Skip to main content
Header


Data Protection Notice for the Exchange Visits for Mental Health Professionals 

 

Related to Task II.3 - Implementation of exchange programme in the framework of the project “Capacity – building on mental health: multidisciplinary training programme and exchange programme for health professionals” 

HADEA/OP/2023/0020 (EU-PROMENS Project)


Introduction

This Data Protection Notice describes the measures taken to protect your personal data with regard to the action involving the present data processing operation and what rights you have as a data subject. 
The European Health and Digital Executive Agency (HaDEA or Agency) protects the fundamental rights and freedoms of natural persons and in particular your right to privacy and the protection of your personal data. 
Your personal data are processed in accordance with Regulation (EU) No 2018/1725 on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data. 

What are the purposes of this processing activity?

The purpose of this Data Protection Notice is to inform participants about the processing activities related to their personal data, collected for the organisation of exchange visits for professionals from 27 EU Member States, Iceland and Norway to one of the six hosting centres in Spain, Finland, Netherlands, Czech Republic, Croatia, and Austria. 
The objective of the exchange visits is to ensure a mutual and practical learning exercise for training, exchange of knowledge and best practices to promote a comprehensive, prevention-oriented approach to mental health, between the participating countries. 
The processing activity covers: 

  • Sending invitations; 
  • Registration of participants to the exchange visit event, selection of participants, management of their participation on site and inclusion in the participant lists; 
  • Administrative and financial management of travel, accommodation and reimbursement of participants; 
  • Taking photos of on-site participants and members of the EU institutions; 
  • Collection of anonymised post-event feedback via the GDPR compliant Lime Survey feedback form. 


Who is the Data Controller? 

The data controller is the Head of Unit A2, EU4Health/SMP Food at the European Health and Digital Executive Agency (HaDEA), managing the EU Contract No. HADEA/OP/2023/0020. 


Who is the Data Processor? 

The following entity processes your personal data on HaDEA’s behalf: GFA Consulting Group GmbH – Health Department 
Eulenkrugstraße 82, 22359 Hamburg - Germany (Hereinafter referred to as “Data Processor”). 


The Data Processor will: 

  • Collect the following personal data (see below) to organise and conduct the exchange visits in the hosting centres; 
  • Collect anonymised post-event feedback via Lime Survey. 

The following entities process your personal data as a subcontractor on GFA’s behalf. The event management provider idloom, which processes personal data of participants such as name, address, email address, account details and the place and date of birth on a registration platform. For web surveys, GFA is using the online survey tool LimeSurvey. 


Which personal data is collected? 

Personal data is collected in a two-step process:

  • During the first step (registration of interest to participate in an exchange visit) the following personal data is collected: your first name, last name, age, gender, nationality, country of residence, e-mail address, mobile number, level of English, affiliation with a hub hosting organisation, professional profile, years of experience, motivation to participate in the exchange programme. 
  • During a second step (for the final selection of participants), the following additional personal data is collected: dietary requirements, special needs (impairments/disabilities of participants; day-care needs in case of accompanying children*), emergency contact, health insurance coverage and bank details for the reimbursement of costs. 

               *for selected hubs 

All these personal data are mandatory for the purposes outlined above.


Moreover, the following non-mandatory personal data might be collected: 

  • It is also possible that photographs of you will be taken during the event and might be used for related communication purposes, i.e. for a report to be shared with HaDEA and DG SANTE, as well as on social media platforms (LinkedIn, Facebook, Instagram, project Website and Websites of Mental health Institutions). Upon registration, you can give your explicit consent to have your photo published on related communication channels. In the absence of your consent, the organiser will try to find suitable alternatives, so that you can fully take part in the event, e.g. by offering an alternative room to follow the event. Your photo will only be processed based on your explicit prior consent. 


Who has access to the personal data of data subjects and to whom can they be disclosed? 

Personal data mentioned above will be disclosed to the team members of GFA involved in the organisation of the exchange visits, the responsible local coordinator in the partner country as well as to the Mental Health partner institutions in one of the six EU countries involved in the exchange 
and to the event management provider idloom. 
Your personal data will not be transferred to third countries or international organisations. GFA’s partner organisations Trimbos and Mental Health Europe (MHE) will not receive your personal data. 
The processing of personal data will not include automated decision-making (such as profiling). 


Which is the legal basis for processing your personal data? 

The legal basis for the processing activities are: 

  • Article 5(1)(a) of Regulation (EU) 2018/1725 because processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body laid down in Union law. 
  • Article 5(1)(d) of Regulation (EU) 2018/1725 based on your explicit prior consent for your non-mandatory personal data. 


How do we protect and safeguard your personal data?

The collected personal data and all information related to the above-mentioned project are stored on the internal server computer of the Data Processor in Germany, which guarantees the security and confidentiality of the collected information. Received contributions will also be recorded in a secured and protected database hosted by the Data Processor. 


How to withdraw your consent and the consequences of doing this? 

If you want us to delete your photo (the only data based on consent) - please contact us and we (the Data Processor) will delete it within 20 working days after your request. 
Please note that withdrawing your consent does not affect the lawfulness of any processing based on your consent before this consent is withdrawn. Attention is drawn to the consequences of a delete request, which means that all your contact details will be lost. 


How long do we keep your personal data? 

As part of the exchange programme database, your data will be kept until the end of the EU-Promens Project, scheduled on 31 December 2026. Data will be deleted within a maximum period of one (1) year following this period. 

What are your rights regarding your personal data? 

You have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete; where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data 
controller. If processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on your consent before its withdrawal. 
Your request to exercise one of the above rights will be dealt with without undue delay and within one month. 


If you have any queries concerning the processing of your personal data or wish to exercise any of the rights described above, you can contact HaDEA HoU (acting as data controller) via: 
HADEA-A2-DATA-PROTECTION@ec.europa.eu, with the contractor’s contact point for Data Protection in cc at: susanne.eggers@gfa-group.de

Please specify in your request what your query is and/or which right you wish to exercise. 

You shall have right of recourse at any time to the European Data Protection Supervisor at EDPS@edps.europa.eu
 

Version June, 2024

 

Detected timezone

Ok