News, events, publications

EDA-DPR-044 - Preparatory Action

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 05-09-2022
2. Reference number EDA-DPR-044 - Preparatory Action
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
The processor of the data on behalf of the controller is the company B2MATCH GmbH (Vally-Weigl-Gasse 5/4/56, 1100 Vienna, Austria), hosting the web platform collecting and storing the data.
7. Purpose of the processing
The data will be collected in a web platform in preparation of Information Days and Brokerage events linked to the Preparatory Action on Defence Research activities. In particular the collection of personal and organisation data will allow: -participation to register and to indicate the topics of interest; -the validation/approval of the registrations; -to keep track of the list of participants for the purposes of the events; -to facilitate the establishment of bilateral contacts and networking opportunities; -to distribute any information related to the events. Registered and approved participants are allowed to use the personal data available in the web platform only for the purposes of the Preparatory Action Events. B2MATCH will process personal data only in order to fulfil the need of the organisation of the Preparatory Action on Defence Research events. The user shall only transmit personal data to B2MATCH in relation to his/her user account. Beyond that, the client shall not transmit to B2MATCH any other personal data.
8. Description of categories of persons whose data EDA processes and list of data categories

Data are processed from the individuals that voluntarily will register to attend the events such as:

  • Industry representatives from larger companies, SMEs or clusters;
  • Defence Industry Associations;
  • National or European Research institutes and universities.

Personal data processed are the following:

  • Gender;
  • First and last name; Email,
  • mobile phone;
  • Job position;
  • Academic title;
  • Language(s) spoken;
  • Nationality.
9. Time limit for keeping the data
Data will be retained for the duration of the Preparatory Action on Defence Research for the purposes outlined above under point 4 and will be used in this period in similar events related to the Preparatory Action. Data is deleted at the latest within 6 months after Preparatory Action on Defence Research activities are finished. B2MATCH is entitled to perform anonymized analysis on transmitted data for statistical purposes.
10. Recipients of the data
Personal data entered when signing up will be accessible to all the individuals participating to the event, whose registration in the web platform has been validated by EDA. EDA staff and staff of the processor with access to data.
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
Norway, which is part of the Preparatory Action, is subject to national law, which guarantees an adequate level of protection.
12. General description of security measures, where possible.
Data will be processed in accordance with the high security standards established by EDA. Within the EDA network the data access is limited to the Preparatory Action Staff , IT-Administrators and Security Staff.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.