Terms and Conditions and Privacy Statements
Terms and conditions and privacy statement for the ESM website
(Updated on 31/03/2023)
Terms and conditions for the ESM website
Introduction
The website (“Website”) of the European Stability Mechanism (“ESM”) presents news, information and images of ESM activities and the activities of the European Financial Stability Facility (“EFSF”) and provides direct access to their information, documents, data and materials.
The Website offers to the general public the opportunity to learn more about the ESM and EFSF and their activities.
Disclaimer
Access to, and use of, the Website constitutes acceptance of the following terms and conditions (“Terms and Conditions”). Please read these Terms and Conditions as they apply to your use of the Website. If you do not agree to these Terms and Conditions, please do not use this Website.
The ESM may at any time make changes to these Terms and Conditions, the information, names, images, pictures, logos and icons described in this Website, with or without notice[1]. The continued use of the Website following any changes to these Terms and Conditions will mean you accept such changes.
The Website contains copyrighted material, trademarks and other proprietary information including text, photos and graphics. You may not publish, display, modify, transmit, transfer, create derivative works, or in any way commercially exploit the content of this Website without the express prior written authorisation of the ESM or the EFSF, respectively and/or the copyright owner, or except as otherwise expressly permitted under copyright law. You acknowledge that the ESM and/or the EFSF and/or the copyright owner retains ownership of the content of this Website and that you do not acquire any ownership rights by downloading any content from this Website.
Neither the ESM nor the EFSF represent that the Website or any content, service or feature thereof will be error-free or uninterrupted, or that any defects will be corrected, or that your use of the Website will provide specific results. The Website and its content are delivered on an “as-is” and “as-available” basis. All information provided on the Website is subject to change without notice. Neither the ESM nor the EFSF guarantee that any files or other data you download from the Website will be free of viruses or contamination or destructive features. The ESM and the EFSF disclaim all warranties, express or implied, including any warranties of accuracy, merchantability and fitness for a particular purpose.
This Website is intended for information purposes only, and nothing in it constitutes (or should be construed as) an offer to sell any investment. Without prejudice to their rights under applicable law, users are responsible for verifying with independent or official sources that this Website’s contents and information are accurate and up-to-date before taking any actions, in particular taking investment decisions.
The Website may contain links to other websites and references to other websites maintained by third parties. Such links are merely provided for the convenience and the interest of users. Neither the ESM nor the EFSF gives or makes any warranties, undertakings or representations as to the availability, accuracy, currency, quality, completeness or fitness for purpose of any information contained in such websites nor do either of them endorse or accept any responsibility for the contents, advertising, products or other materials made available on or through such websites. Under no circumstances shall the ESM or the EFSF be held responsible or liable, directly or indirectly, for any loss or damage caused or alleged to have been caused to a user in connection with such websites.
No part of these Terms and Conditions shall constitute or be interpreted as a waiver of the privileges and immunities of the ESM and the EFSF.
Use of the ESM and EFSF logos
The ESM and EFSF logos are owned by the ESM and EFSF, respectively and are protected by trademarks. You may not modify or create derivatives of the ESM or EFSF logos. Any use, reproduction, publication, display, transmission, making available to the public or exploitation of the ESM or EFSF logos requires prior written authorisation by the ESM or the EFSF, as applicable.
Privacy statement for the website
This privacy statement applies to www.esm.europa.eu only.
Privacy of personal information
The ESM collects your personal information via its website (https://www.esm.europa.eu) to the extent necessary for the purpose of fulfilling its mandate and the related ESM activities and as further described below.
The Website, either directly or through a service provider, stores the Internet protocol (IP) address of your computer, the browser software and operating system used, and the date and time of your visit. The IP address is a number that is allocated to your computer when you are surfing the internet.
This information is used by the ESM to compile statistics concerning which countries the users of the Website visit from, when they visit, and other information about how users access the Website. The ESM also monitors network traffic to identify unauthorised attempts to upload or change information or to otherwise cause damage to the Website.
The ESM will also process the personal data you submit voluntarily (such as your name and/or email address when subscribing to publications or to job alerts) as necessary to provide the services that you request. When subscribing to the ESM blog, please note that your personal data will be processed by our service provider. If before subscribing you would like to know how your personal data is processed by them, please refer to the Granicus website.
The ESM does not distribute, sell or rent any personal information collected via its Website. This is also true for personal information (for example, email and postal addresses) sent to the Website’s email addresses. The ESM does not send unsolicited emails to users of its Website. The transmission of personal information entered via the website’s registration forms (e.g. ESM Careers page) is protected by leading security safeguards.
All personal data provided by you via the ESM Careers page is processed, collected and stored under the conditions set out in the Recruitment Privacy Statement, which is available to you once you create an account via the ESM Careers page and before you submit any further personal data.
You have the right to access and rectify personal data the ESM has collected and processes on you by contacting the ESM (see contact section of the Website).
If the ESM experiences a personal data breach that is likely to cause you a serious personal injury or harm, the Data Protection Officer will, to the extent possible, inform you of such breach and take mitigating measures as appropriate without undue delay.
Use of cookies
A cookie is a piece of data that websites send to a user’s web browser in order to understand more about that user’s interests and intentions in using the Website. Cookies help the ESM to know which pages are visited more often, how you interact with the Website, create metrics and statistics and allow the ESM to ensure that its Website responds to the user’s needs.
The Website may use both persistent cookies (text cookies) and session cookies. A persistent cookie is a file that might contain user personal information. It is stored on a user's computer. The Website uses persistent cookies to understand which pages on the Website are popular and to recognise repeat visitors. Session cookies allow the Website to validate access to any secure areas after you have logged in - these are not stored on a user’s computer.
Your browser software should permit you to disable the use of cookies, if you do not wish to receive a cookie or if you wish your browser to notify you when you receive a cookie. Please be aware that if you disable cookies you will not be able to make use of all the features of our Website.
By setting up your browser to accept cookies and visiting this Website, you consent to the placing and use of cookies on your device or equipment.
Social media
You can follow the ESM on social media, i.e. on LinkedIn, YouTube and Twitter, directly from our website. Please note that when you click on the social media buttons, these take you directly to the ESM social media page but these buttons do not set cookies on your device when you visit our website. However, you will have the possibility to sign in to any of those social media pages and your personal data will be processed by each social media channel in accordance with their own policies. If you choose, for example, to go to the ESM’s LinkedIn account, you will be asked to accept Linkedin’s cookie policy. Please refer to the policies of any of these social media accounts, if you need further information or have any concerns.
Analytics and anonymisation
This Website uses Google Analytics, an open-source analytics platform, to help the ESM analyse how users use our Website.
This platform enables the protection of your personal data thanks to IP-anonymisation, which anonymises your IP address by removing the last two octets of your IP address. In addition, it provides to users a mechanism to opt-out so that your browsing is not processed for analytics purposes.
Google Analytics will use the information on behalf of the ESM for evaluating your use of the Website and to prepare aggregated, anonymous statistics reports on visitor activity.
IP address (masked)
Location: country, region, city, approximate latitude and longitude (Geolocation)
Date and time of the request (visit to the site)
Title of the page being viewed (Page Title)
URL of the page being viewed (Page URL)
URL of the page that was viewed prior to the current page (Referrer URL)
Screen resolution of user's device
Time in local visitor's time-zone
Files that were clicked and downloaded (Download)
Links to an outside domain that were clicked (Outlink)
Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the visitor: Page speed)
Main language of the browser being used (Accept-Language header)
Browser version, browser plugins (PDF, Flash, Java), operating system version, device identifier (User-Agent header)
Site Search
Events
Random unique Visitor ID
Time of the first visit for the specific visitor
Time of the previous visit for the specific visitor
Number of visits for the specific visitor
For persistent cookies, a random ID is generated by Google Analytics, which allows Google Analytics to identify when a user returns to the Website. All persistent cookies have an expiration date (13 months), after which they are automatically removed from the user's device.
Opting out
By default, the browsing experience of Website visitors is tracked by Google Analytics in order to produce anonymised statistics. You may choose not to be tracked (opt-out). If you change your mind, you can choose to be tracked again (opt-in).
If you wish to opt-out (or opt-in back again) please click here:
Please note that if you regularly delete your cookies, you will need to opt-out each time you delete them.
Privacy statement for the ESM careers website
Objective and scope
The purpose of this Privacy Statement is to inform you of how the European Stability Mechanism (ESM, “we”, “us” or “our”) process your personal data via the ESM careers webpage https://ebuz.fa.em2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX (“Website”) only.
Controller and Data Protection Officer
The controller is the ESM at 6a Circuit de la Foire Internationale, L-1347 Luxembourg, Tel.: (+352) 260 962 0, e-mail: info@esm.europa.eu.
The ESM has nominated a Data Protection Officer (DPO). You can contact our DPO by e-mail at DataProtectionOfficer@esm.europa.eu or by post at the above address with the addition “To the Data Protection Officer”.
Processing personal data
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. Personal data mentioned in this Privacy Statement is processed when you visit the Website and when you apply to our vacancies. We collect these data mostly directly from you; however, we may sometimes also obtain personal data related to you from third parties.
1. Visiting the careers website
a) Browser data and server log files
Each time you visit the Website, the following data is automatically processed, which may relate to you as a user (“Browser Data”):
- Your IP address,
- Type of your browser,
- Date and time of your visit,
- HTTP status code of the access (server information to client about successful processing of request),
- Website from which your system accessed our website (referrer URL),
- Website that is accessed by your system from our website (accessed URL),
- Your location.
The processing of Browser Data is technically necessary. It is carried out to properly display our website to you and to ensure its stability and security. This data processing is necessary in the execution of the ESM’s mandate, for the performance of tasks or activities carried out by the ESM in accordance with the ESM Treaty, By-Laws, and the applicable rules and procedures; this includes the processing of personal data necessary for the management and functioning of the ESM.
We store the Browser Data in so-called server log files for troubleshooting purposes. Browser Data is not stored together with other data relating to you, e.g., your application data. This data processing is necessary in the execution of the ESM’s mandate, for the performance of tasks or activities carried out by the ESM in accordance with the ESM Treaty, By-Laws, and the applicable rules and procedures; this includes the processing of personal data necessary for the management and functioning of the ESM.
For the provision of the website, we use the web hoster service provided by Oracle Luxembourg S.à.r.l (“Oracle Luxembourg”). Oracle Luxembourg servers on which the website is hosted are located in Frankfurt, Germany. Oracle Luxembourg is a part of Oracle Corp., a corporation with global reach. For this reason, Browser Data, may be transferred by Oracle Luxembourg to third-countries that do not provide an adequate level of protection for personal data. In case Browser Data are transferred by Oracle Luxembourg to such third-countries, Oracle Luxembourg is required to take adequate measures designed to protect personal data embodied in Browser Data in line with Oracle’s Binding Corporate Rules for Processors (BCR-P) or the terms of the EU Model Clauses.
b) Technically necessary cookies
Cookies are text files that are stored on the browser or by the browser on the user's computer which provide information about the user. Technically necessary cookies, which are necessary to display the website to you, will be set when accessing the Website. The cookies listed below identify the connection between you and the Website and ensure the stability of the Website. This data processing is necessary in the execution of the ESM’s mandate, for the performance of tasks or activities carried out by the ESM in accordance with the ESM Treaty, By-Laws, and the applicable rules and procedures; this includes the processing of personal data necessary for the management and functioning of the ESM.
arg_idpsession10: This cookie is used as a unique session identifier. This cookie is deleted once the user logs out or the session expires.
JSESSIONID: This cookie stores information about the current session on the user's computer. It is required for the website to function correctly, for example to support navigation between pages. It is stored until deleted by the user.
taleosession: This cookie is used to tie a user’s browser session to the session stored on the web server. This cookie expires once the user logs out or the session expires.
arg_sessionid: This cookie is used as a unique session identifier. It is deleted once the user logs out or the session expires.
queryData: This cookie supports the search and apply functionality of Taleo during the user session. It is stored until deleted by the user.
restoreQuery: This cookie supports the search and apply functionality of Taleo during the user session. It is stored until deleted by the user.
savedQuery: This cookie stores information in the search criteria provided by the candidate while searching for jobs. This data is stored when the candidate navigates from the job list page to another page and the value restores the search criteria when he comes back to the job list page. This cookie expires with the session.
ignoreSavedQuery: When a career section is accessed for the first time by opening a new tab/window, this cookie skips taking in the savedQueryCookie. This cookie expires with the session.
JSESSIONID: This cookie stores information about the current session on the user's computer for the career section. It is needed for the web site to function correctly, for example to support navigation between pages. It is stored until deleted by the user.
arg_sessionid: This cookie is used as a unique session identifier for the career section. This cookie is deleted once the user logs out or the session expires.
locale: This cookie is a language and personalisation cookie for access during the session. It will be stored until deleted by the user.
lastActiveElementId: This cookie stores the last clicked page element and it is being used to restore focus on the last accessed user interface element when a page navigation happens. This cookie expires with the session.
redirectSourceCareerPortalCode: This cookie stores information on the standard career section to which the mobile career section is linked. This data is used when application acknowledgement emails are sent to candidates when they apply through mobile career section. This cookie expires with the end of the session.
blockRedirectionToMobileVersion: Career sections accessed by mobile can be seen in full version too. When candidates view mobile career sections in full version, this cookie gets set and it blocks the automated navigation from standard career section to mobile career section in mobile devices. This cookie expires with the session.
JSESSIONID: This cookie is created by Tomcat (a servlet container) to store the java session Id. It ceases to exist when the browser is closed.
ORA_OTSS_SESSION_ID: This cookie stores the application session id. It ceases to exist when the browser is closed.
ORA_OTSS__SWF_SESSION_ID: This cookie is used to store the flash Uploadify session Id to upload documents. It ceases to exist when the browser is closed.
ORA_OTSS_ANCHOR: This cookie is used to handle anchors in the deep links. We store the anchor with an expiry of 2 seconds.
SMSSOOIF: This cookie is used if 'LoginAuth.OIF.VerifyModeList' property contains 'cookie'. The cookie stores the value 'true' with an expiry of 1 year.
ORA_OTSS_SMARTORG_USER_HOME_URL: This cookie stores the value of "homeURL", which comes as a payload from TEE, with an expiry of 10 years.
Cookie-Accept: This cookie is a permanent non expiring cookie installed on the device which indicates the user has permanently accepted cookies. With this cookie in place, neither the cookie banner nor the blocking modal will appear in future sessions.
ORA_OTSS-cookies-enabled: This cookie presents when the browser cookie is disabled. This cookie expires when the browser is closed.
c) Job alerts
If you sign up for job alerts, we will process your name, your e-mail-address, your field of interest and your preferred job location. We use this data to keep you updated about job opportunities at the ESM and to attract potential applicants. The legal basis for this data processing operation is your consent. We will store your personal data until you withdraw your consent (as mentioned below).
2. Applying to our vacancies
a) Login
To apply for a position at the ESM you first must register and log in to an application account. For this purpose, we process your username, your password, and your e-mail address. The legal basis for the processing of your personal data is your request prior to entering into an employment or another contract with us. We will delete your login data if your account is inactive for two years.
b) Recruitment application
When you apply to one of our vacancies, to review your application, we process the following personal data:
- Uploaded documents: cover letter and resume
- Basic data: name, address, (secondary) nationality, date of birth, gender, phone number, email address
- Whether you are a current or former ESM employee
- Language skills: mother tongue, level of English, other languages including skill level
- Employment preferences: conditions, interests, and date of availability
- Work experience: last/current/former employers, employment sector, job function, location of employer, start date, and end date
- Education: institution, major/program, location, education level, start date, and graduation date
If you are a candidate to an interim work position, we may also collect personal data from third parties in relation to you. Interim agencies submit applications on behalf of their candidates via our website. In such case, they provide the candidate’s CV, name/first name, nationality, postal address, and email address.
The legal basis for the processing of your personal data is your request prior to entering into an employment contract with us. If you are the selected candidate, the ESM may process your application data during the employment or other relationship, as applicable, and after the end of this relationship in accordance with ESM’s schedule of retention periods. If you are not the selected candidate, we retain your personal data for two years after their submission.
3. Recipients of your personal data
Your personal data may be shared with parties both internal and external to the ESM:
Within the ESM
The recipients of your personal data are normally ESM members of staff. They may also be interim workers, trainees, or consultants working for the ESM.
Outside of the ESM
Third party processors that are used by the ESM are HRMC, as website administrator of the ESM careers webpage, and Oracle, Corp.
4. Your data subject rights
You have various rights as an individual which you can exercise under certain circumstances in relation to your personal data that we hold: right to access, right to rectification, right to erasure, right to restriction, and, if applicable, right to withdraw consent.
If you want to exercise your rights or have questions regarding them, please contact us at DataProtectionOfficer@esm.europa.eu or send your request to the following address: 6a, Circuit de la Foire Internationale, L-1347 Luxembourg.
5. Updates to our privacy statements
The ESM keeps its Privacy Statements under regular review and places any updates on our Website. This Privacy Statement was last updated on 31 March 2023.
Privacy statement for processing of personal data of data subjects external to the ESM
What is the objective and scope of this document?
The purpose of this privacy statement is to inform you of how the European Stability Mechanism (ESM, “we”, “us” or “our”) processes your personal data when you liaise with the ESM. This privacy statement is addressed to individuals other than ESM personnel.
For the purposes of this privacy statement “individuals”, “you” or “your” refers jointly or severally to:
- Individuals visiting the ESM premises or events hosted by the ESM (visitors and guests),
- Individuals involved in the provision of services to the ESM (counterparties),
- Individuals that otherwise liaise with the ESM without an underlying contractual relationship (other third parties).
Who is responsible for handling your personal data?
The ESM is the controller for all the processing operations described in this document.
We control the ways your personal data is collected and the purposes for which we process them. The ESM has nominated a Data Protection Officer (DPO) who can be contacted at the following email address DataProtectionOfficer@esm.europa.eu.
What personal data do we process?
Personal data highlighted in this privacy statement are processed for various purposes by different divisions of the ESM to manage your interactions with the organisation.
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. We collect these data mostly directly from you; however, we may sometimes also obtain personal data related to you from third parties (e.g. from the company you are working for). The personal data may be processed by different services from the ESM, depending on your liaison with the organisation.
More detailed description on how we process your personal data is available in the expandable headings below:
|
Responsible ESM function |
Why do we process your personal data? |
What general personal data do we process? |
What specific personal data do we process? |
|
Communication division |
Organisation of university student excursions at the ESM |
Identification data (Name, Surname), contact details |
Image collection and processing (photo & occasionally video) |
|
EMA division |
Organisation and coordination of research seminars |
Professional information, including your CV, photo |
|
|
Organisation of an economic market analysis and publication online |
Professional information, including your CV |
||
|
Finance and Control division |
Expense reimbursement and travel arrangements (e.g., for visiting speakers) |
Bank account details, travel related information, passport and visa details, dietary preferences |
|
|
Information Technology team |
Messaging audio and video conferencing |
Identification data (Name, Surname), contact details |
Professional contacts and role, Image collection and processing Sound collection and processing |
|
Management of access rights
|
Professional (Title, Personal identifier, Telephone, Current employer, Position, Work location) Electronic identification (usernames, IP) Other (access rights, period for which access rights are granted) |
||
|
Security monitoring |
Digital information (IP addresses, phone IMEI, geo-location, URLs visited, information relating to files uploaded and downloaded without having access to content, browser, System logs) |
||
|
Helpdesk management |
Other data provided by staff through open tickets e.g., Email content, documents etc. |
||
|
Various divisions (including Finance and Control, Funding and Investment Relations, PSIR, Communications) |
Organisation of events |
Identification data (Name, Surname |
Image collection and processing (photo & occasionally video), dietary preferences |
|
Facility Management team |
Management of access badges and signing confidentiality commitments |
Identification data (Name, Surname) |
Professional title, badge number |
|
Management of lost and founds items
|
Identification data (Name, Surname) |
N/A |
|
|
Management of visitors |
Identification data (Name, Surname), contact details |
N/A |
|
Responsible ESM function |
Why do we process your personal data? |
What general personal data do we process? |
What specific personal data do we process? |
|
Internal Audit division |
Information for you and your services to the ESM may fall within the scope of audits performed to the ESM. |
Identification data (Name, Surname), contact details |
Professional role, financial data or other categories of personal data depending on the scope of the audit |
|
|
Management of Audits of various departments |
Financial - only in case of audit of HR (Compensation & Benefits)
Additional personal data might be necessary, depending on the type of the audit |
|
|
Commercial Legal and Procurement division |
Management of commercial contracts and tenders |
Potentially professional profile of candidates |
|
|
Compliance team |
Compliance testing of selected policy requirements
|
- |
|
|
Management of whistleblowing reports |
Depending on the collected information and the root cause of the whistleblowing |
||
|
Finance and Control division |
Invoice or expense processing |
|
|
Responsible ESM function |
Why do we process your personal data? |
What general personal data do we process? |
What specific personal data do we process? |
|
|
Evaluation team |
Performing post lending interviews and surveys |
Identification data (Name, Surname), contact details |
- |
|
|
Commercial Legal and Procurement division |
Management of tenders |
|
- |
|
|
Communication division |
Management of newsletter and blog subscription |
|
- |
|
|
Preparation and storage of annual reports |
|
|
||
|
Compliance team |
Assessment of unusual communications |
|
Depending on the information contained in communications |
|
|
Management of whistleblowing reports |
|
Depending on the collected information and the root cause of the whistleblowing |
||
|
Finance and Control division |
Expense reimbursement and travel arrangements of board members, ESMAT, etc. |
|
Bank account details, travel related information, passport and visa details, dietary preferences |
|
|
Reporting of upcoming trips from travel agencies to reconcile prepayments and for budgetary projections
|
|
Details of trips |
||
|
Information Technology team |
Security monitoring |
|
Digital information (IP addresses, phone IMEI, geo-location, URLs visited, Files uploaded and downloaded, browser, System logs) |
|
|
Helpdesk management |
|
Other data provided by staff through open tickets eg. Email content, documents etc. |
||
|
Technical assistance and troubleshooting |
|
Professional contacts and role Other (diagnostic and troubleshoot data extracted for specific user activity and device, description of the issue reported by the data subject) |
||
|
Configuration of file sharing options |
|
Professional contacts and role Other (sharing options enabled per user role/category) |
||
|
Human Resources division |
Management of emergency contact details, when provided to the ESM by a member of the ESM personnel |
|
Relationship with the member of staff and start date for partner/spouse, date of birth |
|
|
Risk division |
Reporting of operational risks |
|
Professional contacts and position |
|
|
|
Review of access rights and remote access |
|
|
|
|
Human Resources division |
Recruitment and onboarding purposes |
Identification data, professional data including information on your CV, cover letter, video interviews and evaluations related to your candidacy |
If your candidacy has not been submitted by an interim agency, but by you via the ESM career page, please refer to our dedicated privacy statement posted on that page.
|
Human Resources division |
Recruitment and onboarding purposes |
Identification data, professional data including information on your CV, cover letter, video interviews and evaluations related to your candidacy |
There might be processing activities which involve processing of personal data of individuals external to the ESM that are addressed into details in separate privacy statements.
For any information on how we process your personal data related to:
- ESM events – please, refer to our general privacy statement on the processing of personal data during the organisation and management of events, as well as the specific privacy statement dedicated to the particular event;
- Recruitment – please, refer to the ESM recruitment privacy statement published on the dedicated ESM website page
- Whistleblowing procedure – please refer to the ESM privacy statement for the online whistleblowing reporting system (Reporting)
On what basis we process your personal data?
- Execution of the ESM’s mandate, for the performance of tasks or activities carried out by the ESM in accordance with the ESM treaty, by-laws, and the applicable rules and procedures (including processing activities necessary for the management and functioning of the ESM). The majority of the personal data processing activities carried out by the ESM are necessary for the management and the functioning of the ESM. In all those instances we make sure that the processing is proportionate to the purposes identified by the ESM.
- Consent – if you have voluntarily given your consent to the processing of your personal data for one or more specific purposes.
- Legitimate interest – when processing is necessary for the purposes of the legitimate interests pursued by the ESM or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
- Contract – when processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract
In very limited instances we process your personal data on the basis of your explicit consent. That is the case specifically when:
- We ask for your consent to make an audio recording of the post lending evaluation interviews and surveys, or
- We are managing your participation and your preferences in research seminars organised by the ESM, or
- You request to receive our newsletter or manage your blog subscription, or
- We ask for your consent to collect your image (photo or video) for souvenir of your visit at the ESM as part of a university study trip, or
- You are provided with an ESM laptop using biometric technology to ensure secure access rights, or
- You use an ESM laptop, and analytical tools are applied by the ESM to analyze your work-related behavior and interests.
Whenever we are processing your personal data on the basis of your consent, you are entitled to withdraw your consent at any moment and without any detriment by contacting the ESM at the following address (DataProtectionOfficer@esm.europa.eu). In the email, you should clearly indicate sufficient details for us to identify you, and clearly outline for which purpose your consent was initially collected.
When your consent has been withdrawn, the processing activities that rely on that consent will be stopped as soon as practicable. However, the withdrawal of your consent does not affect the legality of the processing activities on which the consent given prior to its withdrawal was based. All data processing operations that were based on consent and took place before the withdrawal of your consent remain lawful.
How long do we keep your data (retention period)?
In all circumstances personal data will be kept for no longer than necessary to fulfil its purpose.
In the general case, we will keep personal data for the duration of your relationship with the ESM. Certain categories of personal data are kept for relatively shorter periods, for example data vested in the recordings of our CCTV system is kept for 8 days only.
You can get any further information by contacting us at the following email: DataProtectionOfficer@esm.europa.eu.
To whom do we share your personal data?
Your personal data may be shared with parties both internal and external to the ESM.
|
Within the ESM
|
The recipients of your personal data are normally ESM staff members. They may also be interim workers, trainees, or consultants working for the ESM. Please refer to the former sections of this privacy statement to know how other divisions are processing your Personal Data. |
|
Outside of the ESM
|
In some circumstances, ESM may share your data with third parties. In these cases, your data will be shared with: - Independent external auditors - IT service providers - Travel service providers - Event organisation companies - EU institutions or other national competent authorities - Consulting firms - Security firms
For more information regarding the service providers used by ESM please contact DataProtectionOfficer@esm.europa.eu. Some of your Personal Data may also, with your consent, be disclosed publicly. |
The ESM further ensures that when third-party service providers process data on behalf of the ESM, appropriate contractual safeguards are put in place to protect your personal data.
Please note that we may use or disclose your personal data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, or other legal processes.
When do international transfers of personal data take place?
Your personal data is processed mainly within the European Economic Area or in jurisdictions which provide adequate level of protection and may be transferred outside of the European Economic Area on a limited basis.
When your personal data is transferred outside of the European Economic Area, such transfers are made in compliance with the applicable law to provide appropriate safeguards and an adequate level of protection for personal data.
For the purposes set out in this privacy statement, your personal data may be transferred to third countries for the purposes of management of commercial contracts or tenders, organisation of RFAs.
For the purposes set out in this privacy statement, your personal data may be transferred to Albania for the purpose of processing expense claims and reconciliating credit card details.
Occasional transfers may also take place outside of the European Economic Area when an event is organized by the ESM (further information will, then, be provided within a dedicated privacy statement), or when inter-institutional meetings are organized by the ESM outside of the European Economic Area. For further details relating to the transfers described above and the adequate safeguards used with respect to such transfers, please contact us at DataProtectionOfficer@esm.europa.eu.
What are your rights?
You have various rights as an individual which you can exercise under certain circumstances in relation to your personal data that we hold. You have the right to access, rectify, delete or limit the processing of personal data collected concerning you.
- Your right of access - you have the right to ask us for copies of your personal information.
- Your right to rectification - you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - you have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to withdraw consent – you have the right to withdraw your consent whenever we are processing your personal data basing on consent - at any moment and without any detriment.
Please contact us at DataProtectionOfficer@esm.europa.eu if you wish to make a request or lodge a complaint. You are not required to pay any charge for exercising your rights. If you make a request, we will undertake all necessary efforts to respond within a reasonable period of time.
How do we secure your personal data?
The ESM takes all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality and integrity of your personal data.
How can you get in touch in order to exercise your rights?
If you have questions or concerns regarding this privacy statement, please do not hesitate to contact us at DataProtectionOfficer@esm.europa.eu or send your request to the following address 6a, Circuit de la Foire Internationale L-1347 Luxembourg.
General privacy statement of the ESM for processing of personal data during organisation and management of events
Objective and scope
The purpose of this Privacy Statement is to inform you of how the European Stability Mechanism (ESM, “we”, “us” or “our”) processes personal data for the organisation and management of these events. This Privacy Statement is addressed to all attendees of events organised or hosted by the ESM (this including ESM staff members, trainees and interim workers, contracting parties, visitors, attendees, speakers, etc.)
Controller and Data Protection Officer
The ESM is the controller for all the processing operations described in this document. We control the ways your personal data is collected and the purposes for which we process them.
The ESM has nominated a Data Protection Officer (DPO) who can be contacted at the following email address DataProtectionOfficer@esm.europa.eu.
Processing personal data
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. Personal data as indicated in this Privacy Statement is processed for the organisation and management of ESM events.
Depending on the event we are organising, we might be processing your personal data for the purposes of attendance registration or when taking photos and/or video recordings. For more detailed information on how your personal data is being processed in each instance, please refer to the specific privacy statement dedicated to a particular event.
Legal ground to process your data
1) Consent
Unless otherwise specified, the processing of your personal data is based on your consent when it relates to:
- Your dietary preferences, or
- Pictures and/or videos of you, when you are the focal point, or
- Your registration to the event.
You are entitled to withdraw your consent at any moment and without any detriment by contacting the ESM at the following address (DataProtectionOfficer@esm.europa.eu). In the email you should clearly indicate sufficient details for us to identify you, and clearly outline which purpose your consent was initially collected for.
When your consent has been withdrawn, the processing activities that rely on that consent will be stopped as soon as practicable. However, the withdrawal of your consent does not affect the legality of the processing activities on which the consent given prior to its withdrawal was based. All data processing operations that were based on consent and took place before the withdrawal of your consent remain lawful.
2) Execution of the ESM’s mandate, for the performance of tasks or activities carried out by the ESM in accordance with the ESM Treaty, by-laws, and the applicable rules and procedures (including processing activities necessary for the management and functioning of the ESM)
The applicable legal basis for personal data that is processed:
- In order to register you to attend ESM events,
- As part of internal events,
- To take photos and make video recordings when you are not the focal point,
- By using the CCTV security system,
is the proper management and functioning of the ESM. Personal data processed based on this basis is always proportionate to the ESM’s need and will not be used for other purposes.
How long we keep your data (retention period)
Personal data will be kept for no longer than necessary to fulfil their purpose. Please, refer to the specific privacy statement for each separate event to consult the applicable retention periods.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer considered as personal data. Upon expiry of the applicable retention period we will securely destroy your personal data.
In all circumstances we will ensure that personal data is kept for no longer than necessary to fulfill the purpose for which it was processed. For further information you can contact us at the following email: DataProtectionOfficer@esm.europa.eu.
Recipients of your personal data
Your personal data may be shared with parties both internal and external to the ESM:
|
Within the ESM |
The recipients of your personal data are ESM members of staff in charge of the organisation and management of an event. They may also be interim workers, trainees, or consultants working for the ESM. |
|
Outside of the ESM |
Third party processors that are used by the ESM to undertake the organisation and management of the event. The general public may have access to photographs or videos that are posted on social media (as well as the social media providers themselves), the ESM website, or an ESM publication where you consented to it. The ESM further ensures that when third-party service providers process data on behalf of the ESM, appropriate contractual safeguards are put in place to protect your personal data. |
Please note that we may use or disclose your personal data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
International transfers of personal data
Your personal data is processed mainly within the European Economic Area or in jurisdictions which provide adequate level of protection and may be transferred outside of the European Economic Area on a limited basis.
If your personal data is transferred outside of the European Economic Area, you will be informed in the relevant privacy statements. Such transfers are made in compliance with the applicable law to provide appropriate safeguards and an adequate level of protection for personal data.
Your rights
You have various rights as an individual which you can exercise under certain circumstances in relation to your personal data that we hold. You have the right to access, rectify, delete or limit the processing of personal data collected concerning you:
- Your right of access - you have the right to ask us for copies of your personal data.
- Your right to rectification - you have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - you have the right to ask us to erase your personal data in certain circumstances.
- Your right to restriction of processing - you have the right to ask us to restrict the processing of your personal data in certain circumstances.
- Your right to withdraw consent – you have the right to withdraw your consent whenever we are processing your personal data basing on consent - at any moment and without any detriment.
Please contact us at DataProtectionOfficer@esm.europa.eu if you wish to make a request or have any question. You are not required to pay any charge for exercising your rights. If you make a request, we will undertake all necessary efforts to respond within a reasonable period of time.
Security of your personal data
The ESM takes all reasonable steps to ensure that appropriate security measures are in place to protect the confidentiality and integrity of your personal data.
Updates to our privacy statements
The ESM keeps its Privacy Statements under regular review and places any updates on our web page.
Contact information
If you have questions or concerns regarding this Privacy Statement, please do not hesitate to contact us at DataProtectionOfficer@esm.europa.eu or send your request to the following address 6a, Circuit de la Foire Internationale L-1347 Luxembourg.