Privacy and security

Data Protection Notice

Thank you for showing interest in the Road2Cyber Platform, a collaboration between the European Cyber Security Organisation (ECSO) and the Women4Cyber Foundation. ECSO and the Women4Cyber Foundation are fully committed to the protection of individuals’ privacy and data protection.


This notice relates to the processing of your personal data by ECSO and the Women4Cyber Foundation through the general Road2Cyber website (the “Website”) in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”).

1. Name and Address of the Data Controller,

Data Controller, for the purposes of the GDPR, and other data protection laws applicable in Member States of the European Union and other provisions related to data protection, are:
ECSO – European Cyber Security Organisation
Avenue des Arts, 461000 Brussels
Belgium
Email of ECSO: secretariat@ecs-org.eu
Website of ECSO: www.ecs-org.eu
Women4Cyber Foundation
Avenue des Arts, 461000 Brussels
Belgium
Email of the Women4Cyber Foundation: hello@women4cyber.eu
Website of the Women4Cyber Foundation: www.women4cyber.eu

2. Categories of data,


2.1 Personal data

While using the Website, ECSO and the Women4Cyber Foundation may ask the user to provide certain personally identifiable information. The following paragraph explains the categories of data provided voluntarily or automatically by the users (companies or end-users/ job seekers).
a) Personally identifiable information:
  • For job seekers creating a profile in the Talent Pool:
    • Full name (never displayed, as the Talent Pool is anonymous)
    • Your job title
    • Email address (never displayed, as the Talent Pool is anonymous)
    • Professional summary
    • Country of residence
    • Location
    • Willingness to relocate
    • Years of experience
    • Education (level of studies, degrees, certification)
    • Desired pathways (based on the European Cybersecurity Skills Framework) and desired job type and work arrangement
  • The name of the user will not be public.
  • The remaining data provided will be available for recruiters.
  • Users of the website (job board, talent pool and other services of the platform) agree to have application data such as education, work experience, and country of residence stored and used for recruitment purposes and the email address to be shared with interested recruiters should they accept to be contacted.
    • Name of the user (never displayed)
    • Name of the company
    • Company website
    • Company logo
    • Type of company
    • Description of the company
    • ECSO membership / Women4Cyber partnership
    • Email address
  • The data provided by recruiters or training providers is strictly limited to information about the company.
  • For companies, the registration and the use of the Website means that the users agree to share data such as job openings and/or training offers.
b) Registration to the Newsletter
ECSO and the Women4Cyber Foundation use Mailchimp as their newsletter sending platform. By registering to the Road2Cyber’s Newsletter, you acknowledge that the email address you provide will be transferred to Mailchimp for processing in accordance with their Privacy Policy. The operating company of Mailchimp is Rocket Science Group LLC 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA. Mailchimp’s privacy policy can be viewed at https://mailchimp.com/legal/.
c) Usage data
Usage data is collected automatically when using the Website. Usage data may include information such as the users’ Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages visited by the users, the time and date of the visit of the website, the time spent on those pages, unique device identifiers and other diagnostic data. When the user accesses the Website by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device used, the IP address of the mobile device, the mobile operating system, the type of mobile Internet browser used, unique device identifiers and other diagnostic data.

2.2 Tracking technologies and cookies

The Website uses cookies.
Cookies are short text files stored on a user’s device (such as a computer, tablet, or phone) by a website.
These can be used for the technical functioning of a website or for other purposes, such as providing a user with more personalised experience.
Through the use of cookies, ECSO and the Women4Cyber Foundation can provide the users of the Website with more user-friendly services that would not be possible without the cookie setting.
By means of a cookie, the information and offers on our Website can be optimised with the user in mind.
Cookies allow us, as previously mentioned, to recognise our Website users.
The purpose of this recognition is to make it easier for users to utilise our Website.
The Website user that uses cookies, does not have to enter access data each time the Website is accessed, because this is taken over by the Website, and the cookie is thus stored on the user's computer system.
The users may, at any time, prevent the setting of cookies through our Website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies.
Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs.
This is possible in all popular Internet browsers.
If you deactivate the setting of cookies in the Internet browser used, not all functions of our Website may be entirely usable.

3. Purpose


3.1. Purpose of processing personal data

The Website may use personal data for the following purposes:
a) Personal data provided by companies
The use of personal data is strictly limited to the recruitment process and will be visible to job seekers on the job board (via the job offers) or the talent pool (once the recruiter has contacted a job seeker).
b) Personal data provided by job seekers
The personal data submitted by the job seekers of the Talent Pool will only be used for recruitment purposes, which includes a double consent mechanism structured as follows:
- First consent: users such as job seekers consent to share their data by agreeing on the privacy policy of the Website and by creating a profile on the Talent Pool and to be contacted by recruiters by email;
- Second consent: when a recruiter wishes to contact a job seeker from the Talent Pool, the job seeker will receive a notification by email in the job seeker’s mailbox integrated to Road2Cyber, requesting an approval from the job seeker to be contacted by the company.
c) Personal Data provided by all users of the Website
- The use of the Website will process necessary technical information relating to the Website’s visitors through log files, in order to support the Website’s security, on the basis of standard information security practices;
- To manage users’ registration to the Website. The personal data provided by the users can give them access to different functionalities of the Service that are available for registered users;
- To provide users with news or enquiry on their experience;
- To manage the requests of the users.
d) Newsletter
The purpose of the registration to the newsletter of the Website will be only to communicate with the users. The Website will never share the data collected, for any reason, with a third party.
e) Purpose of usage data
The Website collects information to enable us to monitor usage of the platform. This information includes the number of visitors, the pages they visit, and the length of each visit. This information is only published in aggregate statistics.
The storage of email addresses and other information will only be used for facilitating the interaction between companies and job seekers who are registered on the Website.
ECSO and the Women4Cyber Foundation will not use users’ personal data supplied in the job application for any purpose except to enable the recruiters to receive it or manage it for their recruitment.

3.3. How long will the data be processed

The period for which personal data will be processed and stored depends on the purpose(s) of the processing. The data processed on the basis of the consent granted will be processed, stored until the consent is withdrawn or an objection is raised.

3.4. Data storage

The Website is stored by FastComet, based in Frankfurt, Germany.

4. Legal basis

In accordance with GDPR, as referred to article 6 Lawfulness of processing, processing of data of companies (recruiters or training providers), job seekers, visitors and subscription to the newsletter of the Website shall be lawful only if the article 6-1(a) applies as follow: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes.”
As referred to Article 7-3 of the GDPR, the user has the right to withdraw your consent at any time where we rely on his/her consent to process his/her personal information, as follow: “The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.”

5. Rights of users


5.1. The rights of users to process their personal data

When personal information of users is processed by the European Labour Authority (or any EU institution), the users have the right to know about it. Users of the Website have the right to access the information, and have it rectified without undue delay if it is inaccurate or incomplete. The users have the right to ask that we delete their personal data or restrict its use. Where applicable, users have the right to object to our processing of their personal data, on grounds relating to their particular situation, at any time, and the right to data portability. We will consider their request, take a decision and communicate it to the users without undue delay and in any event within one month of receipt of the request.

5.2. Data subject’s rights and verification

You have the right of access to your personal data and to relevant information concerning how ECSO and the Women4Cyber Foundation use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. ECSO will consider your request, take a decision and communicate it to you. If you have any queries concerning the processing of your personal data, you may address them to ECSO at secretariat@ecs-org.eu. And to the Women4Cyber Foundation at hello@women4cyber.eu You have the right of recourse at any time to the European Data Protection Supervisor (EDPS) at https://edps.europa.eu.

5.3. Third party links

Occasionally, at the discretion of ECSO and the Women4Cyber Foundation, the Website may include the promotion of third-party products or services aiming at proposing new tools to support the job seeker. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites.

6. Existence of automated decision-making

ECSO and the Women4Cyber Foundation do not use any automatic decision-making or profiling.