Skip to main content
European Commission logo
en
About the European Commission
Advanced Gateway to your Meetings

Legal notice

Record for processing of personal data

Title: Information system supporting the organization of meetings

Reference: DPR-EC-01141.5

Entity of the Operational Controller: European Commission : Administration and Payment of Individual Entitlements (PMO.5)

Publication date: 14/01/2026

1. General Information

Data protection record

Record reference DPR-EC-01141.5

Title of the processing operation Information system supporting the organization of meetings

Language of the record English

Corporate record No

Data Protection Officer

Contact details DATA-PROTECTION-OFFICERatec [dot] europa [dot] eu (DATA-PROTECTION-OFFICER[at]ec[dot]europa[dot]eu)

Entity of the Operational Controller

Responsible organisational entity Administration and Payment of Individual Entitlements (PMO)

Directorate / Unit 5

Contact Details PMO-DATA-PROTECTION-COORDINATORatec [dot] europa [dot] eu (PMO-DATA-PROTECTION-COORDINATOR[at]ec[dot]europa[dot]eu)

Other Commission departments involved

Other Commission departments involved in the processing No

Joint controllership

Joint controllership is involved N/A

Processors

Processors are involved in the processing Yes

  • Names and contact details of processors The main processors are Commission staff and European Union staff for EPDS and agencies. In order to develop, test and support the system the European Commission might have recourse to the services of external companies as processors. In the case of individuals, the contracts will be finalised in accordance with DIGIT framework contracts. The production environment will be hosted by DIGIT.

2. PURPOSE AND DESCRIPTION OF THE PROCESSING

Purpose

Description of the purpose of the processing

AGM (Advanced Gateway to your Meetings) is used to process data in order to organizing meetings and managing reimbursement of expenses incurred by participants invited by the European Commission. AGM is also used for the reimbursement of expenses of candidates invited to the oral tests of an open competition or selection procedure, to an interview or to a medical examination.

Processing for further purposes

The purpose(s) for further processing

  • N/A

Modes of processing

The mode of processing

  • Any other mode:

    AGM (Advanced Gateway to your Meetings) covers most of the processes involved in organising a meeting:

    • through a Front Office where the experts (external persons) manage the invitations to meetings (including user consent to data processing) and encode their expenses claims for costs incurred when attending a meeting organised by the DGs/agencies. The Front Office is also used by correspondents (external users) who settle the list of attendants to meetings.
    • through a Back Office managed by the service organising the meeting and all the practical arrangements for the meeting (invitation and registration of participants);
    • and through a Back Office managed by the PMO for the validation of participants’ bank accounts and legal entities, before reimbursement of the expenses incurred by them.

    AGM covers also the reimbursement requests for the candidates, when they are coming for interviews of medical examinations.

    Candidates can upload the supporting documents for the costs incurred (transport costs and / or hotel bill) as well as the entity files-Legal entity (FEL) and FCB (bank account) the candidate's identity card or national passport, the candidate's bank account statement. PMO will then check if everything is in order to reimburse the candidate.

Description/additional information regarding the modes of processing

The purpose of the data processing is twofold:

  • Collection and use of personal data in order to organise and manage meetings with or without outside participants.
  • Reimbursement of participants invited to meetings pursuant to Commission Decision C(2007) 5858 of 5 December 2007 – Rules on the reimbursement of expenses incurred by people from outside the Commission invited to attend meetings in an expert capacity (C(2007)5858)
  • Reimbursement of candidates invited to the oral tests of an open competition or selection procedure, to an interview or to a medical examination in accordance with the rules laid down in the Commission Internal Directive – Conclusion 277/17 approved on 24 November 2017 and applicable to the Commission since 1 March 2018.

Storage medium

The medium of storage (one or more)

  • Electronic
    • Digital (Office documents such as Word, Excel, PowerPoint, Adobe PDF, Audiovisual/multimedia assets, Image files such as .JPEG, PNG)
    • Servers

Description/additional information regarding the storage medium European Commission Data centres

Source of personal data

Personal data are obtained directly from the data subjects Yes

Comments

Comments/additional information on the data processing 1/ AGM covers most of the processes related to the organization of a meeting. The system replaced existing manual practices without adding extra data processing operations. It provides additional safeguards to protection of personal data as the processing is done using normalized operations rather than as done previously where the different meeting organizers kept their own lists. The business processes related to personal data are: - Creation of the list of correspondents of third parties and/or nominated experts to whom the invitations are sent: only meeting assistants assigned to the organization of the meeting can update this information. - Collection of the necessary data (only first name, last name and email address) for the access to Commission premises which are sent to the IT systems of the Security Office of the Commission for access control purposes by security guards (under the responsibility of DG HR.DS - see Notification DPR-EC-0655). The correspondents of a third party enter the mentioned information that is available only to them and to the meeting assistants assigned to the organization of the meeting. - Collection of the personal data for financial and contractual relations to be processed through AGM and to be sent to the IT systems under the responsibility of DG BUDG (see Notification DPR-EC-00301.1). - Collection of the proof of expenses by the experts for their reimbursement: the experts enter data on the expenses for which they request reimbursement. These data are registered in Ares and are accessible only to the operational and financial agents in charge of verifying and executing the payments. - Storage of the users contact information and of the rights to access/not access the different functionalities of the system - Where needed, personal data become part of a database (see NotificationDPR-EC-00847.1) that facilitates interaction between the EC and its stakeholders in their areas of interest. 2/ AGM will also be used to invite candidates to interviews or medical examinations. File handler can create meeting groups in AGM, by specifying budgetary commitments. This may include: - Creation of an invitation - Collection of the necessary data (only first name, last name and email address) - Collection of the personal data for financial and contractual relations to be processed through AGM. - Collection of the proof of expenses by the candidates for their reimbursement.

3. DATA SUBJECTS AND DATA CATEGORIES

Data subjects’ categories

Data subject(s) are

  • Internal to the organisation

    A description of the data subjects (internal to the organisation)

    All Services staff including EC users and the people that will be managing the invitations in external organizations (correspondents) and candidates participating to the interviews.

  • External to the organisation

    A description of the data subjects (external to the organisation)

    All the people invited and participating in a meeting (experts), and candidates participating to the interviews and/or medical examinations.

    An expert is anyone from outside the Commission who is invited to give a specific professional opinion in a committee , an expert group or by personal invitation, wherever the location of the meeting.

Data categories/fields

Description of the categories of data that will be processed

In order to process the data, the Data Controller, PMO.5, collects and processes the following categories of personal data through AGM:

  • First name and surname
  • Email private address
  • Unique identifier used by the European Commission’s Authentication Service (EU Login ID)
  • Information on the transport expenses of reimbursable participants ( train, plane, taxi, car etc ... )
  • Information on the subsistence expenses of reimbursable participants ( accommodation and daily allowances )
  • The data in the legal entity form (e.g. ID document, private or professional address of the reimbursable participant, etc.). The data in the bank account form of the reimbursable participant (account number, name of account holder and any other information needed to identify the account to which payment is to be made)
  • EU Login data

Through AGM it is also possible to process the first name, surname, email address, EU Login and login data of the meeting assistants in charge of organization and the Commission’s financial officers responsible for making the reimbursements.

There is no reference in the personal data to ethnic or racial origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual orientation.

The processing operation concerns any 'special categories of data' which fall(s) under Article 10(1), which shall be prohibited unless any of the reasons under Article 10(2) applies

N/A

Description/additional information regarding special categories of personal data

-

Data related to ‘criminal convictions and offences’

The data being processed contains sensitive data which fall(s) under Article 11 'criminal convictions and offences' N/A

Comments

Comments/additional information on data subjects and data categories

-

4. RETENTION PERIOD

Data categories and their individual retention periods

The administrative time limit(s) for keeping the personal data per data category

  1. Data category Financial documents containing experts/candidates expenses

    Retention period 10 years

    Start date description -

    End date description

Comments

Comments/additional information on the data retention periods The Privacy statement is accessible to every data subject on the AGM page. The Commission meeting assistant / organiser assesses the arguments of the data subject as soon as the DG staff organising the meeting receives a request for rectification/blocking/erasure of data for legitimate reasons. The request will be handled within 15 working days after the reception of the request.

5. RECIPIENTS

Origin of the recipients of the data

The origin of the data recipients

  • Within the EU organisation

    A description of the indicated recipients of the data

    • For the purpose of organising the meeting, in particular sending the invitations, organisations must provide the first name, surname and email address of government experts attending the meeting on their behalf.
    • These data can also be seen by the staff of the Directorate-General responsible for organising the meeting, and by the staff in charge of reimbursement.

    • Participants, when attending a meeting with other participants in the same delegation, can see the first name(s), surname and email address of each of them. The indicator showing which of the participants will be reimbursed can be seen by all the participants in a delegation.

    • Correspondents for a delegation can see the status of a reimbursement request by participants in their delegation. The amount reimbursed is not visible.
    • Users in the services can access the personal data of the participants and contact persons in public organisations solely for the meetings for which these same users are responsible.
    • Users in the services have access to information on transport and hotel expenses and also bank information for the purpose of reimbursement of travel expenses/allowances.
    • The European Commission’s technical staff or the IT service provider has access to the system data for the purpose of resolving any technical issues.
    • PMO ex-post control and PMO LAW if needed
    • Line managers, authorising officers by delegation and/or subdelegation.

    • Investigation and control bodies also receive data: IAS, IAC, OLAF, IDOC. 

  • Outside the EU organisation

    A description of the indicated recipients of the data

    • Agencies staff being involved in management of meetings and expense claim reimbursements in AGM
    • Correspondents in external organization, experts (anyone from outside the Commission who is invited to give a specific professional opinion in a committee, an expert group or by personal invitation, wherever the location of the meeting) and candidates ( any person invited to tests for an external competition or other selection, procedure, to the assessment center, to a subsequent interview with a view to recruitment, or to a subsequent pre-recruitment medical examination ).
    • the Court of Auditors, the European Ombudsman and the EDPS

Categories of the data recipients

The categories (one or more) of the data recipients

  • A natural or legal person
  • Agency

Description of the indicated category(ies) of data recipients

All EC Services & Agencies staff being involved in management of meetings and expense claim reimbursements in AGM.

Staff of National authorities/bodies (Ministries, Offices…) acting as correspondents in AGM

Who has access to which parts of the data EU staff assigned to execute tasks in the system based on the need to know principle.

Comments

Comments/additional information on data recipients

-

6. INTERNATIONAL DATA TRANSFERS

Transfer outside of the EU or EEA

Data is transferred to countries outside the EU or EEA N/A

Transfer to international organisation(s)

Data is transferred to international organisation(s) N/A

Comments

Comments/additional information on international data transfers

The system does not foresee any transfers of personal data of data to countries outside of EU/EEA.

Specific expert groups will include experts from outside UE/EEA who will be able to see the meeting documentation. It is the responsibility of the meeting organiser to adjust meeting documentation to Regulation (EU) 2018/1725

7. INFORMATION TO DATA SUBJECTS ON THEIR RIGHTS

Privacy statement

Rights of the data subjectsThe processing should respect the following rights of data subjects

  • Article 17 - Right of access by the data subject
  • Article 18 - Right to rectification
  • Article 19 - Right to erasure (right to be forgotten)
  • Article 20 - Right to restriction of processing
  • Article 21 - Notification obligation regarding rectification or erasure of personal data or restriction of processing
  • Article 22 - Right to data portability
  • Article 23 - Right to object
  • Article 24 - Rights related to Automated individual decision making, including profiling

The data subjects are informed about their rights and how to exercise them in the form of a privacy statement attached to this record Yes

Publication of the privacy statement

  • Published on website

    The link of the website where the privacy statement is published Https://ec.europa.eu/tools/agm/legal-notice_en

Guidance for Data subjects which explains how and where to consult the privacy statement is available and will be provided at the beginning of the processing operation Yes

An explanation of the guidance on how and where to consult the privacy statement

The Data Controller

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller: PMO-LUX-MAILatec [dot] europa [dot] eu (PMO-LUX-MAIL[at]ec[dot]europa[dot]eu)

-         The Data Protection Officer (DPO) of the Commission

You may contact the Data Protection Officer ( DATA-PROTECTION-OFFICERatec [dot] europa [dot] eu (DATA-PROTECTION-OFFICER[at]ec[dot]europa[dot]eu) )

with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

-    The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor ( edpsatedps [dot] europa [dot] eu (edps[at]edps[dot]europa[dot]eu) ) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

Where to find more information

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission which have been documented and notified to him. You may access the register via the following link:

http://ec.europa.eu/dpo-register

This specific processing operation has been included in the DPO’s public register with the following Record reference:

DPR-EC-01141.3

The privacy statement(s)

  • General publications
  • 13 April 2026
decl_conf_DPR-EC-01141_FR_AGM_FR (1).pdf
French
(456.84 KB - PDF)
Download
  • General publications
  • 13 April 2026
Declaration_de_confidentialite_EN-AGM-EC-1141.3_(1).pdf
English
(420.86 KB - PDF)
Download

Comments

Comments/additional information on information to data subjects on their rights

-

8. SECURITY MEASURES

Short summary of overall Technical and Organisational measures implemented to ensure Information Security:

User profiles defined for different roles with access based on the need to know principle.

User access with EU login identification.