News, events, publications

EDA-DPR-083 - EDA Incubation Forum for Circular Economy in European Defence (IF CEED)

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 05-09-2022
2. Reference number EDA-DPR-083 - EDA Incubation Forum for Circular Economy in European Defence (IF CEED)
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
For Annual General Conferences: external contractors (e.g. venue hosting the event or hotels for accommodation during the event) may be used to perform tasks on behalf of EDA. All contractors are contractually obliged to ensure data protection compliance when processing personal data on behalf of EDA.
7. Purpose of the processing
In the context of EDA’s Incubation Forum for Circular Economy in European Defence (IF CEED), EDA needs to process personal data as required for the implementation of the Grant Agreement between the European Commission’s DG Environment and EDA (ref. 09.029901/2021/851326/SUB/ ENV.B.1). This includes: - collecting and compiling lists of Experts/PoCs as required for the implementation of the Grant Agreement, as well as to facilitate contacts and exchange of information among the Experts/PoCs; - preparation, delivery and follow-up of the IF CEED conferences, including processing activities, such as creating participant lists and name badges, anonymised statistics and hotel registrations; - setting up an IF CEED database with the objective of building a network of stakeholders in IF CEED.
8. Description of categories of persons whose data EDA processes and list of data categories
Categories of data subjects: Participants to IF CEED activities, including representatives from: - European institutions, - EU MS (either from the MoDs or other public bodies), - industry, - Research-and-Technology Organisations (RTOs), - academia, - EU-level platforms and - other international private and public bodies, - any other stakeholder having expressed interest in receiving information or taking part in IF CEED-related activities. Categories of data processed are the followings: - Last name, First name, - Email-address, Telephone number, - Government delegation or employer; Country; Job Title/Department, - Photographs, audio or video recording or livestreaming in the context of a meeting/conference (opt-in required as per separate consent form).
9. Time limit for keeping the data
For current contact information of Experts/PoCs available during their tenure: contact information of the person that no longer represents the Member State or other entity in the respective group is deleted within 3 months. Contact details of participants to IF CEED Conferences are stored to set up an IF CEED database aimed at engaging the individuals in future relevant events. Data other than contact details will be retained for a maximum period of 6 months after the database is no longer necessary for networking in the IF CEED. Anonymised statistics may be kept beyond the retention period. This is to inform EDA data on participant numbers and analyse the relative success of each of the events.
10. Recipients of the data

Internal recipients:

  • Agency staff members involved in the specific project or event.
  • Other staff members on a need-to-know basis (e.g. DPO, Legal Office, Internal Auditor)

The personal data will not be communicated to third parties unless necessary for the purpose of processing. External recipients may include:

  • European Commission’s staff members in charge for the IF CEED Grant Agreement;
  • members (Experts/PoCs) of corresponding networks/groups/Member States and other participants in meetings;
  • Others on a need-to-know basis (e.g. supervisory authorities, courts etc.).
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
Such transfers are not envisaged. However, participation in meetings or conferences is in principle open to data subjects from third countries or international organisations which may have limited access to the personal information of other participants displayed in the context of meetings/conferences. Personal data collected from these data subjects will be kept separate, as far as possible.
12. General description of security measures, where possible.
Data are stored in EDA’s IT system and under the internal IF CEED platform. EDA has implemented appropriate technical and organisational measures (firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.