Processing Activities

Search


Data subject categories

Fields

Purpose
Description
Processed data
Recipients
Supporting assets
reference number

Results

  • Activity: Access to documents
    Reference number PO-6-02
    Data subject category Any natural person acting on a private basis or on behalf of a legal person submitting a request for access to S2R JU (public) documents
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose The purpose of the processing operation is to ensure appropriate treatment of requests for access to public documents of the S2R JU
    Description
    This processing operation takes form in the receipt of requests of any external person to access S2R JU (public) documents from different channels (S2R JU on line form, general mailbox, individual S2R JU staff, etc), the analysis of the request, taking a decision on the request, and informing the applicant of the decision and acknowledment of receipt.

    For more information please read the  S2R JU practical arrangements for implementing Regulation (EC) No 1049/2001 of the European Parliament and of the Council regarding public access to documents adopted by the S2r JU Gouvening Board (decision N° 22/2015).

    List of S2R JU's external providers available at: https://shift2rail.org/participate/recipients-shift2rail-funds/
    Processed data Personal details Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Processors
    • External experts (contractors, intra and extra-muros) (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Intra and extra-muros external service providers (S2R JU contractors): List of S2R JU's external providers available at: https://shift2rail.org/participate/recipients-shift2rail-funds/, S2R Executive Director: , S2R JU Staff members: (Legal and Data Protection Officer, S2R JU Management, Document Access Coordinator)
    Joint controllers n/a
    privacy policy url On-going
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Anti-fraud procedures
    Reference number PO-4-03
    Data subject category Natural persons who are or were suspected of wrongdoing which is the subject of the OLAF investigations, Natural persons who have provided information to OLAF including informants, whistleblowers, witnesses and persons who have provided statements, Staff of OLAF operational partners (e.g. competent staff of the EU institutions and bodies or national authorities) working on OLAF matters whose name appears in documents stored by OLAF, Other persons whose name appears in the case file but have no relevance to the case
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose The purpose of the processing operation is to facilitate internal investigations conducted by OLA, which may carry out further external investigations, including on-the-spot checks and inspections, with a view to establishing whether there has been fraud, corruption or any other illegal activity affecting the financial interests of the Union in connection with an agreement or a contract funded by the S2R JU.
    Description
    This processing operation takes form in collecting personal data in order to analyse information about potential fraud and financial irregularities to assess whether there are grounds to transmit the information to the relevant authorities for investigation, in particular the European Anti-Fraud Office (OLAF).

    Privacy notices relating to OLAF processing operations at the following link: https://ec.europa.eu/anti-fraud/olaf-and-you/data-protection/olaf-personal-data-processing-operations-and-privacy-statements_en

    Shift2Rail Anti Fraud Strategy Action Plan and reviews published in the S2R web site : https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/

    List of S2R JU's external providers available at: https://shift2rail.org/participate/recipients-shift2rail-funds/
    Processed data Personal characteristics Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Processors n/a
    Restrictions of data subject rights
    restrictions of data subject rights may occur during the preliminary activities related to cases of potential irregularities reported to olaf.
    see commission decision (eu) 2018/1962 of 11 december 2018 laying down internal rules concerning the processing of personal data by the european anti-fraud office (olaf) in relation to the provision of information to data subjects and the restriction of certain of their rights in accordance with article 25 of regulation (eu) 2018/1725 of the european parliament and of the council.
    Security measures Appropriate training, Data kept according to the security measures adopted by the European Commission
    Recipients European Commission and its services: European Anti Fraud Office, Government organisations: Competent national authorities, Government organisations: Competent third country authorities, Other: Competent international organisations, Intra and extra-muros external service providers (S2R JU contractors): List of S2R JU's external providers available at: https://shift2rail.org/participate/recipients-shift2rail-funds/, S2R JU Staff members: Staff dealing with anti-fraud cases
    Joint controllers n/a
    privacy policy url https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Anti-harassment procedures (hard data)
    Reference number PO-4-05-a)
    Data subject category S2R JU staff
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose The collection of "hard" data aims at the identification of the person, the management of historical records and most importantly at the identification of recurrent and multiple cases., Personal data is collected for the purpose of the procedure detailed in the S2R JU policy on protecting the dignity of the person and preventing psychological harassment and sexual harassment.
    Description
    The collection of data takes place in the context of selecting and appointing confidential counselors or in the context of the informal procedure described in the S2R JU anti-harassment procedure.
    Processed data Personal details Explicit consent article 5 d) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725) 5 years
    Profession Processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 5 years
    Processors
    • External experts (contractors, intra and extra-muros) (Belgium)
    Restrictions of data subject rights
    restriction of data subject rights may occur in procedures to fight against harassment to protect the alleged victim in cases where personal data relate to the suspect as well (allegations made about the suspect by informants or witnesses).
    the legal basis for such restrictions is article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others. 
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: European Anti Fraud Office (where necessary), European Commission and its services: Internal Audit Service (where necessary), Police or legal organisations: European Court of Auditors (where necessary), Professional advisors data subject: Advisors/psychologists (exceptional circumstances), Police or legal organisations: Judicial national authorities (exceptional circumstances), External evaluators or experts assisting the S2R JU: Ethics experts or law firms, S2R JU Staff members: (Legal and Data Protection Officer, Human Resources Officer), Other: Confidential counsellors, S2R Executive Director:
    Joint controllers n/a
    privacy policy url https://shift2rail.org/wp-content/uploads/2017/11/Shift2Rail-anti-fraud-strategy-2017-2020.pdf
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Anti-harassment procedures (soft data)
    Reference number PO-4-05-b)
    Data subject category S2R JU staff
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for the purpose of the procedure detailed in the S2R JU policy on protecting the dignity of the person and preventing psychological harassment and sexual harassment.
    Description
    Collection of data takes place in the context of selecting and appointing confidential counsellors or in the context of the informal procedure described in the S2R JU anti-harassment procedure. Soft data are allegations and declarations based upon the subjective perceptions of data subjects, usually collected by means of the personal notes of the counsellors. 
    Processed data Personal details Processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 3 months after the closure of the case
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    Restrictions of data subject rights
    restriction of data subject rights may occur in procedures to fight against harassment to protect the alleged victim in cases where personal data relate to the suspect as well (allegations made about the suspect by informants or witnesses).
    the legal basis for such restrictions is article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others. 
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: (Legal and Data Protection Officer, Human Resources Officer), External evaluators or experts assisting the S2R JU: Ethics experts or law firms, Police or legal organisations: Judicial national authorities (exceptional circumstances), Professional advisors data subject: Advisors/psychologists (exceptional circumstances), S2R Executive Director: , Police or legal organisations: European Court of Auditors (where necessary), European Commission and its services: Internal Audit Service (where necessary), European Commission and its services: European Anti Fraud Office (where necessary), Other: Confidential counsellors
    Joint controllers n/a
    privacy policy url https://shift2rail.org/wp-content/uploads/2017/11/Shift2Rail-anti-fraud-strategy-2017-2020.pdf
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Communication of S2R JU Staff personal data to governments of EU Member States
    Reference number PO-1-11
    Data subject category S2R JU statutory staff (temporary agents and contract agents (CA) as well as seconded national experts as they are assimilated to statutory staff)
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Article 15, al.2 of the Protocol n° 7 on the Privileges and immunities of the European Union annexed to the Treaty on the Functioning of the European Union states that “the names, grades and addresses of officials and other servants included in such categories shall be communicated periodically to the governments of the Member States”.
    Description
    Collecting S2R JU staff personal data (name, function and adress) and its communication, upon request, to the governments of the Member States.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Secure transfer of data
    Recipients Government organisations: Governments of the EU Member States (including but not limited to ministries and Permanent Representations)
    Joint controllers n/a
    privacy policy url N/A
    Last updated 29.01.2020
    internal reference Ares(2019)2259506
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Document management system (day-to-day document management)
    Reference number PO-6-01-b)
    Data subject category S2R JU staff, Staff's correspondants
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected to ensure appropriate follow up, filing and registration of important communication (internal/external) and documents.
    Description
    Repository and filling of documents are received and sent out from and to external person as well as internal mail/documents exchanges
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    • IT Tools (ABAC, EMI, etc.) (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: , European Commission and its services: Investigation and Disciplinary Office, European Commission and its services: OLAF, External contractors under framework contract with the European Commission : IT service providers of DG DIGIT, European Commission and its services: DG DIGIT
    Joint controllers DG DIGIT
    privacy policy url https://shift2rail.org/wp-content/uploads/2018/11/S2RJU_DMP_adopted_20181116_v2.pdf
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Document management system (document management policy, archive policy and their implementation)
    Reference number PO-6-01-a)
    Data subject category S2R JU staff, Staff's correspondants
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected to ensure appropriate follow up, filing and registration of important communication (internal/external) and documents.
    Description
    Repository and filling of documents are received and sent out from and to external person as well as internal mail/documents exchanges
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    • IT Tools (ABAC, EMI, etc.) (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: OLAF, European Commission and its services: Investigation and Disciplinary Office, S2R JU Staff members: , European Commission and its services: DG DIGIT, External contractors under framework contract with the European Commission : IT service providers of DG DIGIT
    Joint controllers DG DIGIT
    privacy policy url https://shift2rail.org/wp-content/uploads/2018/11/S2RJU_DMP_adopted_20181116_v2.pdf
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: E-newsletter subscription and related information
    Reference number PO-3-02
    Data subject category Recipients (“general public”) having requested or explicitly consented to remain in the S2R JU database and to continue receiving emails, invitations to events, alerts, e-news, newsletters and other relevant information from S2R JU
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for the purpose of subscribing to the Shift2Rail electronic newsletter via the S2R JU website and related services (alerts, notifications, etc).
    Description
    Establishing a list of email addresses to which each issue of the e-newsletter is sent; sending emails, invitations to events, alerts, e-news, and other relevant information. 
    Processed data Personal details Explicit consent article 5 d) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 Until the data subject unsubscribes
    Profession Explicit consent article 5 d) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 Until the data subject unsubscribes
    Processors
    • 20 Seconds to Midnight (Belgium)
    • Online platform (USA, EU-US privacy shield)
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data not displayed to the wider public, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Intra and extra-muros external service providers (S2R JU contractors): 20 Seconds to Midnight, S2R JU Staff members: Communication team, Intra and extra-muros external service providers (S2R JU contractors): MailChimp
    Joint controllers n/a
    privacy policy url https://shift2rail.org/wp-content/uploads/2020/02/PO-3-02-E-newsletter-subscription-and-related-information.pdf
    Last updated 02.03.2020
    internal reference Ares(2019)561283
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: EU Survey Tool for event registrations
    Reference number PO-3-03
    Data subject category Registrants or attendees sent through the EU Survey tool
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected in order to share information about the event on S2R JU and EUROPA websites and social media accounts, to ensure all necessary organisational steps to allow participants access on the premises of the event’s venue, for the management of the event itself, to ensure event follow-up activities.
    Description
    Collecting personal data for the purposes of participation in an on-line survey in order to to participate in a S2R JU event on a voluntary basis.This specific on-line service consists of an on-line form made available on the EUSurvey application, managed by the European Commission. 
    Processed data Health data Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 1 month after the results of the survey have been aggregated
    Personal details Explicit consent article 5 d) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 1 month after the results of the survey have been aggregated
    Profession Explicit consent article 5 d) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 1 month after the results of the survey have been aggregated
    Processors
    • EUSurvey IT system (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Data kept according to the security measures adopted by the European Commission, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: Authorized staff, Intra and extra-muros external service providers (S2R JU contractors): Only parts of personal data (name, surname, employer, email address) for the purpose of sending news, newsletter or invitations to future S2R JU events, S2R JU Staff members: Communication team
    Joint controllers DG DIGIT
    privacy policy url https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 07.06.2021
    internal reference Ares(2019)3713549
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Event registration and organisation.
    Reference number PO-3-01
    Data subject category Registrants/Attendees of Shift2Rail events
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected to register interested persons for effective management of meetings, provide access to the S2R JU event venues, and maintain participant’s lists as well as allowing possible event follow-up actions including feedback collection, specific communication activities and sharing of presentations.
    Description
    Collecting personal data as a part of the registration process for Shift2Rail events, processing for organisation of event (participants list, name tags, access control, etc), online registration of participants as well as communication with event participants before and after the end of events; Sharing data for networking.
    Processed data Health data Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 5 years
    Personal details Explicit consent article 5 d) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 5 years
    Video tapes and photographs Explicit consent article 5 d) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Processors
    • Ecorys systems (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Paper files are stored in a locked cupboard in the HR sector’s secured office until their destruction., Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Intra and extra-muros external service providers (S2R JU contractors): Ecorys and 20 Seconds To Midnight, Data subject themselves: Other participants, S2R JU Staff members: Communication team
    Joint controllers n/a
    privacy policy url https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 07.06.2021
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Exceptional leaves, absences and permanencies
    Reference number PO-1-05-c)
    Data subject category JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose The purpose of this processing activity is to manage the exceptional leaves, absences, and permanencies of staff members so that the S2R JU HR Officer may determine if the staff members leave rights are to be adapted.
    Description
    This processing activity occurs when assessing the entitlement to exceptional leaves, absences and permanencies and working conditions for temporary agents and contract agents. The exceptional leaves, absences, and permanencies could concern but are not limited to: permanencies during the S2R JU office closure, flexibility during public holidays (for example the possibility to work during the day of Easter), participation to strikes organised by unions. The exceptional leaves, absences, and permanencies do not fall under the normal scope of leaves and special leaves granted to staff members, for which another record gives account.
    Processed data Personal characteristics Public interest article 5 a) of regulation 2018/1725 7 years
    Personal details Public interest article 5 a) of regulation 2018/1725 7 years
    Profession Public interest article 5 a) of regulation 2018/1725 7 years
    Processors
    • IT Tool SYSPER (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: PMO, S2R JU Staff members: Human resources officer, S2R JU Staff members: Line managers, European Commission and its services: DG HR/DG DIGIT via SYSPER
    Joint controllers DG DIGIT, DG Human Resources and Security, PMO
    privacy policy url
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: External audits and ex-post controls
    Reference number PO-4-02
    Data subject category S2R JU staff, Candidates applying for open S2R JU vacancies (TA, CA, and SNE), Experts and S2R JU contractors
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected and managed for the sole purpose of preparing and communicating the audit reports by the external auditors.
    Description
    Personal data is collected in the conduct of checks and financial controls of grant agreements or service contracts aimed at verifying beneficiary's or contractor's or subcontractors' or third parties' compliance with all contractual provisions (including financial provisions). The purpose of the control is to check that the action and the provisions of the grant agreement or contract are being properly implemented and to assess the legality and regularity of the transaction underlying the implementation of the EU budget..
    Processed data Education Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 7 years
    Financial information Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 7 years
    Personal details Legal obligation (article 5 (b) of regulation 2018/1725), public interest article 5 a) of regulation 2018/1725 7 years
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 7 years
    Processors
    • Audit management system (Belgium)
    • Baker Tilly Belgium (Belgium)
    Restrictions of data subject rights
    no restriction per se in the s2r ju related operations but no information on the scope of the decision laying down internal rules for the court of auditors.
    Security measures Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Police or legal organisations: European Court of Auditors, European Commission and its services: EDPS, European Commission and its services: Accounting Officer of the European Commission, Intra and extra-muros external service providers (S2R JU contractors): Baker Tilly Belgium, S2R JU Staff members: Internal Control Coordinator, Head of Administration & Finance, Data Protection Officer, Administration and Finance Support team, S2R Governing Board: , S2R Executive Director:
    Joint controllers n/a
    privacy policy url
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Flexitime Management
    Reference number PO-1-09
    Data subject category JU Staff: temporary, JU Staff: contractual
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected to authorize the recuperation of overtime based on the working hours registered in SYSPER by the staff member.
    Description
    Assessing and managing the entitlement of staff members to flexitime for temporary agents and contract agents.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • IT Tool SYSPER (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Human resources officer, S2R JU Staff members: Line manager
    Joint controllers DG DIGIT, DG Human Resources and Security
    privacy policy url
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Internal audits
    Reference number PO-4-01
    Data subject category S2R JU staff, Experts and S2R JU contractors, Relatives of the persons above mentionned, whose personal data are available in the systems and/or files of the EC
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected and managed for the purpose of independent, risk-based and objective assurance and consulting services designated to add value and improve the operations of the S2R JU.
    Description
    The Internal Auditor reports to the S2R JU on his or her findings and recommendations and advises on dealing with risks, by issuing independent opinions on the quality of management and control systems and by issuing recommendations for improving the conditions of implementation of operations and promoting sound financial management. 
    Processed data Education Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 7 years
    Financial information Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 7 years
    Personal details Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 7 years
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 7 years
    Processors
    • Audit management system (Belgium)
    • IT Tools (ABAC, EMI, etc.) (Belgium)
    Restrictions of data subject rights
    no restriction per se in the s2r ju related operations but commission decision (eu) 2018/1961 of 11 december 2018 laying down internal rules concerning the provision of information to data subjects and the restriction of certain of their rights in the context of the processing of personal data for the purpose of internal audit activities.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: DG DIGIT, European Commission and its services: European Data Protection Supervisor, Police or legal organisations: European Court of Auditors, S2R JU Staff members: Data Protection Officer, Internal Control Coordinator, Head of Administration and Finance, Administration and Finance Support team, S2R Executive Director: , S2R Governing Board: , European Commission and its services: Internal Audit Service
    Joint controllers n/a
    privacy policy url
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Leaves and special leaves
    Reference number PO-1-05-a)
    Data subject category JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff, Relatives of the data subject
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose The purpose of this processing activity is the management of annual leave and special leave entitlements.
    Description
    Assessing the entitlement to annual leave and special leave and working conditions for temporary agents and contract agents. The special leaves include: 1- Marriage of an official, contract agent or SNE 2- Marriage of a child of an official / agent. 3- Birth of a child of an official / servant / SNE. 4- Serious illness of the spouse 5- Very serious illness of a child 6- Serious illness of a child 7- Serious illness of an ascendant  8- Death of the spouse 9- Death of wife during maternity leave 10- death of a child 11- Dead of an ascendant 12- Dead of a brother or sister 13- Adoption 14- Maternity 15- Exercise of an unremunerated external activity 16- Convocation to the court / judiciary. 17- Cure 18- Move 19- Election outside the duty station 20- Participation in an examination / competition / selection organized by EPSO, by a Community Institution or Agency 21- Training 22- Exercise of an elective public office. 23- Looking for a job at the end of the contract. 24- Travel time "special leave". 25- Part-time work 26- Family leave 27- Termination of functions  28- Cancellation of an annual or special leave at the request of the person concerned. 29- Postponement of annual leave 30- Flexitime 31- Permanence of end of year 
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 N+3 years
    Health data Contractual obligation article 5 c) of regulation 2018/1725 , public interest article 5 a) of regulation 2018/1725 N+3 years
    Juridic data Contractual obligation article 5 c) of regulation 2018/1725 , public interest article 5 a) of regulation 2018/1725 N+3 years
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 N+3 years
    Personal details Public interest article 5 a) of regulation 2018/1725 N+3 years
    Processors
    • IT Tool SYSPER (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures A paper copy is made and saved in a paper file. The paper file is archived in a locked cupboard., Health data processed with the principles of medical confidentiality by HR officer, Paper files are stored in a locked cupboard in the HR sector’s secured office until their destruction., Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: PMO, DG HR, DG DIGIT via SYSPER , S2R JU Staff members: Human resources officer, S2R JU Staff members: Line manager
    Joint controllers DG DIGIT, DG Human Resources and Security, PMO
    privacy policy url
    Last updated 07.06.2021
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Management of S2R JU Governance's bodies and meetings
    Reference number PO-6-03
    Data subject category Members of the Governing Board, Other participant, observer or expert invited to the meetings of the bodies of the S2R JU, Members of Scientific Committee, Members of States Representatives Group, Members of the Innovation Programmes' Steering Committees, Members of working groups, Any natural person acting on a private basis or on behalf of a legal person submitting a request for a meeting with the Executive Director or S2R JU staff
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected and managed for the purpose of granting access to members of S2R JU bodies and visitors to S2R JU premises in order to attend either S2R JU Governance meetings or meetings with the S2R JU Executive Director or S2R JU staff.
    Description
    Collecting and processing  information of attendees to  the S2R JU meetings, in particular  invitations, registration,  minutes, member's nomininations; register of  visitors for the Executive Director and other S2R JU staff.
    More information on the  Shift2Rail bodies, minutes and member's names can be found on the S2R JU web site: https://shift2rail.org/about-shift2rail/structure-of-shift2rail-initiative/
    Processed data Education Public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Processors
    • Securitas SA (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Individuals/organisations in direct relationship with controller: Security Service of the White Atrium building, S2R JU Staff members: ED Assistant, Programme Assistant, Legal Officer and DPO, External evaluators or experts assisting the S2R JU: Auditors, Police or legal organisations: European Data Protection Supervisor, S2R Executive Director: , European Commission and its services: EDPS
    Joint controllers n/a
    privacy policy url On-going
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Management of procurement procedures and grant applications (successful)
    Reference number PO-02-01-a)
    Data subject category Tenderers’ and applicants’ data (in case of legal entities, their representatives)
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for the award, management and follow-up of procurement contracts, grants, prizes and financial instruments by the S2R JU in accordance with S2R JU’s annual work plans.
    Description
    Collecting and processing of data provided by the applicants, tenderers, contractors and beneficiaries in the context of grant applications and tenders procedures as well as grant agreements and procurement contracts managed by S2R JU in accordance with S2R JU’s annual work plans.


    Processed data Education Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Financial information Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Juridic data Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal details Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors
    • European Commission systems (Belgium)
    • External experts (contractors, intra and extra-muros) (Belgium)
    Restrictions of data subject rights
    n/a. restriction already foreseen in the financial regulation – art 142 (1)
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Secure transfer of data, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients External evaluators or experts assisting the S2R JU: , Intra and extra-muros external service providers (S2R JU contractors): , S2R Executive Director: , S2R JU Staff members: Grant proposal evaluation panels, IP Coordinators, Tender evaluation committees, Staff participating in the selection of external experts, European Commission and its services:
    Joint controllers Research Executive Agency
    privacy policy url https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 07.06.2021
    internal reference Ares(2018)6031672
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Management of procurement procedures and grant applications (unsuccessful applicants)
    Reference number PO-02-01-b)
    Data subject category Tenderers’ and applicants’ data (in case of legal entities, their representatives)
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for the award, management and follow-up of procurement contracts, grants, prizes and financial instruments by the S2R JU in accordance with S2R JU’s annual work plans.
    Description
    Collecting and processing of data provided by unsuccessful applicants in the context of grant applications and tenders procedures as well as grant agreements and procurement contracts managed by S2R JU in accordance with S2R JU’s annual work plans.


    Processed data Education Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Financial information Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Juridic data Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Personal characteristics Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Personal details Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Processors
    • European Commission systems (Belgium)
    • External experts (contractors, intra and extra-muros) (Belgium)
    Restrictions of data subject rights
    n/a. restriction already foreseen in the financial regulation – art 142 (1)
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Secure transfer of data, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Staff participating in the selection of external experts, Tender evaluation committees, IP Coordinators, Grant proposal evaluation panels., Intra and extra-muros external service providers (S2R JU contractors): , External evaluators or experts assisting the S2R JU: , S2R Executive Director:
    Joint controllers Research Executive Agency
    privacy policy url https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 07.06.2021
    internal reference Ares(2018)6031672
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Management of the S2R JU Cooperation tool
    Reference number PO-5-04
    Data subject category S2R JU staff, S2R JU founding and associated Members, External guests (i.e.: auditors)
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for the management of the Web application "Shift2Rail Multi-project Cooperation Tool".
    Description
    Collecting and exchange documents, S2R JU members comments and opinions and organisation of meetings of S2R project,  recording history data (for audit trail) of all communication and modifications applied by individual access. The Cooperation Tool is a multi-project (programme) to manage all collaborative projects performed by the S2R JU Members, stemming from the S2R JU annual calls for proposals under the rules for participation of H2020 and the S2R JU Regulation, as well as some specific JU activities like the IP/CCA Steering Committees. It allows the S2R JU Members to monitor the financial management of their respective grant agreements as well as their annual Total Project Costs(IKOP) reporting and certification in accordance with Article 4.4 of the S2R JU Regulation. It allows and supports the cooperation of the various R&I project participants to implement the Description of the Action (DoA) for each awarded grant through daily project coordination and communication, as well as allow the JU to manage its working groups and Steering Committee with the respective members. The tool offers a common interface and a platform for:  coordination; planning; control;  technical, administrative and  financial management; exchange of document; comments and opinions;  organisation of meetings of S2R JU projects and groups.


    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • Data centre (Italy)
    Restrictions of data subject rights
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automatically generated password stored in encrypted format, Back-ups, update and monitoring services as well as corrective and periodic maintenances , Data produced remain the sole ownership of the participants to the project, No copies kept by contractor, Password recovery mechanism , Secure communication channel between server and client, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: Observers in the IP/CCA Steering Committe (ERA and EC representatives), S2R JU Staff members: , S2R JU founding and/or associated Members: , Intra and extra-muros external service providers (S2R JU contractors): Centro Nuova Comunicazione S.R.L.
    Joint controllers n/a
    privacy policy url
    Last updated 29.01.2020
    internal reference Ares(2019)1475974
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Microsoft Office 365 - S2R JU staff and guest users
    Reference number PO-PO5-05
    Data subject category S2R JU staff, JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff, S2R JU statutory staff (temporary agents and contract agents (CA) as well as seconded national experts as they are assimilated to statutory staff), Interim staff selected via an external contractor on behalf of the EC, JU external collaborators being granted access to M365 platform as guests
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose In line with the European Commission’s Digital Strategy, JU is gradually moving into a fully digital working environment. As a European public administration, JU needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster.
    Description

    In line with the European Commission’s Digital Strategy, S2R JU is gradually moving into a fully digital working environment.
    As a European public administration, S2R JU needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster.
    For this strategy to deliver, S2R JU has designed several actions and adopted a series of new tools designed to form together a Digital Workplace. 
    The Digital Workplace is an opportunity for the S2R JU to become an example of a modern public, connected and efficient Public Administration by providing staff with the best combination of tools, physical framework and working methods, to effectively support the achievement of the priorities of our organisation. 
    The Digital Workplace responds to the need for connected office, integrating teleworking tools for activities such as conference calls, remote collaboration, audio- or videoconferencing or webinars.
    Consequently, the S2R JU has decided to operate M365 provided by Microsoft Ireland. M365 offers cloud-based solutions that enable staff members of JU to:
    1. Document Processing – to create, read, review and amend documents, presentations, spreadsheets and other document types in various formats and for various purposes (Access, Sway, Forms);
    2. Email, Calendar, Contacts – to manage and exchange e-mail, calendars, contacts, tasks and notes (Exchange Online);
    3. File Sharing – to create, read, review, amend, store and share documents and files of various types in view of collaboration among staff (SharePoint Online, OneDrive, OneNote, Stream, Teams, PowerApps, Yammer);
    4. Chat and Messaging – to interact, share files, chat and exchange messages with colleagues, partners, stakeholders and other parties (Teams, Yammer);
    5. Virtual Meetings – to set up and participate in virtual meetings and teleconferences (Teams);
    6. Project and Task Management – to facilitate project and task management by staff (Exchange Online); and
    7. Data Analytics and Visualisation – to analyse data and visualise such data (Power BI).
    Identity and access management to M365 is managed through Azure Active Directory (Azure AD) and InTune.

    The operation of M365 requires the processing of personal data by S2R JU for the following purposes:
    1. provision, enabling, set-up, configuration and maintenance of M365 capabilities, including facilitating and coordinating field tasks (Identification Data, Service-Generated Data, Content Data)
    2. administration of the rights allocated to a user account (identity and access management)  (Identification Data);
    3. end-user support and IT Teams support for issues with M365 (Identification Data, Service-Generated Data, Diagnostic Data);
    4. prevention, detection and resolution of security events (e.g. cyber-attack), to ensure the confidentiality, integrity and availability of M365 (Identification Data, Service-Generated Data); and
    5. responding to data subjects exercising their rights in relation to personal data processed within M365 (Identification Data, Service-Generated Data).

    Additionally, Microsoft Ireland as a processor for and on behalf of S2R JU processes personal data for internal business operations in the context of providing M365. These business operations consist of (exhaustive list):
    1. billing and account management (Identification Data, Service-Generated Data); 
    2. compensation (Service-Generated Data); 
    3. internal reporting and business modelling (Service-Generated Data); 
    4. combatting fraud, cybercrime, and cyberattacks (Identification Data, Service-Generated Data); 
    5. improving core functionality of accessibility, privacy and energy efficiency (Service-Generated Data); and 
    6. financial reporting and compliance with legal obligations (Identification Data, Service-Generated Data). 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 6 months
    Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 For as long as the user account is active. days
    Processors
    • Exchange Online
    • OneDrive
    • SharePoint
    • Teams
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Computer systems hardened, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other private organisations: Microsoft's personnel based outside the EEA (most importantly, the USA) managing the databases on Microsoft cloud servers and Microsoft’s sub-processors' personnel on a need-to-know basis.
    Joint controllers n/a
    privacy policy url https://shift2rail.org/wp-content/uploads/2021/05/PO-PO-5-05_Microsoft-365_public.docx.pdf
    Last updated 21.05.2021
    internal reference PO-PO5-05
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Missions
    Reference number PO-1-08
    Data subject category JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff, S2R JU statutory staff (temporary agents and contract agents (CA) as well as seconded national experts as they are assimilated to statutory staff)
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for the management of the missions of the staff and the reimbursement of travel expenses and daily subsistence allowance.
    Description
    Collection of contact details and meeting documentation (such as agenda), request files and reimbursement files, travel orders. 
    Processed data Financial information Public interest article 5 a) of regulation 2018/1725 7 years
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 7 years
    Personal details Public interest article 5 a) of regulation 2018/1725 7 years
    Profession Public interest article 5 a) of regulation 2018/1725 7 years
    Processors
    • American Express (travel agency) (Belgium)
    Restrictions of data subject rights
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Administrative staff responsible for processing the files, European Commission and its services: PMO, External contractors under framework contract with the European Commission : American Express
    Joint controllers PMO
    privacy policy url
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Occupational health and medical data
    Reference number PO-1-02
    Data subject category JU Staff: temporary, JU Staff: contractual, Relatives of the data subject
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected to ensure that S2R JU staff complies with requirements of pre-recruitment, annual and periodic medical examination.
    Description
    Procedures put in place to ensure safety, health and welfare of S2R JU staff; Pre-recruitment medical examination; Annual and periodic medical examination . S2R JU does not collect medical certificates of staff members. These are directly sent to the medical service of the European Commission in accordance with the procedure established. 
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 3 years
    Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    Restrictions of data subject rights
    no specific restrictions in place at s2r ju. the medical files are kept at the commission's medical services. commission decision (eu) 2019/154 of 30 january 2019 laying down internal rules concerning the restriction of the right of access of data subjects to their medical files.
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Administrative staff responsible for processing the files, European Commission and its services: DG HR and Security, European Commission and its services: PMO, External contractors under framework contract with the European Commission :
    Joint controllers DG Human Resources and Security, PMO
    privacy policy url
    Last updated 07.06.2021
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Personal files of staff
    Reference number PO-1-04
    Data subject category JU Staff: temporary, JU Staff: contractual
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for employment contracts and setting up rights of the staff.
    Description
    Collection of staff documentation for recruitment, determination of rights, career development, appraisal.
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Financial information Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Processors
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: Internal Audit Service, Medical Service and the PMO, S2R JU Staff members: Finance team (for reimbursement purposes), Line manager, Human Resources Officer
    Joint controllers DG Human Resources and Security
    privacy policy url N/A
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Policy on sensitive functions
    Reference number PO-4-06
    Data subject category S2R JU staff
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected to ensure the functioning of an effective and efficient internal control system, in particular on functions that are genuinely sensitive, i.e. where the risk of fraud or irregularities in the use of funds and sensitive information is significant.
    Description
    Collecting personal data for the management of sensitive posts: risks associated with tasks in the areas of management, individual decisions and finance. 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 2 years
    Profession Public interest article 5 a) of regulation 2018/1725 2 years
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Annual assessment of risk factors through the risk assessment exercise, Appropriate training, Audit by the Internal Audit Service and European Court of Auditors, Decision making process based on a control chain , Periodic management review and assessment made by the Executive Director, Segregation of duties, Signature of absence of conflict of interest
    Recipients European Commission and its services: DG Human Resources in exceptional cases for guidance and advice, S2R JU Staff members: Human resources officer, S2R JU Staff members: Legal officer, S2R JU Staff members: Management
    Joint controllers n/a
    privacy policy url
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Prevention and management of conflicts of interests applicable to the bodies of Shift2Rail Joint Undertaking
    Reference number PO-6-04
    Data subject category Members of the Governing Board, Other participant, observer or expert invited to the meetings of the bodies of the S2R JU, Relatives of the data subject, Members of Scientific Committee, Members of States Representatives Group, Members of the Innovation Programmes' Steering Committees, Members of working groups
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is processed for the sole purpose of applying the rules for the prevention and management of conflicts of interest applicable to the members of the bodies of the S2R JU listed under Article 5(1) of the Statutes in order to ensure the handling of situations where potential conflicts of interest may arise in a transparent and consistent manner.
    Description
    Collecting and screening declarations of confidentiality and non-conflict of interests signed by all members of the S2R JU bodies before appointment, after appointment  (in a yearly basis) and spontaneously at any time in the course of their duties (ad-hoc Declaration).
    The name of the Members of Governing Board, Scientific Committee, States Representatives Group together with the name of their employer or any organisation which pays them  shall be published on the S2R JU’s website.The CVs and declarations of interest by the Members of the Governing Board shall be available for public scrutiny in the S2R JU web site with due respect to the applicable EU rules on protection of personal data  and access to documents (article 9 of Decision n° 07/2018)
    Processed data Education Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Financial information Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Memberships Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Philosophical or religious convictions Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Political preferences Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Trade union membership Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Data kept according to the security measures adopted by the European Commission, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Administrative staff, legal department. , The general public: The name of the Members of Governing Board, Scientific Committee, States Representatives Group together with the name of their employer or any organization which pays them shall be published on the S2R JU's website. The CVs and declarations of interest by the Members of the Governing Board shall be available for public scrutiny in the S2R JU web site with due respect to the applicable EU rules on protection of personal data and access to documents (article 9 of Decision n° 07/2018), Data subject themselves: , Individuals/organisations in direct relationship with controller: Chairperson and Vice chair person of the relevant body or group, S2R Executive Director:
    Joint controllers n/a
    privacy policy url On-going
    Last updated 07.06.2021
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Prevention and management of conflicts of interests of the staff members of the Shift2Rail Joint Undertaking
    Reference number PO-1-10
    Data subject category Relatives of the data subject, S2R JU statutory staff (temporary agents and contract agents (CA) as well as seconded national experts as they are assimilated to statutory staff)
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is processed for the sole purpose of applying the rules for the prevention and management of conflicts of interest of the S2R JU staff members in order to ensure the handling in a transparent and consistent manner of situations where conflicts of interest may arise.
    Description
    Collecting and screening declarations of confidentiality and non-conflict of interests signed by all S2R JU staff members when they take up duties.
    Processed data Characteristics of domicile Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Education Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Family composition Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Financial information Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Memberships Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal details Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Philosophical or religious convictions Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Political preferences Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Trade union membership Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Staff member concerned, Line manager, Legal officer, Human resources officer, S2R Executive Director: , The general public: The declarations of interest submitted by the S2R JU Executive Director shall be available for public scrutiny with due respect to the applicable EU rules on protection of personal data and access to documents. Where deemed relevant, the concerned person's CV (or a summary of his/her professional experience) could also be made available. , S2R Governing Board:
    Joint controllers n/a
    privacy policy url
    Last updated 07.06.2021
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: S2R JU Info Day mobile app
    Reference number PO-5-03
    Data subject category Users of the S2R Info Day mobile app
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for the sole purposes of permitting app users to enjoy all facilities and event related services occurring during the S2R JU Info Day.
    Description
    Collecting, processing and storing personal data locally for the S2R JU Info Day mobile application,  a software solution created and developed by Evenium available for download at www.evenium.me and/or from the Apple Store and the Android Market, allowing the use of the ConnexMe service on smartphone devices. The app provides access to a list of all the events in which the organizer has participated and the content linked to these events, to communicate with other participants or the organizer of the event and to interact with the content of said events. It notably allows users: to participate in events with elements broadcast on screens.
    Processed data Personal details Explicit consent article 5 d) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 Until December 21st, 2017
    Profession Explicit consent article 5 d) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 Until December 21st, 2017
    Processors
    • Evenium SA (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Use of information sources like the OWASP community and guidelines from the European Union Agency for Network and Information Security to stay abreast of new developments in threats and vulnerabilities and their most effective countermeasures
    Recipients Intra and extra-muros external service providers (S2R JU contractors): Ecorys NV, Intra and extra-muros external service providers (S2R JU contractors): Evenium SA (Subcontractor of Ecorys)
    Joint controllers n/a
    privacy policy url https://shift2rail.org/terms-of-use/
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Salary
    Reference number PO-1-06
    Data subject category JU Staff: temporary, JU Staff: contractual, Relatives of the data subject
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected in order to determine the staff member’s entitlements. Documents are collected by the HR Officer and sent to the relevant Commission service (PMO) which will process the data in order to determine the financial rights of the staff member.
    Description
    Producing salary slips, determining allowances, establishment of financial rights, paying the salaries and allowances to S2R JU staff. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Family composition Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Financial information Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Profession Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Financial team, Human resources officer, S2R Executive Director: , European Commission and its services: PMO, European Commission and its services: Medical service (if sick leave involved)
    Joint controllers PMO
    privacy policy url
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Selection and management of external experts (Non-selected experts)
    Reference number PO-2-02-b)
    Data subject category Experts (in case of legal entities, their representatives)
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for the selection and the management (including reimbursements of expenses and payment where appropriate) of independent experts appointed by S2R JU to advise on or assist with: the evaluation of proposals, the monitoring of the implementation of actions carried out under Horizon 2020 as well as of previous Research and/or Innovation Programmes, advice or assistance with other tasks related to S2R JU activities.
    Description
    Collection and processing of data provided by individuals for the establishment of a database of prospective independent experts to assist with tasks managed by the S2R JU. The processing operations performed by the Controller include collection, storage and evaluation of personal data of the experts. 
    Processed data Education Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Financial information Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Personal characteristics Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Personal details Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
    Recipients S2R JU Staff members: IP Coordinators, S2R JU Staff members: Staff participating in the selection of external experts, External evaluators or experts assisting the S2R JU: , S2R Executive Director: , European Commission and its services:
    Joint controllers Research Executive Agency
    privacy policy url https://shift2rail.org/wp-content/uploads/2020/02/PO-2-02-b-Selection-and-management-of-external-experts-Non-selected-experts.pdf
    Last updated 05.03.2020
    internal reference Ares(2018)6031672
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Selection and management of external experts (selected experts)
    Reference number PO-2-02-a)
    Data subject category Experts (in case of legal entities, their representatives)
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected for the selection and the management (including reimbursements of expenses and payment where appropriate) of independent experts appointed by S2R JU to advise on or assist with: the evaluation of proposals, the monitoring of the implementation of actions carried out under Horizon 2020 as well as of previous Research and/or Innovation Programmes, advice or assistance with other tasks related to S2R JU activities.
    Description
    Collection and processing of data provided by individuals for the establishment of a database of prospective independent experts to assist with tasks managed by the S2R JU. The processing operations performed by the Controller include collection, storage and evaluation of personal data of the experts. 
    Processed data Education Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Financial information Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal details Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
    Recipients External evaluators or experts assisting the S2R JU: , S2R JU Staff members: Staff participating in the selection of external experts, S2R JU Staff members: IP Coordinators, S2R Executive Director: , European Commission and its services: Research Executive Agency via the H2020 Participant Portal
    Joint controllers Research Executive Agency
    privacy policy url https://shift2rail.org/wp-content/uploads/2020/02/PO-2-02-a-Selection-and-management-of-external-experts-selected-experts.pdf
    Last updated 02.03.2020
    internal reference Ares(2018)6031672
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Selection and recruitment of interims
    Reference number PO-1-01-c)
    Data subject category Interim staff selected via an external contractor on behalf of the European Commission
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Data are processed for the purpose of organising the selection and recruitment procedures for interims at the S2R JU.
    Description
    Collecting applications of candidates, screening tables, pre-selection reports, selection reports, written tests, interview questions, offers for posts, short lists, reserve lists, reserve list letters, negative letters etc. 


    Processed data Education Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 6 months
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 6 months
    Personal details Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 6 months
    Profession Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 6 months
    Processors
    • Randstad Belgium SA systems (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Once the procedure is closed, electronically stored data erased, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients External evaluators or experts assisting the S2R JU: Appointed members of the selection committee, S2R JU Staff members: Appointed members of the selection committee, Human Resources Officer, Data Protection Officer (only for the purposes of replying to access requests or other consultations on data protection aspects from the HR Officer), S2R Executive Director: , European Commission and its services: DG Human Resources and Security, External contractors under framework contract with the European Commission : Randstad
    Joint controllers DG EAC, DG Human Resources and Security, PMO
    privacy policy url https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 07.06.2021
    internal reference Ares(2019)503847
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Selection and recruitment of temporary agents (TA), contract agents (CA), seconded national experts (SNE) (non-recruited candidates)
    Reference number PO-1-01-b)
    Data subject category Candidates applying for open S2R JU vacancies (TA, CA, and SNE), Trainees recruited by the European Commission ('EU BlueBlook trainees')
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Data are processed for the purpose of organising the selection and recruitment procedures for TA, CA, SNE and Blue Book Trainees at the S2R JU.
    Description
    This processing operation consists of collecting applications of candidates, screening tables, pre-selection reports, selection reports, written tests, interview questions, offers for posts, short lists, reserve lists, reserve list letters, negative letters etc. Special retention time applies to non-recruited candidates. Regarding the BlueBook trainees, S2R JU is not in charge of the recruitment process which is being dealt with by the relevant department at the European Commission (DG EAC). Applications are only accessible via the online database which is open for consultation only during specific periods. Therefore, S2RJU does not store any data related to the recruitment of BlueBook Trainees. 


    Processed data Education Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 2 years following the recruitment procedure is terminated
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 2 years following the recruitment procedure is terminated
    Personal details Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 2 years following the recruitment procedure is terminated
    Profession Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 2 years following the recruitment procedure is terminated
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Once the procedure is closed, electronically stored data erased, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients External evaluators or experts assisting the S2R JU: Appointed members of the selection committee, S2R JU Staff members: Appointed members of the selection committee, Human Resources Officer, Data Protection Officer (only for the purposes of replying to access requests or other consultations on data protection aspects from the HR Officer), S2R Executive Director: , European Commission and its services: PMO, DG Human Resources and Security
    Joint controllers DG EAC, DG Human Resources and Security, PMO
    privacy policy url https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 07.06.2021
    internal reference Ares(2019)503847
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Selection and recruitment of temporary agents (TA), contract agents (CA), seconded national experts (SNE) (recruited candidates)
    Reference number PO-1-01-a)
    Data subject category Candidates applying for open S2R JU vacancies (TA, CA, and SNE), Trainees recruited by the European Commission ('EU BlueBlook trainees')
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Data are processed for the purpose of organising the selection and recruitment procedures for TA, CA, SNE and Blue Book Trainees at the S2R JU.
    Description
    This processing operation consists of collecting applications of candidates, screening tables, pre-selection reports, selection reports, written tests, interview questions, offers for posts, short lists, reserve lists, reserve list letters, negative letters etc. Regarding the BlueBook trainees, S2R JU is not in charge of the recruitment process which is being dealt with by the relevant department at the European Commission (DG EAC). Applications are only accessible via the online database which is open for consultation only during specific periods. Therefore, S2RJU does not store any data related to the recruitment of BlueBook Trainees. 


    Processed data Education Contractual obligation article 5 c) of regulation 2018/1725 , public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Contractual obligation article 5 c) of regulation 2018/1725 , public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal details Contractual obligation article 5 c) of regulation 2018/1725 , public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Contractual obligation article 5 c) of regulation 2018/1725 , public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    • Teams
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Once the procedure is closed, electronically stored data erased, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients External evaluators or experts assisting the S2R JU: Appointed members of the selection committee, S2R JU Staff members: Executive Director, Appointed members of the selection committee, Human Resources Officer, Data Protection Officer (only for the purposes of replying to access requests or other consultations on data protection aspects from the HR Officer), European Commission and its services: PMO, DG Human Resources and Security
    Joint controllers DG EAC, DG Human Resources and Security, PMO
    privacy policy url https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 07.06.2021
    internal reference Ares(2019)503847
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Selection and recruitment of temporary agents (TA), contract agents (CA), seconded national experts (SNE) (spontaneous applications)
    Reference number PO-1-01-d)
    Data subject category Trainees recruited by the European Commission ('EU BlueBlook trainees'), Spontaneous applicants
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Data are processed for the purpose of organising the selection and recruitment procedures for TA, CA, SNE, interims staff and “EU Blue Book Trainees” at the S2R JU.
    Description
    Collecting spontaneous applications of candidates. The S2R JU does not consider spontaneous applications. Personal data (such as CV) is not stored and is deleted after 7 days. Regarding the BlueBook trainees, S2R JU is not in charge of the recruitment process which is being dealt with by the relevant department at the European Commission (DG EAC). Applications are only accessible via the online database which is open for consultation only during specific periods. Therefore, S2RJU does not store any data related to the recruitment of BlueBook Trainees. 



    Processed data Education Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 7 calendar days
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 7 calendar days
    Personal details Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 7 calendar days
    Profession Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 7 calendar days
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Human Resources Officer
    Joint controllers n/a
    privacy policy url https://shift2rail.org/wp-content/uploads/2020/02/PO-1-01-d-Spontaenous-applicants.pdf
    Last updated 05.03.2020
    internal reference Ares(2019)503847
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Sick leaves
    Reference number PO-1-05-b)
    Data subject category JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is managed and collected for the purpose of assessing the entitlement to sick leave, annual leave and special leave and working conditions for temporary agents and contract agents.
    Description
    Assessing the entitlement to sick leaves and working conditions for temporary agents and contract agents. 
    Processed data Health data Legal obligation article 5 b) of regulation 2018/1725, public interest article 5 a) of regulation 2018/1725 5 years
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Processors
    • IT Tool SYSPER (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures A paper copy is made and saved in a paper file. The paper file is archived in a locked cupboard., Health data processed with the principles of medical confidentiality by HR officer, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Human resources officer, Line manager, Executive Director, European Commission and its services: PMO, Medical service, DG DIGIT, Other: Other Institutions in case of transfer (they receive a chart with the liquidation account of sick leave)
    Joint controllers DG DIGIT, DG Human Resources and Security, PMO
    privacy policy url
    Last updated 07.06.2021
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Staff evaluation
    Reference number PO-1-03
    Data subject category JU Staff: temporary, JU Staff: contractual
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected to assess the performance with regard to the job specifications and defined objectives, and the potential and development or reclassification needs.
    Description
    Staff appraisal, probationary reports, reclassification of contract and temporary agents, renewal of contracts. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    • Teams
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Obligation of confidentiality of the staff, Paper files are stored in a locked cupboard in the HR sector’s secured office until their destruction., Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Line Managers, HR Officer, and in case of reclassification, the staff and Joint reclassification committees.
    Joint controllers n/a
    privacy policy url
    Last updated 07.06.2021
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Teleworking
    Reference number PO-1-07
    Data subject category JU Staff: temporary, JU Staff: contractual
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose The purpose of this processing operation is to manage in a legal, standardized and centralized framework all temporal aspects of a jobholder's framework with respect to the management and monitoring of the implementation of teleworking. In particular, the treatment consists in identifying the persons authorized to telework according to various criteria such as the possibilities of telework, the interest of the service or the motivation of the person. The persons concerned have the possibility of making a request for telecommuting either casual or structural via Sysper.
    Description
    Management of the teleworking requests and agreements; planning regarding the ordering of ICT tools and devices for the performance of telework. Staff members are granted access to an electronic tool in which they can launch a request for teleworking. 
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Habits Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Health data Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • IT Tool SYSPER (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients S2R JU Staff members: Executive Director, Line Managers. , Data subject themselves: Right to access and rectify their own data in SYSPER.
    Joint controllers DG DIGIT, DG Human Resources and Security
    privacy policy url
    Last updated 07.06.2021
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: User Network and Systems Access
    Reference number PO-5-01
    Data subject category S2R JU staff, Interim staff selected via an external contractor on behalf of the European Commission, Trainees recruited by the European Commission ('EU BlueBlook trainees'), External staff: trainees and interim staff, Any other person whose personal data have been collected and are processed by information systems that use the S2R JU ICT infrastructure
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected to provide S2R JU employees with necessary access to ICT systems and services in order for them to carry out their statutory duties. This includes access provisioning to EC systems like ECAS/EU Login or ABAC.
    Description
    Provisioning of necessary access to S2R JU employees to designated business ICT systems of the organization based on incoming requests from HR department or management requests/access authorizations
    Processed data Personal characteristics Public interest article 5 a) of regulation 2018/1725 1 month after user's departure
    Personal details Public interest article 5 a) of regulation 2018/1725 1 month after user's departure
    Profession Public interest article 5 a) of regulation 2018/1725 1 month after user's departure
    Processors
    • Real Dolmen (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Confidentiality of communications and privacy, Windows 10 access: Password renewed every six month
    Recipients S2R JU Staff members: Network and security managers, IT system and database administrators, European Commission and its services: DIGIT, External contractors under framework contract with the European Commission : Real Dolmen
    Joint controllers DG DIGIT
    privacy policy url
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Video Surveillance system
    Reference number PO-5-02
    Data subject category S2R JU staff, Visitors and other persons entering into the S2R JU premises outside regular working hours
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose The S2R JU uses its video-surveillance system for the sole purposes of protecting its premises and assets for safety, security and access control purposes only. The video-surveillance system helps monitor access to our offices, as well as safeguards property and information located or stored on the premises.
    Description
    Recording, storing and giving acces to record tapes by means of a closed circuit television (CCTV) system which are installed in S2R JU public areas located in the second floor of the White Atrium building (Avenue de la Toison d’Or 56-60, B-1060 Brussels/Belgium). 
    Processed data Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 14 days
    Processors n/a
    Restrictions of data subject rights
    the rights that could be restricted on the ground of internal security of the s2r ju would mainly be the right to information. only in exceptional circumstances  the images may be transferred to investigatory bodies in the framework of administrative inquiries, disciplinary proceedings or olaf investigation as far as there is a connection with the prevention, investigation or criminal offences.
    grounds for the restriction:  
    1. article 25(b)  regulation 2018/1725: "prevention, investigation, detection and prosecution of criminal offences".
    2. article 25(d)  regulation 2018/1725: " internal security of union institutions and bodies"
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Computer systems hardened, Obligation of confidentiality of the staff, Physical security of the premises, System operates on a separate, disconnected private network with no external remote access
    Recipients Intra and extra-muros external service providers (S2R JU contractors): Upon request: External service provider (S2R JU contractor) in charge of the maintenance, S2R JU Staff members: ICT and Security Officer
    Joint controllers n/a
    privacy policy url https://shift2rail.org/wp-content/uploads/2020/05/PO-5-02-Video-surveillance-system.pdf
    Last updated 16.12.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Web Conference Service (Webex)
    Reference number TO BE FILLED IN BY DPO
    Data subject category S2R JU staff, Members of the Governing Board, Other participant, observer or expert invited to the meetings of the bodies of the S2R JU
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Organization of videoconferencing meetings
    Description
    Within the S2R Joint Undertaking, the web conferencing system is used for the organization of videoconferencing meetings with external participants. The tool is called WebEx.

    It can be defined as an all-in-one conferencing tool that integrates audio, video and content sharing. It allows easy access from a computer or mobile device that has Internet access and a browser.

    All videoconferencing participants meet in a virtual room securely accessible to guests. A staff member who would like to organize conferences must first have a personal account on the system which allows the activity requested to be linked to a responsible person.

    The organizer of the videoconference (exclusively S2R JU staff) will have to create a virtual room and invite external participants according to his needs. These invitations will be targeted based on the participant's email address and will allow access to the session.

    The recording of a conference is only possible by its organizer.

    The purpose of data processing could be classified into several different sections:


    • Identification of the participants and the organizer in order to allow the actual operation of the conference
    • Identification of potential technical improvements and failures in the service
    • Production of statistics for invoicing the services provided by the contractor
    • Collection of representative data and conference statistics (excluding their content) in order to improve the user experience and service performance by performing analyzes of the aggregation of this information
    • Address support requests for the service
    • Service support performance analysis
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years from when the Service is terminated, in a pseudonymised format; Host Registration & Invoicing information : 7 years
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Data kept according to the security measures adopted by the European Commission, Premises abide by the European Commission's security decisions and provisions, Secure transfer of data, Standard clause for the processing of personal data included in the contract
    Recipients Third countries:
    Joint controllers n/a
    privacy policy url https://shift2rail.org/terms-of-use/
    Last updated 07.06.2021
    internal reference TO BE FILLED IN BY DPO
    Exercising your rights https://shift2rail.org/terms-of-use/

  • Activity: Whistleblowing procedures
    Reference number PO-4-04
    Data subject category S2R JU staff
    Controller Shift2Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@s2r.europa.eu
    Purpose Personal data is collected to ensure the protection and adequate remedies for whistleblowers, the management and follow up reports and to establish reporting channels for whistleblowers.
    Description
    Collecting data for the purposes of establishing reporting channels for whistleblowers, managing and following-up reports, and ensuring protection and adequate remedies for whistleblowers.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 2 months after the final decision has been issued to all the parties involved
    Profession Public interest article 5 a) of regulation 2018/1725 2 months after the final decision has been issued to all the parties involved
    Processors n/a
    Restrictions of data subject rights
    there might be restrictions on a case-by-case basis of the rights to: information, access, rectification, blocking, erasure, notification to third parties.
    ground for restriction: investigation to protect witnesses or whistle-blowers in cases where personal data relate to the suspect as well (allegations made about the suspect by informants or witnesses).                                                           
    legal basis for restrictions: article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others)
    Security measures Data kept according to the security measures adopted by the European Commission
    Recipients European Commission and its services: European Anti Fraud Office (where needed), European Commission and its services: EDPS (where necessary), Police or legal organisations: European Court of Auditors (where necessary), Police or legal organisations: Court of Justice (where necessary), European Commission and its services: Internal Audit Service (where necessary), Intra and extra-muros external service providers (S2R JU contractors): Ethics experts or law firms, S2R JU Staff members: Human resources officer, Executive Director, Data subject themselves: The whistleblower, Personal relations data subject: Any person who may be concerned
    Joint controllers n/a
    privacy policy url https://shift2rail.org/wp-content/uploads/2018/12/Decision-GB-20_2018_Whistleblowing.pdf
    Last updated 29.01.2020
    internal reference
    Exercising your rights https://shift2rail.org/terms-of-use/

Powered by GDPR Central.