When HaDEA processes your personal data
Health and Digital Executive Agency (HaDEA), may process your personal data (also known as personal information) for a number of reasons, from submitting a project or a tender following a call, dealing with public requests for information, staff matters, visitor information to the handling of complaints, to name but a few.
In this section of our website, you will find information on how HaDEA processes personal data, on your rights when HaDEA processes your personal data and on our Data Protection Officer.
What is personal data?
Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life.
It can be anything from a name, personnel number, photo, name of a legal representative of a beneficiary an email address, bank details, your posts on social networking websites, your medical information, or your computer's IP address etc, which may be contained in electronic forms or paper versions like application forms, CVs, contracts, mailing lists, billing data, electronic databases, medical files, evaluation reports etc.
Legal framework
The protection of personal data is a fundamental right in the European Union, see Articles 8 and 16 of the Treaty on the Functioning of the European Union and the Charter of Fundamental Rights.
All EU institutions, agencies and bodies, including HaDEA, are obliged to comply with the data protection law specifically applicable to them which sets the data protection requirements with regard to the processing of personal data by the EU institutions, bodies & agencies.
The Data Protection Officer at HaDEA
The Data Protection Officer (DPO) ensures and monitors in an independent manner the application in the Agency of the Regulation (EU) n° 2018/1725 on the protection of individuals and bodies and on the free movement of such data in order to protect individual’s rights and freedoms.
HaDEA has appointed a DPO who can be contacted via the functional mailbox: HADEA-DPOec [dot] europa [dot] eu (HADEA-DPO[at]ec[dot]europa[dot]eu). The HaDEA DPO is part of and collaborates with the DPOs of the other European Institutions (EUIs) in the EUIs DPO Network.
Registry
HaDEA, as all the other EU institutions, agencies and bodies, must maintain a register of records of activities under its responsibility involving processing (collection, storage, use etc.) of personal data.
The register must be publicly accessible and contain pieces of information explaining the purpose and conditions of the processing operations.
You can consult the register, here below, to understand how HaDEA processes personal data in the course of its activities.
For more information about how your personal data might be used when you visit this website and other sites managed by the European Commission, please follow this link. For more information about our use of cookies, please go here.
Your rights when we process your personal data
Your rights to your personal data are stated in Articles 17 to 24 of Regulation (EU) 2018/1725.
When your personal information is processed by HaDEA, you have the right to know about it.
You have the right to access the information and have it rectified without undue delay if it is inaccurate or incomplete. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use.
Where applicable, you have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time, and the right to data portability. We will consider your request, take a decision and communicate it to you without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary.
You can request that we communicate, as possible, any changes to your personal data to other parties to whom your data has been disclosed.
You have also the right not to be subject to automated decisions (made solely by machines) affecting you, as defined by law.
Please note that in some cases, restrictions under Article 25 of the Regulation may apply.
Such restrictions are provided for in internal rules adopted by HaDEA and published in the Official Journal of the European Union, OJ L 379, dated 26.10.2021.
How to exercise your data protection rights at HaDEA
If HaDEA is processing your personal data and you would like to exercise your data protection rights, please send us a written enquiry.
You can send your request to HaDEA by post in a sealed envelope or use our contact form.
You can also contact directly the data controller in charge of the relevant personal data processing. You shall find the person to contact in the "data protection" or in the record of the processing concerned or the HaDEA Data Protection Officer at HADEA-DPOec [dot] europa [dot] eu (HADEA-DPO[at]ec[dot]europa[dot]eu)
Your request should contain a detailed, accurate description of the personal data you want access to.
Where there are reasonable doubts regarding your identity, you might be asked to provide a copy of an identification document as a means to authenticate your identity. Should you provide a copy of your ID card or passport or any other document, personal details such as your name and address should be visible. Data such as photos and personal characteristics can be blacked out on the copy.
Our use of the information on your identification document is strictly limited: we will only use the data to verify your identity and will not store it for longer than needed for this purpose.
You also have the possibility to recourse to the EDPS as a supervisory authority.