Privacy Policy SESAR Deployment Manager

PRIVACY STATEMENT ON THE PROTECTION OF PERSONAL DATA of the personnel of an entity which is a beneficiary under Implementation Projects (IP) or Programme Support Action (PSA) Specific Grant Agreements (SGAs)

The Members of the SESAR Deployment & Infrastructure Partnership (SDIP) Consortium protect your personal data in accordance with the applicable personal data protection legislation, including, where applicable, Regulation (EU) 2016/679 (“GDPR”), except for EUROCONTROL whose obligations in this matter shall be governed by the EUROCONTROL Regulation on Personal Data Protection and its Implementing Rules. The list of Members of the SDIP Consortium can be consulted here.

1. What is the Framework Partnership Agreement Project? Why do we collect, store and process your personal data?

Under the Framework Partnership Agreement (FPA) Project 2022-122-SESAR Deployment Manager of 31 May 2022 and Framework Partnership Agreement (FPA1) No MOVE/E2-2014-717/SESAR FPA on 5 December 2014, as amended (or in case of an application to an on-going Call for Proposals), personal data are either processed for the purpose of submitting proposals in view of concluding a Specific Grant Agreements (SGA)concluded with the European Commission, or processed for the performance of an SGA.

2. What personal data do we collect, store and process about you?

We hold the following categories of personal data related to you:

email addresses,
full name,
phone numbers,
professional positions,
CVs
any personal data contained in application submitted in response to a Call for Proposals or contained in Actions Status Reports (ASRs) or Individual Financial Statements (IFS)
or any other reports or documents provided to the SDIP Consortium within the framework of its activities which are communicated by the entity of which you have been designated as a contact person or as its legal representative.

3. Who is your personal data disclosed to? Who has access to your personal data?

Access to your personal data is provided to the Members of the SDIP Consortium for the performance of their tasks under the relevant Framework Partnership Agreement, Specific Grant agreements or multi-beneficiary grant agreements awarded to those projects. Such staff is subject to confidentiality obligations.

When performing its tasks, the SDIP Consortium needs to transfer your personal data to the European Commission and the European Climate, Environment and Infrastructure Executive Agency (CINEA) for audit trial purposes.

Furthermore, Personal data collected by the SDIP Consortium and transferred to its suppliers for monitoring purposes so as to allow the SDIP Consortium to monitor the reading of emails and take appropriate action, such as, mainly, sending a reminder to those data subjects who did not read an email in question. Please see further below, at point 7.

4. How long is your personal data kept?

Personal data are processed throughout the lifetime of the Actions and up to five years after the payment of the balance and are archived and kept to ensure the audit trail in compliance with Article II.27.2 of the FPA1.

5. What are your rights under the applicable personal data protection legislation?

You have the right to request access to and rectification of personal data or restriction of processing concerning you or to object to processing as well as the right to data portability. However, please note that, for the performance of the tasks of the SDIP Consortium referred to above, the collection and processing of personal are necessary. Therefore, restrictions of the use of personal data may render the performance of those tasks impossible. This could lead to either the termination of any SGA already concluded or the withdrawal of pending applications in response of a Call for Proposals.

Please also note that you have also the right to lodge a complaint with the national Supervisory Authority, in accordance with Article 13(2)(d) of the GDPR in the member state in which the co-controllers subject to GDPR are located.

6. What do we do to avoid misuse or unauthorised access to data concerning you?

Members of the SDIP Consortium are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure Members of the SDIP Consortium have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information collected from you.

7.What safeguards do we apply when we transfer your personal data to third parties?

Personal data collected by the SDIP Consortium and transferred to its suppliers for monitoring purposes so as to allow the SDIP Consortium to monitor the reading of emails and take appropriate action, such as, mainly, sending a reminder to those data subjects who did not read an email in question. Contracts with our suppliers contain appropriate confidentiality obligations. Our Processors are located within the EEA and are therefore subject to GDPR.

Since the SDIP Consortium is co-funded by the European Union, personal data which are not processed anymore may be stored for a period of up to five years after the payment of the balance of each Specific Grant Agreement concluded with the European Commission and the European Climate, Environment and Infrastructure Executive Agency (CINEA) for audit trail purposes. The European Commission and CINEA are subject to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (Text with EEA relevance.). You can consult Regulation (EU) No 2018/1725 at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32018R1725.

8. Who can you contact if you have questions or want to make a complaint?

For any queries related to your personal data, please contact: [email protected],who is the Head of SDIP Finance & Consortium Coordination, overseeing the team responsible for the processing of the personal data concerning you.

Complaints can be addressed to [email protected] and will be duly forward to the competent DPO as required.

PRIVACY STATEMENT ON THE PROTECTION OF PERSONAL DATA of all the contacts receiving SESAR Deployment Manager General Newsletter or other recipients

1. What is the Framework Partnership Agreement Project? Why do we collect, store and process your personal data?

The personal data you provide is collected and processed for the purpose of sending you the general newsletter or other emails and based on your explicit consent.

2. What personal data do we collect, store and process about you?

In order to provide you with our newsletter we only need your email address. If you provide us with additional personal data, then that data are also processed for the purpose of maximising the reach of the general newsletter. The system through which the newsletters are sent embeds tracking functionalities, which include IP addresses, time and place of reading of emails, MAC address, Operating System used. Those personal data are only used for statistical purposes. No profiling is made from this data

3. Who is your personal data disclosed to? Who has access to your personal data?

Access to your personal data is provided to the Members of the SDIP Consortium as controllers for the performance of their tasks under the relevant Framework Partnership Agreement, Specific Grant agreements or multi-beneficiary grant agreements awarded to those projects. Such staff is subject to confidentiality obligations.

4. How long is your personal data kept?

5. What are your rights under the applicable personal data protection legislation?

You have the right to request access to and rectification of your personal data or restriction of processing concerning you or to object to the processing as well as the right to request its erasure. You also have the right to data portability. Please note that, should you request any restrictions or the erasure of your personal data, you will not receive the general newsletter anymore if such restrictions make it technically impossible or involve a disproportionate administrative burden.

6. How can you withdraw consent you have given to the Members of the SDM Consortium?

You may withdraw your consent in any moment by contacting [email protected]; once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to

7. What do we do to avoid misuse or unauthorised access to data concerning you?

8. What safeguards do we apply when we transfer your personal data to third parties?

Your personal data is only given to a very limited set of contractors for the performance of their tasks. Contracts with our contractors contain appropriate confidentiality obligations.

Since the SDIP Consortium is co-funded by the European Union, personal data which are not processed anymore may be stored for a period of up to five years after the payment of the balance of each Specific Grant Agreement concluded with the European Commission and the European Climate, Environment and Infrastructure Executive Agency (CINEA) for audit trail purposes. In this context, your personal data may be transferred to those entities. The European Commission and CINEA are subject to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (Text with EEA relevance.). You can consult Regulation (EU) No 2018/1725 at the following link: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32018R1725.

9. Who can you contact if you have questions or want to make a complaint?

Complaints can be addressed to [email protected] and will be duly forward to the competent DPO as required.