TABLE OF CONTENTS
- Why and how do we process your personal data?
- On what legal grounds do we process your personal data?
- Which personal data do we collect and further process?
- How long do we keep your personal data?
- How do we protect and safeguard your personal data?
- Who has access to your personal data and to whom is it disclosed?
- What are your rights and how can you exercise them?
- Contact information
Generation 2004 is committed to protect your personal data and to respect your privacy. We process personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereafter ‘GDPR’).
This privacy statement explains the reasons for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used, and what rights you have in relation to your personal data.
Why and how do we process your personal data?
Generation 2004 is a representative staff association formally recognized by the European Commission. It is a party to the Agreement on relations between the European Commission and the trade unions and staff associations (‘the Framework Agreement’) and to the Agreement between the European Commission and the representative trade unions or professional organisations on the resources allocated to those organisations (‘the Resources Agreement’).
We process personal data for the following purposes:
- Management of Generation 2004’s membership, namely registration of new members, update of registration information, termination of membership, collection of membership fee, communication with members, invitation to the General Assembly, organisation of elections for Generation 2004 governing and consultative bodies, organisation of conferences, information events, and training courses.
- Management of Generation 2004’s website, namely registration to the website, making comments or posting questions on the website, notifying users when answers are published to their comments or questions.
- Carrying out of trade union and staff association activities under the staff regulations, namely participating in the Staff Committee and the Joint Committees provided for in the Staff Regulations, representing the interests of the staff vis-à-vis their institution, maintaining continuous contact between the institution and the staff, contributing to the smooth running of the European civil service by providing a channel for the expression of opinion by the staff, defending the legal rights and legitimate interests of the staff, and communicating with the European institutions and their staff members through sending e-mail messages and newsletters.
Your personal data will not be used for an automated decision-making including profiling.
On what legal grounds do we process your personal data?
We process personal data on the basis of the following legal provisions:
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes. (Article 6(1)(a) of the GDPR).
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. (Article 6(1)(e) of the GDPR).
- Everyone has the right to freedom of peaceful assembly and to freedom of association at all levels, in particular in political, trade union and civic matters, which implies the right of everyone to form and to join trade unions for the protection of his or her interests. (Article 12 of the EU Charter of Fundamental Rights).
- The trade unions and staff associations referred to in Article 24b shall act in the general interest of the staff, without prejudice to the statutory powers of the staff committees. The Commission proposals referred to in Article 10 may be the subject of consultations by representative trade unions and staff associations. (Article 10b of the Staff Regulations).
- Each institution may conclude agreements concerning its staff with its representative trade unions and staff associations. Such agreements may not entail amendment of the Staff Regulations or any budgetary commitments, nor may they affect the working of the institution concerned. The representative trade unions and staff associations which are signatories shall operate in each institution subject to the statutory powers of the staff committee. (Article 10c of the Staff Regulations).
Article 6(1)(a) of the GDPR is not applicable to the sending of e-mails to all staff.
Which personal data do we collect and further process?
To carry out the activities under point 2 above, we collect and further process the following categories of personal data:
- Personal details (first name; family name; signature; nationality; national civil registration number);
- Employment details (EU institution, agency or other body; official or other servant; function group; grade; seniority; staff number; place of employment);
- Contact details (e-mail address; IP address; office address; phone number);
- Bank account details (IBAN; BIC).
For the purpose of sending e-mail messages and newsletters to the staff, we collect e-mail addresses of staff. Moreover, we maintain a list of staff members who requested not to be contacted by Generation 2004.
How long do we keep your personal data?
We only keep your personal data for the time necessary to fulfil the specific purpose of the data processing operation.
For the purpose of Generation 2004 trade union and staff association activities under the Staff Regulations, incl. sending of e-mail messages and newsletters to the staff, we keep a list of staff members who requested not to be contacted by Generation 2004. This list is maintained until the persons concerned are no longer staff members or until they explicitly gave their permission to be contacted again by Generation 2004. The list of emails used in our emailing activities is only transiently processed and is not stored by Generation 2004. When we send mass emails using any of the Generation 2004 functional email boxes, we retrieve the addresses from several Commission distribution lists, and the addresses are discarded immediately after sending the messages.
For the purpose of Generation 2004 membership management, we keep the relevant personal data until 12 months after the person no longer being a member of Generation 2004. This is so because, according to the Generation 2004 bylaws, the colleague cannot re-join Generation 2004 for that period after leaving the association and we need to be able to identify those cases; after the said 12-month period expires, the email address of the former member is deleted from our records.
For the purpose of Generation 2004 website management, we keep the relevant personal data until the subscriber requests his or her account to be deleted.
How do we protect and safeguard your personal data?
All personal data in electronic format are stored either on the Generation 2004’s secured website server or on the secured servers of the European Commission.
Paper based personal data are stored in secured cabinets accessible only by authorized Generation 2004’s staff and located within secured offices provided by the European Commission to Generation 2004.
To protect your personal data, we have put in place a few technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
Who has access to your personal data and to whom is it disclosed?
Access to your personal data is provided only to authorized Generation 2004’s staff according to the ‘need to know’ principle.
Certain categories of personal data processed by Generation 2004 such as the names of Generation 2004’s members are disclosed to the European Commission to meet a statutory requirement, namely to verify the representativeness of Generation 2004 as a staff association formally recognized by the European Commission pursuant to the Staff Regulations.
What are your rights and how can you exercise them?
You have specific rights as a ‘data subject’ under Articles 12-23 of the GDPR, in particular the right to access, rectify or erase your personal data and the right to restrict or object to the processing of your personal data.
You can exercise these rights by contacting us via email or, as regards the right to object, by clicking on the ‘unsubscribe’ link included in all our emails.
You have also the right to lodge a complaint with the Data Protection Authority of Belgium if you consider that your rights under the GDPR have been infringed as a result of the processing of your personal data by Generation 2004.
In addition, if you believe that your rights under Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (‘EUDPR (European Union Data Protection Regulation)’) have been infringed, you can contact the Data Protection Officer (‘DPO’) of the European Commission and/or make a complaint to the European Data Protection Supervisor (‘EDPS’).
The contact information that you need to exercise your rights is provided under point 9 below.
Data Protection Authority of Belgium
Lodge a complaint: https://www.dataprotectionauthority.be/citizen/actions/lodge-a-complaint
Data Protection Officer of the European Commission
European Data Protection Supervisor
Lodge a complaint: https://edps.europa.eu/data-protection/our-role-supervisor/complaints_en