|
Header - versioning and reference numbers (recommendation: publicly available) |
|
| 1. |
Last update of this record |
05-09-2022 |
| 2. |
Reference number |
EDA-DPR-027 - Leave management |
|
part 1 - article 31 record (recommendation: publicly available) |
|
| 3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
| 4. |
Name and contact details of DPO |
|
| 5. |
Name and contact details of joint controller (where applicable) |
N/A
|
| 6. |
Name and contact details of processor (where applicable) |
N/A
|
| 7. |
Purpose of the processing |
The personal data are processed for the management of all entitlements for annual leave, special leave, sick leave and in general all the related working conditions of Temporary Agents (TAs), Contract Agents (CAs), Seconded National Experts (SNE) and Trainees at EDA.
|
| 8. |
Description of categories of persons whose data EDA processes and list of data categories |
There are 2 main categories of data subjects, namely:
- EDA staff members and SNEs and trainees (SNEs and trainees for a restricted number of leave entitlements);
- In connection to special categories of leave, relatives of EDA staff, including spouse, children and relatives in ascending line.
Personal data processed:
- main employment and career data at EDA;
- start date of EDA employment, category/statues, termination/end of contract with EDA, place of origin, age;
- documents containing personal data such as justification documents for various categories of specific leave, information on carry-over of not taken annual leave from the previous year;
- information on the EDA staff member's family situation, including the relationship to family members;
- Sensitive data in the meaning of Article 10 of Regulation 2018/1725, namely health related data, including medical certificates, confirmation on treatment/medical appointments, medical data and health diagnosis information of the EDA staff members and of their relatives, including spouse, children, relatives in ascending line. The processing of medical personal data has been notified to the EDPS.
- Information on political appointment and participation in elections of the EDA staff member.
|
| 9. |
Time limit for keeping the data |
Annual/Special and Sick leave requests are stored electronically in the leave management workflow on the EDA server. Medical certificates with no indication of the medical diagnosis are stored in a locked cupboard with restricted access to the HR Unit. Such data are kept for a period of 3 years. Additionally, the leave management tool is used to run several reports including statistics on sick and special leave and leave requests per directorates.
|
| 10. |
Recipients of the data |
- The Line Manager of the data subject and his/her Head of Unit;
- his/her Director; - the Chief Executive;
- the Deputy Chief Executive; -
- the Corporate Services Director;
- the HR Unit; -the Council Medical Service;
- the European Council Invalidity Committee;
- the EDA IT Unit (for support on the electronic management system);
- the EDA Internal Auditor; -the College of Auditors;
- the European Ombudsman;
- the European Data Protection Supervisor;
- the Court of Justice of the European Union.
|
| 11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
N/A
|
| 12. |
General description of security measures, where possible. |
Leave requests are stored in an electronic database. The data are kept in the Leave Management System with password protected. Medical certificates with no indication of medical diagnosis are stored in a locked cupboard with limited access to the HR Unit.
|
| 13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here.
|