Privacy policy – European Cybersecurity Month

Privacy policy:

ENISA processes personal data in accordance with the Community Regulation (EC) No 45/2001 of the European Parliament and of the Council (OJ L8 of 12.01.2001, p1) on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.[1]

The data controller for the processing of personal data in the context of the European Cybersecurity Month (ECSM) is ENISA (Core Operations Department).

The legal basis for the processing operation is Article 3 c) of the ENISA Regulation (EU) No 526/2013 that provides that ENISA should support voluntary cooperation among competent bodies, and between stakeholders, including universities and research centres in the Union, and support awareness raising, inter alia (..)

The purpose of this processing operation is to support the organisation of the ECSM; in particular the registration of events by interested parties and any information relevant to the event.

The data processor of this processing operation is the company contracted by ENISA: Eau De Web, which executes the delegated tasks, in particular regarding the hosting of the online platform for events.

The following personal data are being processed: name, surname, and other relevant contact details, such as email address for registered events and messages sent to ENISA staff tasked with the coordination of the ECSM)

The recipients of the data are ENISA staff tasked with the coordination of the ECSM, other institutions / national authorities in Member States participating in the ECSM campaign. The data may also be made available to other EU bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, European Anti-fraud Office – OLAF). 

Personal data will be kept up to a maximum period of 3 years for approved events and 1 year for unapproved events solely to serve the needs of the coordination of the ECSM.

You have the right to access your personal data, the right to correct any inaccurate or incomplete personal data and the right to delete your data. If you have any queries concerning the processing of your personal data, you may address them to

You shall have right of recourse at any time to the ENISA Data Protection Officer (DPO) at and to the European Data Protection Supervisor at


ECSM website uses Matomo (Piwik) (, an open source web analytics service to help analyse the use of this website. For more information see our cookies policy page.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information