ON THE BASIS OF REGULATION (EU) 2016/679, DELIVERED ON 25 MAY 2018
LAWFULNESS OF PROCESSING
The processing of personal data by Civil Protection is lawful if
1. Is inherent in its function; and
2. As part of the exercise of official authority, on the basis of legislation
The data collected will not exceed what is needed, shall be used only for the purpose for which it is collected and is not disclosed to third parties, except on the advice of the Civil Protection’s Data Protection Officer. It shall be taken into account that the right to data protection shall be taken into account with rights that are superior in value and serve the public interest.
For the purposes of Civil Protection, the following personal data are collected from citizens, officials and visitors
1. For a service in Civil Protection (by decision of the Council of Ministers, on the basis of the Civil Protection Law), they shall complete the necessary personal information. These data are stored in software.
2. Persons wishing to serve as volunteers in Civil Protection (Civil Defence Law) also fill in various personal data. These data are stored in software.
3. PMA officials present absence and sick leave to the archive. This information shall then be entered in electronic form.
4. Contact details of officials of the Departments/Services.
5. Population numbers from areas for which evacuation plans are to be drawn up. For this purpose, data are collected for the number of citizens, the number of people with disabilities, and so on.
6. Installed security cameras shall record the movements in and around the communal areas. At the same time, there is the possibility of continuous monitoring of such sites.
1The data of citizens shall be used for call purposes for service, suspension of service, for the issue of a baccalaureate and other related matters. The forms shall be maintained for five (5) years and shall then be destroyed on the basis of the procedures of the State Archive. Data registered, in electronic format, shall not be destroyed because, on the basis of the Defence Policy Law, the redundant workers are the redundancy of the force.
2The data of volunteers shall be used for the purposes of calling the service, for leave of absence, for the issue of certificates and other relevant. The forms shall be maintained for five (5) years and shall then be destroyed on the basis of the procedures of the State Archive. Data registered, in electronic format, shall not be destroyed because, on the basis of the Defence Policy Law, the redundant workers are the redundancy of the force.
3The licence data shall be used for the purpose of establishing the other authorisations. The data shall be stored for ten (10) years and shall be destroyed on the basis of the procedures of the State Archive.
4The contact details of the officials/agencies who are cooperating departments/Services shall be collected for the purposes of drawing up memoranda, action plans and so on. these data shall be kept up until the revision of each action/project.
5The population figures are used for the purposes of drawing up plans (notably evacuation), municipalities and communities. They shall be treated, in respect of their destruction, as State documents, in accordance with the procedures of the State Archive.
6The data from the security cameras shall be kept for one month.
The data, processed, shall not be used for any purpose other than the one for which they are processed.
1Data recorded on a computer shall be protected by the computer’s own password and the software access code of the computer concerned.
2For the information held in paper form, care shall be taken to ensure that they are kept in a lockable room.
3In particular, the particulars of officials, which shall be kept in paper form, shall be kept in bodies the keys of which hold two keys: the responsible officer and the Civil Defence Policy Commander.
Data shall be accessible only to persons who are required to do so.
INFRINGEMENT AND TRANSFER OF DATA
In the event that data security is being breached, the Office of the Commissioner for Personal Data Protection and the persons whose data has been leaked/violated will be notified to it.
In case of transfer of data, a record will be kept.
25 May 2018