|
Header - versioning and reference numbers (recommendation: publicly available) |
|
| 1. |
Last update of this record |
05-09-2022 |
| 2. |
Reference number |
EDA-DPR-048 |
|
part 1 - article 31 record (recommendation: publicly available) |
|
| 3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
| 4. |
Name and contact details of DPO |
|
| 5. |
Name and contact details of joint controller (where applicable) |
N/A
|
| 6. |
Name and contact details of processor (where applicable) |
N/A
|
| 7. |
Purpose of the processing |
The CRM system is designed to compile information on customers across different channels - points of contact between the agency and business partners - and to create a single CRM database which includes all relevant data for customer relations.
|
| 8. |
Description of categories of persons whose data EDA processes and list of data categories |
- Multiple categories of PoCs from MS (ex: Central, Defence Policy Directors, Deputy Central, EU institutions);
- Other external stakeholders that are in contact with EDA (conferences, meetings, e-newsletters, etc.)
- Data processed are the following:
- Personal information (full name, organization, department, job title)
- Contact information (email, phone, fax)
- Address information (street, office, postal code, city country)
- Roles (representing country, representing organization)
|
| 9. |
Time limit for keeping the data |
Data will be kept in the CRM system until the data subject expresses his/her wish to be deleted - An annual e-mail reminder is sent to all Data Subjects informing them that are included in EDA’s database and providing the Privacy Statement - Every e-newsletter sent via the EDA communication database contains an unsubscribe link - E-mails that are returned to sender will be deleted from the CRM database
|
| 10. |
Recipients of the data |
- IT Administrators
- EDA Directorate Assistants CRM database is integrated with other IT systems, therefore data is digitally sent to following recipients:
- AppSecStore (subject to a separate Notification)
- EDA Communication Database (subject to a separate Notification)
|
| 11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
N/A
|
| 12. |
General description of security measures, where possible. |
Having regards to the state of the art and the cost of their implementation, the controller have implemented appropriate technical and organisational measures (checkpoints, firewalls, antiviruses) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
|
| 13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here.
|