|
Header - versioning and reference numbers (recommendation: publicly available) |
|
| 1. |
Last update of this record |
31-10-2025 |
| 2. |
Reference number |
EDA-DPO-087 |
|
part 1 - article 31 record (recommendation: publicly available) |
|
| 3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
| 4. |
Name and contact details of DPO |
|
| 5. |
Name and contact details of joint controller (where applicable) |
N/A
|
| 6. |
Name and contact details of processor (where applicable) |
Deskbird Aktiengesellschaft (AG)
Churerstrasse 54
8808 Pfäffikon, Switzerland
Registration no.: CHE-193.964.133
|
| 7. |
Purpose of the processing |
The purpose of this processing activity is to facilitate office space planning with the use of the workplace management platform “Deskbird”. The tool is made available through Microsoft Teams and allows EDA personnel to book a desk at EDA premises and to visualise presence of colleagues in the office. This enables optimised office occupation management and facilitates collaboration and working discussions. The tool displays a mapping of offices available for booking depending on the user’s Unit/Directorate. The tool maintains a list of offices/desks available for booking and associated to the names of EDA personnel that have reserved them for full days or specific periods (e.g. or half days or a specific number of hours). The tool allows to configure users with assigned office functions as “first aider”, “fire responder”, “evacuation assistant” or “key holder”, to be able to confirm their presence according to the needs of the service. The booking tool provides the possibility to “follow” a colleague and align presence in the office. The option can be disabled by each user that wishes to opt-out.
|
| 8. |
Description of categories of persons whose data EDA processes and list of data categories |
(a) Categories of data subjects: EDA personnel (EDA staff members, SNEs, Interim Agents, Trainees and contractors).
(b) Categories of personal data processed: First name, last name, e-mail address, job title, Unit/Directorate, assigned office function where applicable, presence in the office or remote work, dates of booking, desk/office number, option to be “followed” by colleagues, profile picture where applicable.
|
| 9. |
Time limit for keeping the data |
Personal data on office reservations are stored for up to 6 months.
|
| 10. |
Recipients of the data |
Bookings made by each user, are visible to members of the same directorate, unless the user has set her/his profile in private mode. Overview of office bookings made are made available to the line managers of each user.
|
| 11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
The data processor is located in Switzerland but ensures that data are stored in EU (Germany). Nevertheless, any potential remote access to personal data by the data processor, from Switzerland, to perform its duties, will take place pursuant to Article 47 of Regulation (EU) 2018/1725 and Commission Decision 2000/518/EC on the adequate protection of personal data provided in Switzerland.
|
| 12. |
General description of security measures, where possible. |
Data is processed and stored in EDA Microsoft 365 tenant and in a cloud-based solution of the data processor (Deskbird). The data processor utilizes third-party cloud services of Google Ireland Limited which are located in Frankfurt, Germany. However, to ensure data integrity, the data processor may occasionally make use of other compute regions strictly within the EU. EDA has implemented appropriate technical and organisational measures (firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
|
| 13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here.
|