Processing Activities

Search

Data subject categories

Fields

Purpose

Description

Processed data

Recipients

Supporting assets

reference number

Results

Activity: E-newsletter subscription

Reference number	DPO-4-03
Data subject category	Recipients (“general public”) having requested or explicitly consented to remain in the CBE JU database and to continue receiving emails, invitations to events, alerts, e-news, newsletters and other relevant information from CBE JU.
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Subscription to the CBE JU electronic newsletter and related services (alerts, notifications, etc). Establishing a list of email addresses to which each issue of the e-newsletter is sent, Sending emails, invitations to events, alerts, e-news, and other relevant information
Description	Subscription to the CBE JU electronic newsletter and related services (alerts, notifications, etc). Establishing a list of email addresses to which each issue of the e-newsletter is sent; sending emails, invitations to events, alerts, e-news, and other relevant information
Processed data	Personal details	Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	• The individual declaration on the use of ICT systems, applications, networks, software, hardware and information will be stored during the time the person is part of the CBE JU staff and for non-staff, when their mission to the CBE JU is completed, after which it is destroyed. • The individual declaration on hand-over of software, hardware and information will be stored for two weeks, after which it is destroyed. • Personal data are removed from the CBE JU Mobile Devices which are restored to the initial configuration after maximum 15 days from the moment the employee returned the device allocated for a certain role, on an ad hoc basis or occasionally. • The report to the LISO compiled in the event of a security incident or data breach, using information from the logs, is stored until the incident can be declared as formally closed. days
	Profession	Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	Data is deleted once a subscriber unsubscribes. Unless BBI JU receives a positive reply from the data subject, the personal details will no longer remain in the BBI JU database and therefore the data subject will not receive any more communication from BBI JU. In any case, personal data will not be kept for longer than necessary, for the purpose for which they were collected or further processed. days
Processors	Mailchimp (USA)
Restrictions of data subject rights	n/a
Security measures	Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data not displayed to the wider public, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	Other: CBE JU communication team, Other: External services provider: Mailchimp
Joint controllers	n/a
privacy policy url	to be included
Last updated	10.08.2022
internal reference	DPO-4-03
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: EU Survey Tool for event registrations

Reference number	DPO-4-04
Data subject category	Registrants or attendees sent through the EU Survey tool
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Personal data is collected in order to share information about the event on CBE JU and EUROPA websites and social media accounts, to ensure all necessary organisational steps to allow participants access on the premises of the event’s venue, for the management of the event itself, to ensure event follow-up activities.
Description	Collecting personal data for the purposes of participation in an on-line survey in order to to participate in a CBE JU event on a voluntary basis. This specific on-line service consists of an on-line form made available on the EU Survey application, managed by the European Commission.
Processed data	Health data	Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	1 month after the results of the survey have been aggregated
	Personal details	Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	1 month after the results of the survey have been aggregated
	Profession	Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	1 month after the results of the survey have been aggregated
Processors	EUSurvey IT System (Belgium)
Restrictions of data subject rights	n/a
Security measures	Data kept according to the security measures adopted by the European Commission, Secure transfer of data, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	Other: CBE JU Communication team, European Commission and its services: Authorized staff
Joint controllers	DG DIGIT
privacy policy url
Last updated	10.08.2022
internal reference	DPO-4-04
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Event registration and Organisation

Reference number	DPO-4-02
Data subject category	Registrants/Attendees of events
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Register interested persons for effective management of meetings, provide access to the CBE JU event venues, and maintain participant’s lists as well as allowing possible event follow-up actions including feedback collection, specific communication activities and sharing of presentations
Description	Register interested persons for effective management of meetings, provide access to the CBE JU event venues, and maintain participant’s lists as well as allowing possible event follow-up actions including feedback collection, specific communication activities and sharing of presentations
Processed data	Health data	Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	5 years
	Personal details	Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	5 years
	Profession	Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	5 years
	Video tapes and photographs	Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	5 years
Processors	External service provider ('contractor') (EEA)
Restrictions of data subject rights	n/a
Security measures	Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	Other: CBE JU communication team, Data subject themselves: Othe Participants, Other: Internal and extra-muros service providers: B2match
Joint controllers	n/a
privacy policy url	To be included
Last updated	10.08.2022
internal reference	DPO-4-02
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Experts and evaluation of the proposals

Reference number	DPO-3-01
Data subject category	Experts
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Personal data is collected for the selection and the management (including reimbursements of expenses and payment where appropriate) of independent experts appointed by CBE JU to advise on or assist with: the evaluation of proposals, the monitoring of the implementation of actions carried out under Horizon 2020 and Horizon Europe, advice or assistance with other tasks related to CBE JU activities.
Description	Database of experts for participation in evaluations and/or reviews; appointment letters
Processed data	Education	Public interest article 5 a) of regulation 2018/1725, title viii of the eu financial regulation (grants), regulation (eu) no 1291/2013 of the european parliament and of the council of 11 december 2013 establishing horizon 2020 - the framework programme for research and innovation (2014-2020), legal obligation article 5 b) of regulation 2018/1725	10 years
	Financial information	Public interest article 5 a) of regulation 2018/1725, title viii of the eu financial regulation (grants), regulation (eu) no 1291/2013 of the european parliament and of the council of 11 december 2013 establishing horizon 2020 - the framework programme for research and innovation (2014-2020), legal obligation article 5 b) of regulation 2018/1725	10 years
	Personal details	Public interest article 5 a) of regulation 2018/1725, title viii of the eu financial regulation (grants), regulation (eu) no 1291/2013 of the european parliament and of the council of 11 december 2013 establishing horizon 2020 - the framework programme for research and innovation (2014-2020), legal obligation article 5 b) of regulation 2018/1725	10 years
	Profession	Public interest article 5 a) of regulation 2018/1725, title viii of the eu financial regulation (grants), regulation (eu) no 1291/2013 of the european parliament and of the council of 11 december 2013 establishing horizon 2020 - the framework programme for research and innovation (2014-2020), legal obligation article 5 b) of regulation 2018/1725	10 years
Processors	EC external service providers (contractors or subcontractors) under direct or framework service procurement contracts (EEA)
Restrictions of data subject rights	n/a
Security measures	Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
Recipients	European Commission and its services: , Other: CBE JU Staff members: Staff participating in the selection of external experts, Other: CBE JU Executive Director
Joint controllers	Research Executive Agency
privacy policy url	https://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-experts-sedia_en.pdf
Last updated	10.08.2022
internal reference	DPO-3-01
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: External audits and ex-post controls

Reference number	DPO-5-02
Data subject category	JU Staff: temporary, JU Staff: contractual, Candidates applying for open vacancies (TA, CA, and SNE) , Experts and CBE JU contractors
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Personal data is collected and managed for the sole purpose of preparing and communicating the audit reports by the external auditors.
Description	Personal data is collected in the conduct of checks and financial controls of grant agreements or service contracts aimed at verifying beneficiary's or contractor's or subcontractors' or third parties' compliance with all contractual provisions (including financial provisions). The purpose of the control is to check that the action and the provisions of the grant agreement or contract are being properly implemented and to assess the legality and regularity of the transaction underlying the implementation of the EU budget.
Processed data	Education	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	7 years
	Financial information	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	7 years
	Personal details	Public interest article 5 a) of regulation 2018/1725, legal obligation (article 5 (b) of regulation 2018/1725)	7 years
	Profession	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	7 years
Processors	Audit management system (Belgium)
Restrictions of data subject rights	no restriction in the cbe ju related operations but the internal rules of the european court of auditors need to be taken into account.
Security measures	Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	Other: CBE JU staff: Executive Director, Internal Control Coordinator, Head of Administration & Finance, Data Protection Officer, Administration and Finance Support team, European Commission and its services: Accounting Officer of the European Commission, European Commission and its services: EDPS, Police or legal organisations: European Court of Auditors
Joint controllers	n/a
privacy policy url
Last updated	10.08.2022
internal reference
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Internal Audits

Reference number	DPO-5-01
Data subject category	JU staff
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Personal data is collected and managed for the purpose of independent, risk-based and objective assurance and consulting services designated to add value and improve the operations of the CBE JU.
Description	Audit procedures to check the regularity of the transactions and the quality of financial management of the JU
Processed data	Education	Public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725	7 years
	Financial information	Public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725	7 years
	Personal details	Public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725	7 years
	Profession	Public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725	7 years
Processors	External experts (contractors, intra and extra-muros) (EEA) Randstad (Belgium)
Restrictions of data subject rights	no restriction per se in the cbe ju related operations but commission decision (eu) 2018/1961 of 11 december 2018 laying down internal rules concerning the provision of information to data subjects and the restriction of certain of their rights in the context of the processing of personal data for the purpose of internal audit activities.
Security measures	Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	European Commission and its services: EDPS, Other: IAS, Other: CBE JU Executive Director, Other: CBE JU staff members: Internal Control Coordinator, Administration and Finance team, Police or legal organisations: European Court of Auditors
Joint controllers	n/a
privacy policy url
Last updated	10.08.2022
internal reference
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Microsoft 365

Reference number	To be added
Data subject category	JU staff, Externals to the organisation: JU external collaborators being granted access to M365 platform as guests
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	In line with the European Commission’s Digital Strategy, CBE JU is gradually moving into a fully digital working environment. As a European public administration, JU needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster.
Description	In line with the European Commission’s Digital Strategy, CBE JU is gradually moving into a fully digital working environment. As a European public administration, CBE JU needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster. For this strategy to deliver, CBE JU has designed several actions and adopted a series of new tools designed to form together a Digital Workplace. The Digital Workplace is an opportunity for CBE JU to become an example of a modern public, connected and efficient Public Administration by providing staff with the best combination of tools, physical framework and working methods, to effectively support the achievement of the priorities of our organisation. The Digital Workplace responds to the need for connected office, integrating teleworking tools for activities such as conference calls, remote collaboration, audio- or videoconferencing or webinars. Consequently, CBE JU has decided to operate M365 provided by Microsoft Ireland. M365 offers cloud-based solutions that enable staff members of CBE JU to: Document Processing – to create, read, review and amend documents, presentations, spreadsheets and other document types in various formats and for various purposes (Access, Sway, Forms); Email, Calendar, Contacts – to manage and exchange e-mail, calendars, contacts, tasks and notes (Exchange Online); File Sharing – to create, read, review, amend, store and share documents and files of various types in view of collaboration among staff (SharePoint Online, OneDrive, OneNote, Stream, Teams, PowerApps, Yammer); Chat and Messaging – to interact, share files, chat and exchange messages with colleagues, partners, stakeholders and other parties (Teams, Yammer); Virtual Meetings – to set up and participate in virtual meetings and teleconferences (Teams); Project and Task Management – to facilitate project and task management by staff (Exchange Online); and Data Analytics and Visualisation – to analyse data and visualise such data (Power BI). Identity and access management to M365 is managed through Azure Active Directory (Azure AD) and InTune. The operation of M365 requires the processing of personal data by CBE JU for the following purposes: provision, enabling, set-up, configuration and maintenance of M365 capabilities, including facilitating and coordinating field tasks (Identification Data, Service-Generated Data, Content Data) administration of the rights allocated to a user account (identity and access management) (Identification Data); end-user support and IT Teams support for issues with M365 (Identification Data, Service-Generated Data, Diagnostic Data); prevention, detection and resolution of security events (e.g. cyber-attack), to ensure the confidentiality, integrity and availability of M365 (Identification Data, Service-Generated Data); and responding to data subjects exercising their rights in relation to personal data processed within M365 (Identification Data, Service-Generated Data). Additionally, Microsoft Ireland as a processor for and on behalf of CBE JU processes personal data for internal business operations in the context of providing M365. These business operations consist of (exhaustive list): billing and account management (Identification Data, Service-Generated Data); compensation (Service-Generated Data); internal reporting and business modelling (Service-Generated Data); combatting fraud, cybercrime, and cyberattacks (Identification Data, Service-Generated Data); improving core functionality of accessibility, privacy and energy efficiency (Service-Generated Data); and financial reporting and compliance with legal obligations (Identification Data, Service-Generated Data).
Processed data	Personal details	Public interest article 5 a) of regulation 2018/1725	For as long as the user account is active. days
	Video tapes and photographs	Public interest article 5 a) of regulation 2018/1725	up to 180 days upon expiration/termination of the subscription.
Processors	Real Dolmen (Belgium) SharePoint (Belgium)
Restrictions of data subject rights	n/a
Security measures	Access control and technical measures such as physical locks and/or secure connections and firewalls, Computer systems hardened, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	Other private organisations: Microsoft's personnel based outside the EEA (most importantly, the USA) managing the databases on Microsoft cloud servers and Microsoft’s sub-processors' personnel on a need-to-know basis.
Joint controllers	n/a
privacy policy url
Last updated	10.08.2022
internal reference
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Monitoring of staff presence on premises while restrictions due to COVID-19 apply

Reference number	DPO - HR -
Data subject category	JU staff
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	The processing of a limited set of personal data of staff members is necessary for the purpose of monitoring the occupancy rate of the CBE JU premises (staff offices) so as to comply with the national guidance applicable in Belgium as host country, guidance having as purpose the safety of working on premise during the Coronavirus pandemic.
Description	As of the 9 of June 2021, the CBE JU put in place a series of measures dedicated to ensure the safety of CBE JU staff that would like to return to work in the office, on a voluntary basis. In order to do so, presence in the office must have been pre-authorized by the CBE JU Head of Administration, in order to ensure the compliance with social distancing and/or other safety measures imposed by the competent authorities during the time at the office.
Processed data	Personal details	Legal obligation article 5 b) of regulation 2018/1725	As long as needed to fulfill the purpose
Processors	SharePoint (Belgium)
Restrictions of data subject rights	n/a
Security measures	Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff
Recipients	n/a
Joint controllers	n/a
privacy policy url	https://bbiju.sharepoint.com/sites/Intranet/Data%20Protection%20Notices/Forms/AllItems.aspx?id=%2Fsites%2FIntranet%2FData%20Protection%20Notices%2FHR%2Fprivacy%5Fpolicy%5FBAR%2Edocx%5B1%5D%2Epdf&parent=%2Fsites%2FIntranet%2FData%20Protection%20Notices%2FHR
Last updated	10.08.2022
internal reference	DPO - HR -
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Occupational health

Reference number	DPO-1-02
Data subject category	JU Staff: temporary, JU Staff: contractual, Relatives of the data subject
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Management of health data in the workplace
Description	Management of health data in the workplace
Processed data	Family composition	Public interest article 5 a) of regulation 2018/1725	3 years
	Health data	Art. 10 §2 (b) regulation 2018/1725	10 years after end of contract
Processors	External service provider ('contractor') (EEA) Secured IT data base (Joint Sickness Insurance Scheme) (Belgium)
Restrictions of data subject rights	no specific restrictions in place at cbe ju. the medical files are kept at the commission's medical services. commission decision (eu) 2019/154 of 30 january 2019 laying down internal rules concerning the restriction of the right of access of data subjects to their medical files.
Security measures	Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Health data processed with the principles of medical confidentiality by HR officer, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	n/a
Joint controllers	DG Human Resources and Security, PMO
privacy policy url
Last updated	10.08.2022
internal reference	DPO-1-02
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Prevention and management of conflicts of interests applicable to the bodies of CBE JU

Reference number	DPO-4-03
Data subject category	Relatives of the data subject, Members of the Governing Board, Members of Scientific Committee, Members of States Representatives Group, CBE JU DPO
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Personal data is processed for the sole purpose of applying the rules for the prevention and management of conflicts of interest applicable to the members of the bodies of the CBE JU listed under Article 4(1) of the Statutes in order to ensure the handling of situations where potential conflicts of interest may arise in a transparent and consistent manner.
Description	Collecting and screening declarations of confidentiality and non-conflict of interests signed by all members of the CBE JU bodies before appointment, after appointment and spontaneously at any time in the course of their duties (ad-hoc Declaration). The name of the Members of Governing Board, Scientific Committee, States Representatives Group together with the name of their employer or any organisation which pays them shall be published on CBE JU’s website. The declarations of interest by the Members of the Governing Board shall be available for public scrutiny with due respect to the applicable EU rules on protection of personal data and access to documents.
Processed data	Education	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	7 years
	Financial information	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	7 years
	Membership of a professional association	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	7 years
	Memberships	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	7 years
	Personal details	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	7 years
	Profession	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	7 years
Processors	n/a
Restrictions of data subject rights
Security measures	Access control and technical measures such as physical locks and/or secure connections and firewalls, Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	Individuals/organisations in direct relationship with controller: Chairperson and Vice chair person of the relevant body or group, Data subject themselves: , Other: CBE JU Executive Director, Legal Manager, DPO
Joint controllers	n/a
privacy policy url	On-going
Last updated	10.08.2022
internal reference	DPO-4-03
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Recruitment of staff & trainees

Reference number	DPO-1-01
Data subject category	Candidates
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Evaluation, selection and recruitment of staff and trainees
Description	Evaluation, selection and recuitment of staff and trainees
Processed data	Education	Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos	10 years
	Family composition	Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos	10 years after end of contract
	Health data	Contractual obligation article 5 c) of regulation 2018/1725 , articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos)	For the duration of the selection procedure only
	Juridic data	Contractual obligation article 5 c) of regulation 2018/1725 , articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos)	For the duration of the selection procedure only
	Location information	Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos	10 years after end of contract
	Personal details	Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos	10 years after end of contract
	Profession	Articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos)	10 years after end of contract
Processors	Randstad (Belgium)
Restrictions of data subject rights
Security measures	Access control and technical measures such as physical locks and/or secure connections and firewalls, Data not displayed to the wider public, Obligation of confidentiality of the staff, Premises abide by the European Commission's security decisions and provisions, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	n/a
Joint controllers	n/a
privacy policy url	https://www.bbi.europa.eu/sites/default/files/privacy_policy_recruitment%20of%20staff%20and%20trainees.docx.pdf
Last updated	10.08.2022
internal reference	DPO-1-01
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Registration, Selection and Management of Experts to be appointed as members of the Scientific Committee of the Circular Bio-based Europe Joint Undertaking 2021

Reference number
Data subject category	Experts to be appointed as members of the Scientific Committee of the Circular Bio-based Europe Joint Undertaking
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	We process your data for the purposes of registration, selection and management of external experts on the basis of calls for expression of interest. In particular, this includes: • The establishment and maintenance of a database of external experts and delegated actors to assist the Controllers with monitoring and review of actions; opinions and advice in specific cases such as the preparation, the implementation or the evaluation of EU programmes and the design of policies; • The selection of experts; the Controller will process personal data of the expert's appointed delegated actor in order to enable the delegated actor's access to the responsible expert's profile on the Funding and Tender Opportunities Portal, allowing the delegated actor to perform their delegated tasks. • The management of the expert contracts. This includes the management of private legal entity and bank account data, to be registered in the Commission Accrual Based Accounting System (ABAC); • The management of the reimbursement of expenses (reimbursement or contributions to travel and subsistence expenses, etc.); • The payment of fees, where applicable; • A limited subset of personal information might be used for related communication activities, including surveys.
Description	1. Application procedure: Members of the Scientific Committee will be selected from applicants who express their interest following an open call published in the Official Journal and CBE JU website. 2. Selection of experts: The experts are going to be selected in accordance with the Governing Board Decision Number 3 of 16th December 2021.
Processed data	Education	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	2 years
	Financial information	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	2 years
	Personal details	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	2 years
	Profession	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725	2 years
Processors	n/a
Restrictions of data subject rights	n/a
Security measures	Access control and technical measures such as physical locks and/or secure connections and firewalls, Data kept according to the security measures adopted by the European Commission, Premises abide by the European Commission's security decisions and provisions, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
Recipients	Other: Designated CBE JU staff members , Other: Experts assisting the selection Committee, Other: Selection committee designed by the Governing Board
Joint controllers	n/a
privacy policy url	https://www.cbe.europa.eu/scientific-committee
Last updated	10.08.2022
internal reference
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: SYSPER: Business Continuity Management (BCM) and central administrative purposes.

Reference number	DPO - 1 - 11
Data subject category	Relatives of the data subject, JU staff
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Collection and use of private contact data of officials and other servants in the context of the Business Continuity Management (BCM) and for other central administrative purposes, such as to collect and transmit data of staff members and their family members residing in Belgium to the relevant Belgian authority and if the consent of the staff members is provided, for the purpose of obtaining a ‘digital key’ (a user name and password) which allows access to all federal public sites, local sites, including the Ma Santé portal relevant in the context of Covid-19 certificates.
Description	Collection and use of private contact data of officials and other servants in the context of the Business Continuity Management (BCM) and for other central administrative purposes. CBE JU collects and uses your personal information through the IT system SYSPER ("System de personnel"), that manages a compendium of work life related files of staff, centralised the personal data. This design aims the efficient way of managing the work life related personal data. Although every processing using any personal data have specific data protection records, this record justifies the general need of colleting personal data such as: First and family name, address, personal telephone, family composition and so on. Below is a non-exhaustive list of the more significant processes of personal data through SYSPER: · To collect private contact details of staff and make them available at corporate level for Business Continuity Management purposes, i.e. to prepare (exercises) and respond to crises and operational disruptions affecting the normal functioning of the CBE JU. · To contact staff (or their family) for administrative and / or urgent reasons. Such contact may be required in the interests of the service or to inform staff of a situation which could impact upon their ability to carry out their assigned tasks. · To authenticate some activities of the staff members such as remote access to IT platforms, or switching the professional line to the private line in case of telework. · To collect and transmit data of staff members and their family members residing in Belgium to the relevant Belgian authority and if the consent of the staff members is provided, for the purpose of obtaining a ‘digital key’ (a user name and password) which allows access to all federal public sites, local sites, including the Ma Santé portal relevant in the context of Covid-19 certificates. · Any other administrative work life related purpose Your personal data will not be used for an automated decision-making including profiling.
Processed data	Personal characteristics	Public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), legal obligation (article 5 (b) of regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725	8 years after the extinction of all rights of the person concerned and of any dependents
	Personal details	Public interest article 5 a) of regulation 2018/1725, processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), legal obligation (article 5 (b) of regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725	8 years after the extinction of all rights of the person concerned and of any dependents
Processors	IT Tool SYSPER (Belgium)
Restrictions of data subject rights	in accordance with article 25 regulation (eu) 2018/1725, the cbe ju may restrict the application of the rights enshrined in articles 14 to 21, 35 and 36, as well as article 4 as per decision of the governing board of the bio-based industries joint undertaking of 26 march 2020 laying down internal rules concerning restrictions of certain rights of data subjects in relation to processing of personal data in the framework of the functioning of the bbi ju. to be noted: 1) following the entry into force of council regulation (eu) 2021/2085 ,of 19 november 2021, establishing the joint undertakings under horizon europe, and as established in its article 174.,3 the circular bio-based europe joint undertaking (cbe ju) replaces and succeeds the bio-based industries joint undertaking (bbi ju in all contracts, services legal agreements or other agreements signed by the latest.) 2) decision of the gb of 16 december 2021 approving the list of decisions adopted by the bio-bases industries joint undertaking that shall continue to apply for the circular bio-based europe.
Security measures	Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	European Commission and its services: , Other: Recipients in the framework of the access to the Digital Key for Belgian residents is the Belgian authority, Other: Generated lists are sent to the Permanent Representations of the EU member states
Joint controllers	n/a
privacy policy url
Last updated	10.08.2022
internal reference	DPO - 1 - 11
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Salary

Reference number	DPO-1-06
Data subject category	JU Staff: temporary, JU Staff: contractual, Relatives of the data subject
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Personal data is collected in order to determine the staff member’s entitlements. Documents are collected by the HR Officer and sent to the relevant Commission service (PMO) which will process the data in order to determine the financial rights of the staff member.
Description	Salary slips, allowances
Processed data	Education	Public interest article 5 a) of regulation 2018/1725	8 years after the extinction of all rights of the person concerned and of any dependents
	Family composition	Public interest article 5 a) of regulation 2018/1725	8 years after the extinction of all rights of the person concerned and of any dependents
	Financial information	Public interest article 5 a) of regulation 2018/1725	8 years after the extinction of all rights of the person concerned and of any dependents
	Personal characteristics	Public interest article 5 a) of regulation 2018/1725	8 years after the extinction of all rights of the person concerned and of any dependents
	Personal details	Public interest article 5 a) of regulation 2018/1725	8 years after the extinction of all rights of the person concerned and of any dependents
Processors	n/a
Restrictions of data subject rights	n/a
Security measures	Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	European Commission and its services: PMO, Other: CBE JU Executive Director, European Commission and its services: Medical Service, Other: CBE JU Staff members: Financial team, Human resources Manager
Joint controllers	PMO
privacy policy url
Last updated	10.08.2022
internal reference	DPO-1-06
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Selection and recruitment of interims

Reference number	DPO-01-1 (interims)
Data subject category	Interim staff selected via an external contractor on behalf of the European Commission
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Data are processed for the purpose of organising the selection and recruitment procedures for interims at the CBE JU.
Description	Collecting applications of candidates, screening tables, pre-selection reports, selection reports, written tests, interview questions, offers for posts, short lists, reserve lists, reserve list letters, negative letters etc.
Processed data	Education	Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725	6 months
	Health data	Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725	6 months
	Juridic data	Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725	For the duration of the selection procedure only
	Personal characteristics	Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725	6 months
	Personal details	Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725	6 months
	Profession	Public interest article 5 a) of regulation 2018/1725, contractual obligation article 5 c) of regulation 2018/1725	6 months
Processors	DAOUST (Belgium) Randstad (Belgium)
Restrictions of data subject rights	n/a
Security measures	Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Obligation of confidentiality of the staff, Once the procedure is closed, electronically stored data erased, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	External contractors under framework contract with the European Commission : Randstad, Daoust, Other: CBE JU staff members: members of the selection committee, HR manager, CBE JU Executive Director
Joint controllers	n/a
privacy policy url	https://www.cbe.europa.eu/personal-data-protection
Last updated	10.08.2022
internal reference	DPO-01-1 (interims)
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Submission of proposals, evaluation, selection, negotiation and award of Grant Agreements

Reference number	DPO-3-02
Data subject category	Members of the consortia
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Receipt of proposals from consortia in response to an open call, evaluation and selection and award
Description	Receipt of proposals from consortia in response to an open call, evaluation and selection and award
Processed data	Education	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	1. Files of successful grant applications are kept for 7 years after the end of the respective contract or the closing of the action.2. Files of unsuccessful or withdrawn grant applications might be kept for up to 5 years after the closure of the particular procedure to allow for all possible appeals.Anonymous or encrypted data can be retained for a longer period for statistical, scientific or historical purposes. Personal data not updated for 7 years will be removed from any relevant database. year
	Financial information	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	1. Files of successful grant applications are kept for 7 years after the end of the respective contract or the closing of the action.2. Files of unsuccessful or withdrawn grant applications might be kept for up to 5 years after the closure of the particular procedure to allow for all possible appeals.Anonymous or encrypted data can be retained for a longer period for statistical, scientific or historical purposes. Personal data not updated for 7 years will be removed from any relevant database.
	Personal characteristics	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	1. Files of successful grant applications are kept for 7 years after the end of the respective contract or the closing of the action.2. Files of unsuccessful or withdrawn grant applications might be kept for up to 5 years after the closure of the particular procedure to allow for all possible appeals.Anonymous or encrypted data can be retained for a longer period for statistical, scientific or historical purposes. Personal data not updated for 7 years will be removed from any relevant database.
	Personal details	Public interest article 5 a) of regulation 2018/1725, legal obligation article 5 b) of regulation 2018/1725	1. Files of successful grant applications are kept for 7 years after the end of the respective contract or the closing of the action.2. Files of unsuccessful or withdrawn grant applications might be kept for up to 5 years after the closure of the particular procedure to allow for all possible appeals.Anonymous or encrypted data can be retained for a longer period for statistical, scientific or historical purposes. Personal data not updated for 7 years will be removed from any relevant database.
Processors	European Commission (Belgium)
Restrictions of data subject rights	n/a
Security measures	Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	European Commission and its services: , Other: CBE JU Executive Director, External contractors under framework contract with the European Commission : , Other: CBE JU staff members, Other: External experts evaluating the proposals
Joint controllers	European Commission
privacy policy url	https://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-grants-sedia_en.pdf
Last updated	10.08.2022
internal reference	DPO-3-02
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Sysper

Reference number
Data subject category	JU staff
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	Time management and flexitime requests
Description	Manage within a legal, standardized and centralized framework all aspects of the working time management of staff (SYSPER): 1) management of files and requests relating to part-time work, and parental and family leave; 2) management of annual and special leave rights and absences. 3) telework monitoring management 4) management of working time within the framework of flexible working hours in compliance with obligations regarding working hours in general. These data can be used to authorise the recuperation of overtime based on the working hours registered in SYSPER by the staff member. 5) production of statistics corresponding to all the previous points. The processing of all of this data is not intended to intervene in the evaluation process. These data are used to produce anonymous statistics by CBE JU. For flexible working hours, the data is used to produce individual reports. The data relating to a case of serious difficulty are used to enable the CBE JU to take a decision allowing 95% part-time work without a financial reduction.
Processed data	Personal details	Public interest article 5 a) of regulation 2018/1725	10 years after end of contract
	Profession	Public interest article 5 a) of regulation 2018/1725	7 years
Processors	European Commission (Belgium) NEO (IT platfrom for booking missions) (EEA, adequate) Secured IT data base (Joint Sickness Insurance Scheme) (Belgium) Secured transmission system ARES (Belgium)
Restrictions of data subject rights	in accordance with article 25 regulation (eu) 2018/1725, the cbe ju may restrict the application of the rights enshrined in articles 14 to 21, 35 and 36, as well as article 4 as per decision of the governing board of the bio-based joint undertaking of 26 march 2020 laying down internal rules concerning restrictions of certain rights of data subjects in relation to processing of personal data in the framework of the functioning of the bbi ju to be noted: 1) following the entry into force of council regulation (eu) 2021/2085 ,of 19 november 2021, establishing the joint undertakings under horizon europe, and as established in its article 174.,3 the circular bio-based europe joint undertaking (cbe ju) replaces and succeeds the bio-based industries joint undertaking (bbi ju in all contracts, services legal agreements or other agreements signed by the latest.) 2) decision of the gb of 16 december 2021 approving the list of decisions adopted by the bio-bases industries joint undertaking that shall continue to apply for the circular bio-based europe.
Security measures	Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff
Recipients	European Commission and its services: DG HR
Joint controllers	n/a
privacy policy url	See Intranet
Last updated	10.08.2022
internal reference	Add Number
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf

Activity: Teleworking

Reference number	DPO-1-07
Data subject category	JU Staff: temporary, JU Staff: contractual
Controller	Circular Bio-based Europe Joint Undertaking (Brussels)
Data protection officer	DPO@cbe.europa.eu
Purpose	The purpose of this processing operation is to manage in a legal, standardized and centralized framework all temporal aspects of a jobholder's framework with respect to the management and monitoring of the implementation of teleworking. In particular, the treatment consists in identifying the persons authorized to telework according to various criteria such as the possibilities of telework, the interest of the service or the motivation of the person. The persons concerned have the possibility of making a request for telecommuting either casual or structural via Sysper.
Description	Management of the teleworking requests and agreements; planning regarding the ordering of ICT tools and devices for the performance of telework. Staff members are granted access to an electronic tool in which they can launch a request for teleworking.
Processed data	Family composition	Public interest article 5 a) of regulation 2018/1725	10 years after the extinction of all rights of the staff member and any dependents
	Habits	Public interest article 5 a) of regulation 2018/1725	10 years after the extinction of all rights of the staff member and any dependents
	Health data	Public interest article 5 a) of regulation 2018/1725	10 years after the extinction of all rights of the staff member and any dependents
	Personal details	Public interest article 5 a) of regulation 2018/1725	3 years
	Profession	Public interest article 5 a) of regulation 2018/1725	3 years
Processors	IT Tool SYSPER (Belgium)
Restrictions of data subject rights	n/a
Security measures	Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
Recipients	Data subject themselves: Right to access and rectify their own data in SYSPER., Other: CBE JU staff: Executive Director, Line Managers, HR Manager
Joint controllers	DG DIGIT, DG Human Resources and Security
privacy policy url
Last updated	10.08.2022
internal reference	DPO-1-07
Exercising your rights	https://www.cbe.europa.eu/system/files?file=2022-04/CBEJU_legal_notice_2022.pdf