|
Header - versioning and reference numbers (recommendation: publicly available) |
|
1. |
Last update of this record |
05-09-2022 |
2. |
Reference number |
EDA-DPR-037 - Internal Active Directory |
|
part 1 - article 31 record (recommendation: publicly available) |
|
3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
4. |
Name and contact details of DPO |
|
5. |
Name and contact details of joint controller (where applicable) |
N/A
|
6. |
Name and contact details of processor (where applicable) |
N/A
|
7. |
Purpose of the processing |
The purpose of Internal IT applications like the Active Directory is to provide each legitimate user with valid credentials to EDA network and its resources and manage the access rights thereto. The Active Directory (AD) is a core database, which Microsoft Servers use to store information about the users of the system. It enables the network communication between devices and the functioning of most EDA software applications and EDA work assets.
|
8. |
Description of categories of persons whose data EDA processes and list of data categories |
All EDA staff who need to have access to EDA IT resources in order to perform their contractual duties within EDA premises and via remote access. Electronic data on official business coordinates: first name, last name, email, telephone number, title, unit, company and office number. In addition, their credentials to access EDA resources. No sensitive personal data in the meaning of Article 10 of Regulation 2018/1725 are processed.
|
9. |
Time limit for keeping the data |
Data is removed as soon as the staff member’s contract is terminated and erased no later than 30 days after the employee’s departure from the agency.
|
10. |
Recipients of the data |
Active Directory data is accessible to all EDA staff. Active Directory is used as internal identification mechanism for several EDA applications.
|
11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
N/A
|
12. |
General description of security measures, where possible. |
Having regards to the state of the art and the cost of their implementation, the controller have implemented appropriate technical and organisational measures (firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
|
13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here.
|