Privacy Policy

This privacy policy statement refers to the website and the booking platform start-discover.eu, which are operated by MCI Benelux SA (hereafter named the ‘Contractor’). As this system contains individuals’ personal data, its publishing and processing falls within the provisions of the Regulation (EC)2016/679 of the European Parliament and of the Council of 27 April 2016 (hereafter the ‘GDPR’). This privacy statement explains to you the way in which the Contractor uses personal data, and the way in which the privacy of this data is being protected.

What is the purpose of the data collection?

The website and booking platform start-discover.eu serve four main purposes involving the collection and processing of personal data. These are:

  • User-driven content creation – the creation and maintenance of information related to the DiscoverEU contest.
  • Travel booking and related communication – the Contractor provides the ability for 18-year-old EU citizens (hereafter named the ‘Traveller/s’) to book a travel ticket in accordance with the criteria set out in the Rules of the DiscoverEU contest (please see here).The personal data of the Traveller may be communicated to third parties sub-contracted by the Contractor (hereafter named ‘Travel Agencies’) in order to ensure that a valid travel ticket is issued and posted (electronically or physically) to the recipient address provided by the Traveller. Personal contact details may also be shared with the Travel Agencies in order to provide the Traveller with customer care services linked to their booking.Travellers are asked to verify their identity at the beginning of the booking process. The identity verification is processed through a GDPR-compliant identity verification software licensed to the Contractor.
  • Media outlets coverage – the Traveller may consent to the Media coverage clause, which is published in the booking platform. According to the Media coverage clause, the European Commission may communicate the contact details of the Traveller (full name, email address and journey details) to selected media outlets which have shown an interest in following the journey of certain groups of Travellers.
  • Reporting – the European Commission uses aggregated data in order to compile reports regarding the progress and results of the DiscoverEU contest.

The Contractor will not process the collected data for any other purposes than those described above.

What personal data do we collect?

  • Travel Booking and related communication
    • Recto-verso scanned copies of the Traveller’s personal ID of choice (national identity card or passport)
    • Personal data (first name, last name, date of birth, personal ID number and nationality, contact phone)
    • Personal data related to the ticket delivery (recipient first name, recipient last name, recipient contact phone, street, postal code, city, country)
    • Journey details (including but not limited to country of departure, date of departure, date of return, etc.)
  • Media outlets coverage
    • Personal contact details (full name, email address and journey details) of the Traveller consenting to the Media Coverage clause

Which technical means do we use for processing your data?

The data collection and processing are done through a GDPR-compliant booking management system licensed to the Contractor. The data collected are safely stored in servers located in the European Union and Switzerland

Who has access to your information and to whom is it disclosed?

In any event, only relevant staff members of the concerned parties identified hereunder have access to your personal data.

  • User-driven content creation
    • The content is created by the Contractor and is based on aggregated data collected in the booking form and feedback received from Travellers.
    • The Contractor and the European Commission have access to this data.
  • Travel booking and related communication
    • The Contractor and the European Commission have direct access to the personal data and the journey details of the Traveller
    • Travel Agencies are provided with the personal data and the journey details in order to issue valid travel tickets and provide customer care services to the Traveller.
  • Media outlets coverage
    • The Contractor and the European Commission have direct access to the personal data and the journey details of the Traveller.
    • Selected media outlets are provided with the personal contact details of the Travellers who have consented to the Media Coverage clause.

In addition, all of the personal data is accessible by:

  • Staff of the DG EAC units responsible for the implementation of services through the European Youth Portal.
  • Staff of the DG EAC Informatics (IT) unit.
  • Staff of other competent European Commission Services co-responsible for implementation of services through the European Youth Portal.

It is able to be disclosed, if necessary, to:

  • Staff of the Internal Audit Capacity of DG EAC
  • Staff of DG IAS
  • Staff of OLAF

How long do we keep your data?

Personal data and journey collected during the booking process will be deleted by the Contractor after 2 years from the end of the DiscoverEU contest.

Personal data belonging to individuals placed in the waiting list will be kept for 1 year from the end of the DiscoverEU contest. This data may be analysed in an anonymised form for statistical purposes.

How can you access your personal data, verify its accuracy and, if necessary, correct it?

You have the right to access the stored personal data and, if necessary, ask for your data to be corrected, by contacting the Data Controller of the DiscoverEU initiative.

On the Contractor’s behalf: mydata@start-discover.eu, Boulevard du Souverain 280, B-1160 Brussels, Belgium.

On the European Commission’s behalf: Head of Unit, “Youth policy”, Rue Joseph II 70, B-1049, Brussels, email: EAC-EYP@ec.europa.eu.

What are the security measures taken to safeguard your information against possible misuse or unauthorised access?

Personal data is safeguarded in secured servers managed by the Contractor and the European Commission respectively, which are covered by numerous defensive measures implemented to protect the integrity and confidentiality of electronic assets.

Whom to contact if you have queries or complaints about data protection of individuals?

You should contact the Data Protection Officer (DPO) for the DiscoverEU initiative. The DPO has the role to act as intermediaries between relevant stakeholders.

  • On the Contractor’s behalf: mydata@start-discover.eu, Boulevard du Souverain 280, B-1160 Brussels, Belgium.
  • On the European Commission’s behalf: Head of Unit, “Youth policy”, Rue Joseph II 70, B-1049, Brussels, email: EAC-EYP@ec.europa.eu.

If you have further queries or complaints, you can also contact:

  • The Data Protection Coordinator of DG EAC: eac-data-protection@ec.europa.eu
  • The European Commission Data Protection Officer: data-protection-officer@ec.europa.eu

Recourse

In case of conflict, complaints can be addressed to the European Data Protection Supervisor (EDPS) http://www.edps.europa.eu