Privacy Policy

EEAS PRIVACY STATEMENT for the purpose of processing personal data related to the ENLIST registration system for European Security and Defence College (ESDC) courses.

1. INTRODUCTION
The protection of your privacy including your personal data is of great importance to the European External Action Service (EEAS). When processing personal data we reflect the provisions of the charter on Fundamental Rights of the European Union, and in particular its Art. 8. This privacy statement describes how the EEAS processes your personal data for the purpose it has been collected and what rights you have as a data subject.

Your personal data are processed in accordance with Regulation (EC) 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data and its successive legislative act, aligned with the General Data Protection Regulation /Reg. (EU) 2016/679/. All data of a personal nature – namely data that can identify you directly or indirectly – will be handled fairly and lawfully with the necessary care.
2. PURPOSE OF THE PROCESSING OPERATION
ENLIST is a secure Internet application for nominating participants to courses of the European Security and Defence College.

The purpose of the present processing operation is to:

  • to facilitate course registrations for ESDC courses
  • to prepare access requests to EU and to other buildings where ESDC courses are take place in order to generate participants’ lists and the certificates
  • to define the division of working groups and of syndicate sessions in order to create balanced groups based on gender, nationality, background (military, civil, police, diplomat or other)
  • to take into account other specificities related to the training activity
  • to facilitate an alumni network of former course participants pursuant to Art 4(d) of the Council decision 2013/189/CFSP
3. DATA PROCESSED
The data, including personal data, processed for that purpose are the following: name, family name, gender, e-mail address, “invited by”, nationality, rank, field of work, institution, country, birth date, years of experience, ID number, security clearance.

Outline of security measures: Appropriate organisational and technical security measures will be ensured according to the data protection legislation applicable to EU institutions and bodies. The collected personal data are stored on servers that abide by the pertinent security rules. Personal data will be processed by assigned staff members. Files will have authorised access. Measures are provided to prevent non-responsible entities from accessing data. General access to all collected personal data and all related information is only possible to recipients with a UserID/Password. When not in use, physical copies of the collected personal data is stored in a properly secured way.
4. CONTROLLER OF THE PROCESSING OPERATION
The Controller determining the purpose and means of the processing operation is the European Security and Defence College, as a body of the External Action Service of the European Union that provides training and education at EU level in the field of the Common Security and Defence Policy, which is part of the EU’s Common Foreign and Security Policy. The representative of the controller responsible for managing the personal data processing operation is the European Security and Defence College under the supervision of the Head of the ESDC.
5. RECIPIENTS OF THE DATA
The recipients of your data will be the ESDC Secretariat, course participants and the hosting institutes providing courses. In case no relevant functional mailbox is designated by the Member State, official contact details of ENLIST nominators assigned and provided to the ESDC by the Member States are available on the ESDC homepage for course participants to seek validation from the ENLIST national points of contact (POC). ENLIST Points of Contacts, having provided consent for placing official contact details (name and professional e-mail address) onto the open database of the ESDC website, are responsible for registering selected participants from the member State from various ministries and services for the ESDC courses.

The information in question will not be communicated to third parties, except where necessary for the purposes outlined above (e.g. Specific personal data, such as ID card number etc. from course participants for access to building purposes).
6. PROVISION, ACCESS AND RECTIFICATION OF THE DATA
You have the right to access your personal data and the right to correct any inaccurate or incomplete personal data, as well as to request the removal of your personal data, which will be implemented within 10 working days after your request will have been deemed legitimate. If you have any queries concerning the processing of your personal data, you may address them to the data controller at the following functional mailbox: [email protected]
7. LEGAL BASIS for the processing operation
The legal basis of the processing operation at stake is:

§  Council decision 2013/189/CFSP of 22 April 2013 establishing a European Security and Defence College (ESDC and repealing Joint Action 2008/550/CFSP

§  Good administrative practices in the framework of the Treaty of Lisbon and the Council Decision of 26 July 2010 establishing the organisation and functioning of the European External Action Service (2010/427/EU) available on http://www.eeas.europa.eu/background/docs/eeas_decision_en.pdf
8. TIME LIMIT FOR STORING DATA
Due to the fact that your data forms the basis for the alumni network, it will be stored in the system until the removal is requested as described under Point 6 of the present document.
9. CONTACT
In case you have questions related to the protection of your personal data, you can also contact the EEAS’ Data Protection Office at [email protected].
10. RECOURSE
You have at any time the right of recourse to the European Data Protection Supervisor at [email protected].