DG RTD COMMON AUDIT SERVICE SPECIFIC PRIVACY STATEMENT EXTERNAL AUDIT AND CONTROL



Similar documents
EUROPEAN COMMISSION SERVICE SPECIFIC PRIVACY STATEMENT (SSPS) 1. Online services on the Participant Portal

COMMUNICATION TO THE COMMISSION FROM MR POTOČNIK IN AGREEMENT WITH VICE-PRESIDENT KALLAS

The primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.

The Terms of Reference should be completed by the Beneficiary and be agreed with the Auditor

H2020 Model Contract for Experts

What does science mean to you? photo contest - Terms and Conditions

GUIDANCE NOTE ON THE CONCEPT OF RELIANCE

EUROPEAN COMMISSION DIRECTORATE-GENERAL HOME AFFAIRS. Directorate B - Migration, Asylum. Preparatory Action HOME/2013/CFP/PARS

Official Journal of the European Union

CERTIFICATES ISSUED BY EXTERNAL AUDITORS GUIDANCE NOTES FOR BENEFICIARIES AND AUDITORS

MEMORANDUM OF UNDERSTANDING. between the European Community and the Republic of Turkey

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November /06 DATAPROTECT 45 EDPS 3

FP7 GRANT AGREEMENT ANNEX VII - FORM D - TERMS OF REFERENCE FOR THE CERTIFICATE OF FINANCIAL STATEMENTS

Full-Cost Accounting and Certification Modalities in FP7

Erasmus+ General Information. Application Form Call: KA2 Cooperation and Innovation for Good Practices

Video surveillance at EFSA Implementing rules and technical specifications

Disclaimer. The present document is an internal document that outlines the procedure as currently envisaged by the Commission.

ARTICLE 29 DATA PROTECTION WORKING PARTY

SUBJECT. public and. projects. financing European of , OJ L 349 of. 2, a call for. W910 Chaussée (0)

Office 365 Data Processing Agreement with Model Clauses

GRANT AGREEMENT. NUMBER i2d

Errors in Cohesion Policy. Where are they? What is being done about them? What will the legal framework improve?

Reporting transnational access and service activity costs. Version May 2011

Financial errors in FP7. How to improve the quality of financial statements? Paris, 21 February 2013 Vittorio MORELLI Svetozara PETKOVA Simona STAICU

ANNEX VI MODEL TERMS OF REFERENCE FOR THE CERTIFICATE ON THE FINANCIAL STATEMENTS PART ï

Administrative forms (Part A) Project proposal (Part B)

EUROPEAN COMMISSION RESEARCH EXECUTIVE AGENCY (REA) H MODEL GRANT AGREEMENT FOR MARIE SKŁODOWSKA-CURIE INDIVIDUAL FELLOWSHIPS 2 (MSC-IF MONO)

PREVENTION OF AND FIGHT AGAINST CRIME ACTION GRANTS 2012 TARGETED CALL FOR PROPOSALS

GUIDE FOR APPLICANTS GRANTS PROGRAMME 2016/2017 TRAINING IN CONFERENCE INTERPRETING

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

H2020 Model Grant Agreement for Lump sum grants (H2020 MGA Lump sum Multi)

PROGRAMME "PREVENTION OF AND FIGHT AGAINST CRIME" CALL FOR PROPOSALS 2012 RESTRICTED TO FRAMEWORK PARTNERS

EUROPEAN COMMISSION Executive Agency for Small and Medium-sized Enterprises (EASME)

BUDGET HEADING INFORMATION, CONSULTATION AND PARTICIPATION OF REPRESENTATIVES OF UNDERTAKINGS CALL FOR PROPOSALS

HERCULE III PROGRAMME CALL FOR PROPOSALS LEGAL TRAINING AND STUDIES E PROGRA MME Deadline Tuesday, 22 September 2015

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

Data Processing Agreement for Oracle Cloud Services

Delegations will find attached the partially declassified version of the above-mentioned document.

Requirements made under the Intermediaries Byelaw

Article 29 Working Party Issues Opinion on Cloud Computing

Clause 1. Definitions and Interpretation

Council of the European Union Brussels, 28 July 2015 (OR. en)

COMMISSION DECISION. of XXX

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

AIRBUS GROUP BINDING CORPORATE RULES

EUROPEAN COMMISSION INFORMATION SOCIETY AND MEDIA DIRECTORATE-GENERAL. [title of the project] Grant Agreement No ICT PSP GRANT AGREEMENT

TABLE OF CONTENTS 1. PARTICIPATION BY THE JRC INTERNATIONAL ORGANISATIONS (GENERAL RULE)...4

COMMISSION OF THE EUROPEAN COMMUNITIES. COMMISSION REGULATION (EC) No /..

Action grants to support national and transnational projects projects aiming to promote Union citizenship

SPECIFIC PROGRAMME "CRIMINAL JUSTICE" ( ) CALL FOR PROPOSALS JUST/2012/JPEN/AG/EJT Action grants

PREVENTION OF AND FIGHT AGAINST CRIME ACTION GRANTS 2012 TARGETED CALL FOR PROPOSALS

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

EUROPEAN COMMISSION Directorate-General for Internal Market, Industry, Entrepreneurship and SMEs. Innovation and Advanced Manufacturing Director

Guide to Financial Issues relating to FP7 Indirect Actions

MODULE 4 - ASSET MANAGEMENT

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

Application Form Call: KA1 - Learning Mobility of Individuals. VET learner and staff mobility

GUIDANCE NOTES ON PROJECT REPORTING

RFCS Information Package 2015

Video surveillance policy (PUBLIC)

Guidance on standard scales of unit costs and lump sums adopted under Article 14(1) Reg. (EU) 1304/2013

SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER

PREVENTION OF AND FIGHT AGAINST CRIME TARGETED CALL FOR PROPOSALS ACTION GRANTS 2011

VACANCY NOTICE FOR THE POST Human Resources Manager to the Bio-Based Industries Joint Undertaking (BBI-JU) Reference (to be quoted in all your

HOME/2014/AMIF/AG/ASYL

GRANT AGREEMENT FOR STUDIES ERASMUS

Microsoft Online Services - Data Processing Agreement

Frequently Asked Questions version

Recommendations for companies planning to use Cloud computing services

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

Good practice: Application of EN ISO (management system)

European Investment Bank Group. Video-surveillance policy

Guide to Financial Issues for Cleansky GAPs

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Annex I to the Open Call for Expression of Interest to select Financial Intermediaries under EaSI Guarantee Financial Instrument

coordination structure

Guidance on Simplified Cost Options (SCOs)

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE CALL FOR PROPOSALS JUST/2013/DAP/SAG/CAAM FOR CHILD ABDUCTION ALERT MECHANISMS SPECIFIC ACTION GRANTS

FINANCIAL GUIDELINES FOR APPLICANTS VP/2012/007

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

.eu Domain Name Registration. Terms and Conditions

How To Fund A Project

CREDIT REPORTING POLICY

Webinar on third parties in Horizon 2020

EUROPEAN STABILITY MECHANISM BY-LAWS. Article 1 Hierarchy of Rules

How To Make A Proposal For A Project In European Media

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

Transcription:

DG RTD COMMON AUDIT SERVICE SPECIFIC PRIVACY STATEMENT EXTERNAL AUDIT AND CONTROL

Version Date Description of changes Page 1.1 21 August 2014 New online location in the Participant Portal (as the file All 3 pages is not hosted in Cordis anymore) added to footers. New update date mentioned. 1.2 23 October 2014 Updated footers. All 3 pages

COMMON AUDIT SERVICE SPECIFIC PRIVACY STATEMENT EXTERNAL AUDIT AND CONTROL Attached to the letter initiating the External Audit. The controlled entity has to internally inform all staff concerned 1. Context and Controller As the Commission service collects and further processes personal data in the context of financial audits and controls, it is subject to Regulation (EC) 45/2001 1. Audits and Controls cover: 1. Checks performed by Commission services on the implementation of the programme and the provisions of the grant agreements or service contracts. 2. Performance of financial audits and controls according to the provisions of the contracts or grant agreements with the Commission. External audits aim at verifying whether the costs declared in the financial statements have been properly incurred and are eligible costs, as defined under the grant agreement or contract between the Commission and the beneficiaries or contractors. These external audits are either directly carried out by Commission staff ("own-resource-audits") or outsourced to external audit firms. During these audits and controls, documents that may contain personal information (such as salary slips, time-recording systems, presence sheets, credit assessment reports, etc.) may be collected by the controllers as evidence of the eligibility of claims from the Community budget (such as: claims for co-financing of staff costs, travel expenses, etc.). If collected, such information will be processed by the Commission in the exercise of its duties to ensure the regular use of the Community budget in accordance with the Financial Regulation ("FR") (Regulation (EU, EURATOM) n 966/2012 of the European Parliament and of the Council of 25 October 2012) (Article 137.2) and its Rules of Application (RAP) (Commission delegated Regulation (EU) n 1268/2012 of 29 October 2012) (Article 180.1.f) applicable to the General Budget of the Union. In order to carry out efficient financial audits and controls and to detect anomalies, relevant Commission staff makes use of information available on the Internet (open source data search). In accordance with international professional audit standards the Directorate-General has developed a multi-annual Audit Strategy which includes a risk-analysis component in view of fraud prevention and detection. Processing operations are under the responsibility of the Director of Directorate J, "Common Support Centre", acting as Controller. 1 Regulation (EC) 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data

2. What personal information do we collect, for what purpose, under which legal bases and through which technical means? Types of personal data Personal data collected and further processed are all relevant data that may be requested by the Commission with a view to verifying that the grant agreement or contract is properly managed and performed in accordance with its provisions. The indicative list of data requested is given in the annex to the letter initiating the audit, without prejudice for the Commission services to ask any other relevant information as foreseen under the relevant Article of the grant agreements or contracts. Purpose Financial audits and controls of grant agreements or service contracts aim at verifying beneficiary's or contractor's or subcontractors' or third parties' compliance with all the contractual provisions (including financial provisions), in view of checking that the action and the provisions of the grant agreement or contract are being properly implemented and in view of assessing the legality and regularity of the transaction underlying the implementation of the Community budget. Legal basis The possibility for the Commission to carry out financial audits and controls is foreseen in the model grant agreement or model contract, to be signed between the Commission and the beneficiary or contractor, as required by the Financial Regulation applicable to the General Budget of the Union (art. 137.2), and its Rules of Application (art. 180.1.f). Technical means For the preparation of audit files and audit selection: use of data already existing in DG secured applications accessible only to relevant staff. During the audit procedure, personal data are collected when relevant either by e- mail or on paper or as electronic files and stored in computer systems accessible only to relevant staff. Data are stored until 10 years after the final payment on condition that no contentious occurred; in this case, data will be kept until the end the last possible legal procedure. Data collected from open sources including information available from internet sources is kept under the same time conditions as mentioned above. All data are kept under the responsibility of the Controller mentioned in point 1.

3. Who has access to your personal data and to whom is it disclosed? For the purpose detailed above, access to your personal data is given to the Commission services in charge of ex post audits and controls, without prejudice to a possible transmission to the authorising officer responsible for the project and to the bodies in charge of monitoring or inspection tasks in accordance with Community law (OLAF, Court of Auditors, Ombudsman, EDPS, IDOC, Internal Audit Service of the Commission). 4. How do we protect and safeguard your information? The collected personal data and all related information are stored after closure of the desk control or audit on the premises of the Commission and on local servers of the DG. The Commission premises and operations of all servers abide by the Commission's security decisions and provisions established by the Directorate of Security of DG HR. 5. How can you verify, modify or delete your information? In case you wish to verify which personal data is stored on your behalf by the responsible Controller, have it modified, corrected, or deleted, please make use of the contact information mentioned below, by explicitly describing your request. 6. How long do we keep your personal data? Data are stored until 10 years after the final payment on condition that no contentious occurred; in this case, data will be kept until the end the last possible legal procedure. 7. Contact information For any questions related to your rights, feel free to contact the Controller, by using the following contact information, and by explicitly specifying your request: RTD-AUDITS-DATA-PROTECTION@ec.europa.eu Any information relating to processing of your personal data is detailed in the register of the Data Protection Officer of the Commission: http://ec.europa.eu/dataprotectionofficer/register/index.cfm?targeturl=d_registe R 8. Recourse In case of conflict, complaints can be addressed to the European Data Protection Supervisor (EDPS).

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information