This Privacy Statement describes the measures taken to protect your personal data with regard to the action involving the present data processing operation and what rights you have as a data subject.
EDA protects the fundamental rights and freedoms of natural persons and in particular their right to privacy with respect to the processing of personal data (Article 1.1 of Regulation No 2018/1725).
2. CONTROLLER OF THE PROCESSING OPERATION
European Defence Agency
Rue des Drapiers 17-23
3. PURPOSE OF THE PROCESSING
The purpose of the processing of personal data is the management / organisation of meetings and conferences, including management of lists of contacts, invitations, participants, distribution of minutes/reports, follow-up actions.
Personal data are collected and retained in order to facilitate the organisation, conduct and follow-up of these events and to provide participants with information, to record the presence of persons at meetings and to communicate conclusions and reports.
EDA organises meetings (e.g. workshops, working groups, conferences etc.) with externals on a daily basis. Meetings take place in-house and in external locations and may involve both EDA staff and/or external stakeholders from various backgrounds.
4. DATA PROCESSED
Data processed are necessary for the organization or management of follow-up to a meeting and can include the following:
- Identification and contact details such as name, position, entity, nationality, telephone number and e-mail address and other identifiers as necessary
- Photographs, audio or video recording or livestreaming in the context of a meeting (opt-outs possible)
No sensitive data in the meaning of Article 10, Regulation 2018/1725 are processed.
5. RECIPIENTS OF THE DATA
The access to all personal data as well as all information collected in the context of this meeting, and the organisation thereof, is granted to a defined number of users, without prejudice to a possible transmission to the bodies in charge of a monitoring or inspection task in accordance with Community legislation.
These users typically are:
- Organiser of the meeting;
- EDA staff assigned to the project;
- Other participants of the meeting;
- External contractors (if relevant).
6. PROTECTION AND SAFEGUARDING OF THE DATA
Data will be processed in accordance with the high security standards established by EDA.
EDA external contractors are obliged by the respective contract to adopt appropriate technical and organisational security measures having regard to the risks inherent in the processing and to the nature of the personal data concerned.
7. RIGHT OF ACCESS AND RECTIFICATION OF THE DATA
Data subjects have the right to access their personal data and the right to correct any inaccurate or incomplete personal data, as well as to request the removal of their personal data, which will be implemented within 15 working days after the request has been deemed legitimate. If the data subject has any queries concerning the processing of his/her personal data, s/he may address them to the data controller at the mailbox used to organise the respective meeting.
Additionally, data subjects can contact the DPO under firstname.lastname@example.org.
8. TIME LIMIT FOR STORING DATA
Personal data is kept as long as necessary for the organisation and management as well as for follow-up actions to the meetings with regard to the purposes of the respective processing of personal data. It will be deleted 1 year after the respective meeting, if not needed for network building, setting up databases and follow-up interaction, under specific notified processing operations.
The contact details of participants will be part of a list of contact details shared internally amongst EDA staff for the purpose of contacting the participants in the future in the context of subsequent EDA activities related to the Conference. Data subjects that do not agree with this are invited to contact the controller using the contact information above and explicitly specifying their request.
Data other than contact details will be retained for a maximum period of 1 year after the last conference of the series or after the database is no longer necessary for networking as defined under the purposes for the relevant processing operation.
9. LEGAL BASIS FOR THE PROCESSING OPERATION
Articles 5(a) and 5(d) of Regulation 2018/1725;
Article 31 of Council Decision (CFSP) 2015/1835 of 12 October 2015 defining the statute, seat and operational rules of the European Defence Agency.
10. CONTACT DPO
In case you have any questions or queries concerning data protection at the European Defence Agency, you can also contact the Data Protection Officer at email@example.com.
11. RECOURSE TO EDPS
As a data subject you have the right to have recourse at any time to the European Data Protection Supervisor (https://www.edps.europa.eu) at firstname.lastname@example.org.
12. ADDITIONAL INFORMATION
More information on Data Protection at the European Defence Agency can be obtained on our public website https://www.eda.europa.eu/Aboutus/how-we-work/data-protection.