Processing Activities

Search


Data subject categories

Fields

Purpose
Description
Processed data
Recipients
Supporting assets
reference number

Results

  • Activity: Access to documents
    Reference number PO-6-02
    Data subject category Any natural person acting on a private basis or on behalf of a legal person submitting a request for access to EU-Rail (public) documents
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose The purpose of the processing operation is to ensure appropriate treatment of requests for access to public documents of EU-Rail
    Description
    This processing operation takes form in the receipt of requests of any external person to access EU-Rail (public) documents from different channels (EU-Rail on line form, general mailbox, individual EU-Rail staff, etc), the analysis of the request, taking a decision on the request, and informing the applicant of the decision and acknowledgment of receipt.

    For more information please read the EU-Rail practical arrangements for implementing Regulation (EC) No 1049/2001 of the European Parliament and of the Council regarding public access to documents adopted by the EU-Rail Gouverning Board (decision N° 22/2015).

    List of EU-Rail's external providers available at: Recipients of Funds and Annual List of Specific Contracts - Europe's Rail (europa.eu) 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Processors
    • Exchange Online
    • External experts (contractors, intra and extra-muros) (Belgium)
    • Forms
    • PowerApps
    • PowerBI
    • SharePoint
    • Stream
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Intra and extra-muros external service providers (EU-RAIL contractors): List of EU-Rail's external providers available at: https://rail-research.europa.eu/participate/recipients-eu-rail-funds/, EU-RAIL Executive Director: , EU-RAIL Staff members: (Legal and Data Protection Officer, EU-Rail Management, Document Access Coordinator)
    Joint controllers n/a
    privacy policy url On-going
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Anti-fraud procedures
    Reference number PO-4-03
    Data subject category Natural persons who are or were suspected of wrongdoing which is the subject of the OLAF investigations, Natural persons who have provided information to OLAF including informants, whistleblowers, witnesses and persons who have provided statements, Staff of OLAF operational partners (e.g. competent staff of the EU institutions and bodies or national authorities) working on OLAF matters whose name appears in documents stored by OLAF, Other persons whose name appears in the case file but have no relevance to the case
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose The purpose of the processing operation is to facilitate internal investigations conducted by OLA, which may carry out further external investigations, including on-the-spot checks and inspections, with a view to establishing whether there has been fraud, corruption or any other illegal activity affecting the financial interests of the Union in connection with an agreement or a contract funded by EU-Rail.
    Description
    This processing operation takes form in collecting personal data in order to analyse information about potential fraud and financial irregularities to assess whether there are grounds to transmit the information to the relevant authorities for investigation, in particular the European Anti-Fraud Office (OLAF).

    Privacy notices relating to OLAF processing operations at the following link: https://ec.europa.eu/anti-fraud/olaf-and-you/data-protection/olaf-personal-data-processing-operations-and-privacy-statements_en

    EU-Rail Anti Fraud Strategy Action Plan and reviews published in the EU-Rail web site : Functioning of the JU - Europe's Rail (europa.eu)

    List of EU-Rail's external providers available at: Recipients of Funds and Annual List of Specific Contracts - Europe's Rail (europa.eu)
    Processed data Personal characteristics Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Processors
    • Exchange Online
    Restrictions of data subject rights
    restrictions of data subject rights may occur during the preliminary activities related to cases of potential irregularities reported to olaf.
    see commission decision (eu) 2018/1962 of 11 december 2018 laying down internal rules concerning the processing of personal data by the european anti-fraud office (olaf) in relation to the provision of information to data subjects and the restriction of certain of their rights in accordance with article 25 of regulation (eu) 2018/1725 of the european parliament and of the council.
    Security measures Appropriate training, Data kept according to the security measures adopted by the European Commission
    Recipients European Commission and its services: European Anti Fraud Office, Government organisations: Competent national authorities, Government organisations: Competent third country authorities, Other: Competent international organisations, Intra and extra-muros external service providers (EU-RAIL contractors): List of EU-Rail's external providers available at: https://rail-research.europa.eu/participate/recipients-eu-rail-funds/, EU-RAIL Staff members: Staff dealing with anti-fraud cases
    Joint controllers n/a
    privacy policy url https://rail-research.europa.eu/about-europes-rail/europes-rail-reference-documents/functioning-of-the-europes-rail-ju/
    Last updated 18.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Anti-harassment procedures (hard data)
    Reference number PO-4-05-a)
    Data subject category EU-Rail staff
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose The collection of "hard" data aims at the identification of the person, the management of historical records and most importantly at the identification of recurrent and multiple cases., Personal data is collected for the purpose of the procedure detailed in EU-Rail policy on protecting the dignity of the person and preventing psychological harassment and sexual harassment.
    Description
    The collection of data takes place in the context of selecting and appointing confidential counselors or in the context of the informal procedure described in the EU-Rail anti-harassment procedure.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725 5 years
    Processors
    • Exchange Online
    • External experts (contractors, intra and extra-muros) (Belgium)
    • SharePoint
    Restrictions of data subject rights
    restriction of data subject rights may occur in procedures to fight against harassment to protect the alleged victim in cases where personal data relate to the suspect as well (allegations made about the suspect by informants or witnesses).
    the legal basis for such restrictions is article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others. 
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: European Anti Fraud Office (where necessary), European Commission and its services: Internal Audit Service (where necessary), Police or legal organisations: European Court of Auditors (where necessary), Professional advisors data subject: Advisors/psychologists (exceptional circumstances), Police or legal organisations: Judicial national authorities (exceptional circumstances), External evaluators or experts assisting the JU: Ethics experts or law firms, EU-RAIL Executive Director: , EU-RAIL Staff members: (Legal and Data Protection Officer, Human Resources Officer), Other: Confidential counsellors
    Joint controllers n/a
    privacy policy url https://shift2rail.org/wp-content/uploads/2017/11/Shift2Rail-anti-fraud-strategy-2017-2020.pdf
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Anti-harassment procedures (soft data)
    Reference number PO-4-05-b)
    Data subject category EU-Rail staff
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for the purpose of the procedure detailed in the EU-Rail policy on protecting the dignity of the person and preventing psychological harassment and sexual harassment.
    Description
    Collection of data takes place in the context of selecting and appointing confidential counsellors or in the context of the informal procedure described in the EU-Rail anti-harassment procedure. Soft data are allegations and declarations based upon the subjective perceptions of data subjects, usually collected by means of the personal notes of the counsellors. 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725 3 months after the closure of the case
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    • Exchange Online
    • SharePoint
    Restrictions of data subject rights
    restriction of data subject rights may occur in procedures to fight against harassment to protect the alleged victim in cases where personal data relate to the suspect as well (allegations made about the suspect by informants or witnesses).
    the legal basis for such restrictions is article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others. 
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Executive Director: , EU-RAIL Staff members: (Legal and Data Protection Officer, Human Resources Officer), External evaluators or experts assisting the JU: Ethics experts or law firms, Police or legal organisations: Judicial national authorities (exceptional circumstances), Professional advisors data subject: Advisors/psychologists (exceptional circumstances), Police or legal organisations: European Court of Auditors (where necessary), European Commission and its services: Internal Audit Service (where necessary), European Commission and its services: European Anti Fraud Office (where necessary), Other: Confidential counsellors
    Joint controllers n/a
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2017/11/Shift2Rail-anti-fraud-strategy-2017-2020.pdf
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Associate membership, learning and development services offered by the Institute of Internal Auditors for the EU-Rail staff members
    Reference number PO-4-07
    Data subject category EU-Rail staff
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose EU-Rail staff members personal data are collected and processed in the context of the service contract with the Institute of Internal Auditors, Belgium – affiliated to the Institute of Internal Auditors (IIA Global)
    Description
    To administer the respective activities and services, a service contract between the Institute of Internal Auditors, Belgium (IIA Belgium) – affiliated to the Institute of Internal Auditors (IIA Global) - and the European Commission (DG HR Unit C4 - Learning & Development) is signed. Based on this service contract, EU-Rail concludes with IIA Belgium the Complementary Agreement to enable usage of IIA Belgium/IIA Global services by the EU-RAIL staff members under the EU-Rail group membership. In this respect, EU-RAIL staff members personal data are collected and processed. More information about the purpose and the description of this processing activity, applicable by analogy to EU-Rail, can be found in the EC DPO register (DPR-EC-08086.1) at the following link: https://ec.europa.eu/dpo-register/detail/DPR-EC-08086.1 
    Processed data Membership of a professional association Public interest - art. 50.1 d) article 5 a) of regulation (eu) 2018/1725 10 years
    Personal details Public interest - art. 50.1 d) article 5 a) of regulation (eu) 2018/1725 10 years
    Profession Public interest - art. 50.1 d) article 5 a) of regulation (eu) 2018/1725 10 years
    International data transfers <div>&nbsp;| Personal data is transferred to a third country outside EU/EEA for which there is no adequacy decision (The United States). The level of protection of personal data will depend on the law or practice of this third country. However, the rights as regards data protection might not be equivalent to those in and EU/EEA country or a country with an adequacy decision. The information we collect will not be given to any other party located in a third country outside EU/EEA, except to the extent and for the purpose, which may be required by the national law of the country in question.<br>&nbsp;EU-Rail considers that a derogation under Article 50 - Derogations for specific situations of the Regulation (EU) 2018/1725, and in particular Art. 50.1 d) be applied, as required for important reasons of public interest. Indeed, EU-Rail’s staff under the group membership in IIA Belgium help EU-Rail in accomplishing its objectives by bringing a systematic, disciplined approach in order to evaluate and improve the effectiveness of risk management, control and governance processes. Their tasks include assessing and making appropriate recommendations for improving the risk management, control and governance process. Consequently, it is in public interest and common good to ensure that the service provided by these EU-Rail staff members would be of a high standard. There is no adequate or similar service provider in the EU/EEA that would allow these EU-Rail staff to become members of similar professional organisation, obtain certifications, follow necessary external trainings and maintain their professional qualifications. The application of derogation for specific situations based on the Regulation (EU) 2018/1725 Article 50.1(d) for the service contract with the IIA Belgium – affiliated to the Institute of Internal Auditors (IIA Global) would allow the EU-Rail staff to benefit, on a voluntary basis, from the Full Membership package offered by the IIA, including those implying the transfer of personal data to the US. The derogation is a temporary measure until a legally binding and enforceable instrument is agreed with the IIA Belgium – affiliated to the IIA Global and which has signed the Standard Contractual Clauses with the IIA Global for sharing the data.<br>&nbsp;More information about the legal base for the data transfer, the derogations for specific situations and the condition(s) that apply(ies) for the derogation(s) can be found in the EC DPO register (DPR-EC-08086.1) at the following link: <a href="https://ec.europa.eu/dpo-register/detail/DPR-EC-08086.1">https://ec.europa.eu/dpo-register/detail/DPR-EC-08086.1<br></a><br></div>
    Processors
    • Servers of the European Commission Servers of the IIA Belgium/IIA Global (Belgium, Derogation under Article 50 - Derogations for specific situations of the Regulation (EU) 2018/1725, and in particular Art. 50.1 d) )
    Restrictions of data subject rights
    Security measures Data kept according to the security measures adopted by the European Commission, Standard clause for the processing of personal data included in the contract
    Recipients European Commission and its services: , Processor: IIA Belgium – affiliated to the IIA Global administer and provide the associate membership services for the IAS staff members. The privacy policy of the IIA Belgium: https://iiabelgium.org/privacy-statement/ The privacy policy of the IIA Global: https://www.theiia.org/en/Privacy-Policy/
    Joint controllers n/a
    privacy policy url https://ec.europa.eu/dpo-register/detail/DPR-EC-08086
    Last updated 21.02.2023
    internal reference PO-4-07
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Communication of EU-Rail Staff personal data to governments of EU Member States
    Reference number PO-1-11
    Data subject category EU-Rail statutory staff (temporary agents and contract agents (CA) as well as seconded national experts as they are assimilated to statutory staff)
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Article 15, al.2 of the Protocol n° 7 on the Privileges and immunities of the European Union annexed to the Treaty on the Functioning of the European Union states that “the names, grades and addresses of officials and other servants included in such categories shall be communicated periodically to the governments of the Member States”.
    Description
    Collecting EU-Rail staff personal data (name, function and adress) and its communication, upon request, to the governments of the Member States.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Secure transfer of data
    Recipients Government organisations: Governments of the EU Member States (including but not limited to ministries and Permanent Representations)
    Joint controllers n/a
    privacy policy url N/A
    Last updated 14.06.2024
    internal reference Ares(2019)2259506
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Document management system (day-to-day document management)
    Reference number PO-6-01-b)
    Data subject category EU-Rail staff, Staff's correspondants
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected to ensure appropriate follow up, filing and registration of important communication (internal/external) and documents.
    Description
    Repository and filling of documents are received and sent out from and to external person as well as internal mail/documents exchanges
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    • Exchange Online
    • IT Tools (ABAC, EMI, etc.) (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Staff members: , European Commission and its services: Investigation and Disciplinary Office, European Commission and its services: OLAF, External contractors under framework contract with the European Commission : IT service providers of DG DIGIT, European Commission and its services: DG DIGIT
    Joint controllers DG DIGIT
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2018/11/S2RJU_DMP_adopted_20181116_v2.pdf
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Document management system (document management policy, archive policy and their implementation)
    Reference number PO-6-01-a)
    Data subject category EU-Rail staff, Staff's correspondants
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected to ensure appropriate follow up, filing and registration of important communication (internal/external) and documents.
    Description
    Repository and filling of documents are received and sent out from and to external person as well as internal mail/documents exchanges
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    • IT Tools (ABAC, EMI, etc.) (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: OLAF, European Commission and its services: Investigation and Disciplinary Office, EU-RAIL Staff members: , European Commission and its services: DG DIGIT, External contractors under framework contract with the European Commission : IT service providers of DG DIGIT
    Joint controllers DG DIGIT
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2018/11/S2RJU_DMP_adopted_20181116_v2.pdf
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: E-newsletter subscription and related information
    Reference number PO-3-02
    Data subject category Recipients (“general public”) having requested or explicitly consented to remain in the EU-Rail database and to continue receiving emails, invitations to events, alerts, e-news, newsletters and other relevant information from EU-Rail
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for the purpose of subscribing to the Europe’s Rail Joint Undertaking electronic newsletter via the EU-Rail website and related services (alerts, notifications, etc).
    Description
    Establishing a list of email addresses to which each issue of the e-newsletter is sent; sending emails, invitations to events, alerts, e-news, and other relevant information. 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 Until the data subject unsubscribes
    Profession Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 Until the data subject unsubscribes
    Processors
    • 20 Seconds to Midnight (Belgium)
    • Online platform (USA, EU-US privacy shield)
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data not displayed to the wider public, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Intra and extra-muros external service providers (EU-RAIL contractors): 20 Seconds to Midnight, EU-RAIL Staff members: Communication team, Intra and extra-muros external service providers (EU-RAIL contractors): MailChimp
    Joint controllers n/a
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2020/02/PO-3-02-E-newsletter-subscription-and-related-information.pdf
    Last updated 14.06.2024
    internal reference Ares(2019)561283
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: EU Survey Tool for event registrations
    Reference number PO-3-03
    Data subject category Registrants or attendees sent through the EU Survey tool
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected in order to share information about the event on EU-Rail and EUROPA websites and social media accounts, to ensure all necessary organisational steps to allow participants access on the premises of the event’s venue, for the management of the event itself, to ensure event follow-up activities.
    Description
    Collecting personal data for the purposes of participation in an on-line survey in order to to participate in a EU-Rail event on a voluntary basis.This specific on-line service consists of an on-line form made available on the EUSurvey application, managed by the European Commission. 
    Processed data Health data Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 1 month after the results of the survey have been aggregated
    Personal details Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 1 month after the results of the survey have been aggregated
    Profession Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 1 month after the results of the survey have been aggregated
    Processors
    • EUSurvey IT system (Belgium)
    • Teams
    Restrictions of data subject rights
    n/a
    Security measures Data kept according to the security measures adopted by the European Commission, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: Authorized staff, Intra and extra-muros external service providers (EU-RAIL contractors): Only parts of personal data (name, surname, employer, email address) for the purpose of sending news, newsletter or invitations to future EU-Rail events, EU-RAIL Staff members: Communication team
    Joint controllers DG DIGIT
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2020/02/PO-3-03-EU-Survey-Tool-for-event-registrations.pdf
    Last updated 14.06.2024
    internal reference Ares(2019)3713549
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: EU-Rail JU Info Day mobile app
    Reference number PO-5-03
    Data subject category Users of EU-Rail Info Day mobile app
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for the sole purposes of permitting app users to enjoy all facilities and event related services occurring during the EU-Rail Info Day.
    Description
    Collecting, processing and storing personal data locally for theEU-Rail Info Day mobile application,  a software solution created and developed by Evenium available for download at www.evenium.me and/or from the Apple Store and the Android Market, allowing the use of the ConnexMe service on smartphone devices. The app provides access to a list of all the events in which the organizer has participated and the content linked to these events, to communicate with other participants or the organizer of the event and to interact with the content of said events. It notably allows users: to participate in events with elements broadcast on screens.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 Until December 21st, 2017
    Profession Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 Until December 21st, 2017
    Processors
    • Evenium SA (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Use of information sources like the OWASP community and guidelines from the European Union Agency for Network and Information Security to stay abreast of new developments in threats and vulnerabilities and their most effective countermeasures
    Recipients Intra and extra-muros external service providers (EU-RAIL contractors): Ecorys NV, Intra and extra-muros external service providers (EU-RAIL contractors): Evenium SA (Subcontractor of Ecorys)
    Joint controllers n/a
    privacy policy url https://shift2rail.org/terms-of-use/
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Event registration and organization
    Reference number PO-3-01
    Data subject category Registrants/Attendees of EU-Rail events
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected to register interested persons for effective management of meetings, provide access to the EU-Rail event venues, and maintain participant’s lists as well as allowing possible event follow-up actions including feedback collection, specific communication activities and sharing of presentations.
    Description
    Collecting personal data as a part of the registration process for EU-Rail events, processing for organisation of event (participants list, name tags, access control, etc), online registration of participants as well as communication with event participants before and after the end of events; Sharing data for networking.
    Processed data Health data Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 5 years
    Video tapes and photographs Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 5 years
    Processors
    • Ecorys systems (Belgium)
    • SharePoint
    • Teams
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Paper files are stored in a locked cupboard in the HR sector’s secured office until their destruction., Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Intra and extra-muros external service providers (EU-RAIL contractors): Ecorys and 20 Seconds To Midnight, Data subject themselves: Other participants, EU-RAIL Staff members: Communication team
    Joint controllers n/a
    privacy policy url https://rail-research.europa.eu/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Exceptional leaves, absences and permanencies
    Reference number PO-1-05-c)
    Data subject category JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose The purpose of this processing activity is to manage the exceptional leaves, absences, and permanencies of staff members so that the EU-Rail HR Officer may determine if the staff members leave rights are to be adapted.
    Description
    This processing activity occurs when assessing the entitlement to exceptional leaves, absences and permanencies and working conditions for temporary agents and contract agents. The exceptional leaves, absences, and permanencies could concern but are not limited to: permanencies during the EU-Rail office closure, flexibility during public holidays (for example the possibility to work during the day of Easter), participation to strikes organized by unions. The exceptional leaves, absences, and permanencies do not fall under the normal scope of leaves and special leaves granted to staff members, for which another record gives account.
    Processed data Personal characteristics Public interest article 5 a) of regulation 2018/1725 7 years
    Personal details Public interest article 5 a) of regulation 2018/1725 7 years
    Profession Public interest article 5 a) of regulation 2018/1725 7 years
    Processors
    • IT Tool SYSPER (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: PMO, EU-RAIL Staff members: Human resources officer, EU-RAIL Staff members: Line managers, European Commission and its services: DG HR/DG DIGIT via SYSPER
    Joint controllers DG DIGIT, DG Human Resources and Security, PMO
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Flexitime Management
    Reference number PO-1-09
    Data subject category JU Staff: temporary, JU Staff: contractual
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected to authorize the recuperation of overtime based on the working hours registered in SYSPER by the staff member.
    Description
    Assessing and managing the entitlement of staff members to flexitime for temporary agents and contract agents.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • Exchange Online
    • IT Tool SYSPER (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Staff members: Human resources officer, EU-RAIL Staff members: Line manager
    Joint controllers DG DIGIT, DG Human Resources and Security
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Internal audits
    Reference number PO-4-01
    Data subject category EU-Rail staff, Experts and EU-Rail contractors, Relatives of the persons above mentionned, whose personal data are available in the systems and/or files of the EC
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected and managed for the purpose of independent, risk-based and objective assurance and consulting services designated to add value and improve the operations of EU-Rail.
    Description
    The Internal Auditor reports to the EU-Rail on his or her findings and recommendations and advises on dealing with risks, by issuing independent opinions on the quality of management and control systems and by issuing recommendations for improving the conditions of implementation of operations and promoting sound financial management. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Financial information Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Processors
    • Audit management system (Belgium)
    • Exchange Online
    • IT Tools (ABAC, EMI, etc.) (Belgium)
    • SharePoint
    Restrictions of data subject rights
    no restriction per se in eu-rail related operations but commission decision (eu) 2018/1961 of 11 december 2018 laying down internal rules concerning the provision of information to data subjects and the restriction of certain of their rights in the context of the processing of personal data for the purpose of internal audit activities.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: DG DIGIT, European Commission and its services: European Data Protection Supervisor, Police or legal organisations: European Court of Auditors, EU-RAIL Governing Board: , EU-RAIL Executive Director: , EU-RAIL Staff members: Data Protection Officer, Internal Control Coordinator, Head of Administration and Finance, Administration and Finance Support team, European Commission and its services: Internal Audit Service
    Joint controllers n/a
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Leaves and special leaves
    Reference number PO-1-05-a)
    Data subject category JU Staff: temporary, JU Staff: contractual, Relatives of the data subject, External staff: trainees and interim staff
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose The purpose of this processing activity is the management of annual leave and special leave entitlements.
    Description
    Assessing the entitlement to annual leave and special leave and working conditions for temporary agents and contract agents. The special leaves include: 1- Marriage of an official, contract agent or SNE 2- Marriage of a child of an official / agent. 3- Birth of a child of an official / servant / SNE. 4- Serious illness of the spouse 5- Very serious illness of a child 6- Serious illness of a child 7- Serious illness of an ascendant  8- Death of the spouse 9- Death of wife during maternity leave 10- death of a child 11- Dead of an ascendant 12- Dead of a brother or sister 13- Adoption 14- Maternity 15- Exercise of an unremunerated external activity 16- Convocation to the court / judiciary. 17- Cure 18- Move 19- Election outside the duty station 20- Participation in an examination / competition / selection organized by EPSO, by a Community Institution or Agency 21- Training 22- Exercise of an elective public office. 23- Looking for a job at the end of the contract. 24- Travel time "special leave". 25- Part-time work 26- Family leave 27- Termination of functions  28- Cancellation of an annual or special leave at the request of the person concerned. 29- Postponement of annual leave 30- Flexitime 31- Permanence of end of year 
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 N+3 years
    Health data Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 N+3 years
    Juridic data Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 N+3 years
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 N+3 years
    Personal details Public interest article 5 a) of regulation 2018/1725 N+3 years
    Processors
    • Exchange Online
    • IT Tool SYSPER (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures A paper copy is made and saved in a paper file. The paper file is archived in a locked cupboard., Health data processed with the principles of medical confidentiality by HR officer, Paper files are stored in a locked cupboard in the HR sector’s secured office until their destruction., Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: PMO, DG HR, DG DIGIT via SYSPER , EU-RAIL Staff members: Human resources officer, EU-RAIL Staff members: Line manager
    Joint controllers DG DIGIT, DG Human Resources and Security, PMO
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Management of EU-Rail Governance's bodies and meetings
    Reference number PO-6-03
    Data subject category Any natural person acting on a private basis or on behalf of a legal person submitting a request for a meeting with the Executive Director or EU-Rail staff, Members of the Governing Board, Members of Scientific Committee, Members of States Representatives Group, Members of the Innovation Programmes' Steering Committees, Members of working groups, Other participant, observer or expert invited to the meetings of the bodies of EU-Rail
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected and managed for the purpose of granting access to members of EU-Rail bodies and visitors to EU-Rail premises in order to attend either EU-Rail Governance meetings or meetings with the EU-Rail Executive Director or EU-Rail staff.
    Description
    Collecting and processing  information of attendees to the EU-Rail meetings, in particular  invitations, registration,  minutes, member's nomininations; register of  visitors for the Executive Director and other EU-Rail staff.
    More information on the EU-Rail bodies, minutes and member's names can be found on the EU-Rail web site: About Europe's Rail - Europe's Rail (europa.eu)
    Processed data Education Public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Processors
    • Exchange Online
    • Securitas SA (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Individuals/organisations in direct relationship with controller: Security Service of the White Atrium building, EU-RAIL Executive Director: , EU-RAIL Staff members: ED Assistant, Programme Assistant, Legal Officer and DPO, External evaluators or experts assisting the JU: Auditors, Police or legal organisations: European Data Protection Supervisor, European Commission and its services: EDPS
    Joint controllers n/a
    privacy policy url On-going
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Management of procurement procedures and grant applications (successful)
    Reference number PO-02-01-a)
    Data subject category Tenderers’ and applicants’ data (in case of legal entities, their representatives)
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for the award, management and follow-up of procurement contracts, grants, prizes and financial instruments by EU-Rail in accordance with EU-Rail's annual work plans.
    Description
    Collecting and processing of data provided by the applicants, tenderers, contractors and beneficiaries in the context of grant applications and tenders procedures as well as grant agreements and procurement contracts managed by EU-Rail in accordance with EU-Rail’s annual work plans.

    Processed data Education Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Financial information Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Juridic data Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Processors
    • European Commission systems (Belgium)
    • Exchange Online
    • External experts (contractors, intra and extra-muros) (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a. restriction already foreseen in the financial regulation – art 142 (1)
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Secure transfer of data, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients External evaluators or experts assisting the JU: , Intra and extra-muros external service providers (EU-RAIL contractors): , EU-RAIL Executive Director: , EU-RAIL Staff members: Grant proposal evaluation panels, IP Coordinators, Tender evaluation committees, Staff participating in the selection of external experts, European Commission and its services:
    Joint controllers Research Executive Agency
    privacy policy url https://rail-research.europa.eu/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 14.06.2024
    internal reference Ares(2018)6031672
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Management of procurement procedures and grant applications (unsuccessful applicants)
    Reference number PO-02-01-b)
    Data subject category Tenderers’ and applicants’ data (in case of legal entities, their representatives)
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for the award, management and follow-up of procurement contracts, grants, prizes and financial instruments by the EU-Rail in accordance with EU-Rail’s annual work plans.
    Description
    Collecting and processing of data provided by unsuccessful applicants in the context of grant applications and tenders procedures as well as grant agreements and procurement contracts managed by EU-Rail in accordance with EU-Rail’s annual work plans.


    Processed data Education Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Financial information Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Juridic data Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Processors
    • European Commission systems (Belgium)
    • Exchange Online
    • External experts (contractors, intra and extra-muros) (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a. restriction already foreseen in the financial regulation – art 142 (1)
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Secure transfer of data, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Executive Director: , EU-RAIL Staff members: Staff participating in the selection of external experts, Tender evaluation committees, IP Coordinators, Grant proposal evaluation panels., Intra and extra-muros external service providers (EU-RAIL contractors): , External evaluators or experts assisting the JU:
    Joint controllers Research Executive Agency
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2020/02/PO-02-01-b-Management-of-procurement-procedures-and-grant-applications-unsuccessful-applicants.pdf
    Last updated 14.06.2024
    internal reference Ares(2018)6031672
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Management of the EU-Rail Cooperation tool
    Reference number PO-5-04
    Data subject category EU-Rail staff, EU-Rail founding and associated Members, External guests (i.e.: auditors)
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for the management of the Web application EU-Rail Multi-project Cooperation Tool".
    Description
    Collecting and exchange documents, EU-Rail members comments and opinions and organisation of meetings of EU-Rail project,  recording history data (for audit trail) of all communication and modifications applied by individual access. The Cooperation Tool is a multi-project (programme) to manage all collaborative projects performed by EU-Rail Members, stemming from the EU-Rail annual calls for proposals under the rules for participation of H2020 and EU-Rail Regulation, as well as some specific JU activities like the IP/CCA Steering Committees. It allows the EU-Rail Members to monitor the financial management of their respective grant agreements as well as their annual Total Project Costs(IKOP) reporting and certification in accordance with Article 4.4 of EU-Rail Regulation. It allows and supports the cooperation of the various R&I project participants to implement the Description of the Action (DoA) for each awarded grant through daily project coordination and communication, as well as allow the JU to manage its working groups and Steering Committee with the respective members. The tool offers a common interface and a platform for:  coordination; planning; control;  technical, administrative and  financial management; exchange of document; comments and opinions;  organisation of meetings of EU-Rail projects and groups.


    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • Data centre (Italy)
    • Exchange Online
    Restrictions of data subject rights
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automatically generated password stored in encrypted format, Back-ups, update and monitoring services as well as corrective and periodic maintenances , Data produced remain the sole ownership of the participants to the project, No copies kept by contractor, Password recovery mechanism , Secure communication channel between server and client, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: Observers in the IP/CCA Steering Committe (ERA and EC representatives), EU-RAIL Staff members: , EU-RAIL private founding Members: , Intra and extra-muros external service providers (EU-RAIL contractors): Centro Nuova Comunicazione S.R.L.
    Joint controllers n/a
    privacy policy url
    Last updated 14.06.2024
    internal reference Ares(2019)1475974
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Microsoft Office 365 - EU-Rail staff and guest users
    Reference number PO-PO5-05
    Data subject category JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff, EU-Rail statutory staff (temporary agents and contract agents (CA) as well as seconded national experts as they are assimilated to statutory staff), EU-Rail staff, Interim staff selected via an external contractor on behalf of the EC, JU external collaborators being granted access to M365 platform as guests
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose In line with the European Commission’s Digital Strategy, JU is gradually moving into a fully digital working environment. As a European public administration, JU needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster.
    Description
    In line with the European Commission’s Digital Strategy, EU-Rail is gradually moving into a fully digital working environment.
    As a European public administration, EU-Rail needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster.
    For this strategy to deliver, EU-Rail has designed several actions and adopted a series of new tools designed to form together a Digital Workplace. 
    The Digital Workplace is an opportunity for the EU-Rail to become an example of a modern public, connected and efficient Public Administration by providing staff with the best combination of tools, physical framework and working methods, to effectively support the achievement of the priorities of our organisation. 
    The Digital Workplace responds to the need for connected office, integrating teleworking tools for activities such as conference calls, remote collaboration, audio- or videoconferencing or webinars.
    Consequently, EU-Rail has decided to operate M365 provided by Microsoft Ireland. M365 offers cloud-based solutions that enable staff members of JU to:
    1. Document Processing – to create, read, review and amend documents, presentations, spreadsheets and other document types in various formats and for various purposes (Access, Sway, Forms);
    2. Email, Calendar, Contacts – to manage and exchange e-mail, calendars, contacts, tasks and notes (Exchange Online);
    3. File Sharing – to create, read, review, amend, store and share documents and files of various types in view of collaboration among staff (SharePoint Online, OneDrive, OneNote, Stream, Teams, PowerApps, Yammer);
    4. Chat and Messaging – to interact, share files, chat and exchange messages with colleagues, partners, stakeholders and other parties (Teams, Yammer);
    5. Virtual Meetings – to set up and participate in virtual meetings and teleconferences (Teams);
    6. Project and Task Management – to facilitate project and task management by staff (Exchange Online); and
    7. Data Analytics and Visualisation – to analyse data and visualise such data (Power BI).
    Identity and access management to M365 is managed through Azure Active Directory (Azure AD) and InTune.

    The operation of M365 requires the processing of personal data by EU-Rail for the following purposes:
    1. provision, enabling, set-up, configuration and maintenance of M365 capabilities, including facilitating and coordinating field tasks (Identification Data, Service-Generated Data, Content Data)
    2. administration of the rights allocated to a user account (identity and access management)  (Identification Data);
    3. end-user support and IT Teams support for issues with M365 (Identification Data, Service-Generated Data, Diagnostic Data);
    4. prevention, detection and resolution of security events (e.g. cyber-attack), to ensure the confidentiality, integrity and availability of M365 (Identification Data, Service-Generated Data); and
    5. responding to data subjects exercising their rights in relation to personal data processed within M365 (Identification Data, Service-Generated Data).

    Additionally, Microsoft Ireland as a processor for and on behalf of EU-Rail processes personal data for internal business operations in the context of providing M365. These business operations consist of (exhaustive list):
    1. billing and account management (Identification Data, Service-Generated Data); 
    2. compensation (Service-Generated Data); 
    3. internal reporting and business modelling (Service-Generated Data); 
    4. combatting fraud, cybercrime, and cyberattacks (Identification Data, Service-Generated Data); 
    5. improving core functionality of accessibility, privacy and energy efficiency (Service-Generated Data); and 
    6. financial reporting and compliance with legal obligations (Identification Data, Service-Generated Data). 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 6 months
    Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 For as long as the user account is active. days
    Processors
    • Exchange Online
    • OneDrive
    • SharePoint
    • Stream
    • Teams
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Computer systems hardened, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other private organisations: Microsoft's personnel based outside the EEA (most importantly, the USA) managing the databases on Microsoft cloud servers and Microsoft’s sub-processors' personnel on a need-to-know basis.
    Joint controllers n/a
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2021/05/PO-PO-5-05_Microsoft-365_public.docx.pdf
    Last updated 14.06.2024
    internal reference PO-PO5-05
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Missions
    Reference number PO-1-08
    Data subject category JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff, EU-Rail statutory staff (temporary agents and contract agents (CA) as well as seconded national experts as they are assimilated to statutory staff)
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for the management of the missions of the staff and the reimbursement of travel expenses and daily subsistence allowance.
    Description
    Collection of contact details and meeting documentation (such as agenda), request files and reimbursement files, travel orders. 
    Processed data Financial information Public interest article 5 a) of regulation 2018/1725 7 years
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 7 years
    Personal details Public interest article 5 a) of regulation 2018/1725 7 years
    Profession Public interest article 5 a) of regulation 2018/1725 7 years
    Processors
    • American Express (travel agency) (Belgium)
    • Exchange Online
    • SharePoint
    Restrictions of data subject rights
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Staff members: Administrative staff responsible for processing the files, European Commission and its services: PMO, External contractors under framework contract with the European Commission : American Express
    Joint controllers PMO
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Occupational health and medical data
    Reference number PO-1-02
    Data subject category JU Staff: temporary, JU Staff: contractual, Relatives of the data subject
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected to ensure that EU-Rail staff complies with requirements of pre-recruitment, annual and periodic medical examination.
    Description
    Procedures put in place to ensure safety, health and welfare of EU-Rail staff; Pre-recruitment medical examination; Annual and periodic medical examination . EU-Rail does not collect medical certificates of staff members. These are directly sent to the medical service of the European Commission in accordance with the procedure established. 
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 3 years
    Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    • SharePoint
    Restrictions of data subject rights
    no specific restrictions in place at eu-rail the medical files are kept at the commission's medical services. commission decision (eu) 2019/154 of 30 january 2019 laying down internal rules concerning the restriction of the right of access of data subjects to their medical files.
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Staff members: Administrative staff responsible for processing the files, European Commission and its services: DG HR and Security, European Commission and its services: PMO, External contractors under framework contract with the European Commission :
    Joint controllers DG Human Resources and Security, PMO
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Personal files of staff
    Reference number PO-1-04
    Data subject category JU Staff: temporary, JU Staff: contractual
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for employment contracts and setting up rights of the staff.
    Description
    Collection of staff documentation for recruitment, determination of rights, career development, appraisal.
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Financial information Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Processors
    • Exchange Online
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: Internal Audit Service, Medical Service and the PMO, EU-RAIL Staff members: Finance team (for reimbursement purposes), Line manager, Human Resources Officer
    Joint controllers DG Human Resources and Security
    privacy policy url N/A
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Policy on sensitive functions
    Reference number PO-4-06
    Data subject category EU-Rail staff
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected to ensure the functioning of an effective and efficient internal control system, in particular on functions that are genuinely sensitive, i.e. where the risk of fraud or irregularities in the use of funds and sensitive information is significant.
    Description
    Collecting personal data for the management of sensitive posts: risks associated with tasks in the areas of management, individual decisions and finance. 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 2 years
    Profession Public interest article 5 a) of regulation 2018/1725 2 years
    Processors
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Annual assessment of risk factors through the risk assessment exercise, Appropriate training, Audit by the Internal Audit Service and European Court of Auditors, Decision making process based on a control chain , Periodic management review and assessment made by the Executive Director, Segregation of duties, Signature of absence of conflict of interest
    Recipients European Commission and its services: DG Human Resources in exceptional cases for guidance and advice, EU-RAIL Staff members: Human resources officer, EU-RAIL Staff members: Legal officer, EU-RAIL Staff members: Management
    Joint controllers n/a
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Prevention and management of conflicts of interests applicable to the bodies of Europe’s Rail Joint Undertaking
    Reference number PO-6-04
    Data subject category Relatives of the data subject, Members of the Governing Board, Members of Scientific Committee, Members of States Representatives Group, Members of the Innovation Programmes' Steering Committees, Members of working groups, Other participant, observer or expert invited to the meetings of the bodies of EU-Rail
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is processed for the sole purpose of applying the rules for the prevention and management of conflicts of interest applicable to the members of the bodies of EU-Rail listed under Article 5(1) of the Statutes in order to ensure the handling of situations where potential conflicts of interest may arise in a transparent and consistent manner.
    Description
    Collecting and screening declarations of confidentiality and non-conflict of interests signed by all members of the EU-Rail bodies before appointment, after appointment  (in a yearly basis) and spontaneously at any time in the course of their duties (ad-hoc Declaration).
    The name of the Members of Governing Board, Scientific Committee, States Representatives Group together with the name of their employer or any organization which pays them  shall be published on the EU-Rail’s website. The CVs and declarations of interest by the Members of the Governing Board shall be available for public scrutiny in the EU-Rail web site with due respect to the applicable EU rules on protection of personal data  and access to documents (article 9 of Decision n° 07/2018)
    Processed data Education Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Financial information Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Memberships Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Philosophical or religious convictions Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Political preferences Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Trade union membership Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Processors
    • Exchange Online
    • SharePoint
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Data kept according to the security measures adopted by the European Commission, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Executive Director: , EU-RAIL Staff members: Administrative staff, legal department. , Individuals/organisations in direct relationship with controller: Chairperson and Vice chair person of the relevant body or group, The general public: The name of the Members of Governing Board, Scientific Committee, States Representatives Group together with the name of their employer or any organization which pays them shall be published on the EU-Rail's website. The CVs and declarations of interest by the Members of the Governing Board shall be available for public scrutiny in the EU-Rail web site with due respect to the applicable EU rules on protection of personal data and access to documents (article 9 of Decision n° 07/2018), Data subject themselves:
    Joint controllers n/a
    privacy policy url On-going
    Last updated 18.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Prevention and management of conflicts of interests of the staff members of the Europe’s Rail Joint Undertaking
    Reference number PO-1-10
    Data subject category Relatives of the data subject, EU-Rail statutory staff (temporary agents and contract agents (CA) as well as seconded national experts as they are assimilated to statutory staff)
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is processed for the sole purpose of applying the rules for the prevention and management of conflicts of interest of EU-Rail staff members in order to ensure the handling in a transparent and consistent manner of situations where conflicts of interest may arise.
    Description
    Collecting and screening declarations of confidentiality and non-conflict of interests signed by all EU-Rail staff members when they take up duties.
    Processed data Characteristics of domicile Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Education Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Family composition Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Financial information Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Memberships Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Philosophical or religious convictions Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Political preferences Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Trade union membership Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Processors
    • Exchange Online
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Executive Director: , EU-RAIL Staff members: Staff member concerned, Line manager, Legal officer, Human resources officer, The general public: The declarations of interest submitted by the EU-Rail Executive Director shall be available for public scrutiny with due respect to the applicable EU rules on protection of personal data and access to documents. Where deemed relevant, the concerned person's CV (or a summary of his/her professional experience) could also be made available. , EU-RAIL Governing Board:
    Joint controllers n/a
    privacy policy url
    Last updated 18.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Procedure for submitting requests under Article 90(1) of the Staff Regulations, for lodging complaints under Article 90(2) of the Staff Regulations against decisions of the Executive Director or against decisions taken at a level below that of the Executive Director
    Reference number PO-1-12
    Data subject category JU Staff: temporary, JU Staff: contractual, EU-Rail statutory staff (temporary agents and contract agents (CA) as well as seconded national experts as they are assimilated to statutory staff), EU-Rail staff
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is being processed in the context of Articles 90(1) and 90(2) of the Staff Regulations within Europe’s Rail. These provisions regulate the rights of persons to whom the Staff Regulations apply, particularly concerning the handling of requests, appeals and complaints. In this context, personal data will be processed where a person to whom the Staff Regulations apply, request that the appointing authority (in this case the Executive Director to whom appointing authority powers have been delegated by the Governing Board) take a decision relating to him (in accordance with Article 90 (1) of the Staff Regulations). Personal data will also be processed regarding complaints that have been lodged by the people to who the Staff Regulations apply against an act affecting them adversely, either where the decision was taken at a level below that of the Executive Director or where no measure prescribed by the Staff Regulations was adopted (in accordance with Article 90 (2) of the Staff Regulations). Personal data will also be processed when the Appeals Committee handles complaints that have been lodged by the people to who the Staff Regulations apply against an act affecting them adversely, either where the Executive Director has taken a decision or where the Executive Director has failed to adopt a measure prescribed by the Staff Regulations (in accordance with Article 90 (2) of the Staff Regulations).
    Description
    In accordance with Article 17(4) of Regulation (EU) No 2021/2085 and Governing Board Decision n° 11/2015, the appointing authority powers has been delegated to the EU-RAIL Executive Director. In accordance with Article 90 (1) and Article 90(2) Staff Regulations (SR), any person to whom the SR apply may submit to the Appointing Authority a request or a complaint when an act adversely affecting them, either where the said authority has taken a decision or where it has failed to adopt a measure prescribed by the SR (an implied decision rejecting the measure). In accordance with article 2(4) of Governing Board Decision n° 11/2015, the governing board shall exercise the appointing authority powers concerning Article 90(2) of the Staff Regulations when the contested decision was taken at the level of the Executive Director. For reasons of expediency and flexibility, it is appropriate to establish an “Appeals Committee” to exercise the relevant “appointing authority powers” on behalf the Governing Board to deal with complaints submitted under Article 90(2) of the Staff Regulations against decisions taken at the level of the Director of EU-RAIL. 
     
     
     


    Processed data Education Public interest article 5 a) of regulation 2018/1725, article 90 (1) and 90(2) eu staff regulations (sr) 10 years
    Family composition Public interest - art. 50.1 d) article 5 a) of regulation (eu) 2018/1725 10 years
    Health data Public interest article 5 a) of regulation 2018/1725, article 90 (1) and 90(2) eu staff regulations (sr), article 10.2.g) regulation (eu) 2018/1725-special categories of personal data (reasons of substantial public interest) 10 years
    Personal characteristics Public interest - art. 50.1 d) article 5 a) of regulation (eu) 2018/1725, article 90 (1) and 90(2) eu staff regulations (sr) 10 years
    Personal details Public interest - art. 50.1 d) article 5 a) of regulation (eu) 2018/1725 10 years
    Philosophical or religious convictions Public interest article 5 a) of regulation 2018/1725, article 90 (1) and 90(2) eu staff regulations (sr), article 10.2.g) regulation (eu) 2018/1725-special categories of personal data (reasons of substantial public interest) 10 years
    Political preferences Public interest article 5 a) of regulation 2018/1725, article 90 (1) and 90(2) eu staff regulations (sr), article 10.2.g) regulation (eu) 2018/1725-special categories of personal data (reasons of substantial public interest) 10 years
    Profession Public interest - art. 50.1 d) article 5 a) of regulation (eu) 2018/1725, article 90 (1) and 90(2) eu staff regulations (sr) 10 years
    Racial or ethnic information Public interest article 5 a) of regulation 2018/1725, article 90 (1) and 90(2) eu staff regulations (sr), article 10.2.g) regulation (eu) 2018/1725-special categories of personal data (reasons of substantial public interest) 10 years
    Results of the selection process Public interest article 5 a) of regulation 2018/1725, article 90 (1) and 90(2) eu staff regulations (sr) 10 years
    Trade union membership Public interest article 5 a) of regulation 2018/1725, article 90 (1) and 90(2) eu staff regulations (sr), article 10.2.g) regulation (eu) 2018/1725-special categories of personal data (reasons of substantial public interest) 10 years
    Processors n/a
    Restrictions of data subject rights
    Security measures n/a
    Recipients EU-RAIL Executive Director: , European Commission and its services: , EU-RAIL Governing Board: , Data subject themselves: , Legal and Data Protection Officer: , External lawyer(s) under a framework or direct contract for services:
    Joint controllers European Commission
    privacy policy url
    Last updated 17.10.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Salary
    Reference number PO-1-06
    Data subject category JU Staff: temporary, JU Staff: contractual, Relatives of the data subject
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected in order to determine the staff member’s entitlements. Documents are collected by the HR Officer and sent to the relevant Commission service (PMO) which will process the data in order to determine the financial rights of the staff member.
    Description
    Producing salary slips, determining allowances, establishment of financial rights, paying the salaries and allowances to EU-Rail staff. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Family composition Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Financial information Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Profession Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Processors
    • Exchange Online
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: PMO, EU-RAIL Staff members: Financial team, Human resources officer, EU-RAIL Executive Director: , European Commission and its services: Medical service (if sick leave involved)
    Joint controllers PMO
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Selection and management of external experts (Non-selected experts)
    Reference number PO-2-02-b)
    Data subject category Experts (in case of legal entities, their representatives)
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for the selection and the management (including reimbursements of expenses and payment where appropriate) of independent experts appointed by EU-Rail to advise on or assist with: the evaluation of proposals, the monitoring of the implementation of actions carried out under Horizon 2020 as well as of previous Research and/or Innovation Programmes, advice or assistance with other tasks related to EU-Rail activities.
    Description
    Collection and processing of data provided by individuals for the establishment of a database of prospective independent experts to assist with tasks managed by EU-Rail. The processing operations performed by the Controller include collection, storage and evaluation of personal data of the experts. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Financial information Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    • Exchange Online
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
    Recipients EU-RAIL Staff members: IP Coordinators, EU-RAIL Staff members: Staff participating in the selection of external experts, External evaluators or experts assisting the JU: , EU-RAIL Executive Director: , European Commission and its services:
    Joint controllers Research Executive Agency
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2020/02/PO-2-02-b-Selection-and-management-of-external-experts-Non-selected-experts.pdf
    Last updated 14.06.2024
    internal reference Ares(2018)6031672
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Selection and management of external experts (selected experts)
    Reference number PO-2-02-a)
    Data subject category Experts (in case of legal entities, their representatives)
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected for the selection and the management (including reimbursements of expenses and payment where appropriate) of independent experts appointed by EU-Rail to advise on or assist with: the evaluation of proposals, the monitoring of the implementation of actions carried out under Horizon 2020 as well as of previous Research and/or Innovation Programmes, advice or assistance with other tasks related to EU-Rail activities.
    Description
    Collection and processing of data provided by individuals for the establishment of a database of prospective independent experts to assist with tasks managed by EU-Rail. The processing operations performed by the Controller include collection, storage and evaluation of personal data of the experts. 
    Processed data Financial information Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 10 years after end of contract
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    • Exchange Online
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
    Recipients External evaluators or experts assisting the JU: , EU-RAIL Staff members: Staff participating in the selection of external experts, EU-RAIL Staff members: IP Coordinators, EU-RAIL Executive Director: , European Commission and its services: Research Executive Agency via the H2020 Participant Portal
    Joint controllers Research Executive Agency
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2020/02/PO-2-02-a-Selection-and-management-of-external-experts-selected-experts.pdf
    Last updated 14.06.2024
    internal reference Ares(2018)6031672
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Selection and recruitment of interims
    Reference number PO-1-01-c)
    Data subject category Interim staff selected via an external contractor on behalf of the European Commission
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Data are processed for the purpose of organising the selection and recruitment procedures for interims at EU-Rail.
    Description
    Collecting applications of candidates, screening tables, pre-selection reports, selection reports, written tests, interview questions, offers for posts, short lists, reserve lists, reserve list letters, negative letters etc. 


    Processed data Education Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 6 months
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 6 months
    Personal details Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 6 months
    Profession Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 6 months
    Processors
    • Exchange Online
    • Randstad Belgium SA systems (Belgium)
    • SharePoint
    • Teams
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Once the procedure is closed, electronically stored data erased, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients External evaluators or experts assisting the JU: Appointed members of the selection committee, EU-RAIL Executive Director: , EU-RAIL Staff members: Appointed members of the selection committee, Human Resources Officer, Data Protection Officer (only for the purposes of replying to access requests or other consultations on data protection aspects from the HR Officer), External contractors under framework contract with the European Commission : Randstad , European Commission and its services: DG Human Resources and Security
    Joint controllers DG EAC, DG Human Resources and Security, PMO
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2020/02/PO-1-01-c-Selection-and-recruitment-of-interims.pdf
    Last updated 14.06.2024
    internal reference Ares(2019)503847
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Selection and recruitment of temporary agents (TA), contract agents (CA), seconded national experts (SNE) (non-recruited candidates)
    Reference number PO-1-01-b)
    Data subject category Candidates applying for open EU-Rail vacancies (TA, CA, and SNE), Trainees recruited by the European Commission ('EU BlueBlook trainees')
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Data are processed for the purpose of organising the selection and recruitment procedures for TA, CA, SNE and Blue Book Trainees at EU-Rail.
    Description
    This processing operation consists of collecting applications of candidates, screening tables, pre-selection reports, selection reports, written tests, interview questions, offers for posts, short lists, reserve lists, reserve list letters, negative letters etc. Special retention time applies to non-recruited candidates. Regarding the BlueBook trainees, EU-Rail is not in charge of the recruitment process which is being dealt with by the relevant department at the European Commission (DG EAC). Applications are only accessible via the online database which is open for consultation only during specific periods. Therefore, EU-Rail does not store any data related to the recruitment of BlueBook Trainees. 


    Processed data Education Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 2 years following the recruitment procedure is terminated
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 2 years following the recruitment procedure is terminated
    Personal details Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 2 years following the recruitment procedure is terminated
    Profession Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 2 years following the recruitment procedure is terminated
    Processors
    • Exchange Online
    • SharePoint
    • Teams
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Once the procedure is closed, electronically stored data erased, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients External evaluators or experts assisting the JU: Appointed members of the selection committee, EU-RAIL Executive Director: , EU-RAIL Staff members: Appointed members of the selection committee, Human Resources Officer, Data Protection Officer (only for the purposes of replying to access requests or other consultations on data protection aspects from the HR Officer), European Commission and its services: PMO, DG Human Resources and Security
    Joint controllers DG EAC, DG Human Resources and Security, PMO
    privacy policy url https://shift2rail.org/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 14.06.2024
    internal reference Ares(2019)503847
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Selection and recruitment of temporary agents (TA), contract agents (CA), seconded national experts (SNE) (recruited candidates)
    Reference number PO-1-01-a)
    Data subject category Candidates applying for open EU-Rail vacancies (TA, CA, and SNE), Trainees recruited by the European Commission ('EU BlueBlook trainees')
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Data are processed for the purpose of organising the selection and recruitment procedures for TA, CA, SNE and Blue Book Trainees at EU-Rail.
    Description
    This processing operation consists of collecting applications of candidates, screening tables, pre-selection reports, selection reports, written tests, interview questions, offers for posts, short lists, reserve lists, reserve list letters, negative letters etc. Regarding the BlueBook trainees, EU-Rail is not in charge of the recruitment process which is being dealt with by the relevant department at the European Commission (DG EAC). Applications are only accessible via the online database which is open for consultation only during specific periods. Therefore, EU-Rail does not store any data related to the recruitment of BlueBook Trainees. 


    Processed data Education Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Personal details Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Processors
    • Exchange Online
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    • SharePoint
    • Teams
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Once the procedure is closed, electronically stored data erased, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients External evaluators or experts assisting the JU: Appointed members of the selection committee, EU-RAIL Staff members: Executive Director, Appointed members of the selection committee, Human Resources Officer, Data Protection Officer (only for the purposes of replying to access requests or other consultations on data protection aspects from the HR Officer), European Commission and its services: PMO, DG Human Resources and Security
    Joint controllers DG EAC, DG Human Resources and Security, PMO
    privacy policy url https://rail-research.europa.eu/about-shift2rail/reference-documents/functioning-of-the-ju/
    Last updated 14.06.2024
    internal reference Ares(2019)503847
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Selection and recruitment of temporary agents (TA), contract agents (CA), seconded national experts (SNE) (spontaneous applications)
    Reference number PO-1-01-d)
    Data subject category Trainees recruited by the European Commission ('EU BlueBlook trainees'), Spontaneous applicants
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Data are processed for the purpose of organizing the selection and recruitment procedures for TA, CA, SNE, interims staff and “EU Blue Book Trainees” at EU-Rail.
    Description
    Collecting spontaneous applications of candidates. EU-Rail does not consider spontaneous applications. Personal data (such as CV) is not stored and is deleted after 7 days. Regarding the BlueBook trainees, EU-Rail is not in charge of the recruitment process which is being dealt with by the relevant department at the European Commission (DG EAC). Applications are only accessible via the online database which is open for consultation only during specific periods. Therefore, EU-Rail does not store any data related to the recruitment of BlueBook Trainees. 



    Processed data Education Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 7 calendar days
    Personal characteristics Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 7 calendar days
    Personal details Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 7 calendar days
    Profession Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725 7 calendar days
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Staff members: Human Resources Officer
    Joint controllers n/a
    privacy policy url https://shift2rail.org/wp-content/uploads/2020/02/PO-1-01-d-Spontaenous-applicants.pdf
    Last updated 14.06.2024
    internal reference Ares(2019)503847
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Sick leaves
    Reference number PO-1-05-b)
    Data subject category JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is managed and collected for the purpose of assessing the entitlement to sick leave, annual leave and special leave and working conditions for temporary agents and contract agents.
    Description
    Assessing the entitlement to sick leaves and working conditions for temporary agents and contract agents. 
    Processed data Health data Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Processors
    • Exchange Online
    • IT Tool SYSPER (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures A paper copy is made and saved in a paper file. The paper file is archived in a locked cupboard., Health data processed with the principles of medical confidentiality by HR officer, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Staff members: Human resources officer, Line manager, Executive Director, European Commission and its services: PMO, Medical service, DG DIGIT, Other: Other Institutions in case of transfer (they receive a chart with the liquidation account of sick leave)
    Joint controllers DG DIGIT, DG Human Resources and Security, PMO
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Staff evaluation
    Reference number PO-1-03
    Data subject category JU Staff: temporary, JU Staff: contractual
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected to assess the performance with regard to the job specifications and defined objectives, and the potential and development or reclassification needs.
    Description
    Staff appraisal, probationary reports, reclassification of contract and temporary agents, renewal of contracts. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors
    • Exchange Online
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Obligation of confidentiality of the staff, Paper files are stored in a locked cupboard in the HR sector’s secured office until their destruction., Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU-RAIL Staff members: Line Managers, HR Officer, and in case of reclassification, the staff and Joint reclassification committees.
    Joint controllers n/a
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Teleworking
    Reference number PO-1-07
    Data subject category JU Staff: temporary, JU Staff: contractual
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose The purpose of this processing operation is to manage in a legal, standardized and centralized framework all temporal aspects of a jobholder's framework with respect to the management and monitoring of the implementation of teleworking. In particular, the treatment consists in identifying the persons authorized to telework according to various criteria such as the possibilities of telework, the interest of the service or the motivation of the person. The persons concerned have the possibility of making a request for telecommuting either casual or structural via Sysper.
    Description
    Management of the teleworking requests and agreements; planning regarding the ordering of ICT tools and devices for the performance of telework. Staff members are granted access to an electronic tool in which they can launch a request for teleworking. 
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Habits Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Health data Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors
    • Exchange Online
    • IT Tool SYSPER (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Data subject themselves: Right to access and rectify their own data in SYSPER., EU-RAIL Staff members: Executive Director, Line Managers.
    Joint controllers DG DIGIT, DG Human Resources and Security
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: User Network and Systems Access
    Reference number PO-5-01
    Data subject category Trainees recruited by the European Commission ('EU BlueBlook trainees'), External staff: trainees and interim staff, EU-Rail staff, Interim staff selected via an external contractor on behalf of the European Commission, Any other person whose personal data have been collected and are processed by information systems that use the JU ICT infrastructure
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected to provide EU-Rail employees with necessary access to ICT systems and services in order for them to carry out their statutory duties. This includes access provisioning to EC systems like ECAS/EU Login or ABAC.
    Description
    Provisioning of necessary access to EU-Rail employees to designated business ICT systems of the organization based on incoming requests from HR department or management requests/access authorizations
    Processed data Personal characteristics Public interest article 5 a) of regulation 2018/1725 1 month after user's departure
    Personal details Public interest article 5 a) of regulation 2018/1725 1 month after user's departure
    Profession Public interest article 5 a) of regulation 2018/1725 1 month after user's departure
    Processors
    • Real Dolmen (Belgium)
    • SharePoint
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Confidentiality of communications and privacy, Windows 10 access: Password renewed every six month
    Recipients European Commission and its services: DIGIT, EU-RAIL Staff members: Network and security managers, IT system and database administrators, External contractors under framework contract with the European Commission : Real Dolmen
    Joint controllers DG DIGIT
    privacy policy url
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Video Surveillance system
    Reference number PO-5-02
    Data subject category EU-Rail staff, Visitors and other persons entering into the JU premises outside regular working hours
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose EU-Rail uses its video-surveillance system for the sole purposes of protecting its premises and assets for safety, security and access control purposes only. The video-surveillance system helps monitor access to our offices, as well as safeguards property and information located or stored on the premises.
    Description
    Recording, storing and giving acces to record tapes by means of a closed circuit television (CCTV) system which are installed in EU-Rail public areas located in the second floor of the White Atrium building (Avenue de la Toison d’Or 56-60, B-1060 Brussels/Belgium). 
    Processed data Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 14 days
    Processors n/a
    Restrictions of data subject rights
    the rights that could be restricted on the ground of internal security of eu-rail would mainly be the right to information. only in exceptional circumstances  the images may be transferred to investigatory bodies in the framework of administrative inquiries, disciplinary proceedings or olaf investigation as far as there is a connection with the prevention, investigation or criminal offences.
    grounds for the restriction:  
    1. article 25(b)  regulation 2018/1725: "prevention, investigation, detection and prosecution of criminal offences".
    2. article 25(d)  regulation 2018/1725: " internal security of union institutions and bodies"
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Computer systems hardened, Obligation of confidentiality of the staff, Physical security of the premises, System operates on a separate, disconnected private network with no external remote access
    Recipients Intra and extra-muros external service providers (EU-RAIL contractors): Upon request: External service provider (EU-Rail contractor) in charge of the maintenance, EU-RAIL Staff members: ICT and Security Officer
    Joint controllers n/a
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2020/05/PO-5-02-Video-surveillance-system.pdf
    Last updated 18.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Web Conference Service (Webex)
    Reference number TO BE FILLED IN BY DPO
    Data subject category EU-Rail staff, Members of the Governing Board, Other participant, observer or expert invited to the meetings of the bodies of EU-Rail
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Organization of videoconferencing meetings
    Description
    Within the Europe’s Rail Joint Undertaking, the web conferencing system is used for the organization of videoconferencing meetings with external participants. The tool is called WebEx.

    It can be defined as an all-in-one conferencing tool that integrates audio, video and content sharing. It allows easy access from a computer or mobile device that has Internet access and a browser.

    All videoconferencing participants meet in a virtual room securely accessible to guests. A staff member who would like to organize conferences must first have a personal account on the system which allows the activity requested to be linked to a responsible person.

    The organizer of the videoconference (exclusively EU-Rail staff) will have to create a virtual room and invite external participants according to his needs. These invitations will be targeted based on the participant's email address and will allow access to the session.

    The recording of a conference is only possible by its organizer.

    The purpose of data processing could be classified into several different sections:


    • Identification of the participants and the organizer in order to allow the actual operation of the conference
    • Identification of potential technical improvements and failures in the service
    • Production of statistics for invoicing the services provided by the contractor
    • Collection of representative data and conference statistics (excluding their content) in order to improve the user experience and service performance by performing analyzes of the aggregation of this information
    • Address support requests for the service
    • Service support performance analysis
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years from when the Service is terminated, in a pseudonymised format; Host Registration & Invoicing information : 7 years
    Processors
    • EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (Belgium)
    Restrictions of data subject rights
    n/a
    Security measures Data kept according to the security measures adopted by the European Commission, Premises abide by the European Commission's security decisions and provisions, Secure transfer of data, Standard clause for the processing of personal data included in the contract
    Recipients Third countries:
    Joint controllers n/a
    privacy policy url https://rail-research.europa.eu/terms-of-use/
    Last updated 14.06.2024
    internal reference TO BE FILLED IN BY DPO
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

  • Activity: Whistleblowing procedures
    Reference number PO-4-04
    Data subject category EU-Rail staff
    Controller Europe’s Rail Joint Undertaking (Saint-Gilles)
    Data protection officer Data-Protection@rail-research.europa.eu
    Purpose Personal data is collected to ensure the protection and adequate remedies for whistleblowers, the management and follow up reports and to establish reporting channels for whistleblowers.
    Description
    Collecting data for the purposes of establishing reporting channels for whistleblowers, managing and following-up reports, and ensuring protection and adequate remedies for whistleblowers.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 2 months after the final decision has been issued to all the parties involved
    Profession Public interest article 5 a) of regulation 2018/1725 2 months after the final decision has been issued to all the parties involved
    Processors
    • Exchange Online
    Restrictions of data subject rights
    there might be restrictions on a case-by-case basis of the rights to: information, access, rectification, blocking, erasure, notification to third parties.
    ground for restriction: investigation to protect witnesses or whistle-blowers in cases where personal data relate to the suspect as well (allegations made about the suspect by informants or witnesses).                                                           
    legal basis for restrictions: article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others)
    Security measures Data kept according to the security measures adopted by the European Commission
    Recipients European Commission and its services: European Anti Fraud Office (where needed), European Commission and its services: EDPS (where necessary), Police or legal organisations: European Court of Auditors (where necessary), Police or legal organisations: Court of Justice (where necessary), European Commission and its services: Internal Audit Service (where necessary), Intra and extra-muros external service providers (EU-RAIL contractors): Ethics experts or law firms, EU-RAIL Staff members: Human resources officer, Executive Director, Data subject themselves: The whistleblower, Personal relations data subject: Any person who may be concerned
    Joint controllers n/a
    privacy policy url https://rail-research.europa.eu/wp-content/uploads/2018/12/Decision-GB-20_2018_Whistleblowing.pdf
    Last updated 14.06.2024
    internal reference
    Exercising your rights https://rail-research.europa.eu/terms-of-use/

Powered by GDPR Central.