Delegation of the European Union to Rwanda        ……                                     


for the purpose of

processing personal data RELATED to Eu-Rwanda Business Forum 2023
by the EU DELEGATION TO Rwanda


The protection of your personal data and privacy is of great importance to the European External Action Service (EEAS), including the Delegations of the European Union. You have the right under EU law to be informed when your personal data is processed [e.g. collected, used, stored] as well as about the purpose and details of that processing.

When handling personal data, we respect the principles of the Charter of Fundamental Rights of the European Union, and in particular Article 8 on data protection. Your personal data are processed in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, aligned with Regulation (EU) 2016/679, the General Data Protection Regulation. In this privacy statement you find information about how the EEAS and EU Delegations process your personal data and what rights you have as a data subject.

2. PURPOSE OF DATA PROCESSING: Why do we process your data?

The Delegation of the European Union to Rwanda collects and uses your personal data to facilitate the operation and management of the EU-Rwanda Business Forum (before, during and after), including the EU-Rwanda Business Forum website, as well as to promote and inform the public interested in business and investment on the content and proceedings of the business forum. The EU-Rwanda Business Forum is organised by the Delegation of the European Union to Rwanda.

Specifically, the collection and further processing of personal data is necessary:

1.      For gaining access to and participating in the forum and its activities: The personal data collected for registering on the website of the Business forum and on the matchmaking App are listed under the heading 4 below. The contractor entrusted with the event management – Landell Mills – will send out emails to registered participants regarding their participation, including logistics.  This entails the management of contact lists for correspondence.

2.      For ex-ante promotion purposes: For high-level government and EU representatives, personal data of speakers as well as will be published on EU-Rwanda Business Forum website, matchmaking application and on the Forum’s social media platforms; hence accessible to third parties.

3.      To facilitate matchmaking activities between registered participants. Participants will have the option to download a matchmaking application. On this application, participants will be identified by their names, position and company.  If participants decide to share additional personal information via the application or during the matchmaking interaction, it will be under their own responsibility.

4.      For ex post communication and promotion purposes: audio-visual recording and possible live web-streaming at the business forum of the speakers, moderators, organisers and participants, as well as photographs of the speakers and panoramic and/or individual photographs of participants and organisers will be taken and published in the context of the business forum. Participants may therefore however appear on panoramic photographs of the whole event/audience on the website and the social media pages of the business forum and/or the Delegation of the European Union to Rwanda. The taking of individual photographs and their publication on the Business Forum’s social networks and website is subject to the consent of the participant.

5.      To facilitate the exchange of information and documents related to the forum and sharing information with the other entities, in particular Rwanda development Board (RDB), EU member states and local private sector organisations for communication and match-making purposes, internal overview of events, promotion of side-events happening before, during and after the Business Forum and communicating future events, and statistics;

6.      For statistical purposes, personal data on participants’ gender and position might be used to generate certain key performance indicators.

7.      For security purposes: IP addresses are automatically collected from anyone who accesses the Business Forum website, for secure functioning and maintenance of the site.

Participants that do not wish to be part of the (possible) web-streaming have the possibility to object to processing by sitting on the dedicated area(s) which will be clearly marked. Participants that do not wish to have their individual photographs taken and published and/or to be recorded are invited to wear special badges which should be kept visible throughout the entire duration of the Business Forum.


To be noted: the opening and closing ceremonies will have media coverage from Rwandan media houses which will be governed by their individual privacy policy and the Rwanda media legislation.


The forum’s platform is a web-based interface, which complements the EU-Rwanda Business Forum by allowing interested parties to register and match with other interested parties to engage in discussion for possible business cooperation.


The EU-Rwanda Business forum is an event organised by the Delegation of the European Union to Rwanda in partnership with the Rwandan Government, represented by RDB, and close cooperation with private sector. The EU Delegation has contracted an event management company (Landell Mills to assist in preparing and organising the event.


3. DATA PROCESSED: What data do we process?

The data, including personal data, which may be processed for that purpose are the following:


I. Personal data will be collected, used and kept only to the extent necessary for the purposes above. Data, including personal data, that may be processed, are the following:

·       Identification and contact data, including name, title, profession, function, e-mail address, phone numbers, country of origin, name, affiliation, setor of activity, size in terms of turnover and number of employees of the organisation represented, interest in Rwanda and the business forum, presence in Africa.

·       Data collected from all visitors to the EU-Rwanda Business Forum website : online identifiers (IP address and device ID)


II. In addition, data are also collected from the website during the EU-Rwanda Business Forum and processed for the purpose of informing the public, promoting EU public diplomacy in communications and publications:

·       Photos, audio or video filming and web streaming of speakers, participants or organisers as well as feedbacks, surveys, reports and other information about the EU-Rwanda Business Forum



The EU Delegation to Rwanda  waive responsibility of videos/photos taken, shared, published by participants or other individuals, including journalists and other members of the press not contracted by the EEAS/EU Delegations.


III. Data collection by websites: when using online applications, websites may apply dynamic tools such as cookies for technical functioning, gathering statistics and providing a personalised experience for you as a user. More information about cookies can be found on the specific websites.


4. DATA CONTROLLER: Who is entrusted with processing your data?

The data controller determining the purpose and the means of the processing activity is the European External Action Service (EEAS). The  EU Delegation entrusted with managing the personal data processing under the supervision of the Head of Delegation is the following organisational entity:

EU Delegation to Rwanda


5. RECIPIENTS OF THE PERSONAL DATA: Who has access to your data?

The recipients of your data may be

·       Designated organising staff of the EEAS/EU Delegation

·        Assigned staff of other EU institutions and other assigned organiser team members, if required

·       Security and other partners, contractors, service providers on behalf of the organiser

·       Participants, Interpreters, Technical staff if relevant

·       EEAS staff and other EEAS Intranet users (if data published on the EEAS intranet)

·       General public (if data made public on the internet, the EEAS website or social media platforms)

·       EU Member States entities collaborating with the organisation of the EU-Rwanda Business Forum

·       Rwandan Government partaking in the EU-Rwanda Business forum

·       Landell Mills, the service provider of EU Delegation to Rwanda

·       Imavox Africa ltd, the EU-Rwanda Business Forum website developer


With the exception described above, no personal data is transmitted to third countries or to international organisations. Data will not be shared with third parties for direct marketing. Access to the personal data by the Service Provider for the purpose of management and maintenance of the Registration page is implemented in accordance with the provisions of Chapter V of Reg. (EU) 2018/1725, in particular Art. 50.


Under certain conditions outlined in law, we may disclose your information to third parties, (such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes. Service providers will process data on documented instructions and on behalf of the EEAS/EU Delegation in accordance with Article 29 of Regulation (EU) 2018/1725. More information on how the provider processes personal data on the website of the contracted organisation. Data will not be communicated to third parties, except where necessary for the purposes outlined above.



Social Media

The EU Delegation to Rwanda (EEAS) use social media to promote and inform about events and meetings through widely used and contemporary channels. In addition to the EEAS Webpage videos may be uploaded to the EU Delegation YouTube channel and EEAS YouTube channel and links from our website can appear on Twitter, Facebook and Instragram. The use of social media does not in any way imply endorsement of them or their privacy policies. We recommend that users read the Twitter, Instragram, Facebook and YouTube privacy policies which explain their data processing policy, use of data, users' rights and the way how users can protect their privacy when using these services.


You have the right of access to your personal data and the right to correct your inaccurate or incomplete personal data, taking into account the purpose of the processing. The right of rectification can only apply to factual data processed. Under certain conditions, you have the right to ask the deletion of your personal data or restrict their use as well as to object at any time to the processing of your personal data on grounds relating to your particular situation. We will consider your request, take a decision and communicate it to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary. For more detailed legal references, you can find information in Articles 14 to 21, 23 and 24 of Regulation (EU) 2018/1725. In specific cases, restrictions under Article 25 of the Regulation may apply. If you wish to exercise your rights or have questions concerning the processing of your personal data, you may address them to the Data Controller via the functional mailbox:


To contact the EU Delegation to Rwanda please use the functional mailbox of the EU-Rwanda Business Forum 2023:


7. LEGAL BASIS: On what grounds do we collect your data?

The processing of personal data related to EU-Rwanda Business Forum organised by the EU Delegation to Rwanda (EEAS) is necessary for the performance of a task carried out in the public interest [Article 5(1)(a) of Regulation (EU) 2018/1725], as mandated by the Treaties, in particular by articles 5, 11, 20, 21-40, 42, 43 of the of the Treaty on European Union (TEU) and 2 (4) and (5), 205, 220-221, 326 – 334 of the Treaty on the Functioning of the European Union (TFEU).


Further reference:

-        Council Decision of 26 July 2010 establishing the organisation and functioning of the EEAS (2010/427/EU) (OJ L 201, 3/8/2010, p. 30) and

-        Shared Vision, Common Action: A Stronger Europe - A Global Strategy for the European Union’s Foreign and Security Policy of June 2016 and Council Conclusions of October 2016 where the Council of the European Union emphasises "the need of joining up efforts in the field of public diplomacy including strategic communication, inside and outside the EU, to speak with one voice and ultimately promote its core values”.

-        Cotonou agreement (in particular, Art. 1, 74 and 75 of Cotonou Agreement) on the objective of promoting private sector investment and dialogue with private sector.

At the same time, data processing for EU communication activities and publications is based on your consent requested separately [Article 5(1)(d) of Regulation (EU) 2018/1725]. Your consent is required for:

·       photos, video recordings and web streaming related to events/meetings which may be shared in EU communications (see point 5)

·       attendance list containing your name, affiliation and contact details which may be shared among participants

If you do not wish for some personal data, including photos, to be published on the web, you also have the option not to provide consent. You can withdraw your consent by writing to the email address:

8. TIME LIMIT & DATA SECURITY: for what period and how securely do we process your data?


Our aim is to keep your personal data not longer than necessary for the purposes we collect them. After the EU-Rwanda Business Forum 2023, your data are kept as long as follow-up actions to the EU-Rwanda Business Forum are required. Reports and other material containing personal data are archived according to e-Domec policy. Personal data will be deleted five years after the last action in relation to the EU-Rwanda Business Forum 2023. Personal data may, however, be part of a contact list shared internally among EEAS services for the purpose of promoting future EU activities and disseminating information. The privacy statement on public diplomacy initiatives is also available on the EEAS website. Financial data related to the EU-Rwanda Business Forum 2023 will be kept for a maximum period of 10 years after the end of the event or meeting for auditing purposes. Photographs and audio-visual recordings which will be uploaded on the EU-Rwanda forum website, will be retained for a year, unless requested otherwise by the individual portrayed visibly on the content. Recordings from the web-streamed Business Forum will be kept for two years.  Personal data may be kept for information and historical, statistical or scientific purposes for a longer period of time including the publication on the EU Delegation to Rwanda and EEAS Intranet or EEAS website with appropriate safeguards in place.


Security of data

The EEAS and EU Delegation to Rwanda strive to ensure a high level of security for your personal data. Appropriate organisational and technical measures are ensured according to Article 33 of Reg. (EU) 2018/1725. The collected personal data are stored on servers that abide by pertinent security rules. Data is processed by assigned staff members. Files have authorised access. Measures are provided to prevent unauthorised entities from access, alteration, deletion, disclosure of data. General access to personal data is only possible to recipients with a UserID/Password. Physical copies are stored in a secured manner. In case a service provider is contracted, as a processor, the collected data may be stored electronically by the external contractor, who has to guarantee data protection and confidentiality required by the Reg. (EU) 2018/1725. These measures also provide a high level of assurance for the confidentiality and integrity of the communication between you [your browser] and the EEAS/EU

Delegation to Rwanda. Nevertheless, a residual risk always exists for communication over the internet, including email exchange. The EEAS relies on services provided by other EU institutions, primarily the European Commission, to support the security and performance of the EEAS website.

9. EEAS DATA PROTECTION OFFICER: Any questions to the DPO?

If you have enquiries you can also contact the EEAS Data Protection Officer at


You have, at any time, the right to have recourse to the European Data Protection Supervisor at