DETAILS OF REGISTER

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

dataprotection@eda.europa.eu

For outsourced online written tests invigilation:

TestReach

NexusUCD, Block 9-10 Belfield Office Park

Clonskeagh, Dublin 4

IRELAND

info@testreach.com

+353 (0)1 536 3820

For outsourced assessment center (for management positions):

Hudson Belgium SA/NV

Avenue Bourget 42

1200 Brussels

Belgium

Personal data are collected and processed in view of selecting and recruiting the most suitable candidates, following an appropriate selection procedure for various staff categories, namely:

• Temporary agents (TAs);
• Contract agents (CAs);
• Seconded National Experts (SNEs);
• Trainees,

to manage applications at the various stages of these selections and to manage and check the use of reserve lists when applicable with the view of eventually recruiting staff to EDA.

The selection and recruitment procedure is necessary for the management and functioning of the Agency in order to allow it to carry out its tasks in the public interest on the basis of the Treaty on European Union.

Recruitment procedures of TAs, CAs, SNEs at EDA are organized as described under Recruitment Procedure (europa.eu). For trainees, relevant info can be found under Traineeship (europa.eu).

Data subjects:

• All candidates applying for a position of TA, CA, SNE or trainee at EDA following a publication of a vacancy notice.
• Individuals sending a spontaneous application to EDA.

   

  List of data categories processed:

• Identification data, i.e. surname, first name, date of birth, gender;
• Contact information, i.e. address, telephone, e-mail;
• Information regarding eligibility and selection criteria laid down in the vacancy notice, i.e. nationality, languages, education, employment record, military/civil service record, other relevant for the job skills such as knowledge of computer software;
• Information about the length of the legal notice period required, objection against inquiry with present employer, periods spent abroad, references, motivation, declaration of honour as well as where the applicant found out about the vacancy;
• If applicable, results of the pre-selection or written/oral tests (TAs, CAs and SNEs);
• Information regarding security clearance;
• For candidates invited to the interviews: if needed, financial information (BAF- bank details form) – for the reimbursement of costs incurred;
• For selected TA, CA candidates only: medical data in the context of the pre-employment medical check;
• Information about disability might be requested in order to facilitate the access of the candidate(s) to the EDA premises.

   

  For candidates invited to the remote written test (for TAs, CAs and SNEs only)

• some personal data (name, surname) and contact details are shared by EDA with the provider, TestReach, for the practical arrangement of the written test.

   

  In the context of the actual remote written test, the following additional personal data are also processed:

• Video log of the candidate during the remote written test;
• IP address, browser header data (user agent) and other similar information about the computer used to take the assessment;
• User access and activity data within their system (e.g. when the candidate logs in, when the candidate logs out, when the candidate answered a question, etc.) for audit-trailing and security purposes;
• Video recording of the screen of the candidate taking the test.

   

  For candidates for management positions invited to the Assessment Center:

  CVs of the candidates are shared with the provider – Hudson, containing:

• Identification data, i.e. surname, first name, date of birth, gender;
• Contact information, i.e. address, telephone, e-mail;
• Information regarding eligibility and selection criteria laid down in the vacancy notice, i.e. nationality, languages, education, employment record, military/civil service record, other relevant for the job skills such as knowledge of computer software;
• Information about the length of the legal notice period required, objection against inquiry with present employer, periods spent abroad, references, motivation, declaration of honour as well as where the applicant found out about the vacancy.

For recruited candidates (Conflict of Interest forms):

As part of this processing activity, it is necessary for EDA to obtain conflicts of interest (CoI) declarations before recruitment, in which (future) staff provide personal data about their professional and private lives such as their name, past/present employment or professional activities; shareholdings in companies; functions in associations/organisations; the professional activities of their spouse, partner or household members.

For EDA (the data controller):

1. Spontaneous applications are deleted after having informed the applicant(s) that the application will not be kept since EDA only considers applications for vacancies published on its website.

    

2. For non- selected candidates
• Personal data contained in supporting documents of applicants for TA, CA and SNE positions will be deleted after 6 years following the closure of the selection for candidates invited for the interview, or after 3 years for candidates not invited for the interview.
• Personal data of non-selected applicants for trainee positions will be deleted after 3 years following the closure of the selection.
• For candidates who created an application but finally did not submit it, the personal data is deleted as soon as the selection is completed.
• Anonymised data could be kept longer for statistical purposes.
3. Candidates selected for recruitment

Recruitment documents for selected TAs and CAs are kept in the agent's personal file, in accordance with Art. 33 and Art. 104 of the EDA Staff Regulations for a period of 5 years after the jobholder has terminated employment at the agency. The same filing practice and retention is applied for recruited SNEs and trainees.

With regard to the processing of police record and security clearance:

• The formal job offer to candidates which are to be recruited includes a request to provide a recent excerpt of the police record, which is conditional for confirmation of the recruitment. This document is only consulted by the HR Officer in charge of the respective recruitment and then always returned to the candidate concerned. An acknowledgment of receipt is placed in the personal file of the candidate who becomes a staff member.
• Security clearance(s) are handled in accordance with record DPO-15-PSC.

For the data processors

1. TestReach – remote written exams

   All video records and Invigilation Reports are held by TestReach for a period of 6 months after which they are deleted, unless TestReach is specifically requested by EDA to hold it for longer, for example in the case of an appeal process, to ensure the availability of relevant data until the finalization of the selection and/or related legal proceedings.

2. Hudson – assessment center

CVs of the candidates invited to the Assessment Center are kept for 2 months from the acknowledgement by EDA of receipt of the Assessment Centre Reports and de-briefing materials to ensure the delivery of feedback if requested by candidates.

The recipients are/may be:

• designated EDA staff members involved in the selection and recruitment procedure (e.g. HR, selection panel, Finance)
• where applicable, external members of the selection panel
• external contractors acting as processors;
• -other staff members on a need-to-know basis (e.g. internal auditor, DPO, Legal Office)
• If applicable, supervisory authorities and/or courts.

With regard to pre-employment medical checks: The Medical Service of the Council (not applicable for SNEs and trainees).

No, there is no transfer of personal data to a third country or international organization, neither by the data controller nor by the data processors.

Submission of applications to vacancies are done electronically via the appropriate IT tool. The applicant has to register an account accessible via a username and a password.

EDA has implemented appropriate technical and organisational measures (secure access methods, firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.

Appropriate security measures are implemented also by the data processors against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.

Data subjects have the right to access their personal data and the right to correct any inaccurate or incomplete personal data, as well as to request the removal of their personal data, which will be implemented within 15 working days after the request has been deemed legitimate.

If the data subject has any queries concerning the processing of his/her personal data, s/he may address them to the data controller at the following mailbox: recruitment@eda.europa.eu. Candidates placed on a reserve list have the right to amend their identification data such as surname, email, address, phone number, by contacting the HR Unit at the same address.

All legitimate requests will be handled within 15 working days.

Additional information is available in the following EDA privacy statements:

• Selection and recruitment, here;
• Remotely invigilated written tests in the context of EDA’s selection procedures, here;
• Assessment center, here;
• Health Data is handled in accordance with record EDA-DPO-29.