News, events, publications

EDA-DPR-078 - Donation of IT equipment

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 05-09-2022
2. Reference number EDA-DPR-078 - Donation of IT equipment
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
7. Purpose of the processing
The European Defence Agency (EDA) intends to donate various IT equipment that is no longer used by the Agency. In this context, interested parties (non-profit organisations, local community centres or schools officially based in EU countries) should submit their application for this equipment through a provided template, which will include personal data of contact points. An EDA evaluation committee will decide on the division of the equipment between applicants, based on their motivation for the use of the equipment.
8. Description of categories of persons whose data EDA processes and list of data categories

Data subjects:

  • contact persons on behalf of the applicants for IT donations (non-profit organisations, local community centres or schools officially based in EU countries).

Personal data processed as the application form:

  • Name, function, E-mail address, address and telephone number of a person of contact of the applicant.
9. Time limit for keeping the data
2 years from the moment of donation
10. Recipients of the data

The recipients are:

  • EDA staff,
  • the EDA Security & Infrastructure Unit, receives the application forms via the E-mail address

Applications are made available to the members of the specific Evaluation Committee, composed of EDA Staff.

11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
12. General description of security measures, where possible.
All data regarding the applications is stored in the EDA Sharepoint of the Security & Infrastructure Unit. EDA has implemented appropriate technical and organisational measures (firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.