Data Protection and Privacy Policy
Article 1 — Purpose
This Data Protection and Privacy Policy defines the principles and rules governing the collection, processing, storage, and protection of personal data in connection with the European Civic Resilience Programme (ECRP).
ECRP is committed to respecting individual privacy and handling personal data responsibly and transparently.
Article 2 — Scope of Application
This Policy applies to all personal data processed in the context of:
- participation in ECRP activities;
- facilitator and organiser accreditation;
- certification and verification procedures;
- feedback, complaints, and appeals.
Article 3 — Principles of Data Processing
Personal data shall be processed in accordance with the following principles:
- lawfulness, fairness, and transparency;
- purpose limitation;
- data minimisation;
- accuracy;
- storage limitation;
- integrity and confidentiality.
Article 4 — Categories of Data
ECRP may process personal data including, but not limited to:
- identification and contact information;
- participation records;
- assessment and certification records;
- correspondence related to governance procedures.
ECRP does not process sensitive personal data unless strictly necessary and legally permitted.
Article 5 — Data Access and Confidentiality
- Access to personal data shall be limited to authorised persons acting within the scope of their responsibilities.
- Appropriate technical and organisational measures shall be implemented to protect data against unauthorised access, loss, or misuse.
Article 6 — Data Retention
Personal data shall be retained only for as long as necessary to fulfil the purposes for which it was collected, including certification and compliance requirements.
Retention periods may vary depending on the nature of the data.
Article 7 — Rights of Data Subjects
Individuals whose data is processed under ECRP have the right to:
- access their personal data;
- request rectification of inaccurate data;
- request deletion of data, where applicable;
- object to or restrict processing, where permitted by law.
Requests shall be handled in accordance with applicable data protection regulations.
Article 8 — Data Sharing
Personal data shall not be shared with third parties except where:
- required for the implementation of ECRP activities;
- required by law;
- consent has been obtained, where applicable.
Article 9 — Policy Updates
This Policy may be updated to reflect changes in operational practice or legal requirements, while maintaining its core principles.
Article 10 — Entry into Force
This Data Protection and Privacy Policy enters into force upon its official publication as part of the ECRP Governance Framework.