Data Protection is the safeguarding of the privacy rights of natural persons in relation to the processing of personal data. The Regulation (EU) 2018/1725 on Data Protection confers rights on individuals as well as placing responsibilities on those persons processing personal data.
Personal data, data subject
Any information relating to an identified or identifiable natural person. An identifiable natural person, called the data subject, is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 3 (1) Reg. 2018/1725).
Processing of personal data
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Processing personal data of ETF's stakeholders and other people involved or interested in the activities of the ETF occurs for example in events organisation procedures, recruitment procedures …
Data processing operations concerning staff include, for example, procedures relating to staff appraisal and promotion, handling of personal and medical files.
Register of records on personal data processing activities
The processing of personal data by the ETF is under the responsibility of the data controller who is the ETF’s Director. The data controller is responsible for ensuring, in particular, that technical and organisational measures are undertaken so as to protect the personal data with an appropriate level of security. The data controller remains legally responsible if someone who works for him or her breaches the data protection rules.
Data Protection Officer
The ETF Data Protection Officer (the DPO) is the person who shall ensure that the rights and freedoms of the data subjects are respected by ETF, and advises the data controller on fulfilling the obligations.
The DPO also provides advice and makes recommendations on rights and obligations of ETF and its services related to data processing processes and operations.
In critical situations, he or she may investigate matters and incidents either upon a request of a data subject or on his own initiative.
The DPO keeps a register of all personal data processing operations carried out in the institution, and ensures the timely notification of sensible personal data processing operations to the European Data Protection Supervisor (EDPS).
The ETF's DPO can be contacted at firstname.lastname@example.org, or directly:
Tiziana Ciccarone (ETF Data protection Officer)
Laurens Rijken (Deputy Data Protection Officer)
The European Data Protection Supervisor (EDPS)
The European Data Protection Supervisor is the independent supervisory authority responsible for monitoring and ensuring the application of data protection rules by European Community institutions and bodies, including the Agencies.
How to exercise your rights as a data subject
As a general rule, anyone has the right to be informed about the processing of his/her personal data, and to access that information at any time and rectify it if it is inaccurate or incomplete. Under certain conditions a right to erasure, restriction of processing and objection to processing also applies. If as a data subject you want to exercise these rights, you need to contact the data controller of the data processing activity in question.
For questions related to the processing of your personal data by ETF, you can contact the ETF DPO. You also may lodge a complaint regarding the processing of your personal data by ETF with the European Data Protection Supervisor.