The data controllers determining the purpose and means of the processing are the EU Delegation to New Zealand and the European Commission, Service for Foreign Policy Instruments (FPI), FPI.3.003, Unit Asia-Pacific.

The EU Delegation to New Zealand is responsible for managing the personal data processing

under the supervision of the Head of Delegation and is the controller entity engaging the service provider.

 

 

5. RECIPIENTS OF THE PERSONAL DATA: Who has access to your data? 

Access to your personal data is provided to the FPI and EEAS staff responsible for carrying out this processing operation and to other authorised Commission and EEAS staff according to the “need to know” principle. This includes, in particular:

• Designated organising staff of the EEAS/EU Delegation
• Security and other partners, contractors, service providers on behalf of the organizer, including the event management company Uno Loco (data processor).
• Stantec sa/nv (data processor), the service provider, including web services, of the EU Delegation to New Zealand

 

Personal data is intended to be transferred to a third country or an international organisation to provide access to recipients as described above. Transfer of data to the event management company Uno Loco, located in New Zealand, is based on the adequacy decision of the European Commission (Ref. Article 47 of Chapter V of Reg. (EU) 2018/17258).

Data protection clauses, based on the Standard Contractual Clauses approved by the Commission, form part of the contract/agreement with the third country processor.

 

Personal data is to be transferred to a third country or an international organisation only if you consent to sharing your personal data in the list of attendees and there may be participants from third countries and international organisations not providing the level of protection of your personal data as it is in the EU. These participants may share your data with their employers or other organisations, including national security agencies.

 

We will not communicate your personal data to third parties, except to the extent and for the purposes described above or when we are required to do so by law. Service providers abide by contractual clauses for the protection of your data and will process data on documented instructions and on behalf of the EEAS/EU Delegation in accordance with Article 29 of Regulation (EU) 2018/1725.

 

Data will not be shared with third parties for direct marketing. The service provider abide by contractual clauses for the protection of your data. Under certain conditions outlined in law, we may disclose your information to third parties, (such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes. Service providers will process data on documented instructions and on behalf of the EEAS/EU Delegation or FPI in accordance with Article 29 of Regulation (EU) 2018/1725. More information on how the provider processes personal data on the website of the contracted organisation. Data will not be communicated to third parties, except where necessary for the purposes outlined above.

 

Social Media

The EEAS and and the FPI, use social media to promote and inform about events and meetings through widely used and contemporary channels. In addition to the EU Delegation to New Zealand webpage,EEAS Webpage or FPI webpage, videos may be uploaded to the EEAS YouTube or EU Delegation to New Zealand YouTube channel and links from our websites can appear on EEAS X, Instagram, Flickr and Facebook , on FPI X, on EU Delegation to New Zealand X, LinkedIn, Facebook and Instagram, and on EU Ambassador to EU New Zealand X, LinkedIn and Instragram. The use of social media does not in any way imply endorsement of the privacy policies of the social media providers. We recommend that users read the X, Flickr, Facebook, Instagram and YouTube privacy policies which explain their data processing policy, use of data, users' rights and the way how users can protect their privacy when using these services.

Social media accounts that will be used under this are:

• X: @eu_eeas; @EU_FPI ; @EUinNZ ; @LMeredithEU
• Linkedin: https://www.linkedin.com/company/european-external-action-service/mycompany/

https://www.linkedin.com/company/euinnz/

https://www.linkedin.com/in/lawrence-meredith/

• Facebook: https: //www.facebook.com/EuropeanExternalActionService/ 

https://www.facebook.com/EUinNZ

• Instagram: https: //www.instagram.com/eudiplomacy/

https://www.instagram.com/euinnz/

https://www.instagram.com/lmereditheu/

 

 

6. ACCESS, RECTIFICATION AND ERASURE OF DATA: What rights do you have?

You have the right of access to your personal data and the right to correct your inaccurate, or incomplete personal data taking into account the purpose of the processing. The right of rectification can only apply to factual data processed. Under certain conditions, you have the right to ask the deletion of your personal data or restrict their use as well as to object at any time to the processing of your personal data on grounds relating to your particular situation. We will consider your request, take a decision and communicate it to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary.
For more detailed legal references, you can find information in Articles 14 to 21, 23 and 24 of Regulation (EU) 2018/1725. If you have consented to recording a session, you have the right to withdraw your consent to its use by notifying the data controller. In this case, the EEAS/FPI will make every effort to remove your contribution from the recording. The withdrawal of your consent will not affect the lawfulness of the processing carried out before you have withdrawn the consent. In specific cases, restrictions under Article 25 of the Regulation may apply. If you wish to exercise your rights or have questions concerning the processing of your personal data, you may address them to the EU Delegation, as Data Controller.

 

To contact the data controller, please use the following functional mailboxes:

data-protection@eeas.europa.eu

 

 

7.LEGAL BASIS: On what grounds we collect your data?

Lawfulness of the data processing

 

The processing of personal data linked to the organisation, management, follow-up and promotion of event “European Union New Zealand Business Summit 2025” are necessary for the performance of a task carried out in the public interest [Article 5(1)(a) of Regulation (EU) 2018/1725], as mandated by the Treaties, in particular by articles 5, 11, 20, 21-40, 42, 43 of the of the Treaty on European Union (TEU) and 2 (4) and (5), 205, 220-221, 326 – 334 of the Treaty on the Functioning of the European Union (TFEU).

 

Your consent  according to Article 5 (1) d of Regulation (EU) 2018/1725 is required for:

• the processing of your personal data relating to your dietary requirements and access requirements;
• the sharing of the summit attendee list containing your name and affiliation among participants, in order to create working groups. Your attention is drawn to the fact that there may be participants from third countries and international organisations not providing the level of protection of your personal data as it is in the EU.
• the processing of your personal data relating to the audio-visual materials of the event (including recording, videos and photographs)
• the processing of your personal data for inviting you to future events/activities the data controller may organise;
• the processing of your personal data for managing a permanent contact list created and shared internally among EEAS services and FPI for the purpose of promoting EU activities/events and disseminating information. You can find more information about how your personal data are processed in this case on https://www.eeas.europa.eu/eeas/eeas-privacy-statement-events-meetings-vtc-tools_en and in the Record of Processing DPR-EC-03928 on Management of subscriptions to receive inform

 

If you opt-in, you are giving us your explicit consent under Article 5(1)(d) of Regulation (EU) 2018/1725 to process your personal data for those specific purposes. You can give your consent via a clear affirmative act by ticking the box(es) on the online registration form.

 

Your consent for these services can be withdrawn at any time:

• for withdrawing consent that you have provided concerning sharing the attendee list, please contact the controller of the event at eunzsummit@unoloco.co.nz
• for withdrawing consent concerning the permanent contact list, please contact the controller of contact lists on: eunzsummit@unoloco.co.nz

 

If you do not wish for some personal data, including photos, to be published on the web, you also have the option not to provide consent. You can withdraw your consent at any time and you also have the option to give consent only to one or more data processing activities at the functional mailbox under Point 6.

 

The processing is also necessary for archiving purposes. Archiving shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

 

Further references:

Treaty on European Union (Lisbon Treaty), Article 2, Official Journal of the European Union C 83/17, 30 March 2010

Article 1 (Nature and Scope), 2 (Tasks) and 3 (Cooperation) of the Council Decision of 26 July 2010 establishing the organisation and functioning of the EEAS (2010/427/EU) (OJ L 201, 3/8/2010, p. 30)

 

Council Decision of 26 July 2010 establishing the organisation and functioning of the EEAS (2010/427/EU) (OJ L 201, 3/8/2010, p. 30) and Shared Vision, Common Action: A Stronger Europe - A Global Strategy for the European Union’s Foreign and Security Policy of June 2016 and  Council Conclusions of October 2016 where the Council of the European Union emphasises "the need of joining up efforts in the field of public diplomacy including strategic communication, inside and outside the EU, to speak with one voice and ultimately promote its core values”.

 

The European Union’s objectives in its external relations are defined in Article 3(5) of the Lisbon Treaty as follows: “In its relations with the wider world, the Union shall uphold and promote its values and interests and contribute to the protection of its citizens. It shall contribute to peace, security, the sustainable development of the Earth, solidarity and mutual respect among peoples, free and fair trade, eradication of poverty and the protection of human rights, in particular the rights of the child, as well as to the strict observance and the development of international law, including respect for the principles of the United Nations Charter”.

 

 

8. TIME LIMIT - DATA STORING: For what period and how we process your data?

 Our aim is to keep your personal data not longer than necessary for the purposes we collect them. The Data Controller only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing. After the event, your data are kept as long as follow-up actions to the event are required. Reports and other material containing personal data are archived according to e-Domec policy.

 

Personal data may be kept for information and historical, statistical or scientific purposes for a longer period of time including the publication on the EU Delegation webpage and EEAS Intranet or EEAS website with appropriate safeguards in place.

For each of the categories of personal data that is processed, please find below the retention details and the reference to the relevant record of processing:

 

• All personal data related to the organisation and management of the event “European Union New Zealand Business Summit 2025” (this includes the information given during the registration, before, during or after the event) will will be kept for five years after the event “European Union New Zealand Business Summit 2025”. Personal data may, however, be part of a contact list shared internally among EEAS/FPI services for the purpose of promoting future EU activities and disseminating information. The privacy statement on public diplomacy initiatives is also available on the EEAS website.
• Sensitive personal data relating to dietary and access requirements will be deleted as soon as they are no longer necessary for the purpose for which they have been collected in the framework of the event “European Union NewZealand Business Summit 2025”, but no later than within 1 month after the end of the event “European Union New Zealand Business Summit 2025”.
• Recordings from the web-streamed event “European Union New Zealand Business Summit 2025” will be kept for 2 years before being deleted. More information is available in the Record of Processing DPR-EC-00306 (Web-streaming of Commission events) and in the EEAS record of eDPO 101 on Meetings and Events with its linked Privacy Statements on VTC events.
• In case of audio-visual recording of the event “European Union New Zealand Business Summit 2025”, the recordings will be kept for 3 months after the event “European Union New Zealand Business Summit 2025” before being deleted. More information is available in the Record of Processing DPR-EC-01937 (Audio-visual recording of meetings).
• Personal data shared with the controller for future mailing purposes (e.g., for receiving newsletters or invitations to similar events) are processed in line with the Record of Processing DPR-EC-03928 (Management of subscriptions to receive information) and the specific privacy statement prepared by the organising Commission service and with the EEAS record of eDPO 101 on Meetings and Events and 1441 on Contact lists and Newsletters.

 

Selected service providers for organisational purposes (such as caterers, travel agents or event management organisations) are contractually bound to process personal data on behalf of and in line with the instructions of the data controller, keep confidential any data they process and protect it from unauthorised access, use and retention.

Personal data may be kept for information and historical, statistical or scientific purposes for a longer period of time including the publication on the EU Delegation webpage and EEAS Intranet or EEAS website with appropriate safeguards in place.

 

Security of data

 

The EEAS, the EU Delegation and FPI strive to ensure a high level of security for your personal data. Appropriate organisational and technical measures are ensured according to Article 33 of Reg. (EU) 2018/1725. The collected personal data are stored on servers that abide by pertinent security rules. Data is processed by assigned staff members. Files have authorised access. Measures are provided to prevent unauthorised entities from access, alteration, deletion, disclosure of data. General access to personal data is only possible to recipients with a UserID/Password. Physical copies are stored in a secured manner. In case a service provider is contracted, as a processor, the collected data may be stored electronically by the external contractor, who has to guarantee data protection and confidentiality required by the Reg. (EU) 2018/1725. These measures also provide a high level of assurance for the confidentiality and integrity of the communication between you [your browser] and the EEAS/EU Delegation – FPI. Nevertheless, a residual risk always exists for communication over the internet, including email exchange. The EEAS relies on services provided by other EU institutions, primarily the European Commission, to support the security and performance of the EEAS website.