News, events, publications

DETAILS OF REGISTER

EDA-DPR-058 - PADR - Infoday and Brokerage events

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 05-09-2022
2. Reference number EDA-DPR-058 - PADR - Infoday and Brokerage events
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
Belgium
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

dataprotection@eda.europa.eu
5. Name and contact details of joint controller (where applicable)
N/A
6. Name and contact details of processor (where applicable)
The processor of personal data on behalf of the controller are the companies (a) IdLoom Europe (Tervuren avenue 216, 1150 Brussels, Belgium), hosting the web platform collecting and storing the data, and (b) Nodily Europe (Arsenal site, 4 Rue des Peres Blancs, 1040 Brussels, Belgium), managing the application supporting the activity of matchmaking in view of the brokerage event.
7. Purpose of the processing

The data will be collected in a web platform in preparation of InfoDays and Brokerage events linked to the Preparatory Action on Defence Research activities. In particular, the collection of personal data will allow:

  • participants to register and to indicate topics of interest; - the validation/approval of the registration;
  • to keep track of the list of participants for the purposes of the events;
  • to facilitate the establishment of bilateral contacts and networking opportunities; 
  • to distribute any information related to the events.

Registered and approved participants are allowed to use the personal data available in the web platform only for the purposes of the Preparatory Action events. IdLoom will process personal data only in order to register the participants to the event and to provide them with a confirmation email to their participation. Furthermore, IdLoom will transfer data to Nodily through a secured HTTPS Protocol. Nodily will support the participants in the setup of bilateral meetings. The data subject shall only transmit personal data to IdLoom in relation to his/her user account. Beyond that, the data subject shall not transmit to IdLoom any other personal data.
8. Description of categories of persons whose data EDA processes and list of data categories

Data are processed from individuals that voluntarily will register to attend the PADR events, such as:

  • Industry representatives from defence-related companies, SMEs or clusters;
  • Defence industry occasions;
  • National or European research institutes and universities.

Personal Data processed are the following:

  • Title;
  • First name;
  • Last name;
  • Email;
  • Job position;
  • Mobile phone;
  • Academic title;
  • Language(s) spoken;
  • Nationality.
9. Time limit for keeping the data
Data will be retained for the duration of the Preparatory Action on Defence Research for the purposes outlined above under point 4 and will be used in this period in similar events related to the Preparatory Action. Data stored in EDA serves/computers is deleted at the latest within 6 months after Preparatory Action on Defence Research activities are finished. Once the event or account is deleted, IdLoom stores the data for no more than 2 weeks since this deletion. After this period data is permanently deleted. Nodily keeps data for statistical purposes - data subject may also access historical data on past events and activities, such as meetings, private messages, contacts, etc.). If the Nodily account is closed by the data subject, all personally identifiable information about the data subject will be removed from Nodily servers. Once the event or account is deleted, IdLoom stores the data for nor more than 2 weeks since this deletion. After this period is permanently deleted. Nodily keeps data for statistical purposes, users may also access historical data on past events and activities, such as meetings, private messages, contacts, etc.). If the Nodily account is closed by the user, all personally identifiable information about the user will be removed from Nodily servers.
10. Recipients of the data
Personal data entered when signing up will be accessible to all the individuals participating to the event, whose registration in the web platform has been validated by EDA. EDA staff and staff of the processor with access to the data.
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
Norway, which is part of the Preparatory Action, is subject to national law that guarantee an adequate level of protection. 
12. General description of security measures, where possible.
Data will be processed in accordance with the high security standards established by EDA. Within the EDA network the data access is limited to the Preparatory Action Staff, IT-Administrators and Security Staff.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.