Pursuant to article 5 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Processing of the Personal Data carried out by the GRADIANT for the development and management of the Website will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and accountability.
Any term indicated in capital letter shall have the meaning attributed to it within the GDPR, or otherwise provided hereto.
The data Controller will be the GRADIANT.
Which kind of Personal Data are collected
Traffic and Internet data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols.
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the
use of Internet communication protocols.
This category of data includes, among others, IP addresses, browser type, operating system, the domain name and website addresses from which the User logs in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s OS and computer environment.
These technical / IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of crimes against the Website, or upon public authorities’ request.
Personal data provided by the User
We may ask you to provide us your Personal Data such as first name, last name, address, e-mail to the extent of subscribe to Project’s newsletter or to use the contact form published on the Website.
Why Personal Data are processed and Lawful basis
User’s Personal Data will be processed exclusively for the following purposes, and exclusively in the framework of the research Project’s activites (further information on the
Project may be find at following URL:
- fulfill any request made by the User through the contact form available on the Website, as well as delivering the PERSIST newsletter throught the subscription. This processing is needed to provide the Users with the information they have directly requested, by granting their freely and informed consent, according to Art. 6.1, a) of GDPR;
- complying with the obligations set forth by applicable laws and regulations and to ascertain responsibilities in case of any computer crimes against the Website. As this processing is mandatory by law, User’s consent is not required according to Art. 6.1, c);
- additional lawful basis for the processing may be the Regulation (EU) No 1291/2013 of the European Parliament and of the Council of 11 December 2013 establishing Horizon 2020 – the Framework Programme for Research and Innovation (2014-2020) and its annex, according to Art. 6.1, c).
User’s Personal Data will not be used for any automated decision-making including profiling, nor will be further processed without the previous consent of the User.
For how long Personal Data are kept
The Data Controller will keep User’s Personal Data collected through the Website for 5 years after the fulfillment of the of the Project, to resist to any potential legal claims. After that timeframe, the Personal Data collected will be immediately destroyed or made anonymous when no longer needed for that purpose.
How Personal Data are secured
Personal Data may be processed either manually, through information technology tools or electronically, but always under technical and organizational measures that enable ensuring their security and confidentiality, especially for the purposes of preventing any risk arising from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data. All the processing operations as well as the security measures implemented took into consideration the risk of the processing and of the nature of the Personal Data.
Organisational measures include restricting access to the Personal Data solely to authorised persons or third parties where duly authorized and instructed by the Data Controller for the purposes of processing operation, and according to the ‘need to know’ principle. Such staff abide by statutory, and when required additional, confidentiality agreements.
Who may access to Personal Data
The personal data collected by the Controller might be shared with:
- Members of the PERSIST Consortium (provided that for those partners not belonging to the European Economic Area the requirments set forth in articles 44 and subsequents of GDPR have been respected and satisfied) only for the purposes of achiving PERSIST’ objectives;
- Data Controller’service provider which is Galicia, and it is located in within the European Economic Area in Spain, exclusively for IT organizational, administrative or support needs.
This disclosures shall be in any case made in compliance with all the data protection and privacy provisions.
Moreover, the Data Controller might be required to disclose User’s information in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process or where it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or as evidence in litigation in which we are involved.
Without prejudice to the above, unless upon specific consent of the data subject or as otherwise required by applicable laws, User’s Personal Data shall not be shared with any other organizations.In particular, without prejudice to the possibility to share User’s Personal Data with members of the Consortium located ouside the European Economic Area (hereinafter, the ‘EEA’), the Data Controller will notwill not share User’s Personal Data with any other entities and or organizations located countries outside theEEA . In any case, should a transfer of the data outside the EEA become necessary in the future, it will be carried out in accordance with the provisions of the GDPR and the you will be timely informed about this processing.
Redirection to other websites
The Website incorporates links which allow the User to connect to other websites run by third parties. The Controller assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.
Therefore, each User who accesses such web pages and/or social platforms through the Website must carefully read the relevant privacy policies in order to better understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites.
Which are User’s rights and how User can exercise them
Pursuant to the GDPR, Users have a number of rights concerning the Personal Data that the Controller hold about them. If Users wish to exercise any of these rights, please use the contact details set out above.
- The right of access. Users have the right to obtain access to their Personal Data subject matter of the data Processing. This will enable Users, for example, to check that the Controller is using Users’ Personal Data in accordance with the relevant data protection law. If Users wish to access the information the Controller holds about them in this way, please get in touch (please see section Contact information here below).
- The right to rectification. Users are entitled to have their Personal Data corrected if it is inaccurate or incomplete. Users can request that the Controller rectifies any errors in information that the Controller hold by contacting it (please see section Contact information here below).
- The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables Users to request the deletion or removal of certain of the Personal Data that the Controller hold about Users by contacting the Controller (please see section Contact information here below). Please remember that it is possible that pursuant any applicable law the Controller may not have all Users’ Personal Data erased.
- The right to restrict processing. Users have rights to ‘block’ or ‘suppress’ certain further use of their Personal Data. When processing is restricted, the Controller can still store Users’ Personal Data, but will not use it further.
- The right to data portability. Users have the right to obtain their personal information in an accessible and transferrable format so that they can re-use it for their own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (please see section Contact information here below).
- The right to lodge a complaint. Users have the right to lodge a complaint about the way the Controller handles or processes User’s Personal Data with the relevant national Data Protection Authority (please find here the list of European Data Protection Authorities https://edpb.europa.eu/about-edpb/board/members_en).
- The right to withdraw consent. If Users have given their consent to anything the Controller do with their Personal Data (i.e. the Controoler relies on consent as a legal basis for processing your information), Users have the right to withdraw that consent at any time. Users can do this by contacting the Controller (please see section Contact information here below). Withdrawing consent will not however make unlawful our use of User’s information while consent had been apparent.
- The right to object to processing. Users have the right to object to certain types of processing. Users can for example object to the publication of pictures taken of you within the context of a conference.
Where Users wishe to exercise their rights in the context of one or several specific processing operations, please provide their description in their requests.
Users requests will be handled within a maximum of 30 (thirty) working days.
If Users would like to exercise their rights under GDPR, or if they have comments, questions or concerns, or if they would like to submit a complaint regarding the collection and use of their Personal Data, they might contact the following email address: firstname.lastname@example.org.
Entry into force
Website Cookies Policy
The present cookies policy (hereinafter the “Cookies Policy”) has been provided by GRADIANT, having its registered office in Fonte das Abelleiras s/s, 36310, VIGO, Pontevedra (Galicia) (hereinafter the “ Controller” or “GRADIANT”) to inform users’ website (hereinafter, the “Website”) on how cookies on the Website are used.
Any term indicated in capital letters shall have the meaning attributed to it within the EU General Data Protection Regulation no. 2016/679 (hereinafter, “GDPR”) or otherwise provided hereto. For any further information and/or clarifications, it is possible to contact the Controller at the following address email@example.com.
Definition of cookies
Cookies are short strings of text that the websites on which a user navigates con send to his or her terminal equipment in order to be memorized and subsequently transmitted back to the website upon the user’s subsequent visit to the same website. Cookies facilitate and expedite the loading of a given web page.
Cookies can be “session” or “persistent” cookies. A session cookie is a cookie that is automatically deleted when the user closes the browser, whereas a persistent cookie is a cookie that remains stored in the user’s terminal device until it reaches a pre-determined expiration date.
Furthermore, additional classification of cookies includes:
|Typology of cookie
|Depending on the source
|First party cookies: cookies that a visitor receives from the same website that he/she is visiting.
Third party cookies: cookies that a visitor receives from websites or web servers provided by a third party.
|Depending on the purposes
|Necessary cookies: these cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Marketing or profiling cookies: these cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
Cookies implemented on the Website and how to disable them
On the Website, the Controller have implemented the following cookies.
The Data Subject may, at any time, prevent the setting of cookies through the Website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies.
Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all of the most commonly used Internet browsers. If the Data Subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
Please consult the following link if you need further clarification on how to disable cookies: https://www.aboutcookies.org.