|
Header - versioning and reference numbers (recommendation: publicly available) |
|
1. |
Last update of this record |
22-10-2024 |
2. |
Reference number |
EDA-DPR-082 - EDA Postal Mail Management |
|
part 1 - article 31 record (recommendation: publicly available) |
|
3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
4. |
Name and contact details of DPO |
|
5. |
Name and contact details of joint controller (where applicable) |
N/A
|
6. |
Name and contact details of processor (where applicable) |
Regarding outgoing mail, the data is processed via a commercial courier, i.e. DHL Postal Services; DHL Postal Services process personal data to send and distribute the postal mail on behalf of EDA.
Full Official name: DHL International Official legal form: Limited Liability Company Statutory
Registration Number or ID or Passport Number: BE0406.796.224
Country of Registration: Belgium
Full Official address: Woluwelaan 151, 1831 Diegem, Belgium
V.A.T. Registration Number: BE0406.796.224
Forename, Surname and position of legal representative: Tim Claessens
Contact person: Jos Derekx Position: Key Account Manager
E-mail address for correspondence: jos.derekx@dhl.com
Telephone number: +32 475 68 19 62
|
7. |
Purpose of the processing |
The purpose of this activity is to describe the process of personal data used in the context of the EDA system for the management of postal mail as well as ensuring a clear workflow and the appropriate follow-up of formal correspondence in a systematic manner. Regarding incoming mail, the relevant personal data is registered and collected in the EDA Incoming Mail Register (SharePoint based). Outgoing official mail is registered in EDA Records Center and it is subsequently sent out via commercial courier (DHL Postal Services)
|
8. |
Description of categories of persons whose data EDA processes and list of data categories |
Applicable to EDA Internal staff members and externals
Categories of data subjects
- Sender
- Addressee/ Receiver
- Staff member in charge of following up the correspondence
List of data categories registered in the Incoming Mail Tool:
- Reference Code, i.e. EDA internal reference number assigned to each mail;
- Receipt Date;
- Registration Date;
- Certified letter (if applicable);
- Name of Receiver;
- Name of Sender;
- Directorate/ Unit;
|
9. |
Time limit for keeping the data |
Personal data are stored within RMO archives and will be retained only for the time needed to perform the task for which they were collected or processed, and in any case no longer than 1 year.
|
10. |
Recipients of the data |
- Records Management Office (RMO)
- INFRA team (replaces RMO when applicable)
- Security guards
- Assistants of directorates
- Other EDA functions and competent entities on a need-to-know basis (e.g. Internal Auditor, supervisory authorities etc.)
|
11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
N/A; unless the receiver of an outgoing mail is based outside of the EEA. The use of postal mail services internationally requires the transfer of limited personal data in accordance with the applicable regulatory framework and contractual agreements.
|
12. |
General description of security measures, where possible. |
Personal data is stored electronically in a designated Incoming Mail Register, maintained through the Microsoft SharePoint application. The access is restricted to the Records Management Office and INFRA team, who works as a replacement.
EDA external contractors (e.g. Security guards) are obliged by the respective contract to adopt appropriate technical and organisational security measures having regard to the risks inherent in the processing and to the nature of the personal data concerned.
EDA has implemented appropriate technical and organisational measures (firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken to prevent any unauthorised disclosure or access, accidental or unlawful destruction, accidental loss or alteration, and to prevent all others unlawful forms of processing.
|
13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here.
|