Privacy Statement for the processing of personal data related to the selection of recipients of the Ieke van den Burg Prize

1. Data protection legal framework applicable to the European Systemic Risk Board

The European Systemic Risk Board (ESRB) is subject to and process personal data in accordance with EU Data Protection Law^[1].

Regulation (EU) 2018/1725

2. The European Systemic Risk Board as controller of processing personal data

For the purposes of Regulation (EU) 2018/1725, the ESRB is the controller for the processing of personal data related to the selection of recipients of the Ieke van den Burg Prize for research on systemic risk. The ESRB Secretariat is the organisational unit responsible for processing these data.

3. Purposes for processing personal data by the European Systemic Risk Board.

The ESRB collects and processes personal data of applicants for the purpose of selecting a paper to recipient of the Ieke van den Burg Prize for research on systemic risk.

4. Lawfulness of the data processing operations of the European Systemic Risk Board

The legal basis for processing your personal data is Article 5.1 (d) of Regulation (EU) 2018/1725. By submitting papers for the Ieke van den Burg Prize, data subjects consent to the collection and processing of their personal data. Applicants may withdraw that consent at any time by contacting info@esrb.europa.eu . Any further processing of personal data will cease once consent has been withdrawn. Processing of personal data that took place prior to a withdrawal of consent will remain lawful.

5. Categories of personal data processed by the European Systemic Risk Board.

The following categories of personal data may be processed in in relation to the selection of recipients of the Ieke van den Burg Prize:

• personal details (e.g. full name, date of birth, ID/passport number);
• contact details (e.g. email address, postal address, business/mobile telephone number, fax number);
• education and training details; (e.g. expertise, technical skills, languages, educational background, professional experience, test results);
• employment details (e.g. company, organisational unit, your position/function);
• financial details (e.g. bank account details, VAT number);
• intellectual opinions expressed in the paper submitted;

6. Access to personal data collected and processed by the Secretariat of the European Systemic Risk Board.

Access to personal data may be given to the following persons:

• a limited number of ESRB Secretariat staff members.

7. Retention periods for storing personal data

Personal data of applicants are retained for a period of 2 years.

8. Your rights as a data subject

You have the right to access your personal data and correct any data that is inaccurate or incomplete. You have also the right to delete your personal data, to restrict or object to the processing of your personal data in accordance with Regulation (EU) 2018/1725.

9. Contact information in case of queries and requests

For more information or to exercise your rights as referred to in section 8, please contact info@esrb.europa.eu . For all queries relating to personal data, please contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu .

10. Addressing the European Data Protection Supervisor

If you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time. European Data Protection Supervisor at any time.

11. Changes to this Privacy Statement

This Privacy Statement may be changed to take into account new legal developments.