FOI is a government authority whose core activity is research, including method and technology development, as well as performing studies for total defence and in support of disarmament, non-proliferation, and international security. FOI processes personal data relating to employee contracts, principals that commission services, suppliers, FOI’s core acitivities, and people who visit FOI’s website or otherwise contact the authority.
FOI is the controller for the processing of personal data that occurs as a part of FOI’s activities. ‘Processing of personal data’ means any form of operation performed on personal data, for example: collection, recording, organisation, storage, adaptation, alteration, dissemination, erasure, or destruction.
FOI only collects information that is necessary to fulfil its duties. FOI handles personal data in an adequate, legal, correct, and open manner. Personal data shall be correct and updated where necessary. FOI takes all reasonable steps to ensure that personal data that are incorrect with regard to the purposes for which they are processed are erased or rectified without delay.
FOI retains personal data for as long as is required for the fulfilment of its duties as an authority. FOI takes reasonable and appropriate measures to protect personal data from unauthorised access, as well as from dissemination, alteration, and destruction.
The data subject has the right to receive information about which personal data FOI is collecting about them, and to request rectification of inaccurate personal data, or restriction of processing. All documents, including personal data, submitted to the authority become public documents that may be disclosed according to the principle of public access to official documents.
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data; and repealing Directive 95/46/EC (General Data Protection Regulation).