NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

Similar documents
NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

INFORMATION TO BE GIVEN 2

INFORMATION TO BE GIVEN 2

INFORMATION TO BE GIVEN 2

INFORMATION TO BE GIVEN 2

INFORMATION TO BE GIVEN 2

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Data Protection Policy

PS Mailing Services Ltd Data Protection Policy May 2018

Element Finance Solutions Ltd Data Protection Policy

PRIVACY STATEMENT FOR DATA COLLECTED FOR DATA COLLECTED VIA ON-LINE SURVEYS

DRAFT Privacy Statement (19 July 2017)

NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

Part B of this Policy sets out the rights that all individuals have in relation to the collection and use of your personal information

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Privacy policy SIdP website EU 2016/679

Creative Funding Solutions Limited Data Protection Policy

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

DATA PROTECTION POLICY THE HOLST GROUP

PRIVACY POLICY OF THE WEB SITE

Data Processing Agreement

Rules governing staff access to and use of Parliament's system

DATA PROTECTION A GUIDE FOR USERS

The Role of the Data Protection Officer

Website Privacy Policy

Subject: Kier Group plc Data Protection Policy

Contract Services Europe

Data Protection Statement. Trinity Development & Alumni

DISCLOSURE ON THE PROCESSING OF PERSONAL DATA LAST REVISION DATE: 25 MAY 2018

Motorola Mobility Binding Corporate Rules (BCRs)

Sketching for UX Designers Website & Newsletter Privacy Policy

Wonde may collect personal information directly from You when You:

Privacy Notice. General Information Protection Regulation ( GDPR )

Beam Suntory Privacy Policy WEBSITE PRIVACY NOTICE

Blue Alligator Company Privacy Notice (Last updated 21 May 2018)

General Data Protection Regulation BT s amendments to the proposed Regulation on the protection of individuals with regard to the processing of

The General Data Protection Regulation

Cognizant Careers Portal Privacy Policy ( Policy )

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Privacy Policy CARGOWAYS Logistik & Transport GmbH

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

Privacy Notice - General Data Protection Regulation ( GDPR )

COMMISSION IMPLEMENTING REGULATION (EU) /... of XXX

Data Protection Policy

Specific Privacy Statement EU Funding for promotion of agricultural products at SIAL Paris October 2018

What personal data or information do we collect? The personal information we collect may include:

VISTRA (CYPRUS) LTD. PRIVACY NOTICE

the processing of personal data relating to him or her.

The Park Hotel Privacy Statement

Access Control Policy

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

PERSONAL DATA PROTECTION POLICY

Vistra International Expansion Limited PRIVACY NOTICE

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

More detailed information, including the information about your rights is available below.

PRIVACY POLICY BACKGROUND:

CTI BioPharma Privacy Notice

HBW LAW LTD T/A HESELTINE BRAY & WELSH

Care Recruitment Matters Limited Privacy Notice

Wesley House data protection statement and privacy notice (short-course delegates)

Cayman Islands Data Protection Law Guide Book

GDPR Data Protection Policy

Digital Signatures Act 1

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

DATA PROCESSING AGREEMENT

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

PRIVACY POLICY PRIVACY POLICY

Data Subject Access Request Procedure. Page 1 KubeNet Data Subject Access Request Procedure KN-SOP

APPLICATION PACK. Overseas Criminal Record Check. Romania

Legal basis of processing. Place MODE AND PLACE OF PROCESSING THE DATA

DATA PROTECTION IN RESEARCH

Talenom Plc. Description of Data Protection and Descriptions of Registers

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS

UWTSD Group Data Protection Policy

Made In Hackney Data Protection Policy Last Updated:

Privacy Notice Alumni

PRIVACY NOTICE Olenex Sarl

CEM Benchmarking Privacy Policy

Islam21c.com Data Protection and Privacy Policy

Information leaflet about processing of personal data (

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

Data Subject Access Request Form

PRIVACY POLICY. 1. Introduction

A comprehensive approach on personal data protection in the European Union

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

Emsi Privacy Shield Policy

1. Right of access. Last Approval Date: May 2018

WEBSITE PRIVACY POLICY

Privacy Notice For Ghana International Bank Plc customers

Privacy Policy. Personal Data collected for the following purposes and using the following services:

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

DCU Guide to Subject Access Requests. Under Irish Data Protection Legislation

Privacy Policy of

QUESTION / CLARIFICATION

Transcription:

To be filled out in the EDPS' office REGISTER NUMBER: 0507 NOTIFICATION FOR PRIOR CHECKING Date of submission: 25/05/2009 Case number: 2009-377 Institution: Commission Legal basis: article 27-5 of the regulation CE 45/2001(1) (1) OJ L 8, 12.01.2001 INFORMATION TO BE GIVEN(2) 1/ Name and adress of the controller (2) Please attach all necessary backup documents 2) Name and First Name of the Controller:BEARFIELD Nicholas David 3) Title:Director 4) Directorate, Unit or Service to which the Controller is attached:. 5) Directorate General to which the Controller is attached:epso 2/ Organisational parts of the institution or body entrusted with the processing of personal data 26) External Company or Directorate General to which the Processor is attached: 25) External Company or Directorate, Unit or Service to which the Processor is attached: Belbin Associates Corporate Learning Solutions plc Education Trend International Training Service Ltd 3/ Name of the processing EAS - BELBIN Self-Perception Inventory 4/ Purpose or purposes of the processing

The purpose of the processing is to allow participants in EAS training courses to obtain anonymous feedback in the form of a feedback report on their preferred role in a team. This type of tool is commonly used internationally by training providers in courses on looking at working in teams and groups. The data will not be used in any form of evaluation (appraisal) process of any of the persons involved. 5/ Description of the category or categories of data subjects 14) Data Subject(s) concerned: Officials and other staff of the EU institutions, offices and agencies participating in courses organised by the EAS. 16) Category(ies) of Data Subjects: See response under point 14. 6/ Description of the data or categories of data (including, if applicable, special categories of data (article 10) and/or origin of data)(including, if applicable, special categories of data (article 10) and/or origin of data) 17) Data field(s) of Data Subjects: Attention: Please indicate and describe in the answer to this question also data fields which fall under article 10 Data of a personal nature allowing the identification of the data subject (name, given name, electronic address) 18) Category(ies) of data fields of Data Subjects: Attention: Please indicate and describe in the answer to this question also categories of data fields which fall under article 10 Data of a personal nature Self-perception of team role and contribution to team work 7/ Information to be given to data subjects 15a) Which kind of communication(s) have you foreseen to inform the Data Subjects as described in articles 11-12 under 'Information to be given to the Data Subject' All persons participating in this activity will receive an information note to explain the processing and the treatment of data. 8/ Procedures to grant rights of data subjects (rights of access, to rectify, to block, to erase, to object)(rights of access, to rectify, to block, to erase, to object)

15b) Which procedure(s) did you put in place to enable Data Subjects to exert their rights: access, verify, correct, etc., their Personal Data as described in articles 13-19 under 'Rights of the Data Subject' : Data subjects concerned may send a request to indicate any changes to their personal data. Following written request with a copy of a proof of identity, they may obtain a copy of their personal data as registered by the contractor of the EAS. A functional email address has been established for this purpose. Following a written request with a copy of a proof of identity, data subjects may obtain a written copy of all the information which they provided in the form of feedback to allow them to check that the information they supplied was accurately recorded. Following a written request with a copy of a proof of identity, colleagues providing feedback may obtain a written copy of the information which they provided in the form of feedback to allow them to check that the information they supplied was accurately recorded. 9/ Automated / Manual processing operation 7) Description of Processing: Attention: Please describe in the answer to this question if you process personal data falling under article 27 "Prior-Checking (by the EDPS - European Data Protection Supervisor)" The activity concerns the use by participants in training courses organised by the EAS of a web-based tool allowing them to understand better their preferred role in a team. This tool takes the form of a selfassessment of their skills. A feedback report is automatically generated by the website. Article 27 will apply. 8) Automated Processing operation(s): The data is entered into a website to which the person concerned has individual access. 9) Manual Processing operation(s): No manual processing is foreseen. 10/ Storage media of data Data for the Belbin system are held on a fixed hard drive on a secure web server computer in secure premises in Basingstoke (UK) 11/ Legal basis and lawfulness of the processing operation

11) Legal basis of Processing: - decision n 2002/620/CE of the European Parliament, the Council, the European Commission, the Court of Justice, the Court of Auditors, the European Economic and Social Committee, the Committee of the Regions and the European Ombudsman of 25 July 2002 culminating in the creation of the European Personal Selection Office; - decision n 2005/118/CE of the European Parliament, the Council, the European Commission, the Court of Justice, the Court of Auditors, the European Economic and Social Committee, the Committee of the Regions and the European Ombudsman of 26 January 2005 culminating in the creation of the European Personal Selection Office; - decision n 2005/119/CE of the Secretaries General of the European Parliament, the Council, the European Commission, the Court of Justice, the Court of Auditors, the European Economic and Social Committee, the Committee of the Regions and the European Ombudsman of 26 January 2005 concerning the organisation and operation of the European Administrative School. 12) Lawfulness of Processing: Answering this question please also verify and indicate if your processing has to comply with articles 20 "Exemptions and restrictions" and 27 "Prior checking (by the EDPS)" The processing is useful in helping staff of the EU institutions, agencies and offices to fulfil their professional tasks carried out in the public interest on the basis of legal instruments adopted on the basis of the treaties establishing the European Communities. Article 27 will apply. This activity has already been notified to the EDPS within the framework of the Certification programme (DPO-986). The activity is now been extended for use in other EAS training programmes. 12/ The recipients or categories of recipient to whom the data might be disclosed 20) Recipient(s) of the Processing: Data subject only. No data is transferred to the EAS or the institution of the course participant concerned. The EAS contractor receives an email confirmation that a report has been completed for a particular person. This is for billing purposes only. 21) Category(ies) of recipients: See answer under point 20 13/ retention policy of (categories of) personal data Information held consists partly of personal data (e.g. client name, organisation, e-mail address) and partly of test data (sets of numbers that are used to create the clients? reports). The two types of data are firstly held in?request? files, then are input into a database. The request files are kept for three months and then deleted. The database records are held for three months and then deleted. The PDF client reports are held for three months and then deleted.

13 a/ time limits for blocking and erasure of the different categories of data (on justified legitimate request from the data subject) (Please, specify the time limits for every category, if applicable) (on justified legitimate request from the data subject) (Please, specify the time limits for every category, if applicable) 22 b) Time limit to block/erase data on justified legitimate request from the data subjects For all justified legitimate requests received by the EAS and/or EPSO, a response will be given within 15 working days from the day that the responsible service receives the correspondence, which may however send a justified holding reply, in the circumstances set out in point 4 of the Code of Good Administrative Conduct. 14/ Historical, statistical or scientific purposes If you store data for longer periods than mentioned above, please specify, if applicable, why the data must be kept under a form which permits identification, 22 c) Historical, statistical or scientific purposes - If you store data for longer periods than mentioned above, please specify, if applicable, why the data must be kept under a form which permits identification The test data (sets of numbers) are retained for statistical purposes e.g. to produce a set of norms that form the basis of the report calculations. It is not possible to identify individual clients, organisations/departments within the retained data. 15/ Proposed transfers of data to third countries or international organisations 27) Legal foundation of transfer: Only transfers to third party countries not subject to Directive 95/46/EC (Article 9) should be considered for this question. Please treat transfers to other community institutions and bodies and to member states under question 20. Non applicable 28) Category(ies) of Personal Data or Personal Data to be transferred: Non applicable 16/ The processing operation presents specific risk which justifies prior checking (please describe):(please describe) ): 7) Description of Processing: Attention: Please describe in the answer to this question if you process personal data falling under article 27 "Prior-Checking (by the EDPS - European Data Protection Supervisor)" The activity concerns the use by participants in training courses organised by the EAS of a web-based tool allowing them to understand better their preferred role in a team. This tool takes the form of a selfassessment of their skills. A feedback report is automatically generated by the website. Article 27 will apply.

12) Lawfulness of Processing: Answering this question please also verify and indicate if your processing has to comply with articles 20 "Exemptions and restrictions" and 27 "Prior checking (by the EDPS)" The processing is useful in helping staff of the EU institutions, agencies and offices to fulfil their professional tasks carried out in the public interest on the basis of legal instruments adopted on the basis of the treaties establishing the European Communities. Article 27 will apply. This activity has already been notified to the EDPS within the framework of the Certification programme (DPO-986). The activity is now been extended for use in other EAS training programmes. Article 27.2.(a) Processing of data relating to health and to suspected offences, offences, criminal convictions or security measures, Article 27.2.(b) Processing operations intended to evaluate personal aspects relating to the data subject, Article 27.2.(b) Processing operations intended to evaluate personal aspects relating to the data subject, Article 27.2.(c) Processing operations allowing linkages not provided for pursuant to national or Community legislation between data processed for different purposes, Article 27.2.(d) Processing operations for the purpose of excluding individuals from a right, benefit or contract, Other (general concept in Article 27.1) 17/ Comments 1) Date of submission:

10) Comments if applicable: Participation in this activity by the person concerned is entirely optional and anonymous. All data are processed solely for the purposes of providing feedback Neither EAS nor others within the Institutions have access to any data. Participants will be made aware of the above. The data processing will be carried out by Belbin Associates who will be sub-contracted for this purpose by one of the contractors providing the training course for the EAS. As sub-contractors they will be subject to the same conditions concerning data protection set out in the contract with the contractors. Any future change of contractor will be indicated in the specific declaration made available to data subjects. The current contractors are set out under question 26. 36) Do you publish / distribute / give access to one or more printed and/or electronic directories? Personal Data contained in printed and/or electronic directories of users and access to such directories shall be limited to what is strictly necessary for the specific purposes of the directory. If Yes, please explain what is applicable. no 37) Complementary information to the different questions if applicable, including attachments to this notification which should not be public : ===> could you please attach here contractual clauses binding the involved sub-contractors to the data protection and security measures described in this notification. PLACE AND DATE:25/05/2009 DATA PROTECTION OFFICER: GEORGES Louis INSTITUTION OR BODY:European Commission

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback