|
Header - versioning and reference numbers (recommendation: publicly available) |
|
1. |
Last update of this record |
05-09-2022 |
2. |
Reference number |
EDA-DPR-052 - EDA Meetings and Conferences |
|
part 1 - article 31 record (recommendation: publicly available) |
|
3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
4. |
Name and contact details of DPO |
|
5. |
Name and contact details of joint controller (where applicable) |
N/A
|
6. |
Name and contact details of processor (where applicable) |
External contractors (e.g. security staff, booking agency or hotel which is hosting the concrete event) may be used to perform certain tasks for the controller. All contractors are contractually obliged to ensure data protection compliance when processing personal data
|
7. |
Purpose of the processing |
The purpose of this processing activity is the organisation of meetings and conferences, including management of contact lists, invitations, participants lists, distribution of minutes/reports, follow-up actions and networking among participants.
Personal data are collected and retained by EDA in order to facilitate the organisation, conduct and follow-up of these events and to provide participants with information (including name and affiliation of other participants), to record the presence of persons and to communicate conclusions and reports.
EDA regularly organises meetings (e.g. workshops, working groups, conferences etc.) with externals. Meetings may take place in-house, in external locations, via webtools or in a hybrid format and may involve both EDA staff and/or external stakeholders from various backgrounds.
|
8. |
Description of categories of persons whose data EDA processes and list of data categories |
Data are processed from the following individuals or group of people:
- external stakeholders participating in meetings / conferences / working groups/ events held by EDA on EDA premises or elsewhere;
- EDA staff participating in such meetings.
Data processed are necessary for the organization or management of follow-up to a meeting and can include the following:
- Identification and contact details such as name, position, entity, nationality,
- Photographs, audio or video recording or livestreaming in the context of a meeting (opt-in required as per separate consent form);
- Others, such as dietary requirements, if relevant.
|
9. |
Time limit for keeping the data |
Personal data are kept only as long as necessary for the purposes of the specific meeting/event. It will be deleted 1 year after the respective meeting, if not needed for network building, setting up databases and follow-up interaction, under specific notified processing operations.
Data other than contact details will be retained for a maximum period of 1 year after the last conference of the series or after the database is no longer necessary for networking as defined under the purposes for the relevant processing operation.
The contact details of participants will be part of a list shared internally amongst EDA staff for the purpose of contacting the participants in the future in the context of subsequent EDA activities related to the meeting/conference. Data subjects can always unsubscribe and ask EDA for their data to be deleted.
|
10. |
Recipients of the data |
The access to all personal data as well as all information collected in the context of the meeting, and the organisation thereof, is granted to a defined number of users, without prejudice to a possible transmission to the bodies in charge of a monitoring or inspection task in accordance with Union legislation. These users typically are:
- Organiser of the meeting;
- EDA staff assigned to the project;
- Other participants of the meeting;
- External contractors (if relevant).
|
11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
Such transfers are not envisaged. However, participation in meetings or conferences is in principle open to data subjects from third countries or international organisations which may have limited access to the personal information of other participants displayed in the context of meetings/conferences. Personal data collected from these data subjects will be kept separate, as far as possible.
|
12. |
General description of security measures, where possible. |
Data will be processed in accordance with the high security standards established by EDA. EDA external contractors are obliged by the respective contract to adopt appropriate technical and organizational security measures having regard to the risks inherent in the processing and to the nature of the personal data concerned.
|
13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here
|