DETAILS OF REGISTER

European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
Belgium

Data Protection Officer

[email protected]

N/A

The Agency may engage external legal counsels for the provision of legal services in support of the preparation of replies to requests and complaints in the context of this processing activity. These external legal counsels may act as Data Processors in case that personal data are transmitted by the Agency for the provision of the requested services. The Agency may only engage external legal counsels that are accredited in EU jurisdictions and are bound by duty of professional secrecy.

The purpose of the processing activity is handling requests and complaints under Articles 29 and 168 of EDA Staff Regulations Council Decision (EU) 2016/1351 (EDA Staff regulations), or under Article 40 of Council Decision (EU) 2016/1352 (EDA SNE Rules), lodged by EDA staff members, or SNEs, or other persons to whom these Regulations apply. By processing the personal data included in those requests and complaints, EDA assesses the merits of each request or complaint for the AACC to issue a reasoned decision, in line with the legal framework of EDA.

(a)    Categories of data subjects:

EDA staff members, EDA Seconded National Experts, candidates to EDA vacancies, former staff members, dependents of staff members. 

(b)    Categories of personal data processed:

Name, surname, e-mail, address, phone number. Additional data categories necessary to assess and address the claims of the applicant or complainant according to the specific case. Data categories may include age, nationality, education, professional experience, contract type, marital status, security clearance information, annual appraisal information, leaves and absences, financial information. To the extent that processing is strictly necessary for processing the request or complaint, sensitive personal data categories may be processed, such as health data, medical certificates.

Personal data are stored for a period of 15 years from the date that a decision of the AACC is taken. 

Competent functions of the Human Resources Unit and the Legal Unit. Individual functions, on a need-to-know basis, who exercise duties relevant to the specific request or complaint and who may need to provide an assessment or opinion for the AACC to take a decision.

Court of Justice of the European Union (in case of court proceedings), European Ombudsman (in case of a complaint under Art. 228 of the Treaty on the Functioning of the European Union), European Anti-Fraud Office (OLAF, in case of an investigation), European Court of Auditors (in case of an audit) or any other Union institution, agency or body, or Member State authority to which EDA has a legal obligation to transfer the personal data concerned. Transmissions to such bodies are performed in accordance with Article 5(1)(a) and 9 of the Regulation (EU) 2018/1725.

N/A

Data is processed and stored in Microsoft 365 applications and hosted in the EDA tenant. EDA has implemented appropriate technical and organisational measures (firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing. Hard copies of files may be maintained in staff members’ individual files, stored in secure space with restricted access. 

Additional information is available by following the link to privacy statement here.