Skip to main content
Building Europe with Local Councillors

Privacy statement

This privacy statement provides information about the processing and the protection of your personal data.

Processing operation: “Building Europe with Local Councillors”

Data Controller: Directorate-General for Communication, Directorate C, Unit C.4.

Record reference: DPR-EC-13729.1

1. Introduction

The European Commission (hereafter ‘the Commission’) is committed to protecting your personal data and to respecting your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reasons for the processing of your personal data, the way we collect, handle, and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

This privacy statement concerns the processing of personal data by the Commission when managing the network of local councillors in the Member States, hereinafter referred to as “Building Europe with Local Councillors”.

2. Why and how do we process your personal data?

The purpose of the processing is to facilitate the operation and management of “Building Europe with Local Councillors”.

“Building Europe with Local Councillors” or “project” is a pilot project aiming to engage locally elected representatives in the Member States (local councillors) in communicating with citizens on the EU policies and priorities. The signatories of the project are local authorities in the Member States and the European Commission. The local authorities appoint one of their locally elected councillors as a member of the project and commit to appointing a replacement when their mandate expires.

Personal data received from the local councillors is necessary to ensure that the network operates and carries out its functions. Specifically, the processing of personal data is necessary for: 

  • the operation and management of the “Building Europe with Local Councillors” project and selection of its members;
  • communication activities such as promotion of the “Building Europe with Local Councillors” project and its activities such as exchange of correspondence, sending invitations and notifications, and follow up activities, making photos and producing videos, as well as distribution of a newsletter (entails the management of contact lists for correspondence);
  • the organisation of offline and online training events, information sessions, meetings, performing studies/evaluations and surveys;
  • information provision, requests for information and calls for

The European Commission publishes an open call for submission of applications from local authorities in the EU Member States. A contractor supports the European Commission in processing the applications. Additionally, the contractor manages a website on the europa.eu web domain promoting the project in the Member States, publishing the application form and displaying the list of local authorities having entered into the project. The selected local councillors sign a declaration agreeing to participate in the project. 

When applying, the local councillors commit to communicating about the policies and priorities of the EU among the population in their region. For this, they are supported by Directorate- General Communication and the European Commission contractor with relevant communication material, trainings, networking opportunities, and exchange of good practices. 

In order to facilitate the cooperation of “Building Europe with Local Councillors” network members, Directorate-General Communication relies on the Futurium platform (record ref. DPR-EC-00787). Futurium is a European Commission-owned online platform managed by Directorate-General CNECT which enables “Building Europe with Local Councillors” members to join “Building Europe with Local Councillors” online community and to contribute to this community (i.e. post comments, share ideas, etc.). It also enables “Building Europe with Local Councillors” members to contact other members via email (when the member has consented to be contacted by other members). “Building Europe with Local Councillors” online community is administered by Directorate-General Communication which decides on the membership and other relevant aspects of online activity of “Building Europe with Local Councillors” network members on the Futurium platform. 

Personal data will not be used for automated decision-making including profiling.

3. On what legal ground(s) do we process your personal data?

Lawfulness for the processing of personal data under Article 5.1

  • 1(a) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body.

“Building Europe with Local Councillors” project is implemented by the Directorate-General Communication, unit C4, under DG COMM 2021 Work Programme (as amended on 8 April 2021).

Personal data processing linked to the “Building Europe with Local Councillors” project is necessary for the management and functioning of the Commission, as mandated by the treaties, and more specifically Article 5 of TEU, Article 13 TEU and Articles 244-250 TFEU, and in accordance with Article 1 and Article 11 of TEU. Further, the project applies the principle, set out in the Sibiu communication of May 2019, that communicating about the EU is a shared responsibility between the supranational EU level and all national and subnational levels of governance as detailed in the European Commission's contribution to the informal EU27 leaders' meeting in Sibiu (Romania) on 9 May 2019, on page 40.

Supporting communication activities of the “Building Europe with Local Councillors” project is a task resulting from the Commission’s prerogatives at institutional level. The project was established by the European Parliament through the 2021 budgetary procedure as a pilot project within the meaning of Article 58(2) of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (OJ L 193, 30.7.2018, p. 1).

  • 5(1)(d) The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

The processing operations on personal data for the organisation and management of the “Building Europe with Local Councillors” network are lawful under Article 5(d) of Regulation 2018/1725, as the local councillors provide consent to the personal data processing before becoming a member of the “Building Europe with Local Councillors” network.

4. Which personal data do we collect and further process?

In order to carry out this processing operation the Data Controller may collect the following categories of personal data: 

  • “Building Europe with Local Councillors” project member (e.g. member of a local authority): name and surname, contact details (e-mail, phone number, postal address, gender (male/female/other/prefer not to say), spoken and/or preferred languages
  • Citizens may subscribe to the “Building Europe with Local Councillors” newsletter by providing their email address
  • Personal data available via audio-visual content (e.g. photographs/pictures, photo shoots, presentations ) that might be available on the internet/intranet in the context of the meetings and in the framework of European Commission activities: audio and visual recordings of the meetings.

The Data Controller may share aggregate or de-identified information with other Commission Directorates and/or other EU institutions or third parties for scientific research or statistical purposes.

5. How long do we keep your personal data?

The Data Controller only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing.

  • Personal data necessary for the management of the “Building Europe with Local Councillors” network (including the management of contact lists for correspondence) is stored in the service providers’/contractor’s database and online interactive tool as long as the data subject participates in the project and for a maximum period of three (3) years 

If a local authority or an individual “Building Europe with Local Councillors” member ceases to be a member of the network, Directorate-General Communication will take reasonable steps to remove the relevant information from the database and interactive online platform without undue delay and within one (1) month after notification. 

  • Selected audio-visual content may be archived for permanent preservation, in line with the provisions of the Common Commission Level Retention List (SEC (2019)900/2), for historical purposes to document, preserve and make available the history and audio-visual heritage of the European Commission and the European Union.
  • All paper and electronic records concerning the day-to-day correspondence, calls for proposals and/or interest together with the resulting contractual/financial files as well as reports containing aggregated data will be archived according to the Common Commission Level Retention List (SEC (2019)900/2) and stored in ARES (Advanced Records System) under the responsibility of Secretariat-General for a period of 10 years with the application of sampling and selection techniques.

6. How do we protect and safeguard your personal data?

All personal data in electronic format (emails, documents, databases, uploaded batches of data, etc.) are stored on the servers of the European Commission and the contractor (in EU). All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 οf 10 January 2017 on the security of communication and information systems in the European Commission.

The European Commission’s contractors are bound by a specific contractual clause for any processing operations of personal data on behalf of the European Commission, and by the confidentiality obligations deriving from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). 

In order to protect your personal data, the European Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

7. Who has access to your personal data and to whom is it disclosed?

Access to the personal data collected for the processing operation in question is provided to the authorised personnel of the EU institutions and its contractors responsible for carrying out this processing operation according to the “need to know” principle. Such staff abide by statutory and, when required, additional confidentiality agreements. 

Mandated staff of Directorate-General Communication, the EC Representations and the contractor have access to the personal data of the “Building Europe with Local Councillors” network members (that may include mailing lists, paper and electronic files and the data stored on the Futurium platform, correspondence, call leading to the selection of members of the local authorities together with the resulting contractual/financial files). 

Mandated staff of the Directorate-General Communications Networks, Content and Technology have access to the personal data of the “Building Europe with Local Councillors” network members necessary to facilitate access and management of the Futurium platform.

EUROPE DIRECT centres have access to the mailing lists, paper and electronic files that may include personal data of the “Building Europe with Local Councillors” network members to be compiled on a “need-to-know” basis by Directorate-General Communication, EC Representations and the contractor. 

External processors under a framework contract may be provided with necessary personal data of the “Building Europe with Local Councillors” network members (that may include mailing lists and/or draw up their own mailing lists and create their own paper/electronic records based on contacts with the members of the local entities) for the purposes of organising visits, training and information events, performing studies/evaluations/surveys and collecting information. The processors may also access the mailing list in order to contact members of the local entities to organise their travel and accommodation as well as collect information. 

Security services may collect and handle “Building Europe with Local Councillors” members’ personal data for the purposes of events held at the premises of the EU institutions. Security services should be interpreted as services contracted by the EU institutions, including EC representations.

8. What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725. As regards this processing operation, you can exercise the following rights:

  • the right to access your personal data (Article 17 of Regulation (EU) 2018/1725);
  • the right to rectification in the case that your personal data is inaccurate or incomplete (Article 18 of Regulation (EU) 2018/1725);
  • the right to erasure of your personal data (Article 19 of Regulation (EU) 2018/1725);
  • where applicable, the right to restrict the processing of your personal data (Article 20 of Regulation (EU) 2018/1725);
  • the right to data portability (Article 22 of Regulation (EU) 2018/1725);
  • and the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a).

 You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Section 9.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. Record reference(s) as specified under Section 10) in your request.

9. Contact information

The Data Controller

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller, Directorate-General for Communication, Unit C.4 (COMM-C4atec [dot] europa [dot] eu (COMM-C4[at]ec[dot]europa[dot]eu)).

The Data Protection Officer (DPO) of the Commission

You may contact the Data Protection Officer (DATA-PROTECTION-OFFICERatec [dot] europa [dot] eu (DATA-PROTECTION-OFFICER[at]ec[dot]europa[dot]eu)) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

 The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edpsatedps [dot] europa [dot] eu (edps[at]edps[dot]europa[dot]eu)) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

10. Where to find more detailed information?

The European Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.

This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-13729.1