European Central Bank - eurosystem
European Central Bank - eurosystem
Search
Search Options
Home Media Explainers Research & Publications Statistics Monetary Policy The €uro Payments & Markets Careers
Suggestions
Sort by

Privacy statement for the ECB’s Corporate Telephone Survey and the Non-Financial Business Sector Dialogue

Use of personal data for scheduling meetings and potentially for AI-supported meeting transcription

What is our legal framework?

All personal data are processed in accordance with European Union data protection law, as set out in Regulation (EU) 2018/1725 (“EUDPR”) and Decision (EU) 2020/655 (ECB/2020/28). Processing is also carried out in accordance with the EU AI Act, specifically covering AI systems classified as “minimal risk” or “limited risk”.

Why do we process personal data?

The purpose of the Corporate Telephone Survey (CTS) is to collect and analyse business sector views on economic events in order to complement, interpret and anticipate information from conventional statistical sources. The Non‑Financial Business Sector Dialogue (NFBD) takes place at least once a year in the form of a meeting between the ECB’s Governing Council and the CEOs/Chairs of those companies participating in the CTS.

We require personal data to be able to contact organisations, schedule interviews and send general invitations so that companies can participate in the CTS. We also require personal data, as part of the authentication process, to verify participants’ identity when using virtual meeting software for interviews and our web survey tool for occasional special surveys.

Our use of AI-based systems for transcribing and summarising interviews is intended to enhance the quality, clarity and comprehensiveness of interview summaries, ensuring they serve as a reliable record of discussions. The use of these systems also enhances efficiency and consistency of the drafting process, while adhering to strict proportionality and compliance safeguards. No personal data will be used to build profiles, nor will such data be stored in dedicated AI-specific datasets.

What is the legal basis for processing your personal data?

Participation in the CTS is voluntary, and we will only process your personal data if you have consented expressly in writing, in line with Article 5(1)(d) of the EUDPR. You may withdraw your consent at any time by sending an email to the address given below. All processing of your personal information will cease once you withdraw your consent; however, any processing that has already taken place remains lawful. You can participate in the survey without consenting to the transcription of virtual meetings.

Who is responsible for processing your personal data?

The ECB is the controller for the processing of your personal data. The Business Cycle Analysis Division in the Directorate General Economics is responsible for this processing. The Directorate General Information Systems ensures technical compliance and lawful handling of personal data in the virtual meeting software used to conduct interviews. AI services used for transcript processing are hosted on EU-based cloud services, with data encryption applied in transit, at rest and during processing.

Who will be the recipients of your personal data?

The recipients of your personal data are exclusively staff members from the Business Cycle Analysis Division and the Prices and Costs Division who are directly involved in the CTS.

Summaries of the main messages from all conversations (or replies to written surveys) in a survey round are distributed to relevant ECB management and staff, Members of the Governing Council and the CEOs/Chairs and contact persons of the participating companies. Individuals or companies that have provided information are not identifiable in these summaries.

If you consent to transcription in virtual meetings, any personal data (including participant names) that are mentioned in the meetings may by accessible to:

  • IT support staff in the Directorate General Information Systems and designated external providers (that have limited access for troubleshooting);
  • the ECB’s Digital Security team (who have access in the event of security incidents).

Where applicable and strictly necessary for the functioning, validation or security of AI systems, personal data may also be processed by designated ECB staff or external service providers or contractors acting on behalf of the ECB, under appropriate contractual arrangements and data protection safeguards in accordance with EUDPR.

No personal data will be shared with third parties for commercial purposes. Data access is strictly governed by confidentiality obligations and access control measures. The AI system utilises the data to generate an initial draft of the meeting summary through human-machine interaction, which undergoes further human review and refinement before the final version is completed.

What categories of personal data are collected?

The ECB processes the following personal data:

  • name;
  • contact details (address, telephone number, fax number and email address);
  • job title/role;
  • any other personal data exchanged during meetings (if you consent to the transcription of virtual meetings).

Your name and job title/role(s) may initially be obtained through your company’s website.

If you consent to transcription, the resulting transcript will first be processed using rule-based algorithms to redact participants’ usernames as well as any mentions of your company’s name in the body of the transcript, to mitigate the risk of a leak of personal data. An AI system will then summarise the main topics of the meeting from the redacted transcript into a first draft, ready for human review and refinement. If you do not consent to transcription, we will take manual notes.

Will your personal data (in plain text or encrypted form) be processed (e.g. transferred, accessed or stored) in third countries or by international organisations?

The ECB does not foresee any transfers of your personal data to third countries or international organisations. However, your personal data might exceptionally be processed in third countries/international organisations based on the derogations for specific situations set out in Article 50(1) of the EUDPR.

How long will the ECB keep your personal data?

The personal data of active CEO/Chair, survey contact(s) and their assistants are stored for as long as a company participates in the CTS or until there is a change in the incumbent holding the position of the data subject. In this respect, you are invited to inform the ECB of any changes to the personal data provided. Personal data that are no longer required will be stored for a maximum of 15 years before being deleted. The ECB’s Filing and Retention Plan governs all retention, ensuring data are not kept longer than needed.

What are your rights?

You have the right to access your personal data and correct any data that are inaccurate or incomplete. You also have (with some limitations) the right to delete your personal data and to object to or to restrict the processing of your personal data in line with the EUDPR. The ECB may restrict your rights to safeguard the interests and objectives referred to in Article 25(1) of the EUDPR.

Who can you contact for queries or requests?

You can exercise your rights by contacting the Head of the Business Cycle Analysis Division at ecb-cts@ecb.europa.eu. For all queries relating to your personal data, you can also directly contact the ECB’s Data Protection Officer at dpo@ecb.europa.eu.

Addressing the European Data Protection Supervisor

If you consider that your rights under the EUDPR have been infringed as a result of the processing of your personal data, you have the right to lodge a complaint with the European Data Protection Supervisor at any time.