|
Header - versioning and reference numbers (recommendation: publicly available) |
|
| 1. |
Last update of this record |
05-09-2022 |
| 2. |
Reference number |
EDA-DPR-049 |
|
part 1 - article 31 record (recommendation: publicly available) |
|
| 3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
| 4. |
Name and contact details of DPO |
|
| 5. |
Name and contact details of joint controller (where applicable) |
N/A
|
| 6. |
Name and contact details of processor (where applicable) |
N/A
|
| 7. |
Purpose of the processing |
The purpose of this processing operation is providing external users with access to EDA platforms. The Application Security Store is a database for storing identities, authentication data and authorizations to access EDA applications. It is used to process access requests received by EDA in order to use EDA applications. Accounts from AppSecStore are synchronized with CRM@EDA (Customer Relation Management) and the external Active Directory. Any modification applied in AppSecStore is applied to the Active Directory. The external Active Directory enables the network communication between devices and the functioning of most external EDA software applications (e.g. CODABA, ECP, DTEB, DPOL and others) and provides each legitimate user with valid credentials to the EDA network.
|
| 8. |
Description of categories of persons whose data EDA processes and list of data categories |
External EDA partners and experts in defence environment, coming from government or industrial segment, interested in accessing EDA collaboration platforms. Data processed are the following:
- Personal information (first name, surname, nationality)
- Contact information (position, employer, telephone, home address, correspondence address).
|
| 9. |
Time limit for keeping the data |
- Personal data is kept as long as necessary for granting access to the respective platforms;
- The access rights of inactive users (that have not visited EDA applications for more than 6 months) will be temporarily withdrawn (suspended); an email will be sent to notify the user and will contain instructions on how to reactivate their account;
- All inactive accounts for a period of 1 year will be removed from MyEDA and deleted;
- An organisation administrator can remove any member of the organisation using MyEDA portal at any time.
|
| 10. |
Recipients of the data |
- EDA Project Officers;
- EDA IT Unit Application Moderators
- CRM Administrators
- Accredited users with access to the same platform may see the contact details of other users.
|
| 11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
N/A
|
| 12. |
General description of security measures, where possible. |
EDA has implemented appropriate technical and organisational measures (firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
|
| 13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here.
|