Privacy statement for processing of personal data in the context of teleworking

This privacy statement explains the reason for the processing of your personal data in the context of teleworking, the way we collect, handle and ensure protection of the data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

What is our legal framework?

All personal data are processed in accordance with European Union data protection law, that is to say in line with Regulation (EU) 2018/1725 (‘EUDPR’).

Why do we process personal data?

We collect and process your personal data in the context of teleworking for these reasons:

To manage the rights and obligations of ECB personnel[1] relating to the ECB teleworking rules to ensure the continuous functioning of the ECB and the performance of its task and exercise of its mandate as an EU institution

To ensure a sound financial management of the budget in terms of salary and allowances, e.g. monitoring the entitlement to financial benefits that are paid to members of staff, and which are dependent on their habitual residence in the Frankfurt area

To ensure that the ECB can fulfil its duty of care as employer

To monitor compliance with the teleworking registration at an aggregate level and with teleworking quotas at an individual level

To enable HR to avail of the information necessary to activate the accident at work insurance policy

For business continuity management purposes

More specifically, the ECB collects and processes your teleworking data for the following reasons:

• the generic data “Frankfurt area/EU/Outside EU” is provided by members of staff when requesting teleworking in ISIS [2] to allow for monitoring adherence to the applicable teleworking quotas, to monitor the fulfilment of the residence requirement and entitlement to benefits such as salaries and allowances
• the country location of the member of staff’s teleworking session should be shared with their manager who may then refer the member of staff to the list of high risk countries where ECB equipment cannot be brought into, or advise on the need to request derogations to the bandwidth due to the time difference or, in case of business needs, recall to the ECB premises the ECB personnel based on their assessment of a combination of factors such as who is best suited for the job/task and geographically the closest
• the teleworking address is requested when the ECB personnel works from an address that is different from the ones specified in the ECB personnel’s Personal Profile (e.g. permanent and home addresses), in case of significant changes to the remote work location: the address of the place of telework is requested taking into account the Conditions of Employment (Art. 10 (a)) and to comply with the Staff Rules on safety and health requirements (Article 5.1bis.3 of the Staff rules, and more specifically in Article 5.1bis.8) as well was on the activation of the accident at work insurance policy and ensure cover of the member of staff (in line with Art. 6.3.1 (a) and (c) (viii) of the Staff Rules)
• the generic data “reason for cancelling a teleworking request” is provided by the ECB personnel to enable DG/HR to identify potential issues with the implementation of the teleworking policy

In the TW dashboard for managers, non-anonymised teleworking data is made available to managers for their own monitoring of compliance with the rules. Individual non-anonymised data can also be accessed by dedicated HR staff in the table view. Access is only granted on a need-to-know basis to individual staff members.

Reporting and statistical analysis (i.e. non-personal data) on teleworking is done by designated staff of DG/HR. For that purpose, personal data is anonymised or aggregated before processing. Analyses done with a view to providing attendance statistics are in done to assess the appropriateness of the policies, develop and evaluate HR solutions as well as to manage and improve the respective business.

See Privacy Statement People Analytics and HR Analytics Data Privacy Statement - HR Analytics DPIA (TW dashboard covered in 4.1.d, purpose (ii))

Besides, we collect and process your personal data in the context of teleworking also with the purpose of granting temporary teleworking exceptions.

[1] The wording ‘ECB personnel’ refers to fixed-term and short-term contract employees (including graduate programme participants), and/or trainees.

[2] ISIS is the SAP based system used at the ECB.

What is the legal basis for processing your personal data?

Your personal data are processed by the ECB in the performance of a task in the public interest related to the contractual relationship with ECB personnel, based on:

REGULATION (EU) 2018/1725, Art. 5(1)(a): processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body (including management and functioning of the institution)

Thus, at the ECB, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the ECB - to ensure the continuous functioning of the ECB and the performance of its task and exercise of its mandate as an EU institution

REGULATION (EU) 2018/1725, Article 10(2)(b) in conjunction with Articles 4(1)(a) and 5(1) regarding the processing of health data in exceptions.

ECB Conditions of Employment in conjunction with Staff Rules and Rules for Short-term employment or Traineeship rules: the Conditions of Employment (Article 9(c) on health and safety, Article 25 on working week, working pattern, teleworking, Article 34(a) on insurance cover), and the Staff Rules, Article 5.1bis Teleworking (generic address Frankfurt area/EU/Outside EU, country location), Article 6.3.1(b) and (c)viii (telework address, if different from home address and in case of significant changes to that remote work location, needed for accident at work insurance policy and to ensure cover of staff member, ensuring that the ECB can exercise properly its duty of care including the activation of the accident at work insurance provisions), Article 5.1bis.3 and Article 5.1bis.8 (ensuring compliance with minimum health and safety requirements and preventing fraud), Rules for Short-term Employment (Art.5.1bis refers to the same article in the Staff Rules), and the Traineeship rules (Art. 9a which contains equivalent provisions for teleworking), Staff Rules (Article 5.1bis.12 ) and Rules for Short Term employment (Article 5.1bis) and Rules governing the traineeship programme (Article 9a.14): temporary teleworking exceptions.

ECB Business Rulebook, BRB.4 IT & communication equipment & IT services - ECB IT security, management of information and confidentiality rules (risks differ if teleworking is in the EU or outside the EU) - to protect the ECB’s data, equipment and interests.

Who is responsible for processing your personal data?

The ECB is the controller for the processing of your personal data. The DG-HR/ESE (Employee Services) division is responsible for this processing.

Contact point: dghr-ese-secretariat@ecb.europa.eu

There is a second level of support where DG/IS or a third party may intervene for IT maintenance and IT support: the company which maintains the SAP database, IBM, and the developers who support HR dedicated staff, CapGemini. The access is only via a special user called FireFighter and all actions are logged.

Contact point at external third party (e.g. Privacy/Data Protection Officer): DPO contact for IBM: ECB.PMO@de.ibm.com & ChiefPrivacyOffice@ca.ibm.com and DPO contact for Capgemini: Shahram Faridani shahram.faridani@capgemini.com

Who will be the recipients of your personal data?

Recipients of your personal data are selected ECB personnel for the legitimate performance of their tasks, based on their specific roles. Access to data is strictly regulated by a need-to-know approach, and subject to an annual reconciliation exercise.

Dedicated HR staff in the HR Operations team with SAP expertise may access the generic data “Frankfurt area/EU/Outside EU” to monitor adherence to the teleworking registration and quotas, and the generic data “reason for cancelling a teleworking request” to identify potential issues with the implementation of the teleworking policy. Less than 10 DG/HR staff with SAP expertise may access the address of the place of telework in case it would be necessary to locate a staff member not responsive to the usual communication means. The country location communicated by the ECB personnel to their line manager may be useful for the line manager to recall the geographically closest staff to the premises in case of business need. The line manager neither has access to the generic data via ISIS nor to the teleworking address of the ECB personnel. Direct line managers receive daily notifications of teleworking requests which their staff members registered in the preceding 24 hours and are provided with staff members’ use of teleworking days (including teleworking threshold deviations, if any) via the Teleworking dashboard for managers. Your data is processed and monitored on a non-anonymised basis in this context. See DPIA HR Analytics section 4.1.d

In rare cases, temporary teleworking exceptions may be granted. The exceptions may or may not be related to the health situation of the ECB personnel.

For the exceptions to teleworking not related to the health situation of the ECB personnel, the recipients of the data are two DG/HR Experts and DG/HR senior management (or their Deputy), as well as the Area Head and line management of the Business Area. For the exceptions to teleworking related to the health situation of the ECB personnel, the recipients of the data are the ECB personnel, the local management of the Business Area, the HR Business Partner, the DG/HR Health and Social team and the Head of Division responsible of health matters in DG/HR (or their Deputy).

Finally, all staff members can access their ISIS ‘Team calendar’ where teleworking and absences of the Team’s staff members can be accessed which is useful for teamwork coordination.

What categories of personal data are collected?

The ECB processes the following personal data:

• Name
• Generic location data (Frankfurt area/EU/Outside EU) for teleworking
• Country location for teleworking
• Address of the place of teleworking
• Generic data “reason for cancelling a teleworking request”
• Health-related and other relevant data related to a personal or family situation of the ECB personnel (processed in the case of teleworking exceptions)
• In the latter case, it may be the case that the request for a temporary exception to teleworking rules not related to the health situation of the ECB personnel, may incidentally contain special categories of personal data and in rare cases health-related information about dependents or close relatives. Therefore, DG/ HR may process personal data of family members, dependents, or other third parties, where provided by the ECB personnel for teleworking requests not related to the health situation of the ECB personnel. When an ECB personnel reaches out to enquire about the possibility to request such exception, an initial meeting takes place with one of the DG/HR experts in charge of teleworking to clarify the situation, and who asks the requester explicitly to limit the sharing of the information related to the health situation of their dependents or close relatives to what is strictly necessary for the assessment of such request. If the case appears to meet the eligibility criteria, the ECB personnel is invited to formalise their request and share the strictly necessary information in a digital form. This data is being used to determine whether the ECB personnel will exceptionally be granted permission to telework for reasons not related to the health situation of the ECB personnel. To ensure indirect transparency via the employee, the ECB personnel is requested via the dedicated digital form to confirm that they have informed their family member, dependent, or other third party, that their data will be processed, for the purposes of determining whether the ECB personnel will exceptionally be granted permission to telework for reasons not related to the health situation of the ECB personnel.
• In case of temporary exceptions to teleworking rules related to the health situation of the ECB personnel, the exception may either relate to an ECB personnel without incapacity (member of staff/trainee) or relate to a ECB personnel with partial incapacity up to 12 months or to a staff member (not a trainee) after 12 months. For each situation a dedicated digital high-level administrative form without any medical data is used by the ECB Medical adviser to inform the Health and Social team and the data subject. The Health and Social team informs the Head of Division responsible of health matters in DG/HR (or their Deputy) to request approval and once approval is granted, the Health and Social team informs per email the local line management of the Business Area, and copies the data subject, HR Business Partner (HR/BPA), ECB medical centre, and the Health and Social team.
• In the context of both categories of temporary exceptions, whether related or not to the health situation of the ECB personnel, if the disclosure of information by the ECB personnel is deemed excessive, there are appropriate safeguards in place, such as retaining only the information necessary for the specific purpose, avoiding storage of full email threads, and removing incidental sensitive data from the record unless required for justification.

Will your personal data (in a clear or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

No.

How long will the ECB keep personal data?

The period of data storage is based on the ECB’s Filing and Retention plan (series 3.4.1.1 of the ECB Filing and Retention Plan). Teleworking generic data (registration, generic location for quota purposes and reason for cancelling a teleworking request) are kept for 5 years.

The address indicated by the ECB personnel in the dedicated New Note field, is only stored in a workflow [3], nowhere else. When the workflow is deleted, the address is deleted. The workflow is deleted after 2 years starting from the approval of the request, which is deemed accepted by management and therefore is effective 2 days after the request for teleworking was made in ISIS. In the workflow, the address may only be visible to the ECB personnel themselves and the few dedicated HR/ESE staff in the teleworking request registered and automatically approved after two days. DG/IS support and the external service providers may also have access to the data and their access is managed by a privileged access management solution (GRC). It is not shared with anyone else, in particular not with any manager. The individual address data cannot be easily extracted or reported or even consulted as there are thousands of workflows every day.

For exceptions to teleworking not related to the health situation of the ECB personnel, personal data is kept 2 years from end of calendar year in a restricted Darwin folder. For exceptions to teleworking related to the health situation of the ECB personnel, three different situations need to be considered (situations without reduction in working hours, situations with reduction in working hours (up to one year) and situations with reduction in working hours (after one year)) but the retention period is always the same, namely 5 years from T-end of calendar year, and the data is saved in the P-file.

[3] Workflow: A workflow is a process which includes a trigger, a task or series of tasks and a result.

What are your rights?

You have the right to access your personal data and correct any data that is inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) EUDPR.

Who can you contact for queries or requests?

You can exercise your rights by contacting dghr-ese-secretariat@ecb.europa.eu. You can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu for all queries relating to your personal data.

Addressing the European Data Protection Supervisor

If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.