APF 2018 is co-organised by the European Union Agency for Network and Information Security (ENISA) and the Universitat Politènica de Catalunya (UPC).

The joint data controllers for the processing of your personal data in the context of this event are ENISA (Core Operations Department) and UPC. 

ENISA is responsible for the overall organisation of the event, the online registration of the participants, as well as the communication with the participants before and after the end of the event.

UPC is responsible for the management of the event’s registration fees (including payment of the fees), as well as the local organisation of the event. The data processor for the online payment service is ISMS Forum Spain (through specific agreement with UPC), which uses the services of Paypal Inc. as one of the possible options for the payment of registration fees.

ENISA processes personal data in accordance with Regulation (EC) No 45/2001[1] on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.  The legal basis for the processing of data is Article 5(d) of Regulation EC 45/2001 based on the consent of the data subject.

UPC processes personal data in accordance with the Spanish Organic Law on the Protection of Personal Data (LOPD) and the Royal Decree which approves the Implementing Regulation of this Organic Law, and the EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data[2], as it comes into force. The legal basis for the processing of data are Articles 6(a) and 6(b) of EU Regulation 2016/679, as it comes into force.

The purpose of the processing of personal data is to register interested persons to APF 2018, provide access to the conference venue, maintain the participants’ list, as well as allow the follow up of the event, including feedback collection and specific communication activities.

The following personal data are collected:

• Contact data: first name, last name, title (optional), function (optional), organisation, e-mail address, phone number (optional).
• Financial data: bank or credit card details for the payment of registration fees (processed under the responsibility of UPC only) or related to the reimbursement of expenses of invited participants.
• Data on dietary preferences (e.g. food allergies, special meals).
• ID or passport number: strictly for security purposes, i.e. for the management of access at the conference venue (Telefonica premises).

The recipients of your data will be ENISA and UPC staff involved in the organisation of APF 2018, ISMS staff (for the online payment service), event organisers contracted by ENISA and UPC (involved in the reimbursement of expenses of invited speakers), as well as competent financial institutions (for the payment of the registration fees).  Telefonica, which provides the conference venue, will also be the recipient of contact data and ID/passport number strictly for security purposes and for facilitating access to the building during the days of the event. Access to the data can be also granted to national and EU bodies charged with monitoring or inspection tasks in application of national or EU law (e.g. internal audits, European Anti-fraud Office – OLAF).

The final participants’ list (first name, last name, and organisation) will be kept for a maximum period of five years after the end of the event for auditing purposes. Email addresses and all optional contact data will be kept for a maximum period of six months after the end of the event (unless otherwise indicated, e.g. if the event participant has indicated upon registration that he/she wishes to be further informed by ENISA and/or UPC about future events and activities). ID/passport number and data on dietary preferences will be kept only until the completion of the event. Financial data related to the event will be kept for a maximum period of 10 years after the end of the event for auditing purposes. All data will be deleted after the end of their respective retention periods.

You have the right to access your personal data and the right to correct any inaccurate or incomplete personal data. If you have any queries concerning the processing of your personal data, you may address them to ENISA at isdp [at] enisa . europa . eu . You many also contact the ENISA DPO at data protection [at] enisa . europa . eu .

You shall have right of recourse at any time to the competent supervisory authorities: European Data Protection Supervisor (https://edps.europa.eu) and Catalan Data Protection Authority (http://apdcat.gencat.cat/en/inici/).

Web streaming, Filming and Recording

Please note that the keynote presentations and panel discussions of APF 2018 will be live web streamed, based on the consent of the speakers (presenters/panel participants).

Keynotes and panel discussions will also be filmed, recorded and further uploaded on YouTube, based on the consent of the speakers, after the completion of APF 2018.

The focus of live web streaming and filming/recording will be on the speakers only and no general views of the audience or specific views/pictures of event’s participants (other than speakers) will be captured.  

Still, should any other participant is recorded in the context of keynotes/panels filming, e.g. while asking questions during a panel discussion, and would like to have certain parts of the videos relating to him or her removed, please contact us at isdp [at] enisa. europa . eu .

[1] http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32001R0045

[2] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN