Processing Activities

Search


Data subject categories

Fields

Purpose
Description
Processed data
Recipients
Supporting assets
reference number

Results

  • Activity: ARES
    Reference number PO-1-11
    Data subject category JU Staff : temporary, JU Staff: contractual, Externals, Trainees (blue book and atypical)
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Electronic management and archiving of documents and files based on a body of common rules and procedures applicable to KDT
    Description
    This activity aims at managing the registered documents and files of KDT JU through ARES (Advanced Records System) and NOMCOM (Nomenclature Commune). ARES/NOMCOM does not deal with all documents that are received, produced or held by the KDT, but only with documents that have to be registered. 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 Personal data will be kept for no longer than necessary for the specific purpose for which they are being processed.
    Processors
    • ARES
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Data kept according to the security measures adopted by the European Commission, Limited retention periods configured, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: DG DIGIT
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/privacy-policy-related-records-and-archives-management
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Access to documents
    Reference number PO-6-03
    Data subject category Any person requesting access to a document of the JU
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Receiving, processing and assessing requests to access to documents of the JU
    Description
    Collection of identification information, contact information included in the official form and any other information provided in the procedure of access of documents.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 5 years after closure of procedure
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings;
    (c) preliminary activities related to cases of potential irregularities deported to olaf;
    (d) whistleblowing procedures; 
    (e) procedures of harassment;
    (f) processing internal and external complaints;
    (g) internal audits;
    (h) investigations carried out by the data protection officer; 
    (i) security investigations; or
    (j) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: Possibly external service provider
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/privacy-policy-access-documents
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Administrative agreements with national funding authorities
    Reference number PO-3-08
    Data subject category PA representatives
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Managing the AA, granting rights to national representatives
    Description
    Collection of identity information, contact detail and function of PA representatives
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Profession Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings;
    (c) preliminary activities related to cases of potential irregularities deported to olaf;
    (d) whistleblowing procedures; 
    (e) procedures of harassment;
    (f) processing internal and external complaints;
    (g) internal audits;
    (h) investigations carried out by the data protection officer; 
    (i) security investigations; or
    (j) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: Secretary of the Boards, Calls manager
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Anti-fraud procedures
    Reference number PO-3-09
    Data subject category Persons subject to an OLAF investigation, Persons that provided information to OLAF and persons whose name is mentioned in the files
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Adopting and implementing measures needed to facilitate internal investigations conducted by OLAF
    Description
    Collection of identity information, contact details, function, professional information, case-specific information to collaborate with OLAF investigations
    Processed data Personal characteristics Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725, article 287 and 325 of the treaty on the functioning of the european union 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725, article 287 and 325 of the treaty on the functioning of the european union 5 years
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725, article 287 and 325 of the treaty on the functioning of the european union 5 years
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    in the context of anti-fraud investigations, the rights of the data subject may be restricted in light of article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6)
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU institutions and bodies: OLAF, possibly
    Joint controllers External Contractors (experts or advice), OLAF
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Anti-harassment procedures
    Reference number PO-3-11
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Adopting and implementing measures for anti-harassment
    Description
    Collection of identity information, contact details, function, professional information, case-specific information which can be subjective (allegations, declarations based on opinions, etc.). Special categories of personal data are processed if absolutely necessary.
    Processed data Other Public interest article 5 a) of regulation 2018/1725 3 months after the closure of the case
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 3 months after the closure of the case
    Personal details Public interest article 5 a) of regulation 2018/1725 3 months after the closure of the case
    Profession Public interest article 5 a) of regulation 2018/1725 3 months after the closure of the case
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    in the context of anti-harassment procedures, the rights of the data subject may be restricted in light of article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6).
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU institutions and bodies: Possibly OLAF, EDPS, IAS, Court of Auditors and Court of Justice, Other: External Contractors or confidential counselors
    Joint controllers External Contractors (experts or advice)
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Badges
    Reference number PO-6-01
    Data subject category JU Staff : temporary, JU Staff: contractual, JU visitors
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Granting access with badges to the building and parking
    Description
    Collection of identification information and badge number 
    Processed data Personal characteristics Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: Possibly staff of an external contractor
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Bank card
    Reference number PO-3-13
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Providing staff members with a bank card for their professional related purchases
    Description
    Collection of the name of a staff member, card number and purchases in order to issue and maintain a bank card for professional expenses
    Processed data Card number, purchases Public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Processors
    • AirPlus International (BCC Corporate)
    • SharePoint Document Libraries
    Restrictions of data subject rights
    in the context of the issuing of bank cards, the rights of the data subject may be restricted in light of article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6).
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other private organisations: AirPlus International
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Contact list of Boards members
    Reference number PO-3-06
    Data subject category Members of PA, PMB, EC, nominated by their respective administration/industry association
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Invitation to PAB/GB meetings, participation in GB/PAB written procedures, granting access to CircaBC, access to Calls information
    Description
    Collection of identity information, contact details (phone, address, email), function.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Profession Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings;
    (c) preliminary activities related to cases of potential irregularities deported to olaf;
    (d) whistleblowing procedures; 
    (e) procedures of harassment;
    (f) processing internal and external complaints;
    (g) internal audits;
    (h) investigations carried out by the data protection officer; 
    (i) security investigations; or
    (j) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: Secretary of the Boards, Calls Manager
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Database of project beneficiaries
    Reference number PO-3-01
    Data subject category Members of projects/consortia
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Follow up and payment of project beneficiaries
    Description
    Follow up and payment of project beneficiaries, collecting identity information, contact details and and bank details.
    Processed data Financial information Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) preliminary activities related to cases of potential irregularities deported to olaf;
    (c) processing internal and external complaints;
    (d) security investigations; or
    (e) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Declarations on conflict of interests and confidentiality
    Reference number PO-3-07
    Data subject category PAB and GB Representatives
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Granting access to PA members to outcome of Calls for Proposals
    Description
    Granting access to PA members to outcome of Calls for Proposals. Collection of identity information, contact details (phone, address, email), function: identified conflicts of interest (link with recipient)
    Processed data Other Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Profession Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    in situations of declarations of conflict of interest and confidentiality, the rights of the data subject may be restricted in light of article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6)
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: Secretary of the Boards, Call Manager
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Document and records management
    Reference number PO-5-02
    Data subject category Any person making use of the document repository, in particular JU staff and correspondents
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Repository and filing of documents and records received and sent out from and to external individuals as well as internal exchanges
    Description
    Collection of Name, address, subject field, related project/contract
    Processed data Other Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • ARES
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Confidentiality of communications and privacy, Secure transfer of data
    Recipients Other: Any correspondent , European Commission and its services: DG DIGIT, European Commission and its services: Possibly also Auditors, OLAF, Commission's Investigation and Disciplinary Office (IDOC)
    Joint controllers European Commission - DG for Informatics (DIGIT).
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy; https://www.kdt-ju.europa.eu/privacy-policy-related-records-and-archives-management; https://www.kdt-ju.europa.eu/privacy-policy-microsoft-365
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: E-mails
    Reference number PO-5-03
    Data subject category JU Staff : temporary, JU Staff: contractual, Recipients of e-mails from JU Staff
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Processing email traffic from and to staff mailboxes
    Description
    Collection of all content of emails (address, subject field, body, attachments).
    Processed data Other Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in  kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers European Commission - DG for Informatics (DIGIT).
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Evaluation of staff
    Reference number PO-1-04
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose To assess the performance of staff with regard to the job description and objectives
    Description
    Personal data is collected to assess the performance with regard to the job specifications and defined objectives, and the potential and development or reclassification needs. For staff appraisal, probationary reports, reclassification of contract and temporary agents, renewal of contracts.  In the framework of the probation procedure, data concerning health may be processed, namely in the case of its extension due to a maternity and/or sick leave as provided for in Article 34(1) of the Staff Regulations. The analysis of those documents is carried out on a case by case basis so that only relevant data is processed in the light of the Staff Regulation's requirements
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Health data Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    • SharePoint Document Libraries
    • Sysper
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: Office for Administration and Payment of Individual Entitlement (PMO)
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: External audits
    Reference number PO-3-02
    Data subject category External auditors
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Control of grant agreement or service contracts, Preparing and communicating audit reports by the external auditor
    Description
    Collection of identity information, contact details, financial information, professional information, CVs, documents produced or signed by data subjects or meeting minutes.
    Processed data Education Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Financial information Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Other Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    cv Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) preliminary activities related to cases of potential irregularities deported to olaf;
    (c) processing internal and external complaints;
    (d) security investigations; or
    (e) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Confidentiality of communications and privacy, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Financial transparency
    Reference number PO-3-04
    Data subject category Recipients of JU funding (procurement and grants)
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Publication of recipients of JU funding
    Description
    Collection of identity information, company, functions and country of the recipients of JU funding, project/contract, and amount received by the JU.
    Processed data Location information Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Profession Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) preliminary activities related to cases of potential irregularities deported to olaf;
    (c) processing internal and external complaints;
    (d) security investigations; or
    (e) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients The general public: Published on the JU website
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Internal audits (IAS, ECA)
    Reference number PO-3-03
    Data subject category JU Staff : temporary, JU Staff: contractual, External experts and interested persons, Candidates sending their application using the online recruitment tool, External contractors (procurements and grants)
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Audit procedures to check the regularity of the transactions and the quality of financial management of the JU
    Description
    Collection of identity information, contact details, financial information, professional information, CVs, documents produced or signed by data subjects, meeting minutes, etc.
    Processed data Education Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Financial information Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Personal details Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Profession Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    cv Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725 7 years
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) preliminary activities related to cases of potential irregularities deported to olaf;
    (c) processing internal and external complaints;
    (d) security investigations; or
    (e) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Confidentiality of communications and privacy, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: IAC, Court of Auditors, IAS, OLAF
    Joint controllers DG DIGIT, Internal Audit Service of the European Commission (IAS)
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Leaves
    Reference number PO-1-05
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Processing of all kinds of leave
    Description
    Processing of all kinds of leave of temporary and contract agents and assessing the entitlement to annual and special leave, maternity leave, leave on personal grounds, parental leave. The JU does not record more details than necessary.
    Processed data Health data Public interest article 5 a) of regulation 2018/1725 3 years – administrative data, except if a dispute and appeal is underway (e.g. annual leave, special leave); Entire career duration - for parental leave, family leave and leave on personal grounds, the data should be kept for the entire career of the staff to keep track when the total time granted reaches the maximum permitted; Longer periods – certain types of leave, as in the context of credit-time, have an effect on the calculation of pension rights and is conserved for longer periods; 7 years – data related to financial compensation related to leave retention; Personal data in supporting documents is deleted as soon as they are not necessary for budgetary discharge, control and audit purposes.
    Personal details Public interest article 5 a) of regulation 2018/1725 3 years – administrative data, except if a dispute and appeal is underway (e.g. annual leave, special leave); Entire career duration - for parental leave, family leave and leave on personal grounds, the data should be kept for the entire career of the staff to keep track when the total time granted reaches the maximum permitted; Longer periods – certain types of leave, as in the context of credit-time, have an effect on the calculation of pension rights and is conserved for longer periods; 7 years – data related to financial compensation related to leave retention; Personal data in supporting documents is deleted as soon as they are not necessary for budgetary discharge, control and audit purposes.
    Processors
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    • Sysper
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: PMO
    Joint controllers DG Human Resources and Security
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: List of contracts/contractors and SLAs
    Reference number PO-2-02
    Data subject category List of contractors and SLA signatories
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose List the contractors and companies/organisations the JU contracts with
    Description
    Collection of identity information and contact details of contractors and companies/organisations the JU contracts with.
    Processed data Financial information Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose and at least 10 years after the end of the contract.
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose and at least 10 years after the end of the contract.
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) preliminary activities related to cases of potential irregularities deported to olaf;
    (c) processing internal and external complaints;
    (d) security investigations; or
    (e) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU institutions and bodies: ECA, OLAF, Other: Members of the Selection Panel, European Commission and its services:
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: List of financial contacts in NFAs
    Reference number PO-3-05
    Data subject category Recipients of JU funding (procurement and grants)
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Contacting the persons in the national administrations in charge of paying beneficiaries and issuing certificates to the JU
    Description
    Collection of identity information and contact details of the beneficiaries in order to send them to the national administration in charge of paying beneficiaries and issuing certificates to the JU.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) preliminary activities related to cases of potential irregularities deported to olaf;
    (c) processing internal and external complaints;
    (d) security investigations; or
    (e) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Mailing list
    Reference number PO-4-01
    Data subject category Recipients having requested or consented to receive emails from the JU
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Keeping a list of email addresses for the newsletter and to inform about JU activities
    Description
    Collection of identity information, contact details and professional details.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 Subscribers’ contact data are stored until a subscriber asks to be removed from the list.
    Profession Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 Subscribers’ contact data are stored until a subscriber asks to be removed from the list.
    Processors
    • Mailchimp (USA)
    • SharePoint Document Libraries
    Restrictions of data subject rights
    n/a
    Security measures Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/privacy-policy-events
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Management of IT infrastructure
    Reference number PO-5-01
    Data subject category JU Staff : temporary, JU Staff: contractual, Any person granted access to the network
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Management of user authentication, access to IT systems to perform statutory duties, authorisations, and provision of help in case of IT problems
    Description
    Collection of identity information, user authentication information, data in users directories, data in log files.
    Processed data Other Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose. Network access data (username and password) is kept for the duration of employment and deleted 1 month after termination. ABAC and ECAS policies also apply.
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose. Network access data (username and password) is kept for the duration of employment and deleted 1 month after termination. ABAC and ECAS policies also apply.
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: i.e. EC e-mail address book, Other: External IT provider in some cases
    Joint controllers European Commission - DG for Informatics (DIGIT).
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Management of public procurement procedures and grant agreements
    Reference number PO-2-01
    Data subject category Tenderers and Applicants (in case of legal entities, their representatives), Members of projects/consortia
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Organisation of public procurement/prizes/grants, selection of tenderers, nomination in committees, declarations of COI, management of contract, Management of projects participants, Keeping a database of submitted proposals including contact persons references) and proposals (the proposals contain descriptions of the persons involved),
    Description
    Collection of identity information, contact details, professional experience, education, bank account and financial information of tenders and applicants. Also juridic data in the framework of EDES or the detection of fraud related to the contract or procedures relating to sanctions according to art. 136(3) Financial Regulation, but these extracts are not kept longer than 2 years after the accomplishment of the particular procedure. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose, with a maximum of 10 years after the end of the contract or closing of the action, for files of successful tenderers and grant applications. If unsuccessful, up to 5 years after closure of the procedure to allow for all possible appeals
    Financial information Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose, with a maximum of 10 years after the end of the contract or closing of the action, for files of successful tenderers and grant applications. If unsuccessful, up to 5 years after closure of the procedure to allow for all possible appeals
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose, with a maximum of 10 years after the end of the contract or closing of the action, for files of successful tenderers and grant applications. If unsuccessful, up to 5 years after closure of the procedure to allow for all possible appeals
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose, with a maximum of 10 years after the end of the contract or closing of the action, for files of successful tenderers and grant applications. If unsuccessful, up to 5 years after closure of the procedure to allow for all possible appeals
    Profession Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose, with a maximum of 10 years after the end of the contract or closing of the action, for files of successful tenderers and grant applications. If unsuccessful, up to 5 years after closure of the procedure to allow for all possible appeals
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) preliminary activities related to cases of potential irregularities deported to olaf;
    (c) processing internal and external complaints;
    (d) security investigations; or
    (e) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.

    see also restriction art. 142(1) eu financial regulation, also included in the  grant management privacy policy and the public procurement privacy policy.
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Confidentiality of communications and privacy, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: Members of the Selection Panel, EU institutions and bodies: ECA, OLAF, European Commission and its services: , External contractors under framework contract with the European Commission :
    Joint controllers European Commission, Research Executive Agency (for the management of grant applications)
    privacy policy url https://www.kdt-ju.europa.eu/privacy-policy-grant-management; https://www.kdt-ju.europa.eu/privacy-policy-procurement-procedures
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Microsoft 365
    Reference number PO-1-10
    Data subject category JU Staff : temporary, JU Staff: contractual, Externals
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose To provide Microsoft 365 services to staff and users.
    Description
    The JU has decided to operate M365 provided by Microsoft Ireland. M365 offers cloud-based solutions that enable staff members of the JU to:
    1. Document Processing – to create, read, review and amend documents, presentations, spreadsheets and other document types in various formats and for various purposes (Access, Sway, Forms);
    2. Email, Calendar, Contacts – to manage and exchange e-mail, calendars, contacts, tasks and notes (Exchange Online);
    3. File Sharing – to create, read, review, amend, store and share documents and files of various types in view of collaboration among staff (SharePoint Online, OneDrive, OneNote, Stream, Teams, PowerApps, Yammer);
    4. Chat and Messaging – to interact, share files, chat and exchange messages with colleagues, partners, stakeholders and other parties (Teams, Yammer);
    5. Virtual Meetings – to set up and participate in virtual meetings and teleconferences (Teams);
    6. Project and Task Management – to facilitate project and task management by staff (Exchange Online); and
    7. Data Analytics and Visualisation – to analyse data and visualise such data (Power BI).
    Identity and access management to M365 is managed through Azure Active Directory (Azure AD) and InTune.

    The operation of M365 requires the processing of personal data by the JU for the following purposes:
    1. provision, enabling, set-up, configuration and maintenance of M365 capabilities, including facilitating and coordinating field tasks (Identification Data, Service-Generated Data, Content Data)
    2. administration of the rights allocated to a user account (identity and access management)  (Identification Data);
    3. end-user support and IT Teams support for issues with M365 (Identification Data, Service-Generated Data, Diagnostic Data);
    4. prevention, detection and resolution of security events (e.g. cyber-attack), to ensure the confidentiality, integrity and availability of M365 (Identification Data, Service-Generated Data); and
    5. responding to data subjects exercising their rights in relation to personal data processed within M365 (Identification Data, Service-Generated Data).

    Additionally, Microsoft Ireland as a processor for and on behalf of the JU processes personal data for internal business operations in the context of providing M365. These business operations consist of (exhaustive list):
    1. billing and account management (Identification Data, Service-Generated Data); 
    2. compensation (Service-Generated Data); 
    3. internal reporting and business modelling (Service-Generated Data); 
    4. combatting fraud, cybercrime, and cyberattacks (Identification Data, Service-Generated Data); 
    5. improving core functionality of accessibility, privacy and energy efficiency (Service-Generated Data); and 
    6. financial reporting and compliance with legal obligations (Identification Data, Service-Generated Data). 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 For as long as the user account is active. days
    Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 up to 180 days upon expiration/termination of the subscription.
    Processors
    • Microsoft 365
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Computer systems hardened, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other private organisations: Microsoft's personnel based outside the EEA (most importantly, the USA) managing the databases on Microsoft cloud servers and Microsoft’s sub-processors' personnel on a need-to-know basis.
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/privacy-policy-microsoft-365
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Missions
    Reference number PO-1-07
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Managing the missions of the staff and reimbursement of travel costs
    Description
    Collection of contact details and meeting documentation (such as agenda), grade, status, credit card details and ID/Passport details and mobile phone. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose but no longer than 7 years after termination of all delays for appeal and/or budget discharge
    Financial information Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose but no longer than 7 years after termination of all delays for appeal and/or budget discharge
    Location information Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose but no longer than 7 years after termination of all delays for appeal and/or budget discharge
    Other Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose but no longer than 7 years after termination of all delays for appeal and/or budget discharge
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose but no longer than 7 years after termination of all delays for appeal and/or budget discharge
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose but no longer than 7 years after termination of all delays for appeal and/or budget discharge
    Profession Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose but no longer than 7 years after termination of all delays for appeal and/or budget discharge
    Processors
    • AMEX Travel Agency (Belgium)
    • SharePoint Document Libraries
    • Sysper
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other private organisations: Travel agency
    Joint controllers DG Human Resources and Security
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Occupational health and medical data
    Reference number PO-1-08
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Personal data is collected to ensure that JU staff complies with requirements of pre-recruitment, annual and periodic medical examination.
    Description
    Procedures put in place to ensure safety, health and welfare of KDT JU staff; Pre-recruitment medical examination; Annual and periodic medical examination . KDT JU does not collect medical certificates of staff members. These are directly sent to the medical service of the European Commission in accordance with the procedure established. 
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose, with a maximum of 3 years, except if a dispute and appeals is underway.
    Health data Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose, for a maximum of 10 years after the end of the employment contract. The maximum retention period for medical data of non-recruited candidates is the period for challenging the data.
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose, with a maximum of 3 years, except if a dispute and appeals is underway.
    Processors
    • Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
    • SharePoint Document Libraries
    • Sysper
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: PMO, European Commission and its services: Medical Service
    Joint controllers DG Human Resources and Security, PMO
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Organisation of events and registration
    Reference number PO-4-02
    Data subject category Recipients having requested or consented to receive emails from the JU, Persons registered in events
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Registering the attendance at and management of meetings or events organised by the JU, Follow-up and dissemination of those events
    Description
    Collection of identity information, contact details, company, professional details such as business cards, photos and dietary requirements in the context of a meeting or event.
    Processed data Consumption habits Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 As long as needed to fulfill the purpose and up to 5 years after the end of the event or until consent is withdrawn
    Personal details Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 As long as needed to fulfill the purpose and up to 5 years after the end of the event or until consent is withdrawn
    Profession Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 As long as needed to fulfill the purpose and up to 5 years after the end of the event or until consent is withdrawn
    Video tapes and photographs Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725 As long as needed to fulfill the purpose and up to 5 years after the end of the event or until consent is withdrawn
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) preliminary activities related to cases of potential irregularities deported to olaf;
    (c) processing internal and external complaints;
    (d) security investigations; or
    (e) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers DG DIGIT, EU Survey (if applicable)
    privacy policy url https://www.kdt-ju.europa.eu/privacy-policy-events
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Personnel files
    Reference number PO-1-03
    Data subject category Interim staff selected via an external contractor on behalf of the EC, JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Processing of staff data for employment contract and setting up rights of staff
    Description
    Collection of staff data and documentation for employment contract, setting up rights, complaints, appraisal, career development, contract termination, etc. I.e. Identity information, contact details, family situation, address, certificates (marriage/divorce, birth, children...), diploma, work certificates, pension rights, complaint cases, termination of employment, declarations, etc.
    Processed data Characteristics of domicile Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Family composition Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Financial information Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    cv Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Processors
    • SharePoint Document Libraries
    • Sysper
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: Internal Audit Service, Medical Service and the PMO
    Joint controllers DG Human Resources and Security
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Policy on sensitive functions
    Reference number PO-3-12
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Collection of personal data for management of sensitive posts and assessment
    Description
    Collection of personal data for management of sensitive posts and assessment
    Processed data Other Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Profession Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: DG HR in exceptional cases
    Joint controllers External Contractors (experts or advice), OLAF
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Salary
    Reference number PO-1-06
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose In order to determine the staff member's entitlements
    Description
    Processing of any information related to the salary and to determine the staff member's entitlements, such as salary slips and allowances, i.e. grade, family situation, age, bank account. Documents are collected by the HR Unit and sent to the relevant Commission service (PMO) which will process the data in order to determine the financial rights of the staff member.
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Financial information Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Processors
    • SharePoint Document Libraries
    • Sysper
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6).143. in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: PMO
    Joint controllers PMO
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Security
    Reference number PO-6-02
    Data subject category JU Staff : temporary, JU Staff: contractual, JU visitors
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Keeping the building secure via different means such as video surveillance cameras
    Description
    Collection of video footage of persons entering the building, which may contain the face of persons (without automated facial recognition)
    Processed data Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 7 days, unless footage is needed for an investigation
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: Staff from external contractor, Police or legal organisations: Possibly law enforcement
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Selection and management of experts database
    Reference number PO-2-03
    Data subject category External experts and interested persons
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Collection, processing and management of a database of experts for participation in evaluations, reviews, appointment letters
    Description
    Collection, processing and management of a database of experts for participation in evaluations, reviews, appointment letters. Incl. identity information, contact details, professional experience, education, etc. Information provided by the experts may lead to an entry in the EDES managed by the EC (art. 136 FR)
    Processed data Education Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose. Files of selected experts are kept for 10 years after the end of the contract. Files of non-selected experts might be kept for up to 5 years after the closure of the procedure to allow for all possible appeals.
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose. Files of selected experts are kept for 10 years after the end of the contract. Files of non-selected experts might be kept for up to 5 years after the closure of the procedure to allow for all possible appeals.
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose. Files of selected experts are kept for 10 years after the end of the contract. Files of non-selected experts might be kept for up to 5 years after the closure of the procedure to allow for all possible appeals.
    Profession Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose. Files of selected experts are kept for 10 years after the end of the contract. Files of non-selected experts might be kept for up to 5 years after the closure of the procedure to allow for all possible appeals.
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) preliminary activities related to cases of potential irregularities deported to olaf;
    (c) processing internal and external complaints;
    (d) security investigations; or
    (e) within the frame of the grant management or procurement procedure, after the closing date of the submission of the calls for proposals or the application of tenders.
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers Research Executive Agency (REA) acting as a controller via de H2020 Participant Portal
    privacy policy url https://www.kdt-ju.europa.eu/privacy-policy-external-experts
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Spontaneous applications
    Reference number PO-1-02
    Data subject category Candidates sending spontaneously their application
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Applications received outside a vacancy notice (via any other means than the online recruitement tool)
    Description
    KDT does not keep data processed from spontaneous applications. The e-mail and CV are immediately deleted and the applicant is referred to the online application tool.
    Processed data Education Explicit consent article 5 d) of regulation 2018/1725 Immediately deleted
    Personal characteristics Explicit consent article 5 d) of regulation 2018/1725 Immediately deleted
    Personal details Explicit consent article 5 d) of regulation 2018/1725 Immediately deleted
    Profession Explicit consent article 5 d) of regulation 2018/1725 Immediately deleted
    cv Explicit consent article 5 d) of regulation 2018/1725 Immediately deleted
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/privacy-policy-recruitment
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Telephony (fixed and mobile)
    Reference number PO-1-09
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Invoicing of professional and personal communications
    Description
    Collection of numbers received/dialed, duration of communications, price, etc. 
    Processed data Other Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6). in the following situations:
    (a) administrative inquiries;
    (b) disciplinary proceedings; 
    (c) preliminary activities related to cases of potential irregularities deported to olaf; 
    (d) whistleblowing procedures; 
    (e) procedures of harassment; 
    (f) processing internal and external complaints; 
    (g) internal audits; 
    (h) investigations carried out by the data protection officer; or
    (i) security investigations
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU institutions and bodies: ECAS
    Joint controllers n/a
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
  • Activity: Whistleblowing procedures
    Reference number PO-3-10
    Data subject category JU Staff : temporary, JU Staff: contractual
    Controller Chips Joint Undertaking (Brussels)
    Data protection officer dpo@chips-ju.europa.eu
    Purpose Adopting and implementing measures needed to facilitate whistleblowing
    Description
    Collection of identity information, contact details, function, professional information and case-specific information to facilitate whistleblowing procedures.
    Processed data Other Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Personal details Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Profession Public interest article 5 a) of regulation 2018/1725 As long as needed to fulfill the purpose
    Processors
    • SharePoint Document Libraries
    Restrictions of data subject rights
    in the context of whistleblowing procedures, the rights of the data subject may be restricted in light of article 25.1 eui-dpr, implemented in kdt gb 2021.02 (annex 6).
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU institutions and bodies: Possibly also OLAF, EDPS, IAS, Court of Auditors, Court of Justice , Other: The whistleblower , Other: External contractors or confidential counselors
    Joint controllers External Contractors (experts or advice)
    privacy policy url https://www.kdt-ju.europa.eu/general-privacy-policy
    Last updated 21.06.2022
    internal reference
    Exercising your rights https://www.kdt-ju.europa.eu/general-privacy-policy
Powered by GDPR Central.