INFORMATION TO BE GIVEN 2

Similar documents
NOTIFICATION FOR PRIOR CHECKING INFORMATION TO BE GIVEN(2)

Brussels, 3 May 2006 (Case ) 1. Procedure

Brussels, 16 May 2006 (Case ) 1. Procedure

INFORMATION TO BE GIVEN 2

Selection procedure at the European Ombudsman's Secretariat

EDPS - European Data Protection Supervisor CEPD - Contrôleur européen de la protection des données

Brussels, 29 November 2007 (Case ) 1. Procedure

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Brussels, 16 July 2007 (Case ) 1. Procedure

Opinion on a notification for Prior Checking received from the Data Protection Officer of the European Ombudsman on verification of telephone bills

AGREEMENT. between. the European Union. and. the Republic of Serbia

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

Mission of Montenegro to the European Union

GRANT AGREEMENT for an ACTION

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

EUROPEAN COMMISSION Directorate-General for Education and Culture

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

COUNCIL POLICY BACKGROUND

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

Opinion on a notification for Prior Checking received from the Data Protection Officer of the European Commission regarding the database ARDOS

Data Protection Policy. Malta Gaming Authority

on the proposal for a Regulation of the European Parliament and of the Council concerning customs enforcement of intellectual property rights

Council of the European Union Brussels, 27 February 2015 (OR. en)

European Data Protection Supervisor Your personal information and the EU administration: What are your rights?

PE-CONS 71/1/15 REV 1 EN

EUROPEAN UNION. Brussels, 6 March 2014 (OR. en) 2012/0245 (COD) PE-CONS 137/13 COHAFA 146 DEVGEN 350 ACP 219 PROCIV 155 RELEX 1189 FIN 961 CODEC 3015

Report on the national preparation for the implementation of the Eurodac Recast

REGULATION (EU) No 439/2010 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 19 May 2010 establishing a European Asylum Support Office

Management Board decision

Whistle Blower Policy

Having regard to the Treaty establishing the European Community, and in particular Article 235 thereof,

GENERAL CONDITIONS APPLICABLE TO EUROPEAN UNION GRANT AGREEMENTS WITH HUMANITARIAN ORGANISATIONS FOR HUMANITARIAN AID ACTIONS

Recommendation of the Council for Development Co-operation Actors on Managing the Risk of Corruption

Official Journal of the European Union. (Legislative acts) REGULATIONS

Council of the European Union Brussels, 20 November 2017 (OR. en)

ARTICLE 29 DATA PROTECTION WORKING PARTY WORKING PARTY ON POLICE AND JUSTICE

EUROPEAN RETURN FUND

EUROPEAN COMMISSION. Cabinet of Commissioner Tibor Navracsics Head of Cabinet

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 172 thereof,

5418/16 AV/NT/vm DGD 2

European Ombudsman. The European Ombudsman s guide to complaints. A publication for staff of the EU institutions, bodies, offices, and agencies

9339/13 IS/kg 1 DG G II A

PROCEDURE RIGHTS OF THE DATA SUBJECT PURSUANT TO THE ARTICLES 15 TO 23 OF THE REGULATION 679/2016

ARTICLE 29 DATA PROTECTION WORKING PARTY

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

9091/17 VH/np 1 DGD 2C

ARTICLE 29 Data Protection Working Party

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

GENERAL CONDITIONS OF THE CONTRACT

Anti-Fraud, Bribery and Corruption Policy and Response Plan

Customs Enforcement of Intellectual Property Rights Manual

EUROPEAN PARLIAMENT COMMITTEE ON CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS

Mono-Beneficiary Model Grant Agreement

H2020 Model Grant Agreement for SME Instrument Phase 1 Multi (H2020 MGA SME Ph1 Multi)

OTrack Data Processing Terms

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

Contract Agreement with Special and General Conditions and annexes

AIDENVIRONMENT ANTI-CORRUPTION AND BRIBERY POLICY

Coordinated text from 10 August 2011 Version applicable from 1 September 2011

Official Journal of the European Union

Number 5 of Vehicle Registration Data (Automated Searching and Exchange) Act 2018

Data Protection Bill [HL]

Annex 1: Standard Contractual Clauses (processors)

DECISIONS ADOPTED JOINTLY BY THE EUROPEAN PARLIAMENT AND THE COUNCIL

Opinion on a notification for Prior Checking received from the OLAF Data Protection Officer regarding the Customs File Identification Database (FIDE)

Anti-Fraud, Bribery and Corruption Response Policy. Telford and Wrekin Clinical Commissioning Group

L 352/12 Official Journal of the European Union

EXECUTIVE SUMMARY. 3 P a g e

Decision of the Management Board 14/2016/MB

Opinion 07/2016. EDPS Opinion on the First reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)

OJ Ann. I(I) L. 156(I) 2004 No 3851,

GRANT AGREEMENT BETWEEN THE COUNCIL OF EUROPE AND <THE GRANTEE>

An Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018

European College of Business and Management Data Protection Policy

Policies and Procedures No. 56

EDPS Opinion on the proposal for a recast of Brussels IIa Regulation

EBA DC September The Management Board of the European Banking Authority

Data Protection Bill [HL]

Proposal for a COUNCIL DECISION

The EDPS has limited the comments below to the provisions of the Proposal that are particularly relevant from a data protection perspective.

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

closer look at Rights & remedies

(Non-legislative acts) REGULATIONS

The Act on Processing of Personal Data

6153/1/18 REV 1 VH/np 1 DGD2

WHISTLE BLOWING POLICY

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. amending Regulation (EU) 2016/399 as regards the use of the Entry/Exit System

An Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018

Council of the European Union Brussels, 21 October 2016 (OR. en)

Template Commission pursuant to Section 11 BDSG

EUROPEAN FUND FOR THE INTEGRATION OF THIRD-COUNTRY NATIONALS

Official Journal of the European Union L 53/1 REGULATIONS

CHAPTER I. Definitions

SUPPLIER DATA PROCESSING AGREEMENT

ARTICLE 29 Data Protection Working Party

CONTRACT NUMBER - [complete]

Official Journal of the European Union L 334/25

ASSEMBLEIA DA REPÚBLICA [PORTUGUESE PARLIAMENT]

1. On 13 June 2018, the Commission presented its above mentioned proposal 1.

Reflection paper on the interoperability of information systems in the area of Freedom, Security and Justice

Transcription:

(To be filled out in the EDPS' office) REGISTER NUMBER: 1165 (To be filled out in the EDPS' office) NOTIFICATION FOR PRIOR CHECKING DATE OF SUBMISSION: 20/10/2013 CASE NUMBER: 2013-1038 INSTITUTION: REA LEGAL BASIS: ARTICLE 27-5 OF THE REGULATION CE N 45/2001( 1 ) INFORMATION TO BE GIVEN 2 1/ NAME AND ADDRESS OF THE CONTROLLER Data Controller: Research Executive Agency (REA) For organisational reasons, the role of the data controller is exercised by the Ms Rita BULTYNCK, Head of Unit REA.A.2 (Finance). Rita BULTYNCK Research Executive Agency (REA) Unit REA.A.2 (finance) COV2 15/132 B - 1049 Brussels 2/ ORGANISATIONAL PARTS OF THE INSTITUTION OR BODY ENTRUSTED WITH THE PROCESSING OF PERSONAL DATA REA.A.2 (Finance) 3/ NAME OF THE PROCESSING External cases of potential fraud and/or other financial irregularities. 1 OJ L 8, 12.01.2001. 2 Please attach all necessary backup documents

4/ PURPOSE OR PURPOSES OF THE PROCESSING The processing operation in the context of "External cases of potential fraud and/or other financial irregularities" is necessary to prevent fraud, as well as other financial irregularities or conflict of interest committed/incurred at the level of the beneficiaries of EU funds, and ensure sound financial management of the EU funds which are managed by the Agency on the basis of the Article 14(2) of the REA Delegation Act. In particular, it is also necessary to analyse information relating to potential fraud or other financial irregularities and decide on whether it should be transferred to the European Anti-Fraud Office (OLAF) or not. 5/ DESCRIPTION OF THE CATEGORY OR CATEGORIES OF DATA SUBJECTS Natural persons such as staff members (or representatives) of beneficiaries of grant agreements and contractors whose details are referenced in public contracts (under public procurement) concluded with the Agency, if the suspicion of potential fraud and/or other financial irregularities concerns them; Whistle-blowers, informants, witnesses related to the case analysed and/or sent to OLAF for investigation. Note: The processing operation involving personal data in the context of whistleblowing about alleged wrongdoing by staff in the Agency and/or other EU bodies is covered by a separate notification (REA-DPN-2013-13). 6/ DESCRIPTION OF THE DATA OR CATEGORIES OF DATA (including, if applicable, special categories of data (Article 10) and/or origin of data). The categories of personal data that may be collected and/or processed depending on the context of the case and on a case-by-case analysis are the following: Identification data: Last name, first name, address, e-mail, phone number (s), etc.; Data relating to the data subject's professional details: curriculum vitae (CV), position within the entity, function, unit, etc.; Data relating to the conduct of the person giving rise to possible irregularities: description of the serious wrongdoing/irregularity, source of information, causes of the presumed irregularity, impact on EU interests, amount involved, actions to mitigate the irregularity (taken/planned), etc. Data relating to financial aspects: pre-financing, recovery orders, timesheets in order to provide evidence of payments made to beneficiaries (who are suspected of fraudulent or illegal activity); Data contained in reports (interim, final) in case of natural persons (staff members / representatives / members of scientific team) in organisations (beneficiaries of grant agreements). The categories of data listed above shall be collected and/or processed on a case-by-case basis. Their presence is neither systematic nor necessary and it depends on the content of a particular case.

Special categories of data Data relating to suspected offences, offences, criminal convictions and or security measures. The persons in charge of the above-mentioned processing operation in the REA are reminded not to collect and further process excessive data in relation to what is necessary and proportionate in order to process the files relating to potential fraud and/or other financial irregularities. 7/ INFORMATION TO BE GIVEN TO DATA SUBJECTS The REA will inform the data subject concerned if measures are taken due to suspicion (or confirmation) of financial irregularities. However, the REA may decide that restrictions and exceptions apply as laid down in Article 20(1) of Regulation (EC) No 45/2001 concerning procedures related to criminal offences following OLAF investigations, important economic and financial interest of Member States or European Union, national security, public security or national defence interest. 8/ PROCEDURES TO GRANT RIGHTS OF DATA SUBJECTS Data subjects may send their requests to the following email address: REA- FINANCE@ec.europa.eu. Requests for accessing, blocking, rectifying or erasing (where applicable) of the different categories of data will be evaluated on a case-by-case basis. In that respect, the REA may decide that restrictions in blocking/rectification/erasure of data are applicable, as laid down in Article 20(1) a), (b) or (e) ( prevention, investigation, detection and prosecution of criminal offences, an important economic or financial interest, etc.) of Regulation (EC) No 45/2001. In this case, the data subject shall be informed of the principal reasons on which the application of the restriction is based on and of his/her right to have recourse to the European Data Protection Supervisor. 9/ AUTOMATED / MANUAL PROCESSING OPERATION Personal data in the above-mentioned processing operation are processed manually and by automated means. In the framework of management of grants and contracts (under public procurement procedures), the REA may encounter cases of potential fraud and/or possible financial irregularities such as

plagiarism, request of double founding or claims of non-existent/inflated costs. The Agency, on its own initiative and on the basis of Article 14(2) of the REA Delegation Act, shall without delay inform the Commission, the Directors-General of the parent Directorates-General and OLAF, in accordance with the specific rules applicable to any potential fraud or irregularity which comes to its attention and of any situation which may give rise to such cases. For the purpose of internal monitoring and regularly information to the parent DGs and (via the parent DGs) to the Commissioner, the REA maintains an inventory of (potential) fraud cases under scrutiny (with a log file of assessment made and actions undertaken and/or planned), using standard office automation tools with files stored on a protected area of the REA servers and transmitted through secure channels (see section 14 below). Where appropriate, the Agency also signals (alleged) fraud cases and financial irregularities in the Commission's Early Warning System in compliance with Commission Decision of 16 December 2008 on the Early Warning System for the use of authorising officers of the Commission and executive agencies as amended by Commission Decision of 17 June 2011 and in the Central Exclusion Database in compliance with Commission Regulation (EC, Euratom) No 1302/2008 of 17 December 2008. Note: The processing operation involving personal data in the context of the early warning system and the central exclusion database is covered by a separate notification (REA-DPN-2012-27). According to Article 22a of the Staff Regulations, all REA staff if they become aware of facts which give rise to a presumption of the existence of possible illegal activity, including fraud or corruption, detrimental to the interests of the EU, shall without delay inform their immediate superior or the Agency Director or, if they consider it useful, the Secretary-General of the Commission, or the persons in equivalent positions, or OLAF directly. After examining all the relevant information to a possible financial irregularity, the REA may decide to forward the case to OLAF for further examination. Note: The processing operation involving personal data in the context of whistleblowing about alleged wrongdoing by staff in the Agency and/or other EU bodies is covered by a separate notification (REA-DPN-2013-13). 10/ STORAGE MEDIA OF DATA Data in electronic format is stored on the REA servers (limited access) and only metadata is stored on the servers (ARES) of the European Commission. Data/reports in paper format are stored in locked/secure cupboards. 11/ LEGAL BASIS AND LAWFULNESS OF THE PROCESSING OPERATION Article 14 of Commission Decision (C(2008)3980) of 31 July 2008 delegating powers to the Research Executive Agency with a view to performance of tasks linked to implementation of the

specific Community programmes People, Capacities and Cooperation in the field of research comprising, in particular, implementation of appropriations entered in the Community budget; Regulation (EC) No 1073/1999 of the European Parliament and of the Council of 25 May 1999 concerning investigations conducted by the European Anti-Fraud Office (OLAF); Council Regulation (Euratom, EC) No 2185/1996 of 11 November 1996 concerning on-thespots checks and inspections carried out by the Commission in order to protect the European Communities' financial interests against fraud and other irregularities; Council Regulation (EC) No 58/2003 of 19 December 2002 laying down the statute for executive agencies to be entrusted with certain tasks in the management of Community programmes; REA procedure on whistle-blowing-ics 2 Ethical and Organisational Values of 9 April 2010; Article 5 (a) (Lawfulness of processing), of Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of such data; Commission Decision of 16 December 2008 on the Early Warning System for the use of authorising officers of the Commission and the executive agencies (2008/969/EC, Euratom); Commission Decision of 17 June 2011 amending the Commission Decision of 16 December 2008 on the Early warning System for the use of authorising officers of the Commission and the executive agencies (2011/C/180/06); Commission Regulation (EC, Euratom) No 1302/2008 of 17 December 2008 on the central exclusion database. 12/ THE RECIPIENTS OR CATEGORIES OF RECIPIENT TO WHOM THE DATA MIGHT BE DISCLOSED Data may be disclosed to the following recipients: REA The Director of the Agency; Authorised members of the REA staff; The OLAF correspondents within the REA and the OLAF correspondents within the parent DGs (DG EAC, DG RTD, DG ENTR); Members of the REA Steering Committee. Other potential recipients Internal Audit Service (DG IAS) of the European Commission; The Court of Justice of the European Union (Court of Justice, the General Court and the Civil Service Tribunal); European Court of Auditors (ECA); Financial Irregularities Panel (FIP); European Ombudsman; European Data Protection Supervisor (EDPS); European Anti-Fraud Office (OLAF). This transmission will be restricted to the information necessary for the competent entity to carry out its task. The recipients will be reminded not to process the data received for any purpose other than

the one for which they were transmitted to them, as required under Article 7(3) of Regulation (EC) No 45/2001. 13/ RETENTION POLICY OF (CATEGORIES OF) PERSONAL DATA The data collected and/or processed in the frame of the above-mentioned processing is kept under the relevant project or contract (under public procurement) file and is subject to the overall retention policy for that grant management/contract (under public procurement) file. According to the Common Commission-level Retention List (point 12.6.1 of Annex 1 of SEC(2007) 970) applied by analogy in the REA Retention Plan, the retention period is 10 years after the end of the project or contract (under public procurement). 13 A/ TIME LIMIT TO BLOCK/ERASE ON JUSTIFIED LEGITIMATE REQUEST FROM THE DATA SUBJECTS Requests for accessing, blocking, rectifying or erasing (where applicable) of the different categories of data will be evaluated on a case-by-case basis. In that respect, the REA may decide that restrictions in blocking/rectification/erasure of data are applicable, as laid down in Article 20(1) a), (b) or (e) ( prevention, investigation, detection and prosecution of criminal offences, an important economic or financial interest, etc.) of Regulation (EC) No 45/2001. Time limit to rule on a request: 15 working days (beginning from the reception of the request). 14/ HISTORICAL, STATISTICAL OR SCIENTIFIC PURPOSES Not applicable. 15/ PROPOSED TRANSFERS OF DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS Not applicable. 16/ THE PROCESSING OPERATION PRESENTS SPECIFIC RISK WHICH JUSTIFIES PRIOR CHECKING (Please describe): AS FORESEEN IN: ٱ Article 27.2.(a) Processing of data relating to health and to suspected offences, offences, criminal convictions or security measures,

ٱ Article 27.2.(b) Processing operations intended to evaluate personal aspects relating to the data subject, ٱ Other (general concept in Article 27.1) 17/ COMMENTS Not applicable. PLACE AND DATE: 19 SEPTEMBER 2013 DATA PROTECTION OFFICER: EVANGELOS TSAVALOPOULOS INSTITUTION OR BODY: RESEARCH EXECUTIVE AGENCY (REA)

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback