Privacy Policy

DATA PROTECTION NOTICE

EUAA’s Stakeholder Contacts’ Management (SCM) – External Contracts Framework Module

1. Introduction

The European Union Agency for Asylum (hereinafter the EUAA’ or “the Agency”) is committed to protecting your privacy. The EUAA collects and further processes personal data pursuant to Regulation (EU) 2018/1725[1] (hereinafter ‘the EUDPR’).

This data protection notice explains inter alia the reasons for the processing of your personal data, the way we collect, handle and ensure protection of your personal data and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, as well as of the Data Protection Officer (DPO) and the European Data Protection Supervisor (EDPS) to which you may have recourse as well to exercise the said rights.

The EUAA’s Stakeholder Contact’s Management (SCM) platform provides an integrated central repository to store information related to contacts, organisations and networks, including the relations among them. It also provides an easy way to create and organise events and to track them in a single point. Additionally, the External Contracts module provides an easy way to perform and manage contract management for external services.

It is also integrated with a web portal accessible by the contractors, so that they can view the calls requesting the services, submit offers, and communicate with the EUAA ICT administrative team and Evaluation Panel members in a structured and centrally controlled way. The External Contracts Framework module also provides a transparent and coherent methodology in the entire selection process.

2. Why do we process your personal data?

The purpose of this information is to allow the administrative management of request for services, initiated by EUAA to external contractors within the EUAA External Contracts Framework.

3. On what legal ground(s) do we process your personal data?

The processing of personal data within procurement and contract management procedures can be considered as necessary for the performance of a public interest task, namely the management and functioning of the Agency.

The processing operation is therefore lawful under Article 5(1) point (a) of the EUDPR given that it is necessary for the performance of the tasks that the Agency has been vested with by virtue of its mandate. To the extent that processing of personal data is based on your consent, such processing is lawful also under point (d) of Article 5(1) of the EUDPR.

4. Which personal data do we collect and further process?

Under the ‘Framework Contract’ entity of the tool (with access to the tool through a license): Full name, Gender, Date of birth, Nationality and educational/professional experience of the candidate in the format of Europass CV.

5. How long do we keep your personal data?

Personal data in contract management files will be kept for ten years from closure of the contract.

6. How do we protect and safeguard your personal data?

For the purpose of ensuring that the SCM platform is secure and remains available to all users, network traffic is monitored to identify unauthorised attempts to exploit or change information on this website or otherwise cause damage or conduct criminal activity.

Anyone using the SCM platform is advised that if such monitoring reveals evidence of possible abuse or criminal activity, results of such activity might be provided to the appropriate authorities in line with the applicable rules.

Furthermore, personal data will solely be processed by authorised personnel and there is a security model in place so as to limit the access to the data, based on security roles assigned to licensed users. The roles will be assigned with a restrictive principle and after a formal expression of need and respective acknowledgement.

7. Who has access to your personal data and to whom is it disclosed?

All the information stored in the tool will be accessible only by authorised and licensed EUAA Staff. However, not all EUAA staff will have the same access rights to the information. Access is built on a security data model which will restrict the access to certain features depending on the assigned roles.

8. Do we transfer any of your personal data to third countries or international organisations (outside the EU/EEA)?

This processing activity does not entail any transfers of personal data to third countries or international organisations (outside the EU/EEA)

9. Does this processing involve automated decision-making, including profiling?

This processing activity does not involve automated decision-making, including profiling.

10. What are your rights and how can you exercise them?

According to the EUDPR, you are entitled to access your personal data and to rectify it in case the data is inaccurate or incomplete. If your personal data is no longer needed by the EUAA or if the processing operation is unlawful, you have the right to erase your data. Under certain circumstances, such as if you contest the accuracy of the processed data or if you are not sure if your data is lawfully processed, you may ask the Data Controller to restrict the data processing. You may also object, on compelling legitimate grounds, to the processing of data relating to you. Additionally, you have the right to data portability which allows you to obtain the data that the Data Controller holds on you and to transfer it from one Data Controller to another. Where relevant and technically feasible, the EUAA will do this work for you.

If you wish to exercise your rights, please contact the Data Controller, i.e. the Head of the ICT Unit of the EUAA, by sending an e-mail to ictu.datacontroller@euaa.europa.eu.

You may always submit queries, remarks or complaints relating to the processing of your personal data to the Data Protection Officer (DPO) of the EUAA by using the following e-mail address: dpo@euaa.europa.eu.

In case of conflict, complaints can be addressed to the European Data Protection Supervisor (EDPS) using the following e-mail address: edps@edps@europa.eu.