Processing Activities
Search
Data subject categories
Fields
Purpose
Description
Processed data
Recipients
Supporting assets
reference number
Results
-
Activity: Access to Documents
Reference number PO-2-04 Data subject category Any natural person acting on a private basis or on behalf of a legal person submitting a request for access to IMI2 JU (public) documents Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Any natural person acting on a private basis or on behalf of a legal person submitting a request for access to IMI2 JU (public) documents Description This processing operation takes form in the receipt of requests of any external person to access IMI2 JU (public) documents, the analysis of the request, taking a decision on the request, and informing the applicant of the decision and acknowledgment of receipt.Requests may be submitted via e-mail, fax or regular post:- Email: access.to.documents at imi.europa.eu
- Fax: +32 (0)2 221 81 74
- Post: Access to Documents - IMI2 JU, TO 56, B-1049 Brussels, Belgium
Processed data Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 5 years Profession Legal obligation (article 5 (b) of regulation 2018/1725) 5 years Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis Recipients Other: IMI2 JU staff Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Anti-fraud procedures
Reference number PO-3-09 Data subject category Natural persons suspected of fraud, corruption or serious misconduct likely to be detrimental to the EU's financial interests Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose The purpose of the processing operation is to facilitate internal investigations conducted by OLAF, which may carry out further external investigations, including on-the-spot checks and inspections, with a view to establishing whether there has been fraud, corruption or any other illegal activity affecting the financial interests of the Union in connection with an agreement or a contract funded by the IMI2 JU. Description This processing operation entails the processing of personal data in order to analyse information about potential fraud and financial irregularities to assess whether there are grounds to transmit relevant information to the competent authorities for investigation, in particular the European Anti-Fraud Office (OLAF).IMI2 JU Anti-Fraud Strategy: https://www.imi.europa.eu/sites/default/files/uploads/documents/About-IMI/Governance/Governing-Board/IMI2-GB-DEC-2020-12_AntiFraudStrategy2020-2024.pdfProcessed data Personal characteristics Legal obligation article 5 b) of regulation 2018/1725 5 years Personal details Legal obligation article 5 b) of regulation 2018/1725 5 years Profession Legal obligation article 5 b) of regulation 2018/1725 5 years Processors n/a Restrictions of data subject rights restrictions of data subjects' rights may occur during the preliminary activities related to cases of potential irregularities reported to olaf.
see commission decision (eu) 2018/1962 of 11 december 2018 laying down internal rules concerning the processing of personal data by the european anti-fraud office (olaf) in relation to the provision of information to data subjects and the restriction of certain of their rights in accordance with article 25 of regulation (eu) 2018/1725 of the european parliament and of the council.Security measures Appropriate training, Data kept according to the security measures adopted by the European Commission Recipients European Commission and its services: OLAF, Government organisations: Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Anti-harassment procedures
Reference number PO-3-11 Data subject category JU Staff Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose The collection of "hard" data aims at the identification of the person, the management of historical records and most importantly at the identification of recurrent and multiple cases., Personal data is collected for the purpose of the procedure detailed in the IMI2 JU policy on protecting the dignity of the person and preventing psychological harassment and sexual harassment. Description The collection of data takes place in the context of selecting and appointing confidential counselors or in the context of the informal procedure described in the IMI2 JU anti-harassment procedure.Processed data Personal details Processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725 5 years Profession Processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725 5 years Processors n/a Restrictions of data subject rights restriction of data subject rights may occur in procedures to fight harassment to protect the alleged victim in cases where personal data related to the suspect is collected as well (allegations made about the suspect by informants or witnesses).
the legal basis for such restrictions is article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others).Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis Recipients European Commission and its services: OLAF, where necessary, Other: Confidential counselors Joint controllers n/a privacy policy url Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Document management
Reference number PO-3-04 Data subject category JU Staff, Staff correspondents Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is collected to ensure appropriate follow up, filing and registration of important communication (internal/external) and documents. Description Repository and filling of documents are received and sent out from and to external person as well as internal mail/document exchanges.Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years Profession Public interest article 5 a) of regulation 2018/1725 3 years Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis Recipients Other: IMI2 JU staff, European Commission and its services: Investigation and Disciplinary Office, OLAF, IT service providers of DG DIGIT, DG DIGIT Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: E-newsletter subscription
Reference number PO-4-01 Data subject category Recipients (“general public”) having requested or explicitly consented to remain in the IMI2 JU database and to continue receiving the IMI2 JU newsletter. Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is collected for the purpose of subscribing to the IMI2 JU's monthly electronic newsletter via the IMI2 JU website. Description Establishing a list of email addresses to which each issue of the e-newsletter is sent; sending emails, invitations to events, alerts, e-news, and other relevant information.Processed data Personal details Explicit consent article 5 d) of regulation 2018/1725 Until the data subject unsubscribes Profession Explicit consent article 5 d) of regulation 2018/1725 Until the data subject unsubscribes Processors n/a Restrictions of data subject rights Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data not displayed to the wider public, Staff dealing with this processing operation is designated on a need-to-know basis Recipients Other: IMI2 JU Communication Team, Other: External service providers Joint controllers n/a privacy policy url https://www.imi.europa.eu/sites/default/files/uploads/documents/IMI2%20JU%20Privacy%20Statement%20-%20Events%20%26%20Newsletters_0.pdf Last updated 05.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/sites/default/files/uploads/documents/IMI2%20JU%20Privacy%20Statement%20-%20Events%20%26%20Newsletters_0.pdf
-
Activity: Evaluation of staff
Reference number PO-1-04 Data subject category JU Staff Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Managing performance of staff with regard to the job description and objectives Description Personal data is collected to assess the performance with regard to the job specifications and defined objectives, and the potential and development or reclassification needs.Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after end of contract Health data Public interest article 5 a) of regulation 2018/1725 10 years after end of contract Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after end of contract Personal details Public interest article 5 a) of regulation 2018/1725 10 years after end of contract Profession Public interest article 5 a) of regulation 2018/1725 10 years after end of contract Processors n/a Restrictions of data subject rights Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Staff dealing with this processing operation is designated on a need-to-know basis Recipients n/a Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 05.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Event registration and organisation
Reference number PO-4-02 Data subject category Registrants/Attendees of IMI2 JU events Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is collected to register interested persons for effective management of meetings, provide access to the IMI2 JU event venues, and maintain participant’s lists as well as allowing possible event follow-up actions including feedback collection, specific communication activities and sharing of presentations. Description Collecting personal data as a part of the registration process for IMI2 JU events, processing for organisation of event (participants list, name tags, access control, etc), online registration of participants as well as communication with event participants before and after the end of events; Sharing data for networking.Processed data Health data Public interest article 5 a) of regulation 2018/1725 5 years Personal details Public interest article 5 a) of regulation 2018/1725 5 years Profession Public interest article 5 a) of regulation 2018/1725 5 years Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 5 years Processors n/a Restrictions of data subject rights n/aSecurity measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Staff dealing with this processing operation is designated on a need-to-know basis Recipients n/a Joint controllers n/a privacy policy url https://www.imi.europa.eu/sites/default/files/uploads/documents/IMI2%20JU%20Privacy%20Statement%20-%20Events%20%26%20Newsletters_0.pdf Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/sites/default/files/uploads/documents/IMI2%20JU%20Privacy%20Statement%20-%20Events%20%26%20Newsletters_0.pdf
-
Activity: External audits and ex-post controls
Reference number PO-3-02 Data subject category Candidates and tenderers in procurement procedures, External experts, JU Staff, Contractors, Beneficiairies, Candidates applying for open vacancies (TA, CA, and SNE) Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is collected and managed for the sole purpose of preparing and communicating the audit reports by the external auditors. Description Personal data is collected in the conduct of checks and financial controls of grant agreements or service contracts aimed at verifying beneficiary's or contractor's or subcontractors' or third parties' compliance with all contractual provisions (including financial provisions). The purpose of the control is to check that the action and the provisions of the grant agreement or contract are being properly implemented and to assess the legality and regularity of the transaction underlying the implementation of the EU budget.Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 7 years Financial information Legal obligation (article 5 (b) of regulation 2018/1725) 7 years Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 7 years Profession Legal obligation (article 5 (b) of regulation 2018/1725) 7 years Processors n/a Restrictions of data subject rights no restriction per se in imi2 ju-related operations.Security measures Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis Recipients Other: European Court of Auditors, Other: EDPS, European Commission and its services: Accounting Officer of the European Commission Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Grant award and management (successful applicants)
Reference number PO-2-05-a Data subject category Applicants, in case of legal entities, their representatives. Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose The data is collected in order to allow to evaluate proposals and/or organisation, to award funding if the proposal is successful, to manage grant agreements, as well as to design, monitor and evaluate Research and Innovation Programmes by the IMI2 JU and the European Comission. Description Collecting and processing of data provided by the applicants and beneficiaries in the context of grant applications as well as grant agreements managed by IMI2 JU in accordance with annual work plans.Processed data Education Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract Financial information Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract Juridic data Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract Personal characteristics Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract Personal details Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff Recipients Other: External evaluators or experts assisting the IMI2 JU Joint controllers European Commission, Research Executive Agency (REA) acting as a controller via de H2020 Participant Portal privacy policy url https://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-grants-sedia_en.pdf Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Grant award and management (unsuccessful applicants)
Reference number PO-2-05-b Data subject category Applicants, in case of legal entities, their representatives. Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose The data is collected in order to allow to evaluate proposals and/or organisation, to award funding if the proposal is successful, to manage grant agreements, as well as to design, monitor and evaluate Research and Innovation Programmes by the IMI2 JU and the European Commission. Description Collecting and processing of data provided by the applicants and beneficiaries in the context of grant applications as well as grant agreements managed by IMI2 JU in accordance with annual work plans.Processed data Education Public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure Financial information Public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure Juridic data Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract Personal characteristics Public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure Personal details Public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff Recipients Other: External evaluators or experts assisting the IMI2 JU Joint controllers n/a privacy policy url https://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-grants-sedia_en.pdf Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Internal audits
Reference number PO-3-03 Data subject category External experts, JU Staff, Contractors, Relatives of the data subject, External staff: trainees and interim staff, Beneficiairies Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Audit procedures to check the regularity of the transactions and the quality of financial management of the JU Description The Internal Audit function reports on their findings and recommendations and advises on dealing with risks, by issuing independent opinions on the quality of management and control systems and by issuing recommendations for improving the conditions of implementation of operations and promoting sound financial management.Processed data Education Public interest article 5 a) of regulation 2018/1725 7 years Financial information Public interest article 5 a) of regulation 2018/1725 7 years Personal details Public interest article 5 a) of regulation 2018/1725 7 years Profession Public interest article 5 a) of regulation 2018/1725 7 years Processors n/a Restrictions of data subject rights Security measures Staff dealing with this processing operation is designated on a need-to-know basis Recipients n/a Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Leave Management
Reference number PO-1-05 Data subject category JU Staff Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Processing leave requests and assessing the entitlement to such leave, such as annual and special leave, maternity leave, leave on personal grounds, parental leave Description Assessing the entitlement to leave (other types than special leave) and working conditions for temporary agents, contract agents or SNE.Processed data Family composition Public interest article 5 a) of regulation 2018/1725 N + 4 years days Health data Public interest article 5 a) of regulation 2018/1725 N + 7 years days Personal characteristics Public interest article 5 a) of regulation 2018/1725 N + 4 years days Personal details Public interest article 5 a) of regulation 2018/1725 N + 4 years days Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis Recipients n/a Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 05.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Management of public procurement procedures (successful tenderers)
Reference number PO-2-01-a Data subject category Candidates and tenderers in procurement procedures Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is collected for the award, management and follow-up of procurement contracts, grants, prizes and financial instruments by the IMI2 JU in accordance with IMI2 JU’s annual work plan. Description Collecting and processing of data provided by the applicants, tenderers, contractors and beneficiaries in the context of grant applications and tenders procedures as well as grant agreements and procurement contracts managed by IMI2 JU.Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Juridic data Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Membership of a professional association Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Personal characteristics Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract Recipients Other: Opening Committee in relation to names of persons attending the opening session, Other: Evaluation Committee appointed by the authorising officer Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 05.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Management of public procurement procedures (unsuccessful tenderers)
Reference number PO-2-01-b Data subject category Candidates and tenderers in procurement procedures Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is collected for the award, management and follow-up of procurement contracts, grants, prizes and financial instruments by the IMI2 JU in accordance with IMI2 JU’s annual work plan. Description Collecting and processing of data provided by the applicants, tenderers, contractors and beneficiaries in the context of grant applications and tenders procedures as well as grant agreements and procurement contracts managed by IMI2 JU.Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Juridic data Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Membership of a professional association Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Personal characteristics Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Processors n/a Restrictions of data subject rights restriction already foreseen in the financial regulation – art 142 (1)Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract Recipients Other: Opening Committee in relation to names of persons attending the opening session, Other: Evaluation Committee appointed by the authorising officer Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Microsoft 365
Reference number To be added Data subject category JU staff, Externals to the organisation: JU external collaborators being granted access to M365 platform as guests Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose In line with the European Commission’s Digital Strategy, JU is gradually moving into a fully digital working environment. As a European public administration, JU needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster. Description
In line with the European Commission’s Digital Strategy, JU is gradually moving into a fully digital working environment.As a European public administration, JU needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster.For this strategy to deliver, JU has designed several actions and adopted a series of new tools designed to form together a Digital Workplace.The Digital Workplace is an opportunity for JU to become an example of a modern public, connected and efficient Public Administration by providing staff with the best combination of tools, physical framework and working methods, to effectively support the achievement of the priorities of our organisation.The Digital Workplace responds to the need for connected office, integrating teleworking tools for activities such as conference calls, remote collaboration, audio- or videoconferencing or webinars.
Consequently, JU has decided to operate M365 provided by Microsoft Ireland. M365 offers cloud-based solutions that enable staff members of JU to:- Document Processing – to create, read, review and amend documents, presentations, spreadsheets and other document types in various formats and for various purposes (Access, Sway, Forms);
- Email, Calendar, Contacts – to manage and exchange e-mail, calendars, contacts, tasks and notes (Exchange Online);
- File Sharing – to create, read, review, amend, store and share documents and files of various types in view of collaboration among staff (SharePoint Online, OneDrive, OneNote, Stream, Teams, PowerApps, Yammer);
- Chat and Messaging – to interact, share files, chat and exchange messages with colleagues, partners, stakeholders and other parties (Teams, Yammer);
- Virtual Meetings – to set up and participate in virtual meetings and teleconferences (Teams);
- Project and Task Management – to facilitate project and task management by staff (Exchange Online); and
- Data Analytics and Visualisation – to analyse data and visualise such data (Power BI).
Identity and access management to M365 is managed through Azure Active Directory (Azure AD) and InTune.The operation of M365 requires the processing of personal data by JU for the following purposes:- provision, enabling, set-up, configuration and maintenance of M365 capabilities, including facilitating and coordinating field tasks (Identification Data, Service-Generated Data, Content Data)
- administration of the rights allocated to a user account (identity and access management) (Identification Data);
- end-user support and IT Teams support for issues with M365 (Identification Data, Service-Generated Data, Diagnostic Data);
- prevention, detection and resolution of security events (e.g. cyber-attack), to ensure the confidentiality, integrity and availability of M365 (Identification Data, Service-Generated Data); and
- responding to data subjects exercising their rights in relation to personal data processed within M365 (Identification Data, Service-Generated Data).
Additionally, Microsoft Ireland as a processor for and on behalf of JU processes personal data for internal business operations in the context of providing M365. These business operations consist of (exhaustive list):- billing and account management (Identification Data, Service-Generated Data);
- compensation (Service-Generated Data);
- internal reporting and business modelling (Service-Generated Data);
- combatting fraud, cybercrime, and cyberattacks (Identification Data, Service-Generated Data);
- improving core functionality of accessibility, privacy and energy efficiency (Service-Generated Data); and
- financial reporting and compliance with legal obligations (Identification Data, Service-Generated Data).
Processed data Personal details Public interest article 5 a) of regulation 2018/1725 For the duration of the grant agreement months Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 For as long as the user account is active. Processors - Microsoft (Belgium)
- NEO (IT platfrom for booking missions) (EEA)
- Real Dolmen (Belgium)
- Secured transmission system ARES (Belgium, Adequate)
Restrictions of data subject rights n/aSecurity measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Computer systems hardened, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis Recipients Other private organisations: Microsoft's personnel based outside the EEA (most importantly, the USA) managing the databases on Microsoft cloud servers and Microsoft’s sub-processors' personnel on a need-to-know basis. Joint controllers n/a privacy policy url https://www.fch.europa.eu/node/514 Last updated 01.05.2021 internal reference to be added Exercising your rights Please see the Privacy Statement
-
Activity: Occupational health and medical data
Reference number PO-1-08 Data subject category JU Staff Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Management of health data in the workplace and pre-recruitment, annual or periodic medical examination Description Procedures put in place to ensure safety, health and welfare of IMI2 JU staff; Pre-recruitment medical examination; Annual and periodic medical examination. IMI2 JU does not collect medical certificates of staff members. These are directly sent to the medical service of the European Commission in accordance with the applicable procedure.Processed data Family composition Public interest article 5 a) of regulation 2018/1725 3 years Health data Public interest article 5 a) of regulation 2018/1725 10 years after end of contract Personal details Public interest article 5 a) of regulation 2018/1725 3 years Processors n/a Restrictions of data subject rights no specific restrictions in place at imi2 ju. the medical files are kept at the commission's medical service. commission decision (eu) 2019/154 of 30 january 2019 laying down internal rules concerning the restriction of the right of access of data subjects to their medical files.Security measures n/a Recipients n/a Joint controllers DG Human Resources and Security, PMO privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 05.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Personnel files
Reference number PO-1-03 Data subject category JU Staff, Relatives of the data subject Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Processing of staff data for employment contract, setting up rights, complaints, appraisal, career development, contract termination Description Collection of staff documentation for recruitment, career development, appraisal, determination of rights; creation and management of e-mail address (EC Address book data). Staff data may also be used for the following purpose: in order to analyse information about potential fraud and financial irregularities to assess whether there are grounds to transmit the information to the relevant authorities for investigation, in particular the European Anti-Fraud Office (OLAF). Privacy notices relating to OLAF processing operations at the following link: https://ec.europa.eu/anti-fraud/olaf-and-you/data-protection/olaf-personal-data-processing-operations-and-privacy-statements_enProcessed data Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents Financial information Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents Personal details Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents Processors n/a Restrictions of data subject rights only one possible case of restriction of data subjects rights: such case may occur during the preliminary activities related to cases of potential irregularities reported to olaf.
see commission decision (eu) 2018/1962 of 11 december 2018 laying down internal rules concerning the processing of personal data by the european anti-fraud office (olaf) in relation to the provision of information to data subjects and the restriction of certain of their rights in accordance with article 25 of regulation (eu) 2018/1725 of the european parliament and of the council.Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis Recipients n/a Joint controllers n/a privacy policy url Last updated 05.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Prevention and management of conflicts of interests applicable to the bodies of the IMI2 JU
Reference number PO-6-01 Data subject category Governing Board Members, Members of IMI2 JU bodies Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is processed for the sole purpose of applying the rules for the prevention and management of conflicts of interest applicable to the members of the bodies of the IMI2JU listed under Article 4(1) of the Statutes in order to ensure the handling of situations where potential conflicts of interest may arise in a transparent and consistent manner. Description Collecting and screening declarations of confidentiality and non-conflict of interests signed by all members of the IMI2 JU bodies before appointment, after appointment (on a yearly basis) and spontaneously at any time in the course of their duties (ad-hoc Declaration).Processed data Education Public interest article 5 a) of regulation 2018/1725 5 years Financial information Public interest article 5 a) of regulation 2018/1725 5 years Membership of a professional association Public interest article 5 a) of regulation 2018/1725 5 years Memberships Public interest article 5 a) of regulation 2018/1725 5 years Personal details Public interest article 5 a) of regulation 2018/1725 5 years Profession Public interest article 5 a) of regulation 2018/1725 5 years Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis Recipients The general public: The names of the Members of Governing Board, Scientific Committee, States Representatives Group are published on the IMI2 JU's website, Other: IMI2 JU staff Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Salary
Reference number PO-1-06 Data subject category JU Staff, Relatives of the data subject Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Processing of any information related to the salary and to determine the staff member's entitlements, such as salary slips and allowances Description Personal data is collected in order to determine the staff member’s entitlements. Documents are collected by Human Resources and sent to the relevant Commission service (PMO) which will process the data in order to determine the financial rights of the staff member.Processed data Education Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents Family composition Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents Financial information Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents Personal details Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents Profession Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents Processors n/a Restrictions of data subject rights Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis Recipients n/a Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 05.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Selection and management of experts database (selected experts)
Reference number PO-2-03-a Data subject category External experts Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is collected for the selection and the management (including reimbursements of expenses and payment where appropriate) of independent experts appointed by IMI2 JU to advise on or assist with: the evaluation of proposals, the monitoring of the implementation of actions carried out under Horizon 2020 as well as of previous Research and/or Innovation Programmes, advice or assistance with other tasks related to IMI2 JU activities. Description Collection and processing of data provided by individuals for the establishment of a database of prospective independent experts to assist with tasks managed by the S2R JU. The processing operations performed by the Controller include collection, storage and evaluation of personal data of the experts.Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Financial information Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Personal characteristics Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Profession Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract Recipients Other: External evaluators or experts assisting the IMI2 JU, Other: IMI2 JU staff participating in the selection of external experts, European Commission and its services: Research Executive Agency via the H2020 Participants Portal Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacyhttps://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-experts-sedia_en.pdf
-
Activity: Selection and management of external experts (Non-selected experts)
Reference number PO-2-03-b Data subject category External experts Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is collected for the selection and the management (including reimbursements of expenses and payment where appropriate) of independent experts appointed by the IMI2 JU to advise on or assist with: the evaluation of proposals, the monitoring of the implementation of actions carried out under Horizon 2020 as well as of previous Research and/or Innovation Programmes, advice or assistance with other tasks related to IMI2 JU activities. Description Collection and processing of data provided by individuals for the establishment of a database of prospective independent experts to assist with tasks managed by the IMI2 JU. The processing operations performed by the Controller include collection, storage and evaluation of personal data of the experts.Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Financial information Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Personal characteristics Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Profession Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract Recipients Other: IMI2 JU staff, European Commission and its services: Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacyhttps://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-experts-sedia_en.pdf
-
Activity: Selection and recruitment of staff and trainees (temporary agents, contract agents, seconded national experts)
Reference number PO-1-01 Data subject category Candidates applying for open vacancies (TA, CA, and SNE) Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Receiving and processing applications following publication of vacancy notice via the online recruitement tool Description This processing operation consists of collecting applications of candidates, screening tables, pre-selection reports, selection reports, written tests, interview questions, offers for posts, short lists, reserve lists, reserve list letters, negative letters etc. Special retention time applies to non-recruited candidates.Processed data Education Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos 10 years Family composition Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos 10 years after end of contract Genetic data Contractual obligation article 5 c) of regulation 2018/1725 , articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos) For the duration of the selection procedure only Health data Contractual obligation article 5 c) of regulation 2018/1725 , articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos) 10 years after end of contract Juridic data Contractual obligation article 5 c) of regulation 2018/1725 , articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos) For the duration of the selection procedure only Location information Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos 10 years after end of contract Personal details Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos 10 years after end of contract Profession Articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos) 10 years after end of contract Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Data not displayed to the wider public, Obligation of confidentiality of the staff, Premises abide by the European Commission's security decisions and provisions, Staff dealing with this processing operation is designated on a need-to-know basis Recipients n/a Joint controllers n/a privacy policy url https://www.imi.europa.eu/sites/default/files/uploads/documents/work-for-us/job-opportunities/PrivacyStatementRecruitment.pdf Last updated 05.02.2021 internal reference Exercising your rights
-
Activity: Sick leaves
Reference number PO-1-05-bis Data subject category External staff: trainees and interim staff, JU Staff: temporary, JU Staff: contractual Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is managed and collected for the purpose of assessing the entitlement to sick leave, annual leave and special leave and working conditions for temporary agents and contract agents. Description Assessing the entitlement to sick leaves and working conditions for temporary agents and contract agents.Processed data Health data Public interest article 5 a) of regulation 2018/1725 5 years Personal characteristics Public interest article 5 a) of regulation 2018/1725 5 years Personal details Public interest article 5 a) of regulation 2018/1725 5 years Profession Public interest article 5 a) of regulation 2018/1725 5 years Processors n/a Restrictions of data subject rights n/aSecurity measures A paper copy is made and saved in a paper file. The paper file is archived in a locked cupboard., Staff dealing with this processing operation is designated on a need-to-know basis Recipients Other: Human resources officer, Line manager, Executive Director, Other: Other Institutions in case of transfer (they receive a chart with the liquidation account of sick leave), European Commission and its services: PMO, Medical service, DG DIGIT Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 05.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Spontaneous applications
Reference number PO-1-02 Data subject category Unsolicited applicants Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Applications received outside a vacancy notice (via any other means than the online recruitement tool) Description Applications received outside a vacancy notice (via any other means than the online recruitement tool)
The IMI2JU does not consider spontaneous applications. Personal data (such as CV) is not stored and is deleted after 7 days. Regarding Blue Book trainees, IMI2 JU is not in charge of the recruitment process which is being dealt with by the relevant department at the European Commission (DG EAC). Applications are only accessible via the online database which is open for consultation only during specific periods. Therefore, IMI2 JU does not store any data related to the recruitment of Blue Book Trainees.Processed data Education Public interest article 5 a) of regulation 2018/1725 7 calendar days Personal characteristics Public interest article 5 a) of regulation 2018/1725 7 calendar days Personal details Public interest article 5 a) of regulation 2018/1725 7 calendar days Profession Public interest article 5 a) of regulation 2018/1725 7 calendar days Processors n/a Restrictions of data subject rights Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned Recipients n/a Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 05.02.2021 internal reference Exercising your rights
-
Activity: Teleworking
Reference number PO-1-09 Data subject category JU Staff Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose The purpose of this processing operation is to manage, in a legal, standardised and centralised framework, all temporal aspects of a jobholder's framework with respect to the management and monitoring of the implementation of teleworking. Description Management of the teleworking requests and agreements; planning regarding the ordering of ICT tools and devices for the performance of telework. Staff members are granted access to an electronic tool in which they can launch a request for teleworking.Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years Profession Public interest article 5 a) of regulation 2018/1725 3 years Processors n/a Restrictions of data subject rights Security measures Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract Recipients n/a Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 05.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: User Network and Systems Access
Reference number PO-5-01 Data subject category Any person whose personal data have been collected and are processed by information systems that use the IMI2 JU ICT infrastructure Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Personal data is collected to provide IMI2 JU employees with necessary access to ICT systems and services in order for them to carry out their statutory duties. This includes access provisioning to EC systems like ECAS/EU Login or ABAC. Description Provisioning of necessary access to IMI2 JU employees to designated business ICT systems of the organization based on incoming requests from HR department or management requests/access authorisationsProcessed data Personal characteristics Public interest article 5 a) of regulation 2018/1725 1 month after user's departure Personal details Public interest article 5 a) of regulation 2018/1725 1 month after user's departure Profession Public interest article 5 a) of regulation 2018/1725 1 month after user's departure Processors n/a Restrictions of data subject rights Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Confidentiality of communications and privacy, Windows 10 access: Password renewed every six month Recipients Other: IMI2 JU staff members: Network and security managers, IT system and database administrators, European Commission and its services: DG DIGIT, External contractors under framework contract with the European Commission : Real Dolmen Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Visitors to IMI2 JU premises
Reference number PO-6-01 Data subject category Candidates and tenderers in procurement procedures, Contractors, Members of the public Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose The aim in collecting and handling the relevant data is to control access to the IMI2 JU premises and car park. Description The data is used only by the IMI2 JU in the course of its work to protect the building and the people, property and information they contain, in line with the applicable security and safety instructions in the White Atrium building, adopted by the Joint Undertakings occupying these premises.Processed data Personal details Public interest article 5 a) of regulation 2018/1725 6 months Profession Public interest article 5 a) of regulation 2018/1725 6 months Processors n/a Restrictions of data subject rights Security measures Obligation of confidentiality of the staff, Premises abide by the European Commission's security decisions and provisions, Standard clause for the processing of personal data included in the contract Recipients n/a Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy
-
Activity: Whistleblowing procedures
Reference number PO-3-10 Data subject category JU Staff Controller Innovative Health Initiative Joint Undertaking (Brussels) Data protection officer data-protection@ihi.europa.eu Purpose Adopting and implementing measures needed to facilitate whistleblowing Description Collecting data for the purposes of establishing reporting channels for whistleblowers, managing and following-up reports, and ensuring protection and adequate remedies for whistleblowers.Processed data Personal details Legal obligation article 5 b) of regulation 2018/1725 2 months after the final decision has been issued to all the parties involved Profession Legal obligation article 5 b) of regulation 2018/1725 2 months after the final decision has been issued to all the parties involved Processors n/a Restrictions of data subject rights restrictions may apply on a case-by-case basis as regards: information, access, rectification, blocking, erasure, notification to third parties.
grounds for restriction: investigations to protect witnesses or whistle-blowers in cases where personal data relate to the suspect as well (allegations made about the suspect by informants or witnesses).
legal basis for restrictions: article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others)Security measures Data kept according to the security measures adopted by the European Commission Recipients European Commission and its services: European Anti Fraud Office (where needed), European Commission and its services: EDPS (where necessary), Police or legal organisations: , Other: European Court of Auditors Joint controllers n/a privacy policy url https://www.imi.europa.eu/legal-notice-privacy Last updated 16.02.2021 internal reference Exercising your rights https://www.imi.europa.eu/legal-notice-privacy