will not be used for an automated decision-making including profiling.
In addition, personal data, which is not mandatory for the purpose of the project implementation might be collected during the communication activities for example pictures, web streaming of events or video, full or short CVs but only with the consent of the data subject concerned.
5. All recipients are on a "need to know" basis. The recipients to whom the personal data will or might be disclosed are:
a. CINEA Services & their authorised staff in charge of managing the projects (grant agreements and contracts) funded under the EMFF programme (such as project officers and managers, financial officers, legal officers, auditors in charge of audit, etc.);
b. CINEA contractor’s authorised staff and their subcontractors’ authorized staff, in charge of performing and managing the tasks or studies within framework of signed contracts under EMFF programme;
c. External experts bound by confidentiality clauses;
d. Relevant staff of the EC services (e.g. DG MARE, etc.);
e. Commission staff as members of Ad hoc & Review Committees.
Only persons relevant for the performance of the services, including accredited staff, SME beneficiaries of the assistance services, large enterprises, investors and other service providers selected by CINEA and the European Commission might have access to a limited subsection of your data if needed.
In case of reviews, proceedings, personal data may be provided to CINEA’s Internal Controller, DPO, etc.
In addition, data may be disclosed to public authorities such as for instance the below ones, which may not be regarded as recipient in accordance with Union and Member State law. The processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purpose of the processing:
a. Bodies in charge of a monitoring or an inspection task in application of Union law (e.g. internal audit, IAS, Court of Auditors, etc.);
b. The European Court of Justice or a national judge as well as the lawyers and the agents of the parties in case of a legal procedure;
c. OLAF in case of an investigation conducted in application of Regulation (EC) No 1073/1999;
d. The European Ombudsman within the scope of the tasks entrusted to it by Article 228 of the Treaty on the Functioning of the European Union;
e. The European Data Protection supervisor in accordance with Article 58 of the Regulation (EC) 2018/1725;
f. The European Public Prosecutor’s Office within the scope of Article 4 of Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office.
In principle, the contractors will not share your personal data with any third parties without your express consent, except where we may be required to do so by law.
6. Use of third-party IT tools
Some events or services maybe be held using third-party IT services (e.g. Cisco WebEx, TEAMS, Sli.do or alternative tools to interact with the audience), which may collect personal data and have their own cookies and privacy policies. We encourage you to read their privacy statements, as we have no control over information that is submitted to or collected by these third parties.
7. Data Subjects rights
You have the right at any time to access, rectify, erase ('right to be forgotten') your personal data. You are also entitled to object to the processing or request for the restriction of the processing.
When processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing before such a withdrawal.
Depending on the on-line service you are accessing, you can either:
- Access, check, modify, update, and delete your personal profile online yourself at any time;
- Ask the data controller for the removal of your account.
You can exercise your rights by sending an email with the requested change(s) to the controller via the functional mailbox indicated here above in Section 1.
To ensure the consistency of the platforms and the coherence of its content, your contributions and comments will be kept on the platforms but anonymised, even in case of an eventual removal of your profile.
In any case, your data will be modified or removed accordingly and as soon as practicable (maximum within 15 working days).
However, these rights can be restricted in line with Decision SC (2020) 26 of the Steering Committee of 14 October 2020 (OJEU L 45 on 9.2.2021, p. 80) on internal rules concerning restrictions of certain rights of data subjects in relation to the processing of personal data. This is to safeguard the rights of other data subjects and to respect the principles of equal treatment among applicants and the secrecy of deliberations.
In order to grant or not the data subjects rights, CINEA will carry out a case-by-case assessment of each individual request and give the reasons underlying its decision, considering the type of information held and whether any exceptions of the internal rules are applicable.
The restrictions will continue applying as long as the reasons justifying them remain applicable and may be lifted if these reasons would no longer apply, if the exercise of the restricted right would no longer negatively impact the applicable procedure or adversely affect the rights or freedoms of the data subjects.
8. How does CINEA protect and safeguard your data?
All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of the European Commission, CINEA or of its contractors (and possibly theirs subcontractors).
All processing operations are carried out pursuant to Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.
In order to protect your personal data, CINEA has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
The processors (contractors) are bound by a specific contractual clause for any processing operations of your personal data on behalf of the data controller. The processors have put in place appropriate technical and organisational measures to ensure the required level of security.
The registration for the event may take place via EU Survey website or other alternative tools. For information on how EU Survey processes personal data, please consult this link.
9. The legal basis of the processing are:
a. Council Regulation 58/2003 of 19 December 2002, laying down the Statute for executive agencies to be entrusted with certain tasks in the management of EU programmes;
b. Regulation (EC) n° 1653/2004 of 21 September 2004 on a standard Financial Regulation for the executive agencies pursuant to Council Regulation (EC) 6 n°58/2003 of 19 December 2002 laying down the statute for executive agencies to be entrusted with certain tasks in the management of Community programme;
c. Regulation (EU) No 508/2014 of the European Parliament and of the Council of 15 May 2014 on the European Maritime and Fisheries Fund and repealing Council Regulations (EC) No 328/2003, (EC) No 861/2006, (EC) No 1198/2006 and (EC) No 791/2007 and Regulation (EU) No 1255/2011 of the European Parliament and of the Council (EMFF programme);
d. Regulation 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, repealing Regulation No 966/2012;
e. Commission Implementing Decision (EU) 2021/173 of 12 February 2021 establishing the European Climate, Infrastructure and Environment Executive Agency, the European Health and Digital Executive Agency, the European Research Executive Agency, the European Innovation Council and SMEs Executive Agency, the European Research Council Executive Agency, and the European Education and Culture Executive Agency and repealing Implementing Decisions 2013/801/EU, 2013/771/EU, 2013/778/EU, 2013/779/EU, 2013/776/EU and 2013/770/EU;
f. Commission Decision C(2021)947 of 12 February 2021 delegating powers to the European Climate, Infrastructure and Environment Executive Agency with a view to the performance of tasks linked to the implementation of Union programmes in the field of transport and energy infrastructure; climate, energy and mobility research and innovation; environment, nature and biodiversity; transition to lowcarbon technologies; and maritime and fisheries.
10. The time limits for keeping the data are the following:
CINEA keeps data in accordance with the 2019 Retention List of the Commission (2 years for website related data and communication activities and 5 years for events). Your personal data will remain in the contractors and subcontractors databases only for the duration of the relevant event or maximum one year after its closure and will be deleted afterwards.
11. Contact information
In case you have any questions about the collection/processing of your personal data, you may contact the data controller who is responsible for this processing activity by using the email address mentioned here above in Section 1.
You may contact at any time the Data Protection Officer of CINEA (CINEADPO@ec.europa.eu). You have the right to have recourse at any time to the European Data Protection Supervisor (firstname.lastname@example.org).