DATA PROTECTION SERVICE ------------- RECORD OF PROCESSING ACTIVITIES Article 31 of the Regulation (EU) 2018/1725 EUROPEAN PARLIAMENT (For the use of Data Protection Service) Record no.: 412 Date received: 10-06-2014 In accordance with Regulation (EU) 2018/1725, individuals whose personal data are processed by the European Parliament in any context whatsoever are to be protected with regard to the processing of personal data. Planning and management of resources - Audiovisual Unit Operation/Process Title 1. CONTROLLER(S) / DATA PROTECTION OFFICER SURNAME CARBAJO Function Head of Unit Given name Administrative Address: Building and room Service name FERNANDO PHS 01A045 E-mail Tel. fernando.carbajo@europarl.europa.eu 0032 2 28 44816 Place of work Brussels COMM - AUDIOVISUAL DPO Details Name of DPO Secondo SABBIONI Tel. +352430023595 E-mail secondo.sabbioni@europarl.europa.eu 2. PURPOSE AND LEGAL BASIS OF PROCESSING 2.1 Purpose of processing (describe the procedures/steps linked to this operation). 1.The European Parliament's audio-visual facilities exist to assist and enhance the media coverage of the proceedings and activities of the Parliament. 2.Other than for Parliament's own use with respect to its information and communication activities in the audio-visual field, the facilities shall primarily be made available to broadcast/webcast media. 3.The provision of facilities shall not be subject to any editorial directives or guidelines. The software's functionalities: -Planning with overview of projects/jobs and associated bookings of resources (both human resources and equipment) internal to the European Parliament's audio- visual unit, as well as those procured via third-party contractors; -Reporting, by offering overviews and statistics of key information regarding operations, to assist management; -Archiving of operations; -Media accreditation towards a media landscape and database; -Acting as a collaboration and information dissemination tool for all information relevant to operations and a way to alert operators in case of changes. 2.2 Legal Basis (Are there any legal obligations which require this process to exist - e.g. Article of the Treaty, Regulation, Decision, etc.). Please indicate. RULES GOVERNING THE USE OF PARLIAMENT’S PREMISES BY OUTSIDE BODIES BUREAU DECISION OF 14 MARCH 2001 3. CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA PROCESSED 3.1 Category (or categories) of data subjects (officials, other staff, contractors, European citizens, etc.): There are handled the following categories of subjects: - External Customers (TV broadcasters, Radio broadcasters, Production houses, other organizations) - Internal Customers (European Parliament Units, other European institutions) - Members of Parliament - Customer Employees (for both external and internal customers as well as for MEPs) - Officials (mainly from the Audiovisual Unit) - Contractors (currently employees of EBP, Watch TV, Shimera and Isopix) - Personalities (participants playing roles in programmes) - mainly politicians or other persons of public interest 3.2 Please list the personal data processed Nr: 412 Version: 1 Date: 05/02/2020 11:55:37 1/3

Leave and Absence Data Data for Missions and Travel Physical Characteristics Telephone number or Communication Data There are registered the following personal information in the system about employees or other people in similar relationship to customer's or MEPs: - name - connection to a customer or MEPs - contact information (e-mail, telephone, fax, etc.) All the employees are regularly informed about registered information and they are notified about their right to ask for removal of all the information from the system (planned). Only official information provided from EP official sources are registered for MEPs and EP Officials: - name - contact information (e-mail, telephone, fax, etc.) - political group, nationality, and national political group (for MEPs) - number of office in European Parliament (for MEPs and EP officials) - photo (for MEPs and EP officials) taken by official EP photographer Only widely known public information are stored about Personalities. Nr: 412 Version: 1 Date: 05/02/2020 11:55:37 2/3

4. RECIPIENTS & DATA TRANSFER 4.1 Will the data be transferred to other departments within the European Parliament or other EU institutions / bodies (indicate who the recipients are): N.A. 4.1.1 Have the data been transferred following a request from the recipient? yes no 4.1.2 Has the data controller verified the competence of the recipient and made a provisional evaluation of the need for the transfer of the data? Has the recipient been informed of his obligations in respect of this transfer yes no yes no 4.1.3 4.2 In case of transfer to recipients other than the EU institutions and bodies, subject to Regulation (EU) 2016/679 (e.g. national administrations, private sector): operators and coordination from EBP, Watch TV, Shimera, Isopix and Provys 4.3 4.2.1 Has the recipient established that the data are necessary? yes no 4.2.2 Has the recipient established the need for their transfer? yes no yes no In case of transfer to recipients outside the EU (please specify the legal basis, the nature of the data transmitted and indicate who the recipients are): N.A. 4.3.1 Has the person responsible for the transfer established that an adequate level of protection is ensured in the country of the recipient (both during the transfer and in storage)? 4.3.2 Please add any additional information for this transfer (e.g. any agreements or documentation indicating type of security that is/are in place). 5. DATA PROCESSING 5.1 Storage of data 5.1.1 Indicate the period of storage and its justification (How long will the personal data be kept, and what is the justification for applying this period): data from the contract providers is managed during the duration of contract directly by the companies and according to the specific terms of the contract data of media is managed by us and will evolve during lifetime of the project data of customer employees is stored during the period of collaboration and people are notified once a year so that they will be enabled to actively unsubscribe from the database, the contact details will be erased by the system. data of MEPs will follow publication of Europarl 5.1.2 After the process (or operation) has finished, does the controller keep the data for additional processing: historical, statistical or scientific purposes? If yes, describe what/how data is stored (e.g. anonymous, encrypted, and other): 5.2 Please explain how data subjects may exercise their rights (rights of access, of rectification, of blocking, of erasure and to object): The subjects can reply on regular email informing about registered information (see 7.2.) or just simply click on provided link to remove or modify registered personal information. Each subject can also contact a PROVYS system administrator using email address AVdisclaimer@europarl.europa.eu with request to remove his/her personal data. System administrators then verify the requestors identity and removes the information from the system. 5.2.1 Enter the official contact e-mail for the data controller (use a functional mailbox): 6. SECURITY MEASURES General Security Measures Relevant “physical and/or IT security” measures have been applied. Suitable safeguards are in place. (Please note that the exact details cannot be published, in order to protect the process). Nr: 412 Version: 1 Date: 05/02/2020 11:55:37 3/3