Processing Activities

Search


Data subject categories

Fields

Purpose
Description
Processed data
Recipients
Supporting assets
reference number

Results

  • Activity: Associate membership, learning and development services offered by the Institute of Internal Auditors for the IHI JU staff members
    Reference number DPO-A-01
    Data subject category IHI JU Staff Members
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose To administer all activities in the context of the service contract with the Institute of Internal Auditors, Belgium (IIA Belgium) – affiliated to the Institute of Internal Auditors (IIA Global) signed by the Head of Administration & Finance of IHI JU for the services offered for the IHI JU staff members by the IIA Belgium and the IIA Global.
    Description
    Your personal data are collected and processed in the context of the service contract with the Institute of Internal Auditors, Belgium – affiliated to the Institute of Internal Auditors (IIA Global) for:
    • administration of the services accepted/requested by the you, when service provider is the IIA Belgium and/or IIA Global. In particular,
    a.   Associate membership: this service contract, gives you the possibility to become an associate member in the IIA Belgium, which will give you full membership services including access to the guidance and learning materials of the IIA Belgium/IIA Global, other special membership entitlements and if needed, the possibility to report on earned Continuing Professional Education/Continuing Professional Development (CPE/CPD) credits[1].
    b.   External trainings/events and/or certifications.

    It is a necessity for the IHI JU to have competent and professional staff. The above listed services offered for you in the context of the signed service contract with the IIA Belgium – affiliated to IIA Global, for the IHI JU allows to:
    • comply with its obligations under Article 117(1) (“each Union institution shall establish an internal audit function which shall be performed in compliance with the relevant international standards”) of Regulation (EU, Euratom) 2018/1046[2] (hereafter "the Financial Regulation") for fulfilling its duties and to conduct professional and high level internal audits.
    • conduct professional and high-level audits and through them, fulfil its duties as provided in Articles 117 to 123 of the Financial Regulation and the IHI JU mission charter, which states that “The Internal Audit Service will adhere to the mandatory guidance of the International Professional Practices Framework promulgated by the Institute of Internal Auditors” (IIA Global).

    Your personal data will not be used for any automated decision-making including profiling.

    [1] These are required to keep your IIA certification(s) or qualification(s) active (allowing you to represent yourself as a certified individual and to be listed in the IIA registry), if you have any certifications obtained.[2] Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725, ihi ju financial rules (imi2 fr) adopted by gb decision n° 2020-16 on 27 may 2020 10 years following the last payment made by the IHI JU years
    Profession Public interest article 5 a) of regulation 2018/1725, explicit consent article 5 d) of regulation 2018/1725, ihi ju financial rules (imi2 fr) adopted by gb decision n° 2020-16 on 27 may 2020 10 years following the last payment made by the IHI JU years
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients EU institutions and bodies: Authorised staff in IHI JU ., Other: IIA Belgium – affiliated to the IIA Global administer and provide the associate membership services for the IHI JU staff members. The privacy policy of the IIA Belgium: https://iiabelgium.org/privacy-statement/ The privacy policy of the IIA Global: https://www.theiia.org/en/Privacy-Policy/
    Joint controllers n/a
    privacy policy url https://webgate.ec.testa.eu/Ares/document/show.do?documentId=080166e5f4e2a3ca&timestamp=1670931141805
    Last updated 17.02.2023
    internal reference
    Exercising your rights
    Privacy Statement Ares nr: https://webgate.ec.testa.eu/Ares/document/show.do?documentId=080166e5f4e2a3ca&timestamp=1670931141805
  • Activity: Document management
    Reference number PO-3-04
    Data subject category JU Staff, Staff correspondents
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is collected to ensure appropriate follow up, filing and registration of important communication (internal/external) and documents.
    Description
    Repository and filling of documents are received and sent out from and to external person as well as internal mail/document exchanges.
    Processed data Personal details Public interest article 5 a) of regulation 2018/1725 3 years
    Profession Public interest article 5 a) of regulation 2018/1725 3 years
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: IMI2 JU staff, European Commission and its services: Investigation and Disciplinary Office, OLAF, IT service providers of DG DIGIT, DG DIGIT
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 16.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy
  • Activity: Personnel files
    Reference number PO-1-03
    Data subject category Relatives of the data subject, JU Staff
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Processing of staff data for employment contract, setting up rights, complaints, appraisal, career development, contract termination
    Description
    Collection of staff documentation for recruitment, career development, appraisal, determination of rights; creation and management of e-mail address (EC Address book data). Staff data may also be used for the following purpose:  in order to analyse information about potential fraud and financial irregularities to assess whether there are grounds to transmit the information to the relevant authorities for investigation, in particular the European Anti-Fraud Office (OLAF).  Privacy notices relating to OLAF processing operations at the following link: https://ec.europa.eu/anti-fraud/olaf-and-you/data-protection/olaf-personal-data-processing-operations-and-privacy-statements_en
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Financial information Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years after the extinction of all rights of the staff member and any dependents
    Processors n/a
    Restrictions of data subject rights
    only one possible case of restriction of data subjects rights: such case may occur during the preliminary activities related to cases of potential irregularities reported to olaf.
    see commission decision (eu) 2018/1962 of 11 december 2018 laying down internal rules concerning the processing of personal data by the european anti-fraud office (olaf) in relation to the provision of information to data subjects and the restriction of certain of their rights in accordance with article 25 of regulation (eu) 2018/1725 of the european parliament and of the council.
    Security measures Appropriate technical and organisational security measures, giving due regard to the risks inherent in the processing and to the nature of the personal data concerned, Data kept according to the security measures adopted by the European Commission, Obligation of confidentiality of the staff, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients n/a
    Joint controllers n/a
    privacy policy url
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy
  • Activity: Prevention and management of conflicts of interests applicable to the IHI JU Staff
    Reference number DPO- IC- 02
    Data subject category IHI JU Staff Members
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Protection of IHI JU’s financial interests against fraud and misuse and should also raise the ethical awareness among the staff when performing their tasks.
    Description
    Collecting and screening declarations of confidentiality and non-conflict of interests signed by all members of the IHI JU bodies before appointment, after appointment  (on a yearly basis) and spontaneously at any time in the course of their duties (ad-hoc Declaration).
    Processed data Education Public interest article 5 a) of regulation 2018/1725 10 years
    Financial information Public interest article 5 a) of regulation 2018/1725 10 years
    Hobbies and interests Public interest article 5 a) of regulation 2018/1725 10 years
    Membership of a professional association Public interest article 5 a) of regulation 2018/1725 10 years
    Memberships Public interest article 5 a) of regulation 2018/1725 10 years
    Personal details Public interest article 5 a) of regulation 2018/1725 10 years
    Political preferences Public interest article 5 a) of regulation 2018/1725 10 years
    Profession Public interest article 5 a) of regulation 2018/1725 10 years
    Processors n/a
    Restrictions of data subject rights
    Security measures Access control and technical measures such as physical locks and/or secure connections and firewalls, Data kept according to the security measures adopted by the European Commission, Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: IHI JU staff
    Joint controllers n/a
    privacy policy url tbc
    Last updated 16.06.2023
    internal reference
    Exercising your rights
    Privacy policy
  • Activity: Sick leaves
    Reference number PO-1-05-bis
    Data subject category JU Staff: temporary, JU Staff: contractual, External staff: trainees and interim staff
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Personal data is managed and collected for the purpose of assessing the entitlement to sick leave, annual leave and special leave and working conditions for temporary agents and contract agents.
    Description
    Assessing the entitlement to sick leaves and working conditions for temporary agents and contract agents. 
    Processed data Health data Public interest article 5 a) of regulation 2018/1725 5 years
    Personal characteristics Public interest article 5 a) of regulation 2018/1725 5 years
    Personal details Public interest article 5 a) of regulation 2018/1725 5 years
    Profession Public interest article 5 a) of regulation 2018/1725 5 years
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures A paper copy is made and saved in a paper file. The paper file is archived in a locked cupboard., Staff dealing with this processing operation is designated on a need-to-know basis
    Recipients Other: Other Institutions in case of transfer (they receive a chart with the liquidation account of sick leave), European Commission and its services: PMO, Medical service, DG DIGIT, Other: Human resources officer, Line manager, Executive Director
    Joint controllers n/a
    privacy policy url https://www.imi.europa.eu/legal-notice-privacy
    Last updated 05.02.2021
    internal reference
    Exercising your rights
    https://www.imi.europa.eu/legal-notice-privacy
  • Activity: Slido - Audience Interaction Software
    Reference number DPO - IT - 03
    Data subject category Any natural person having registered on-line
    Controller Innovative Health Initiative Joint Undertaking (Brussels)
    Data protection officer data-protection@ihi.europa.eu
    Purpose Slido is a cloud-based, B2B, software as a service solution offering real-time active engagement of participants at meetings, trainings, events or workshops. Participants interact by voting in live polls and asking questions.
    Description
    The audience can ask questions, respond to polls, take part in quizzes during webinar, training or live event. The tool can be used with any of the IHI JU's video-conference tools for on-line events (Teams or Webex) or integrated to PowerPoint presentations.

    In order to reply to questions, event participants can scan a QR code or log into the Slido website and enter the conference code. The replies can be anonymous or linked to a person's name depending on the event or meeting. The processing of personal data is to ensure that participants have been able to connect to the software and they are able to reply to the questions only once.

    When the user goes to the Slido website and starts entering an event code, they are required to accept the privacy policy of Slido and give their consent to the system using their personal data.  The Policy explains among other things who can see the information a participant enters, how this information is used, and links further to the privacy policy. 

    Content collected during an interactive Slido session may contain further processing and such processing is not covered by this record of processing. If further processing shall take place, this information shall be contained in the specific privacy statement dedicated to the event, which will inform the participants of Slido use.
    Processed data Personal details Explicit consent article 5 d) of regulation 2018/1725 For the length of the on-line event days
    Processors n/a
    Restrictions of data subject rights
    n/a
    Security measures Data kept according to the security measures adopted by the European Commission, Once the procedure is closed, electronically stored data erased, Standard clause for the processing of personal data included in the contract
    Recipients n/a
    Joint controllers n/a
    privacy policy url
    Last updated 16.06.2023
    internal reference DPO- IT - 03
    Exercising your rights
    See Privacy Statement
Powered by GDPR Central.