Privacy Statement for audio-visual recording of training sessions

1. Purpose of the processing operation

ECDC processes the personal data collected in accordance with Regulation (EU) 2018/1725. The purpose of the processing is the following: The purpose of the procedure is to record training sessions. Sharing such recordings is the dissemination of scientific knowledge to external stakeholders, which is part of ECDC’s mandate.

2. Identify of the data controller

European Centre for Disease Prevention and Control (ECDC), Gustav III:S Boulevard 40, 16973 Solna, Sweden Public Health Functions (PHF), Public Health Training,

Your personal data are processed in joint controllership with:

    • Not applicable

Please note that ECDC as the main controller is responsible for processing your requests for exercising the rights of data subjects under Regulation (EU) 2018/1725 and providing you with information about the data processing operation.

3. Legal basis for the processing

The legal basis for the processing is:

    • Article 5 (1) (a): the processing is necessary for performance of tasks in the public interest attributed by Union or Member State legislation
    • ECDC Founding regulation 851/2004, specifically article 3.2(b).

4. Categories of personal data collected

The categories of data collected and used for the processing operations are the following:

    • Name (first name and surname)
    • Email
    • Place of employment
    • Work position/occupation
    • Audio visual recording of the training sessions

The provision of the personal data is not mandatory. 

The processing of your data will not be used for an automated decision making, including profiling.

5. How has access to your information and to whom is it disclosed?

The recipients of the data are the following:

    • ECDC staff and personnel
    • External experts (e.g. external advisors) and contributors (e.g. scientific authors) in public health, food safety or veterinary medicine
    • ECDC contractors, suppliers and tenderers
    • General public

6. How long do we keep your data?

ECDC will retain the data as long as necessary. 5 years

7. How do we protect and safeguard your information?

In order to protect your personal data, a number of technical and organisational measures have been put in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the data being processed. Organisational measures include restricting access to the data to authorised persons with a legitimate need to know for the purposes of this processing operation.

8. What are your rights and how you can exercise them?

The Controller may be contacted at any time by the data subjects for exercising the right of access, to rectify, to block, to erase, to transmit or to object to the processing of the data. Where the legal basis to the processing is consent, this consent can be withdrawn at any time. The Controller can be contacted on: 

Data subjects can request the deletion of their personal data by the data controller, who will do so within 45 working days. 

Data subjects can  also contact the ECDC Data Protection Officer (DPO) in case of any difficulties or for any questions relating to the processing of their personal data at the following email address: The data subject has the right of recourse at any time to the European Data Protection Supervisor: and at 

Exceptions based on Regulation (EU) 2018/1725 may apply.

Last modified: Monday, 21 March 2022, 3:37 PM