Data Protection Notice 


More than Food WebApp 

1 October 2021 – 31 March 2022 

Based on the Regulation 2018/17251 (hereinafter the Regulation’), the European Research Executive Agency (‘Agency’ or ‘REA’) collects and processes your personal data necessary for the organization and management of the WebApp that is created for the purpose of EXPO 2020 Dubai (1 October 2021 – 31 March 2022) organized by REA. REA uses an external contractor to organize and manage  this activity. 

1. Why do we collect your personal data? 

The purpose of this processing operation is: collecting your name and email address to provide information on events organised in Dubai by the European Union (EU) during EXPO 2020, thus not to share information containing personal data. For this, identification data are processed for the sole purpose to reply to your question and keep you informed about events organised by EU during EXPO 2020 Dubai. 

2. Who is responsible for this process? 

The controller is the Agency  represented by its Director. For organisational reasons, the role of the data controller has been entrusted by the Director to the delegated controller and is exercised by Head of Unit of REA.B4 ‘Agri-Food promotion, Environmental Observation and Innovative Governance’. 

The delegated controller may be contacted via the following e-mail address: 

 The following entity/ies process your personal data on our behalf: cecoforma 

3. What is the legal basis to collect your data? 

This processing activity is based on: 

1. Article 5(1)(a) of the Regulation, it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in REA by the following legal acts: 

* Council Regulation (EC) No 58/2003 laying down the statute for executive agencies;  

* Commission Implementing Decision (EU) 2021/173 of 12 February 2021 establishing the Research Executive Agency and repealing Decision 2013/778/EU 2;  

* Commission Decision C(2021)952 of 12 February 2021 on delegating powers to the Research Executive Agency with a view to performance of tasks linked to the implementation of Union programmes in the field of research and innovation comprising, in particular, implementation of appropriations entered in the general budget of the Union 

* Regulation (EU) No 1144/2014 of the European Parliament and of the Council of 22 October 2014 on information provision and promotion measures concerning agricultural products implemented in the internal market and in third countries and repealing Council Regulation (EC) No 3/2008; 

* REA Annual Work Programme;  

2. Article 5(1)(d) of the Regulation based on the data subject explicit consent for the following specific purposes:  

  • to be included in the mailing lists to receive relevant information about the selected event organised in Dubai by the European Union (EU) during EXPO 2020 
  • to reply to your questions  
  •  to be included in the mailing lists to receive invitations to future similar events that REA may organise;  
  • to be included in the mailing lists for being contacted in the context of the EU activities  

You may give specific consent-by ticking the relevant opt-in boxes in the contact form and when selecting ‘keep me informed‘ under the selected event. 

You have the right to withdraw your consent at any time without affecting the lawfulness of the processing before withdrawal of your consent by clicking on the unsubscribe link of the submission email or contacting us by email.  


4. Which personal data are collected? 

The personal data processed in the framework of the WebApp are: 

  • for information purposes relating to event which you select at EXPO 2020 in Dubai: your contact details, i.e. title, first name, last name and email address. 

5. Who will have access to your personal data? 

  1. Who will have access to the data within the Agency? 

The following categories of individuals will have access to your personal data for this specific event: 

  • Authorised staff of the REA Units responsible for the WebApp. 
  1. Who will have access to the data outside the Agency? 

The following categories of individuals will have access to your personal data for this specific event: 

  • Authorised staff of external contractors and its local subcontractors. 

6. How long do we keep your personal data? 

We are keeping your personal data for a period as indicated below:  

• Contact details processed for informational purposes will deleted after the last action of this processing operation (April 2022)  

• Personal data shared with selected contractors for communication purposes, are retained during the WebApp period and will be erased by the service providers in accordance with the corresponding contractual obligations and provisions; 

7. What are your rights? 

As a participant, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing.  

In addition, as a participant, you have the right to access your personal data and to request your personal data to be rectified, if the data is inaccurate or incomplete. Where applicable, you have the right to request restriction or to object to processing, to request a copy or erasure of your personal data held by the data controller. Your request to exercise one of the above rights will be processed without undue delay and within one month.  

Should you want to verify which personal data is being stored on your behalf by the responsible controller, and have it modified, corrected or deleted, please send an e-mail to the functional mailbox and by explicitly specifying your request.  

Attention is drawn to the consequences of a delete request, which means that all your contact details will be lost.  

Your personal data will not be used for any automated decision-making including profiling. 

8. Contact Information 

In case you have any questions about the collection/processing of your personal data, you may contact the data controller who is responsible for this processing activity by using the following email address:  

Further to the above, the following instances can be addressed: 

REA Data Protection Officer (DPO):  

In case of conflict, complaints can be addressed to the European Data Protection Supervisor: