BOMCA’s consortium partners are committed to compliance with Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data. All staff and contractors are thus required to comply with the following data protection principles.
Data protection principles
Personal data shall be collected for specific, explicit and legitimate business purposes only based on considerations of organisational needs and the needs and interests of the data subject. Only data relevant for the specific purpose and for which active consent was obtained may be collected and processed.
- All personal data shall be processed in a fair and transparent manner.
- All personal data shall be accurate and be kept up to date. When found to be inaccurate it shall be corrected as soon as possible.
- Personal data shall only be used for the specified purpose for which active consent was obtained.
- Personal data which is no longer used for the specified purpose or is known to be inaccurate shall be deleted/destructed or, where deletion is not feasible, access must be restricted so that no one apart from those responsible for technical maintenance of the space where it is saved will have access.
- While business contacts are available to all staff and made available to implementing partners, beneficiaries and contractors as required, access to private and sensitive data is restricted to persons who need access to carry out their respective functions for as long as they carry out this function based on a secure authentication mechanism including strong passwords.
- Processing activities of personal data owned by the BOMCA Programme may only be performed by external parties based on the conclusion of a binding written contract that sets out the purpose and duration of the process and ensures that the processor meets technical and organisational requirements to ensure the effective protection of the rights of the concerned data subjects.