|
Header - versioning and reference numbers (recommendation: publicly available) |
|
| 1. |
Last update of this record |
05-09-2022 |
| 2. |
Reference number |
EDA-DPR-073 - Azure Active Directory |
|
part 1 - article 31 record (recommendation: publicly available) |
|
| 3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
| 4. |
Name and contact details of DPO |
|
| 5. |
Name and contact details of joint controller (where applicable) |
N/A
|
| 6. |
Name and contact details of processor (where applicable) |
SoftwareOne, AG, Riedenmatt 4, CH-6370 Stans, Switzerland (only intermediate, does not process personal data) Microsoft Ireland Operations Limited One Microsoft Place, South County Industrial Park, Leopardstown, Dublin 18, D18 P521 lsp.eu@softwareone.com
|
| 7. |
Purpose of the processing |
Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud-based directory, and identity management service that combines core directory services, application access management, and identity protection into a single solution. Azure AD also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules.
|
| 8. |
Description of categories of persons whose data EDA processes and list of data categories |
All current EDA personnel who based on the need to have access to EDA IT resources in order to perform their contractual duties within EDA premises and via remote access. Electronic data on official business coordinates: first name, last name, email, telephone number, title, unit, company and office number. In addition, their credentials to access EDA resources.
|
| 9. |
Time limit for keeping the data |
User account is deactivated as soon as the personnel member’s contract is terminated and data erased no later than 30 days after the employee’s departure from the agency. At all times during the term of Customer’s subscription, Customer will have the ability to access and extract Customer Data stored in each Online Service. Microsoft will retain Customer Data stored in the Online Service in a limited function account for 90 days after expiration or termination of Customer’s subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer’s account and delete the Customer Data.
|
| 10. |
Recipients of the data |
Azure Active Directory data is accessible to all current EDA personnel via Microsoft Azure portal.
|
| 11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
NO
|
| 12. |
General description of security measures, where possible. |
EDA has implemented appropriate technical and organizational measure (firewall, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorized disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
|
| 13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here.
|