RULES OF PROCEDURE ON THE PROCESSING AND PROTECTION OF PERSONAL DATA AT EUROJUST
TITLE I
SCOPE, STRUCTURE AND DEFINITIONS
Article 1
Scope and definitions
Article 2
Structure
TITLE II
RULES FOR OPERATIONAL PERSONAL DATA PROCESSING OPERATIONS
CHAPTER I
General principles of processing of operational personal data
Article 3
Controllership of processing of operational personal data at Eurojust
Article 4
Specific processing conditions
Article 5
Data quality
Article 6
Data security
CHAPTER II
Rights of the data subjects
Article 7
Procedure for the exercise of the rights of the data subjects in case of operational personal data processing
Article 8
Information to third parties following rectification, restriction or erasure of operational personal data
CHAPTER III
The Case Management System
Article 9
Temporary work files and index in the Case Management System
Article 10
Special categories of data
Article 11
Processing of the categories of operational personal data referred to in Article 27(2) and 27(3) of the Eurojust Regulation
Article 12
Authorised access to operational personal data
Article 13
Records of processing activities
CHAPTER IV
Data transfers to third countries or international organisations
Article 14
Data transfers to third countries or international organisations subject to appropriate safeguards
Article 15
Recording of international transfers to third countries or international organisations in the Case Management System
CHAPTER V
Time limits
Article 16
Time limits for the storage of operational personal data
TITLE III
RULES FOR ADMINISTRATIVE PERSONAL DATA PROCESSING OPERATIONS
Article 17
Procedure for the exercise of the rights of the data subjects regarding administrative personal data processing operations
Article 18
Time limits for administrative personal data
TITLE IV
FINAL PROVISIONS
Article 19
Review of the present Rules of Procedure
Article 20
Entry into force and publication
ANNEX
Maximum time limits for the retention of administrative personal data
1 year |
Data processing activities related to the organisation and management of Eurojust events, business continuity management, management of Eurojust library and any other related processing activities. |
1 year |
Data processing activities related to the relations with external partners of Eurojust and the EJN, organisation of the annual Consultative Forum meeting, |
1 year |
Data processing activities related to the functioning of the Eurojust Staff Committee and any other related processing activities. |
1 year |
Data processing activities related to the functioning of the Eurojust Social Committee and any other related processing activities. |
3 years |
Data processing activities related to the monitoring of compliance with Eurojust data protection legislation, including dealing with the requests from data subjects, cooperation with the European Data Protection Supervisor and any other related processing activities. |
3 years |
Data processing activities related to the management of public relations, marketing, press and media and any other related processing activities. |
7 years |
Data processing activities related to the implementation of the budget of Eurojust according to legal obligations: College Decisions (e.g. on the Financial Regulation applicable to Eurojust), Administrative Director Decisions, Eurojust Decisions and Policies, etc., management of missions and claims, any other related processing activities. |
7 years |
Data processing activities related to the functioning of the Genocide Network Secretariat, JITs network Secretariat, EJN and any other related processing activities. |
10 years |
Data processing activities related to the day-to day management of administration, staff management, functioning of the Presidency and Executive Board, College teams, implementation of multi-annual programming documents, annual plans and work programmes, implementation of budget and accounts, marketing and public relations, procurement procedures and contract administration, management of business contacts, implementation of Eurojust rules on access to documents, participation in various projects relating to Eurojust legal framework and strategic objectives and any other related processing activities |
10 years |
Data processing activities related to the security and safety services carried out to ensure security and access control for the protection of Eurojust building and key assets (physical assets, persons working and visiting Eurojust and information) and any other related processing activities. |
10 years |
Data processing activities related the implementation of the Staff Regulations and Conditions of Employment (CEOS), Commission Decisions, Administrative Director Decisions, Eurojust Decisions and Policies regarding the human resources management and any other related processing activities. |
10 years |
Data processing activities related to the IT governance and IT management of Eurojust and any other related processing activities. |
120 years |
Data processing activities related to subsisting rights and obligations of staff members |