Data Protection - Webshop

The European Aviation Safety Agency (EASA) is committed to respecting the privacy of the participants to any meeting and/or events which are organised in the framework of its activities . All personal data provided to EASA by participants by using Webshop are dealt with in compliance with Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data. The following data protection information notice outlines the criteria by which the EASA collects, manages and uses the personal data provided in Webshop.

Identity of controller

Executive Director's Office Section Manager

Purpose of processing

Processing of participants' personal data is needed for the efficient management/organisation of the event. The Webshop is used as a registration platform for events organised by EASA. By providing your personal data to the EASA Webshop you can create your personal profile which you will be able to use any time you will want to attend to an event organised by EASA.

Photo, video and audio recording may be used for creating awareness and distributing information on the event.

Type of data processed

Only the following registration data may be collected, if needed:

Compulsory fields: Email Title First name Last name Organisation/Company Function Country
Non-compulsory fields: Address, Postal Code, City, Phone, Fax.

  • Conference attendees may receive a Guest User Account associated to their registration data, to access the Internet and the EASA services and infrastructures. In such a case, the Guest account information and the Internet navigation logs are both collected.
  • A passport number or identity card number may be required to verify the identity of the visitor if identification hasn't been already made during registration.
  • Participants at an event may be given the opportunity to indicate individual requirements, e.g., those pertaining to diet or mobility. This information will be processed only to ensure that these requirements are taken into account and will not be used or stored beyond that single event.
  • Photographs, audio and video recording and live streaming of a public event may be taken. They may be reproduced in various media including EASA publications, the EASA website, social networks, TV channels and the press, in connection with the event, or for further cultural and institutional purposes as well as for promotional activities of the EASA.
  • If you wish that your image or voice is not recorded and published, for compelling and legitimate grounds relating to your particular situation, please contact the conference organisers who will accommodate your needs, if possible.

Recipients of the data processed

  • Personal data may be accessed only by the EASA sections and departments involved in the organisation of the event.
  • The list of participants (title, last name, first name, organisation/company, country) may be published on the website of the event. A more detailed contact list of participants (including also your e-mail address) may be distributed to all participants on the date of the event with a view to facilitating future contacts. The registration procedure will provide you with an option to decline any such circulation of your contact details.
  • Photographs, audio and video recordings will be collected by the Communications Department and the conference organiser.
  • Guest account details are accessible to the conference organisers and to the ICT Service for technical support.

Legal basis and Lawfulness of processing

Regulation (EC) No 216/2008 of the European Parliament and of the Council on common rules in the field of civil aviation and establishing a European Aviation Safety Agency, and repealing Council Directive 91/670/EEC, Regulation (EC) No 1592/2002 and Directive 2004/36/EC;

In accordance with Article 5 (a) of Regulation (EC) No 45/2001, the processing is necessary for the performance of tasks carried out in the public interest on the basis of the Treaties establishing the European Communities.

Protection and security measures

All personal data collected are internally processed only by designated EASA administrators  or agents and stored on servers which abide by the EASA's security rules and standards.
Participants' data may be shared with service providers and/or external contractors and organisers only for institutional purposes pertaining to the organisation of the conference or event and provided they have in place comparable safeguards for the protection of personal data and privacy.
The list of participants may be transmitted to law enforcement authorities only upon their specific request justified only by security reasons pertaining to the conference, without any comments or revisions, and only after authorisation of EASA ED and DPO. Participants may be distinguished into categories only for logistic purposes.

Retention period

If you request for the cancellation of your profile and of your personal data, your data will be erased immediately.

In any other case your personal data will be erased after 3 years of inactivity.

The data subject's rights

If you wish to access correct or delete your personal data stored at the EASA Webshop, please get in touch with the organiser of the event or the EASA Data Protection Officer at dpo [at] easa [dot] europa [dot] eu


In case of conflict on any Personal Data Protection issue you can address yourself to the Controller at the above mentioned address. You can also contact EASA Data Protection Officer at the following email address: dpo [at] easa [dot] europa [dot] eu

Should the conflict not be resolved by the Controller or the Data Protection Officer you may lodge a complaint with the European Data Protection Supervisor at any time: Website E-mail: edps [at] edps [dot] europa [dot] eu.