NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

Similar documents
NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

INFORMATION TO BE GIVEN 2

INFORMATION TO BE GIVEN 2

INFORMATION TO BE GIVEN 2

INFORMATION TO BE GIVEN 2

INFORMATION TO BE GIVEN 2

NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

PRIVACY STATEMENT FOR DATA COLLECTED FOR DATA COLLECTED VIA ON-LINE SURVEYS

Islam21c.com Data Protection and Privacy Policy

Element Finance Solutions Ltd Data Protection Policy

Creative Funding Solutions Limited Data Protection Policy

Data Protection Policy

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

DATA PROTECTION A GUIDE FOR USERS

PRIVACY POLICY OF THE WEB SITE

More detailed information, including the information about your rights is available below.

DRAFT Privacy Statement (19 July 2017)

Privacy Policy CARGOWAYS Logistik & Transport GmbH

Rules governing staff access to and use of Parliament's system

The British Museum. Data Protection Code of Practise. 1 Introduction

the processing of personal data relating to him or her.

Data Protection Policy

Privacy Policy Hafliger Films SpA

Privacy policy SIdP website EU 2016/679

PRIVACY POLICY BACKGROUND:

Contract Services Europe

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Information leaflet about processing of personal data (

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Privacy Policy of

Talenom Plc. Description of Data Protection and Descriptions of Registers

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

PS Mailing Services Ltd Data Protection Policy May 2018

GDPR Data Protection Policy

Website Privacy Policy

UWTSD Group Data Protection Policy

GLOBAL DATA PROTECTION POLICY

Privacy Policy Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH 1. Definitions

Legal basis of processing. Place MODE AND PLACE OF PROCESSING THE DATA

The General Data Protection Regulation

General Data Protection Regulation BT s amendments to the proposed Regulation on the protection of individuals with regard to the processing of

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Data Subject Access Request Form

DATA PROTECTION POLICY THE HOLST GROUP

GLOBAL DATA PROTECTION POLICY

Data Subject Requests Procedure

Rights of Individuals under the General Data Protection Regulation

Brasenose College ICT Systems Privacy Notice (v1.2)

SCHOOL SUPPLIERS. What schools should be asking!

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

Privacy Notices under #GDPR: Have you noticed my notice?

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Identity of the controller: CHARVAT CTS a.s., ID No.: , with the registered office at Okrinek 53, Podebrady, Czech Republic, Postcode

Subject: Kier Group plc Data Protection Policy

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Specific Privacy Statement EU Funding for promotion of agricultural products at SIAL Paris October 2018

WEBSITE PRIVACY POLICY

New Spanish Regulation Tightens Up Data Protection Requirements RAFI AZIM-KHAN, JOHN NICHOLSON, ALESSANDRO LIOTTA, AND DOMINIC HODGKINSON

INFORMATION TECHNOLOGY DATA MANAGEMENT PROCEDURES AND GOVERNANCE STRUCTURE BALL STATE UNIVERSITY OFFICE OF INFORMATION SECURITY SERVICES

Data Processing Agreement

Sketching for UX Designers Website & Newsletter Privacy Policy

Membership Privacy Notice. 31 August 2018

Access Control Policy

Data Processing Agreement

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

Personal Data collected for the following purposes and using the following services:

Privacy Policy November 30th, 2017

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

This Privacy Statement applies to data processing carried out by:

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

Data Protection Policy

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS

CEM Benchmarking Privacy Policy

Wesley House data protection statement and privacy notice (short-course delegates)

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Data Processor Agreement

Privacy Notice. General Information Protection Regulation ( GDPR )

DATA PROTECTION POLICY

Data Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP

Privacy Policy. 1. Definitions

The legal basis for the data collection described above is user s consent in accordance with Article 6(1)(1)(a) of the GDPR.

Privacy by Design, Security by Design

Privacy Policy. Personal Data collected for the following purposes and using the following services:

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

INFORMATIVE NOTICE ON PERSONAL DATA PROCESSING

I. Name and Address of the Controller

Liechtenstein. General I Data Protection Laws. Contributed by Wanger Advokaturbüro. National Legislation. National Regulatory Authority.

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

When you submit material to the Lest We Forget project you are accepting and consenting to the practices described in this policy.

I. Name and Address of the Controller

In this data protection declaration, we use, inter alia, the following terms:

INFORMATION TO BE GIVEN(2)

RVC DATA PROTECTION POLICY

Privacy Notice - General Data Protection Regulation ( GDPR )

Site Builder Privacy and Data Protection Policy

Cognizant Careers Portal Privacy Policy ( Policy )

COMMISSION IMPLEMENTING DECISION (EU)

Transcription:

To be filled out in the EDPS' office REGISTER NUMBER: 92 NOTIFICATION FOR PRIOR CHECKING Date of submission: 06/04/2006 Case number: 2006-162 Institution: European Commission Legal basis: article 27-5 of the regulation CE 45/2001(1) (1) OJ L 8, 12.01.2001 INFORMATION TO BE GIVEN(2) 1/ Name and adress of the controller (2) Please attach all necessary backup documents 2) Name and First Name of the Controller:CURRAN Christopher 3) Title:Head of Unit 4) Directorate, Unit or Service to which the Controller is attached:b.03 5) Directorate General to which the Controller is attached:scic 2/ Organisational parts of the institution or body entrusted with the processing of personal data 26) External Company or Directorate General to which the Processor is attached: 25) External Company or Directorate, Unit or Service to which the Processor is attached: SCIC.B.01 3/ Name of the processing Management of personal data on in-house staff stored in Coralin and accessed via Signalétique 4/ Purpose or purposes of the processing The data is being used for staff management including the management of leave and absences, for assigning interpreters into meetings, for contacting interpreters in case of last minute changes in their assignment, for reporting and statistical purposes.

5/ Description of the category or categories of data subjects 14) Data Subject(s) concerned: Statutory staff (officials, temporary staff, contract agents), agency staff and other external staff (with the exception of freelance interpreters ( AICS = "Auxiliaire Interprète de Conférence")). 16) Category(ies) of Data Subjects: Statutory staff (officials, temporary staff, contract agents), agency staff and other external staff (with the exception of freelance interpreters (AICS = "Auxiliaire Interprète de Conférence")). 6/ Description of the data or categories of data (including, if applicable, special categories of data (article 10) and/or origin of data)(including, if applicable, special categories of data (article 10) and/or origin of data) 17) Data field(s) of Data Subjects: Attention: Please indicate and describe in the answer to this question also data fields which fall under article 10 A list of personal data stored attached. Article 10 paragraph 6 applies. Data such as sex, status, start date, end date, nationality, working languages may be processed for historical statistics also when the person is no longer employed by DG SCIC. 18) Category(ies) of data fields of Data Subjects: Attention: Please indicate and describe in the answer to this question also categories of data fields which fall under article 10 A list of personal data stored attached to question 17. Article 10 paragraph 6 applies. Data such as sex, status, start date, end date, nationality, working languages may be processed for historical statistics also when the person is no longer employed by DG SCIC. 7/ Information to be given to data subjects 15a) Which kind of communication(s) have you foreseen to inform the Data Subjects as described in articles 11-12 under 'Information to be given to the Data Subject' Privacy Statement to be published on SCIC Website and as a once off SCIC Newsflash; distribution of the statement to new colleagues in Welcome Pack. (see attached document) 8/ Procedures to grant rights of data subjects (rights of access, to rectify, to block, to erase, to object)(rights of access, to rectify, to block, to erase, to object)

15b) Which procedure(s) did you put in place to enable Data Subjects to exert their rights: access, verify, correct, etc., their Personal Data as described in articles 13-19 under 'Rights of the Data Subject' : Privacy Statement to be published on SCIC Website and as a once off SCIC Newsflash; distribution of the statement to new colleagues in Welcome Pack. (see attached document) 9/ Automated / Manual processing operation 7) Description of Processing: Attention: Please describe in the answer to this question if you process personal data falling under article 27 "Prior-Checking (by the EDPS - European Data Protection Supervisor)" The in-house staff comprises statutory staff (officials, temporary staff, contract agents), agency staff and other external staff (with the exception of freelance interpreters (AICS = Auxiliaire Interprète de Conférence)). The personal data are stored in an in-house database called Coralin, and accessed via various applications such as Signalétique for staff management, Pearl X to assign interpreters into meetings, Indisponibilité for leave management etc. For the various applications, sub-notifications will be issued. The access rights to these data are indicated in the attached draft spreadsheet (final version in preparation). Data on interpretation teams including names of interpreters and their language combination working at a certain meeting are submitted to 8) Automated Processing operation(s): Generation of general statistics and summaries/compilations of data. 9) Manual Processing operation(s): Input of data by staff in Unit SCIC.B.3 Human Resources and General Administration. 10/ Storage media of data Database servers running in the operational IT environment of DG SCIC. See question 25. 11/ Legal basis and lawfulness of the processing operation 11) Legal basis of Processing: Staff Regulations of Officials of the European Communities and Conditions of employment of other servants of the European Communities; General Implementing Provisions of the Staff Regulations and Conditions of other servants of the European Communities as adopted by the Commission from time to time; Commission Decisions of the Staff Regulations and Conditions of other servants of the European Communities as adopted by the Commission from time to time;

12) Lawfulness of Processing: Answering this question please also verify and indicate if your processing has to comply with articles 20 "Exemptions and restrictions" and 27 "Prior checking (by the EDPS)" Processing is lawful and necessary pursuant to article 5 paragraph a). Article 20 is not relevant. Article 27 applies. 12/ The recipients or categories of recipient to whom the data might be disclosed 20) Recipient(s) of the Processing: Management and authorised staff members in DG SCIC (senior and middle management, Unit SCIC.B.3 Human Resources and General Administration, Unit SCIC.C.2 Programming of Interpretation). Authorised staff members in other institutions (the Council of Ministries, the Committee of the Regions, the Economic and Social Committee, other EU-bodies using SCIC interpretation services; staff members in charge of programming of meetings or staff members in charge of security) or in a Member State (Ministries and public administration) during its Presidency, if requested for operational reasons. A list of access rights of SCIC statutory staff to these data in question 7. 21) Category(ies) of recipients: Management and authorised staff members in DG SCIC (senior and middle management, Unit SCIC.B.3 Human Resources and General Administration, Unit SCIC.C.2 Programming of Interpretation). Authorised staff members in other institutions (the Council of Ministries, the Committee of the Regions, the Economic and Social Committee, other EU-bodies using SCIC interpretation services; staff members in charge of programming of meetings or staff members in charge of security) or in a Member State (Ministries and public administration) during its Presidency, if requested for operational reasons. A list of access rights of SCIC statutory staff to these data in question 7. 13/ retention policy of (categories of) personal data The data are stored and up-dated as long as the staff member is working for DG SCIC. Some data are stored longer than the actual period of activity of the person in order to compile reports and statistics. These data are stored for 50 years. The reports or statistics are anonymous. 13 a/ time limits for blocking and erasure of the different categories of data (on justified legitimate request from the data subject) (Please, specify the time limits for every category, if applicable) (on justified legitimate request from the data subject) (Please, specify the time limits for every category, if applicable) 22 b) Time limit to block/erase data on justified legitimate request from the data subjects Time limit is one month.

14/ Historical, statistical or scientific purposes If you store data for longer periods than mentioned above, please specify, if applicable, why the data must be kept under a form which permits identification, 22 c) Historical, statistical or scientific purposes - If you store data for longer periods than mentioned above, please specify, if applicable, why the data must be kept under a form which permits identification 15/ Proposed transfers of data to third countries or international organisations 27) Legal foundation of transfer: Only transfers to third party countries not subject to Directive 95/46/EC (Article 9) should be considered for this question. Please treat transfers to other community institutions and bodies and to member states under question 20. 28) Category(ies) of Personal Data or Personal Data to be transferred: 16/ The processing operation presents specific risk which justifies prior checking (please describe):(please describe) ): 7) Description of Processing: Attention: Please describe in the answer to this question if you process personal data falling under article 27 "Prior-Checking (by the EDPS - European Data Protection Supervisor)" The in-house staff comprises statutory staff (officials, temporary staff, contract agents), agency staff and other external staff (with the exception of freelance interpreters (AICS = Auxiliaire Interprète de Conférence)). The personal data are stored in an in-house database called Coralin, and accessed via various applications such as Signalétique for staff management, Pearl X to assign interpreters into meetings, Indisponibilité for leave management etc. For the various applications, sub-notifications will be issued. The access rights to these data are indicated in the attached draft spreadsheet (final version in preparation). Data on interpretation teams including names of interpreters and their language combination working at a certain meeting are submitted to 12) Lawfulness of Processing: Answering this question please also verify and indicate if your processing has to comply with articles 20 "Exemptions and restrictions" and 27 "Prior checking (by the EDPS)" Processing is lawful and necessary pursuant to article 5 paragraph a). Article 20 is not relevant. Article 27 applies.

Article 27.2.(a) Processing of data relating to health and to suspected offences, offences, criminal convictions or security measures, Not applicable Article 27.2.(b) Processing operations intended to evaluate personal aspects relating to the data subject, The processing operations on personal data of the system and procedure "Management of personal data on in-house staff stored in Coralin and accessed via Signalétique" are submitted under the present paragraph of article 27. Article 27.2.(c) Processing operations allowing linkages not provided for pursuant to national or Community legislation between data processed for different purposes, Not applicable Article 27.2.(d) Processing operations for the purpose of excluding individuals from a right, benefit or contract, Not applicable Other (general concept in Article 27.1) The DPO relies on the EDPS interpretation if the present paragraph of article 27 also applies to the processing operations on personal data of the system and procedure "Management of personal data on inhouse staff stored in Coralin and accessed via Signalétique". 17/ Comments 1) Date of submission: 10) Comments if applicable: This notification is a master notification on the general aspects of processing of personal data in DG SCIC. Separate sub-notifications will be issued for the applications via which the data are accessed. 36) Do you publish / distribute / give access to one or more printed and/or electronic directories? Personal Data contained in printed and/or electronic directories of users and access to such directories shall be limited to what is strictly necessary for the specific purposes of the directory. If Yes, please explain what is applicable. no

37) Complementary information to the different questions if applicable, including attachments to this notification which should not be public : PLACE AND DATE:06/04/2006 DATA PROTECTION OFFICER: HILBERT Nico INSTITUTION OR BODY:European Commission

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback