News, events, publications

EDA-DPR-016 - Staff and Social Committee Personnel lists

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 19-08-2022
2. Reference number EDA-DPR-016 - Staff and Social Committee Personnel lists
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
7. Purpose of the processing
The Staff and Social Committees of EDA support the wellbeing of staff and their families including spouses, children, dependents and, occasionally, third parties. The purpose of the processing of personal data can relate to attendance at events (such as Away Day or Christmas Party), allowing for building access, routine committee business and the good administration of all activities within the mandate of the two groups. The collection and storage of personal data, including media, is necessary for the organisation and performance of these activities.
8. Description of categories of persons whose data EDA processes and list of data categories
Data are processed from the following individuals or group of people: - Staff members - Spouses of Staff members - Children and dependents of Staff members - Third parties contacted in the normal business of the Committees Data processed could be any of the following, as appropriate, for the function/activity being planned and as voluntarily provided by the data subjects: - name - surname - age or birth date - nationality - sex - allergies - ID/passport number of spouses - car details (brand, model, colour, plate number) - other details provided voluntarily by the staff (in a free text box)
9. Time limit for keeping the data
Data will be retained for a maximum of 3 months following the event. Personal data is stored for the event only and new data is created yearly for each event.
10. Recipients of the data
- Staff Committee & Social Committee; - Security and Infrastructure Unit (for access to EDA premises); - Other entities defined by the Committees for legitimate and mandated reasons and as communicated to the data subjects; - For events organized with third parties outside EDA, data might have to be shared with the event organizer.
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
12. General description of security measures, where possible.
Data are processed in accordance with the high security standards established by EDA. Data in SharePoint space of the Staff Committee are only availbale to Staff Committee. The Committees are made up of individuals who are both collectevely and individually responsible for the correct application of data protection rules. The data are exported to Excel when shared with the Security and Infrastructure Unit for security management for the access to EDA premises.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement

Additional information is available by following the link to privacy statement here.