Processing Activities

Search


Data subject categories

Fields

Purpose
Description
Processed data
Recipients
Supporting assets
reference number

Results

  • Activity: Access to Documents
    Reference number PO-2-04
    Data subject category Any natural person acting on a private basis or on behalf of a legal person submitting a request for access to IMI2 JU (public) documents
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Any natural person acting on a private basis or on behalf of a legal person submitting a request for access to IMI2 JU (public) documents
    Description
    This processing operation takes form in the receipt of requests of any external person to access IMI2 JU (public) documents, the analysis of the request, taking a decision on the request, and informing the applicant of the decision and acknowledgment of receipt.
    Requests may be submitted via e-mail, fax or regular post:
    Processed data Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 5 years
    Profession Legal obligation (article 5 (b) of regulation 2018/1725) 5 years
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: IMI2 JU staff
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Anti-fraud procedures
    Reference number PO-3-09
    Data subject category Natural persons suspected of fraud, corruption or serious misconduct likely to be detrimental to the EU's financial interests
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose The purpose of the processing operation is to facilitate internal investigations conducted by OLAF, which may carry out further external investigations, including on-the-spot checks and inspections, with a view to establishing whether there has been fraud, corruption or any other illegal activity affecting the financial interests of the Union in connection with an agreement or a contract funded by the IMI2 JU.
    Description
    This processing operation entails the processing of personal data in order to analyse information about potential fraud and financial irregularities to assess whether there are grounds to transmit relevant information to the competent authorities for investigation, in particular the European Anti-Fraud Office (OLAF).
    IMI2 JU Anti-Fraud Strategy: https://www.imi.europa.eu/sites/default/files/uploads/documents/About-IMI/Governance/Governing-Board/IMI2-GB-DEC-2020-12_AntiFraudStrategy2020-2024.pdf
    Processed data Personal characteristics Legal obligation article 5 b) of regulation 2018/1725 5 years
    Personal details Legal obligation article 5 b) of regulation 2018/1725 5 years
    Profession Legal obligation article 5 b) of regulation 2018/1725 5 years
    Processors n/a
    Restrictions of data subject rights
    restrictions of data subjects' rights may occur during the preliminary activities related to cases of potential irregularities reported to olaf.
    see commission decision (eu) 2018/1962 of 11 december 2018 laying down internal rules concerning the processing of personal data by the european anti-fraud office (olaf) in relation to the provision of information to data subjects and the restriction of certain of their rights in accordance with article 25 of regulation (eu) 2018/1725 of the european parliament and of the council.
    Security measures Appropriate training, Data kept according to the security measures adopted by the European Commission
    Recipients European Commission and its services: OLAF, Government organisations:
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Anti-harassment procedures
    Reference number PO-3-11
    Data subject category JU Staff
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose The collection of "hard" data aims at the identification of the person, the management of historical records and most importantly at the identification of recurrent and multiple cases., Personal data is collected for the purpose of the procedure detailed in the IMI2 JU policy on protecting the dignity of the person and preventing psychological harassment and sexual harassment.
    Description
    The collection of data takes place in the context of selecting and appointing confidential counselors or in the context of the informal procedure described in the IMI2 JU anti-harassment procedure.
    Processed data Personal details Processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725 5 years
    Profession Processing is necessary to protect the vital interests of the data subject or another natural person (article 5(e) regulation 2018/1725), explicit consent article 5 d) of regulation 2018/1725 5 years
    Processors n/a
    Restrictions of data subject rights
    restriction of data subject rights may occur in procedures to fight harassment to protect the alleged victim in cases where personal data related to the suspect is collected as well (allegations made about the suspect by informants or witnesses).
    the legal basis for such restrictions is article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others). 
    Security measures Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients European Commission and its services: OLAF, where necessary, Other: Confidential counselors
    Joint controllers n/a
    privacy policy url
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Document management
    Reference number PO-3-04
    Data subject category JU Staff, Staff correspondents
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected to ensure appropriate follow up, filing and registration of important communication (internal/external) and documents.
    Description
    Repository and filling of documents are received and sent out from and to external person as well as internal mail/document exchanges.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: IMI2 JU staff, European Commission and its services: Investigation and Disciplinary Office, OLAF, IT service providers of DG DIGIT, DG DIGIT
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: E-newsletter subscription
    Reference number PO-4-01
    Data subject category Recipients (“general public”) having requested or explicitly consented to remain in the IMI2 JU database and to continue receiving the IMI2 JU newsletter.
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected for the purpose of subscribing to the IMI2 JU's monthly electronic newsletter via the IMI2 JU website.
    Description
    Establishing a list of email addresses to which each issue of the e-newsletter is sent; sending emails, invitations to events, alerts, e-news, and other relevant information. 
    Processed data Personal details Explicit consent article 5 d) of regulation 2018/1725 Until the data subject unsubscribes
    Profession Explicit consent article 5 d) of regulation 2018/1725 Until the data subject unsubscribes
    Processors n/a
    Restrictions of data subject rights
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data not displayed to the wider public, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: IMI2 JU Communication Team, Other: External service providers
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/sites/default/files/uploads/documents/IMI2%20JU%20Privacy%20Statement%20-%20Events%20%26%20Newsletters_0.pdf
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/sites/default/files/uploads/documents/IMI2%20JU%20Privacy%20Statement%20-%20Events%20%26%20Newsletters_0.pdf

  • Activity: Evaluation of staff
    Reference number PO-1-04
    Data subject category JU Staff
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Managing performance of staff with regard to the job description and objectives
    Description
    Personal data is collected to assess the performance with regard to the job specifications and defined objectives, and the potential and development or reclassification needs. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Health data Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Profession Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Processors n/a
    Restrictions of data subject rights
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Health data processed with the principles of medical confidentiality by HR officer, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Event registration and organisation
    Reference number PO-4-02
    Data subject category Registrants/Attendees of IMI2 JU events
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected to register interested persons for effective management of meetings, provide access to the IMI2 JU event venues, and maintain participant’s lists as well as allowing possible event follow-up actions including feedback collection, specific communication activities and sharing of presentations.
    Description
    Collecting personal data as a part of the registration process for IMI2 JU events, processing for organisation of event (participants list, name tags, access control, etc), online registration of participants as well as communication with event participants before and after the end of events; Sharing data for networking.
    Processed data Health data Public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 5 years
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/sites/default/files/uploads/documents/IMI2%20JU%20Privacy%20Statement%20-%20Events%20%26%20Newsletters_0.pdf
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/sites/default/files/uploads/documents/IMI2%20JU%20Privacy%20Statement%20-%20Events%20%26%20Newsletters_0.pdf

  • Activity: External audits and ex-post controls
    Reference number PO-3-02
    Data subject category Candidates and tenderers in procurement procedures, External experts, JU Staff, Contractors, Beneficiairies, Candidates applying for open vacancies (TA, CA, and SNE)
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected and managed for the sole purpose of preparing and communicating the audit reports by the external auditors.
    Description
    Personal data is collected in the conduct of checks and financial controls of grant agreements or service contracts aimed at verifying beneficiary's or contractor's or subcontractors' or third parties' compliance with all contractual provisions (including financial provisions). The purpose of the control is to check that the action and the provisions of the grant agreement or contract are being properly implemented and to assess the legality and regularity of the transaction underlying the implementation of the EU budget.
    Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 7 years
    Financial information Legal obligation (article 5 (b) of regulation 2018/1725) 7 years
    Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 7 years
    Profession Legal obligation (article 5 (b) of regulation 2018/1725) 7 years
    Processors n/a
    Restrictions of data subject rights
    no restriction per se in imi2 ju-related operations.
    Security measures Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: European Court of Auditors, Other: EDPS, European Commission and its services: Accounting Officer of the European Commission
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Grant award and management (successful applicants)
    Reference number PO-2-05-a
    Data subject category Applicants, in case of legal entities, their representatives.
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose The data is collected in order to allow to evaluate proposals and/or organisation, to award funding if the proposal is successful, to manage grant agreements, as well as to design, monitor and evaluate Research and Innovation Programmes by the IMI2 JU and the European Comission.
    Description
    Collecting and processing of data provided by the applicants and beneficiaries in the context of grant applications as well as grant agreements managed by IMI2 JU in accordance with annual work plans.
    Processed data Education Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Financial information Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Juridic data Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Personal details Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff
    Recipients Other: External evaluators or experts assisting the IMI2 JU
    Joint controllers European Commission, Research Executive Agency (REA) acting as a controller via de H2020 Participant Portal
    privacy policy url https://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-grants-sedia_en.pdf
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Grant award and management (unsuccessful applicants)
    Reference number PO-2-05-b
    Data subject category Applicants, in case of legal entities, their representatives.
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose The data is collected in order to allow to evaluate proposals and/or organisation, to award funding if the proposal is successful, to manage grant agreements, as well as to design, monitor and evaluate Research and Innovation Programmes by the IMI2 JU and the European Commission.
    Description
    Collecting and processing of data provided by the applicants and beneficiaries in the context of grant applications as well as grant agreements managed by IMI2 JU in accordance with annual work plans.
    Processed data Education Public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Financial information Public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Juridic data Contractual obligation article 5 c) of regulation 2018/1725 10 years after end of contract
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years after closure of procedure
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff
    Recipients Other: External evaluators or experts assisting the IMI2 JU
    Joint controllers n/a
    privacy policy url https://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-grants-sedia_en.pdf
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Internal audits
    Reference number PO-3-03
    Data subject category External experts, JU Staff, Contractors, Relatives of the data subject, External staff: trainees and interim staff, Beneficiairies
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Audit procedures to check the regularity of the transactions and the quality of financial management of the JU
    Description
    The Internal Audit function reports on their findings and recommendations and advises on dealing with risks, by issuing independent opinions on the quality of management and control systems and by issuing recommendations for improving the conditions of implementation of operations and promoting sound financial management. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 7 years
    Financial information Public interest article 5 a) of regulation 2018/1725 7 years
    Personal details Public interest article 5 a) of regulation 2018/1725 7 years
    Profession Public interest article 5 a) of regulation 2018/1725 7 years
    Processors n/a
    Restrictions of data subject rights
    Security measures Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Leave Management
    Reference number PO-1-05
    Data subject category JU Staff
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Processing leave requests and assessing the entitlement to such leave, such as annual and special leave, maternity leave, leave on personal grounds, parental leave
    Description
     Assessing the entitlement to leave (other types than special leave) and working conditions for temporary agents, contract agents or SNE. 
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 N + 4 years days
    Health data Public interest article 5 a) of regulation 2018/1725 N + 7 years days
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 N + 4 years days
    Personal details Public interest article 5 a) of regulation 2018/1725 N + 4 years days
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Management of public procurement procedures (successful tenderers)
    Reference number PO-2-01-a
    Data subject category Candidates and tenderers in procurement procedures
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected for the award, management and follow-up of procurement contracts, grants, prizes and financial instruments by the IMI2 JU in accordance with IMI2 JU’s annual work plan.
    Description
    Collecting and processing of data provided by the applicants, tenderers, contractors and beneficiaries in the context of grant applications and tenders procedures as well as grant agreements and procurement contracts managed by IMI2 JU.
    Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Juridic data Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Membership of a professional association Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Personal characteristics Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
    Recipients Other: Opening Committee in relation to names of persons attending the opening session, Other: Evaluation Committee appointed by the authorising officer
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Management of public procurement procedures (unsuccessful tenderers)
    Reference number PO-2-01-b
    Data subject category Candidates and tenderers in procurement procedures
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected for the award, management and follow-up of procurement contracts, grants, prizes and financial instruments by the IMI2 JU in accordance with IMI2 JU’s annual work plan.
    Description
    Collecting and processing of data provided by the applicants, tenderers, contractors and beneficiaries in the context of grant applications and tenders procedures as well as grant agreements and procurement contracts managed by IMI2 JU.
    Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Juridic data Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Membership of a professional association Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Personal characteristics Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Processors n/a
    Restrictions of data subject rights
    restriction already foreseen in the financial regulation – art 142 (1)
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
    Recipients Other: Opening Committee in relation to names of persons attending the opening session, Other: Evaluation Committee appointed by the authorising officer
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Microsoft 365
    Reference number To be added
    Data subject category JU staff, Externals to the organisation: JU external collaborators being granted access to M365 platform as guests
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose In line with the European Commission’s Digital Strategy, JU is gradually moving into a fully digital working environment. As a European public administration, JU needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster.
    Description

    In line with the European Commission’s Digital Strategy, JU is gradually moving into a fully digital working environment.
    As a European public administration, JU needs to lead the way in terms of both integrating digital at the core of European policy implementation and leveraging the potential of digital to work better and faster.
    For this strategy to deliver, JU has designed several actions and adopted a series of new tools designed to form together a Digital Workplace. 
    The Digital Workplace is an opportunity for JU to become an example of a modern public, connected and efficient Public Administration by providing staff with the best combination of tools, physical framework and working methods, to effectively support the achievement of the priorities of our organisation. 
    The Digital Workplace responds to the need for connected office, integrating teleworking tools for activities such as conference calls, remote collaboration, audio- or videoconferencing or webinars.
    Consequently, JU has decided to operate M365 provided by Microsoft Ireland. M365 offers cloud-based solutions that enable staff members of JU to:
    1. Document Processing – to create, read, review and amend documents, presentations, spreadsheets and other document types in various formats and for various purposes (Access, Sway, Forms);
    2. Email, Calendar, Contacts – to manage and exchange e-mail, calendars, contacts, tasks and notes (Exchange Online);
    3. File Sharing – to create, read, review, amend, store and share documents and files of various types in view of collaboration among staff (SharePoint Online, OneDrive, OneNote, Stream, Teams, PowerApps, Yammer);
    4. Chat and Messaging – to interact, share files, chat and exchange messages with colleagues, partners, stakeholders and other parties (Teams, Yammer);
    5. Virtual Meetings – to set up and participate in virtual meetings and teleconferences (Teams);
    6. Project and Task Management – to facilitate project and task management by staff (Exchange Online); and
    7. Data Analytics and Visualisation – to analyse data and visualise such data (Power BI).
    Identity and access management to M365 is managed through Azure Active Directory (Azure AD) and InTune.

    The operation of M365 requires the processing of personal data by JU for the following purposes:
    1. provision, enabling, set-up, configuration and maintenance of M365 capabilities, including facilitating and coordinating field tasks (Identification Data, Service-Generated Data, Content Data)
    2. administration of the rights allocated to a user account (identity and access management)  (Identification Data);
    3. end-user support and IT Teams support for issues with M365 (Identification Data, Service-Generated Data, Diagnostic Data);
    4. prevention, detection and resolution of security events (e.g. cyber-attack), to ensure the confidentiality, integrity and availability of M365 (Identification Data, Service-Generated Data); and
    5. responding to data subjects exercising their rights in relation to personal data processed within M365 (Identification Data, Service-Generated Data).

    Additionally, Microsoft Ireland as a processor for and on behalf of JU processes personal data for internal business operations in the context of providing M365. These business operations consist of (exhaustive list):
    1. billing and account management (Identification Data, Service-Generated Data); 
    2. compensation (Service-Generated Data); 
    3. internal reporting and business modelling (Service-Generated Data); 
    4. combatting fraud, cybercrime, and cyberattacks (Identification Data, Service-Generated Data); 
    5. improving core functionality of accessibility, privacy and energy efficiency (Service-Generated Data); and 
    6. financial reporting and compliance with legal obligations (Identification Data, Service-Generated Data). 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 For the duration of the grant agreement months
    Video tapes and photographs Public interest article 5 a) of regulation 2018/1725 For as long as the user account is active.
    Processors
    • Microsoft (Belgium)
    • NEO (IT platfrom for booking missions) (EEA)
    • Real Dolmen (Belgium)
    • Secured transmission system ARES (Belgium, Adequate)
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Computer systems hardened, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other private organisations: Microsoft's personnel based outside the EEA (most importantly, the USA) managing the databases on Microsoft cloud servers and Microsoft’s sub-processors' personnel on a need-to-know basis.
    Joint controllers n/a
    privacy policy url https://www.fch.europa.eu/node/514
    Last updated 01.05.2021
    internal reference to be added
    Exercising your rights
    Please see the Privacy Statement

  • Activity: Occupational health and medical data
    Reference number PO-1-08
    Data subject category JU Staff
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Management of health data in the workplace and pre-recruitment, annual or periodic medical examination
    Description
    Procedures put in place to ensure safety, health and welfare of IMI2 JU staff; Pre-recruitment medical examination; Annual and periodic medical examination. IMI2 JU does not collect medical certificates of staff members. These are directly sent to the medical service of the European Commission in accordance with the applicable procedure.
    Processed data Family composition Public interest article 5 a) of regulation 2018/1725 3 years
    Health data Public interest article 5 a) of regulation 2018/1725 10 years after end of contract
    Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Processors n/a
    Restrictions of data subject rights
    no specific restrictions in place at imi2 ju. the medical files are kept at the commission's medical service. commission decision (eu) 2019/154 of 30 january 2019 laying down internal rules concerning the restriction of the right of access of data subjects to their medical files.
    Security measures n/a
    Recipients n/a
    Joint controllers DG Human Resources and Security, PMO
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Personnel files
    Reference number PO-1-03
    Data subject category JU Staff, Relatives of the data subject
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Processing of staff data for employment contract, setting up rights, complaints, appraisal, career development, contract termination
    Description
    Collection of staff documentation for recruitment, career development, appraisal, determination of rights; creation and management of e-mail address (EC Address book data). Staff data may also be used for the following purpose:  in order to analyse information about potential fraud and financial irregularities to assess whether there are grounds to transmit the information to the relevant authorities for investigation, in particular the European Anti-Fraud Office (OLAF).  Privacy notices relating to OLAF processing operations at the following link: https://ec.europa.eu/anti-fraud/olaf-and-you/data-protection/olaf-personal-data-processing-operations-and-privacy-statements_en
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Financial information Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Processors n/a
    Restrictions of data subject rights
    only one possible case of restriction of data subjects rights: such case may occur during the preliminary activities related to cases of potential irregularities reported to olaf.
    see commission decision (eu) 2018/1962 of 11 december 2018 laying down internal rules concerning the processing of personal data by the european anti-fraud office (olaf) in relation to the provision of information to data subjects and the restriction of certain of their rights in accordance with article 25 of regulation (eu) 2018/1725 of the european parliament and of the council.
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Prevention and management of conflicts of interests applicable to the bodies of the IMI2 JU
    Reference number PO-6-01
    Data subject category Governing Board Members, Members of IMI2 JU bodies
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is processed for the sole purpose of applying the rules for the prevention and management of conflicts of interest applicable to the members of the bodies of the IMI2JU listed under Article 4(1) of the Statutes in order to ensure the handling of situations where potential conflicts of interest may arise in a transparent and consistent manner.
    Description
    Collecting and screening declarations of confidentiality and non-conflict of interests signed by all members of the IMI2 JU bodies before appointment, after appointment  (on a yearly basis) and spontaneously at any time in the course of their duties (ad-hoc Declaration).
    Processed data Education Public interest article 5 a) of regulation 2018/1725 5 years
    Financial information Public interest article 5 a) of regulation 2018/1725 5 years
    Membership of a professional association Public interest article 5 a) of regulation 2018/1725 5 years
    Memberships Public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients The general public: The names of the Members of Governing Board, Scientific Committee, States Representatives Group are published on the IMI2 JU's website, Other: IMI2 JU staff
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Salary
    Reference number PO-1-06
    Data subject category JU Staff, Relatives of the data subject
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Processing of any information related to the salary and to determine the staff member's entitlements, such as salary slips and allowances
    Description
    Personal data is collected in order to determine the staff member’s entitlements. Documents are collected by Human Resources and sent to the relevant Commission service (PMO) which will process the data in order to determine the financial rights of the staff member. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Family composition Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Financial information Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Profession Public interest article 5 a) of regulation 2018/1725 8 years after the extinction of all rights of the person concerned and of any dependents
    Processors n/a
    Restrictions of data subject rights
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Selection and management of experts database (selected experts)
    Reference number PO-2-03-a
    Data subject category External experts
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected for the selection and the management (including reimbursements of expenses and payment where appropriate) of independent experts appointed by IMI2 JU to advise on or assist with: the evaluation of proposals, the monitoring of the implementation of actions carried out under Horizon 2020 as well as of previous Research and/or Innovation Programmes, advice or assistance with other tasks related to IMI2 JU activities.
    Description
    Collection and processing of data provided by individuals for the establishment of a database of prospective independent experts to assist with tasks managed by the S2R JU. The processing operations performed by the Controller include collection, storage and evaluation of personal data of the experts. 
    Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Financial information Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Personal characteristics Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Profession Legal obligation (article 5 (b) of regulation 2018/1725) 10 years after end of contract
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
    Recipients Other: External evaluators or experts assisting the IMI2 JU, Other: IMI2 JU staff participating in the selection of external experts, European Commission and its services: Research Executive Agency via the H2020 Participants Portal
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy
    https://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-experts-sedia_en.pdf

  • Activity: Selection and management of external experts (Non-selected experts)
    Reference number PO-2-03-b
    Data subject category External experts
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected for the selection and the management (including reimbursements of expenses and payment where appropriate) of independent experts appointed by the IMI2 JU to advise on or assist with: the evaluation of proposals, the monitoring of the implementation of actions carried out under Horizon 2020 as well as of previous Research and/or Innovation Programmes, advice or assistance with other tasks related to IMI2 JU activities.
    Description
    Collection and processing of data provided by individuals for the establishment of a database of prospective independent experts to assist with tasks managed by the IMI2 JU. The processing operations performed by the Controller include collection, storage and evaluation of personal data of the experts. 
    Processed data Education Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Financial information Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Personal characteristics Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Personal details Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Profession Legal obligation (article 5 (b) of regulation 2018/1725) 5 years after closure of procedure
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Automated system (Grants management), Signature of absence of conflict of interest , Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
    Recipients Other: IMI2 JU staff, European Commission and its services:
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy
    https://ec.europa.eu/research/participants/data/support/legal_notice/h2020-ssps-experts-sedia_en.pdf

  • Activity: Selection and recruitment of staff and trainees (temporary agents, contract agents, seconded national experts)
    Reference number PO-1-01
    Data subject category Candidates applying for open vacancies (TA, CA, and SNE)
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Receiving and processing applications following publication of vacancy notice via the online recruitement tool
    Description
    This processing operation consists of collecting applications of candidates, screening tables, pre-selection reports, selection reports, written tests, interview questions, offers for posts, short lists, reserve lists, reserve list letters, negative letters etc. Special retention time applies to non-recruited candidates.
    Processed data Education Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos 10 years
    Family composition Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos 10 years after end of contract
    Genetic data Contractual obligation article 5 c) of regulation 2018/1725 , articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos) For the duration of the selection procedure only
    Health data Contractual obligation article 5 c) of regulation 2018/1725 , articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos) 10 years after end of contract
    Juridic data Contractual obligation article 5 c) of regulation 2018/1725 , articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos) For the duration of the selection procedure only
    Location information Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos 10 years after end of contract
    Personal details Articles 22a and 22b of the eu staff regulations and articles 11 and 81 of the ceos 10 years after end of contract
    Profession Articles 12 - 15 and 82 - 84, 86 of the conditions of employment of other servants of the european communities (ceos) 10 years after end of contract
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Data not displayed to the wider public, Obligation of confidentiality of the staff, Premises abide by the European Commission's security decisions and provisions, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/sites/default/files/uploads/documents/work-for-us/job-opportunities/PrivacyStatementRecruitment.pdf
    Last updated 05.02.2021
    internal reference
    Exercising your rights

  • Activity: Sick leaves
    Reference number PO-1-05-bis
    Data subject category External staff: trainees and interim staff, JU Staff: temporary, JU Staff: contractual
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is managed and collected for the purpose of assessing the entitlement to sick leave, annual leave and special leave and working conditions for temporary agents and contract agents.
    Description
    Assessing the entitlement to sick leaves and working conditions for temporary agents and contract agents. 
    Processed data Health data Public interest article 5 a) of regulation 2018/1725 5 years
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures A paper copy is made and saved in a paper file. The paper file is archived in a locked cupboard., Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: Human resources officer, Line manager, Executive Director, Other: Other Institutions in case of transfer (they receive a chart with the liquidation account of sick leave), European Commission and its services: PMO, Medical service, DG DIGIT
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Spontaneous applications
    Reference number PO-1-02
    Data subject category Unsolicited applicants
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Applications received outside a vacancy notice (via any other means than the online recruitement tool)
    Description
    Applications received outside a vacancy notice (via any other means than the online recruitement tool) 
    The IMI2JU does not consider spontaneous applications. Personal data (such as CV) is not stored and is deleted after 7 days. Regarding Blue Book trainees, IMI2 JU is not in charge of the recruitment process which is being dealt with by the relevant department at the European Commission (DG EAC). Applications are only accessible via the online database which is open for consultation only during specific periods. Therefore, IMI2 JU does not store any data related to the recruitment of Blue Book Trainees. 
    Processed data Education Public interest article 5 a) of regulation 2018/1725 7 calendar days
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 7 calendar days
    Personal details Public interest article 5 a) of regulation 2018/1725 7 calendar days
    Profession Public interest article 5 a) of regulation 2018/1725 7 calendar days
    Processors n/a
    Restrictions of data subject rights
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 05.02.2021
    internal reference
    Exercising your rights

  • Activity: Teleworking
    Reference number PO-1-09
    Data subject category JU Staff
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose The purpose of this processing operation is to manage, in a legal, standardised and centralised framework, all temporal aspects of a jobholder's framework with respect to the management and monitoring of the implementation of teleworking.
    Description
    Management of the teleworking requests and agreements; planning regarding the ordering of ICT tools and devices for the performance of telework. Staff members are granted access to an electronic tool in which they can launch a request for teleworking. 
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors n/a
    Restrictions of data subject rights
    Security measures Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis, Standard clause for the processing of personal data included in the contract
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: User Network and Systems Access
    Reference number PO-5-01
    Data subject category Any person whose personal data have been collected and are processed by information systems that use the IMI2 JU ICT infrastructure
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected to provide IMI2 JU employees with necessary access to ICT systems and services in order for them to carry out their statutory duties. This includes access provisioning to EC systems like ECAS/EU Login or ABAC.
    Description
    Provisioning of necessary access to IMI2 JU employees to designated business ICT systems of the organization based on incoming requests from HR department or management requests/access authorisations
    Processed data Personal characteristics Public interest article 5 a) of regulation 2018/1725 1 month after user's departure
    Personal details Public interest article 5 a) of regulation 2018/1725 1 month after user's departure
    Profession Public interest article 5 a) of regulation 2018/1725 1 month after user's departure
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Confidentiality of communications and privacy, Windows 10 access: Password renewed every six month
    Recipients Other: IMI2 JU staff members: Network and security managers, IT system and database administrators, European Commission and its services: DG DIGIT, External contractors under framework contract with the European Commission : Real Dolmen
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Visitors to IMI2 JU premises
    Reference number PO-6-01
    Data subject category Candidates and tenderers in procurement procedures, Contractors, Members of the public
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose The aim in collecting and handling the relevant data is to control access to the IMI2 JU premises and car park.
    Description
    The data is used only by the IMI2 JU in the course of its work to protect the building and the people, property and information they contain, in line with the applicable security and safety instructions in the White Atrium building, adopted by the Joint Undertakings occupying these premises.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 6 months
    Profession Public interest article 5 a) of regulation 2018/1725 6 months
    Processors n/a
    Restrictions of data subject rights
    Security measures Obligation of confidentiality of the staff, Premises abide by the European Commission's security decisions and provisions, Standard clause for the processing of personal data included in the contract
    Recipients n/a
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

  • Activity: Whistleblowing procedures
    Reference number PO-3-10
    Data subject category JU Staff
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Adopting and implementing measures needed to facilitate whistleblowing
    Description
    Collecting data for the purposes of establishing reporting channels for whistleblowers, managing and following-up reports, and ensuring protection and adequate remedies for whistleblowers.
    Processed data Personal details Legal obligation article 5 b) of regulation 2018/1725 2 months after the final decision has been issued to all the parties involved
    Profession Legal obligation article 5 b) of regulation 2018/1725 2 months after the final decision has been issued to all the parties involved
    Processors n/a
    Restrictions of data subject rights
    restrictions may apply on a case-by-case basis as regards: information, access, rectification, blocking, erasure, notification to third parties.
    grounds for restriction: investigations to protect witnesses or whistle-blowers in cases where personal data relate to the suspect as well (allegations made about the suspect by informants or witnesses).                                                           
    legal basis for restrictions: article 25(1) regulation 2018/1725 (protection of the data subject or the rights and freedoms of others)
    Security measures Data kept according to the security measures adopted by the European Commission
    Recipients European Commission and its services: European Anti Fraud Office (where needed), European Commission and its services: EDPS (where necessary), Police or legal organisations: , Other: European Court of Auditors
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy

Powered by GDPR Central.