DETAILS OF REGISTER

European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
Belgium

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

dataprotection@eda.europa.eu

N/A

N/A

This set of processing operations related to the functions of the AEOS Access Control System has the purpose of ensuring the physical protection and security of buildings and staff. They furthermore serve the following specific purposes:

• to manage the access badges for EDA staff and external visitors, access control of all persons in possession of a permanent EDA badge;
• to control access to individuals with vehicles;
• to manage the SALTO locks' keys to individual offices;
• to manage and control access to EDA meeting rooms.

- EDA postholders : Temporary Agents, Contractual Agents and Seconded National Experts (SNE) as well as trainees, secondees other than SNEs, contractors, interims, Blue Book trainees; - Personnel of EDA temporary contractors;

- All other external visitors : Delegates and officials from EDA participating Member States (pMS), even when in a possession of a permanent EDA badge, delegates from Third Countries, Staff from other EU institutions, other external visitors etc., Data processed includes: - Name (last and first) - Title - Gender - Telephone (mobile/fixed) - Email address - Personnel N° - Department No sensitive personal data in the meaning of Article 10 of Regulation 2018/1725 are processed.

• For EDA postholders : up to 1 month after termination/end of contract.
• For EDA temporary contractors’ personnel: up to 1 month after termination of service contract.
• For delegates and officials from EDA pMS, from third countries, other EU institutions staff, etc.: up to 1 month after their last visit.

Staff of the Security and Infrastructure Unit/Corporate Services Directorate.

N/A

Having regard to the state of the art and the cost of their implementation, the controller has implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration, and to prevent all other unlawful forms of processing. For the personal data that are processed by automated means, measures have been taken with the aim of: (a) Preventing any unauthorised person from gaining access to computer systems processing personal data, Salto locks, password; (b) Preventing any unauthorised reading, copying, alteration or removal of storage media, access limited to security unit; (c) Preventing any unauthorised memory inputs as well as any unauthorised disclosure, alteration or erasure of stored personal data; (d) Preventing unauthorised persons from using data-processing systems by means of data transmission facilities; (e) Ensuring that authorised users of a data-processing system can access no personal data other than those to which their access right refers; (f) Recording which personal data have been communicated, at what times and to whom; (g) Ensuring that it will subsequently be possible to check which personal data have been processed, at what times and by whom; (i) Ensuring that, during communication of personal data and during transport of storage media, the data cannot be read, copied or erased without authorisation; (j) Designing the organisational structure within EDA in such a way that it meets the special requirements of data protection.

Additional information is available by following the link to privacy statement here.