DETAILS OF REGISTER

European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
Belgium

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

dataprotection@eda.europa.eu

General Secretariat of Council/Council Medical Service Head of Sector ORG.1.E.S1 medical.secretariat@consilium.europa.eu

N/A

The purpose of the processing of personal and health-related data is to ensure that EDA staff and their eligible family members are registered for vaccination against SARS-CoV-2 as part of the Belgian vaccination campaign, thereby alleviating some of the pressure on the Belgian health system. The General Secretariat of the Coucil/Council Medical Service (hereinafter referred to as "GSC") has received formal authorisation from the Brussels authorities to set up a vaccination centre in order to ensure the health and well-being of its staff and business continuity. The processing of personal and health-related data is necessary to carry out vaccination, and to establish priority groups and the necessary documentation in accordance with the Belgian plans. These data will be processed in order to: - identify eligible persons who wish to be vaccinated at the GSC’s COVID-19 vaccination centre; - establish priority groups of « at-risk persons » as defined by the Superior Health Council in its ‘Recommendations en matière de priorisation de sous-groupes de patients de moins de 65 ans pour la vaccination contre le SARS-COV-2 (Phase IB)’/‘Aanbevelingen voor het prioriteren van subgroepen van patiënten jonger dan 65 jaar voor vaccinatie tegen Sars-Cov-2 (Fase Ib)’ (CSS N° 9618/HGR Nr. 9618, February 2021); - invite the individuals concerned to be vaccinated and communicate with them, including to invite individuals at very short notice with a view to making optimal use of the available doses – for this reason it is advisable to give private as well as professional contact details; - follow up on the vaccination and any side-effects experienced at the vaccination centre. The personal data necessary for the processing operation in question is collected by means of an email sent from the EDA HR unit to all staff and compiled in an excel table which is then sent to the Council Medical Service for integration into their system. The vaccination consent form and the medical declaration are collected manually when the vaccine is administered at the GSC vaccination centre. Personal health-related data are processed only by the doctors and nurses of the GSC and by the administrative staff of the Healthcare and Social Services Unit tasked with managing the vaccination campaign. The doctors and nurses of the GSC are bound by professional secrecy on account of their duties. All members of the Healthcare and Social Services Unit sign a confidentiality clause.

Categories of data subjects:

• staff covered by the Staff Regulations of the European Defence Agency (EDA) who are on active duty or on short-term leave on personal grounds;
• trainees at the EDA;
• seconded national experts at the EDA;

• current spouses/partners (registered in SYSPER, in Belgium and not working for another European institution) and dependent children (aged 18 or over in 2021 and in Belgium) of those persons covered by the above categories.

Categories of personal data:

• surname, first name, personnel number, PerID (unique personal interinstitutional number), date of birth, Belgian social security identification number (which corresponds to the identification number in the Belgian national register), family relationship in the case of eligible family members;
• contact details: professional telephone number and email address, and private telephone number and email address;
• health-related data: if included in an at-risk group as defined by the Superior Health Council in its ‘Recommendations en matière de priorisation de sous-groupes de patients de moins de 65 ans pour la vaccination contre le SARS-COV-2 (Phase IB)’/‘Aanbevelingen voor het prioriteren van subgroepen van patiënten jonger dan 65 jaar voor vaccinatie tegen Sars-Cov-2 (Fase Ib)’ (CSS N° 9618/HGR Nr. 9618, February 2021);

• vaccination consent form;
• medical declaration;
• type of vaccine;
• vaccination date;
• vaccination status (number of doses);
• any side effects experienced at the vaccination centre.

The data collected by the ‘COVID-19 Vaccination’ application are deleted one year after the end of the vaccination campaign. The data are kept by the Medical Service for the following periods: - private contact details: one year following the end of the vaccination campaign. - personal and health-related data of staff covered by the Staff Regulations of the EDA: 30 years following termination of service. - personal and health-related data of EDA trainees, seconded national experts at the GSC and EDA, spouses/partners and dependent children: 30 years following the end of the vaccination campaign. Once the retention period has elapsed, all data will be destroyed.

EDA: HR unit and staff GSC: Secretary-General, Director-General for Organisational Development and Services, Director of Human Resources, Head of the Healthcare and Social Services Unit for anonymised statistics from the ‘COVID-19 Vaccination’ application. Belgian health authorities:

• last name, first name, date of birth, Belgian social security number;
• health-related data: if included in an at-risk group as defined by the Superior Health Council in its ‘Recommendations en matière de priorisation de sous-groupes de patients de moins de 65 ans pour la vaccination contre le SARS-COV-2 (Phase IB)’/‘Aanbevelingen voor het prioriteren van subgroepen van patiënten jonger dan 65 jaar voor vaccinatie tegen Sars-Cov-2 (Fase Ib)’ (CSS N° 9618/HGR Nr. 9618, February 2021); type of vaccine, vaccination date, vaccination status (number of doses), any side effects experienced at the vaccination centre. Transmission of the abovementioned data to the Belgian health authorities, which provide an equivalent level of protection under Regulation (EU) 2016/679 (GDPR), is necessary and proportionate in view of the intended purposes and meets the criteria of Article 9 of Regulation (EU) 2018/1725. The data is transmitted in accordance with the Belgian national provisions on SARS-CoV-2 vaccination centres via the input of personal data into the national Vaccinnet platform selected by the Interministerial Committee for Public Health (CIM/IMC). The platform is used at national level in Belgium to record the administration of COVID-19 vaccines and report any side effects. These data can be transmitted only under the responsibility of a doctor from the Medical Service.

N/A

All technical and organisational measures are taken to ensure the accuracy and relevance of the personal data held on the persons concerned and to ensure the protection of the data, so as to guarantee a level of security appropriate to the risks. One or more of the following methods are used to ensure the secure processing of the personal and medical data: - storage of paper files in secure offices or cupboards; - storage in a secure archiving system; - backup copies on computer disks in secure computer rooms. Personal health-related data are processed only by the doctors and nurses of the GSC and by the administrative staff of the Healthcare and Social Services Unit tasked with managing the vaccination campaign. The doctors and nurses of the GSC are bound by professional secrecy on account of their duties. All members of the Healthcare and Social Services Unit sign a confidentiality clause.

Additional information is available by following the link to privacy statement here.