Pursuant to article 5 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Processing of the Personal Data carried out by TREE TECHNOLOGY S.A. for the development and management of the Website will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and accountability.
Any term indicated in capital letters shall have the meaning attributed to it within the GDPR, or otherwise provided hereto.
The data Controller will be TREE TECHNOLOGY, S.A. (firstname.lastname@example.org).
Which kind of Personal Data are collected
Traffic and Internet data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes, among others, IP addresses, browser type, operating system, the domain name and website addresses from which the User logs in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s OS and computer environment.
These technical / IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of crimes against the Website, or upon public authorities’ request.
Personal data provided by the User
We may ask you to provide us with Personal Data of your such as first name, last name, address, and e-mail address, to the extent to use the contact form published on the Website.
Why Personal Data are processed and Lawful basis
User’s Personal Data will be processed exclusively for the following purposes, and exclusively in the framework of the research Project’s activities (further information on the Project may be found at following URL: https://trustaware.eu/project/):
- To fulfil any request made by the User through the contact form available on the Website. This processing is needed to provide the Users with the information they have directly requested, by granting their freely and informed consent, according to Art. 6.1, a) of GDPR;
- To comply with obligations set forth by applicable laws and regulations and to ascertain responsibilities in case of any computer crimes against the Website. As this processing is mandatory by law, User’s consent is not required according to Art. 6.1, c).
In any case, please be aware that User’s Personal Data will not be used for any automated decision-making including profiling, nor will they be further processed without the previous consent of the User.
For how long Personal Data are kept
The Controller only keeps your Personal Data for the time necessary to fulfil the purposes for which the data have been originally collected and/or the purpose of the Project. In any case the said data will be destroyed after 5 years from the completion of the Project.
How Personal Data are secured
Personal Data may be processed through information technology tools either manually or electronically, but always under technical and organizational measures that enable ensuring their security and confidentiality, especially for the purposes of preventing any risk arising from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data. All the processing operations as well as the security measures implemented took into consideration the risk of the processing and of the nature of the Personal Data.
Organisational measures include restricting access to the Personal Data solely to authorised persons or third parties where duly authorized and instructed by the Controller for the purposes of processing operation, and according to the ‘need to know’ principle. Such staff abide by statutory, and when required additional, confidentiality agreements.
Who may access Personal Data
The Personal Data collected by the Controller might be shared with:
- Members of the TRUST aWARE Consortium only to fulfil User’s requests regarding Project’s activities and objectives;
The Controller might be required to disclose Users’ information in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process, or where it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or as evidence in litigation in which we are involved.
Without prejudice to the above, unless upon specific consent of the data subject or as otherwise required by applicable laws, User’s Personal Data shall not be shared with any other organizations.
In particular, the Controller will not share User’s Personal Data with other countries outside the European Economic Area (hereinafter, the ‘EEA’). In any case, should a transfer of the data outside the EEA become necessary in the future, it will be carried out in accordance with the provisions of the GDPR and the User will be timely informed about this processing.
Redirection to other websites
The Website incorporates links which allow the User to connect to other websites run by third parties. The Controller assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.
Therefore, each User who accesses such web pages and/or social media platforms through the Website must carefully read the relevant privacy policies in order to better understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites.
Users’ rights and how to exercise them
Pursuant to the GDPR, Users have a number of rights concerning the Personal Data that the Controller hold about them. If Users wish to exercise any of these rights, please use the contact details set out above.
- The right of access. Users have the right to obtain access to their Personal Data subject matter of the data Processing. This will enable Users, for example, to check that the Controller is using Users’ Personal Data in accordance with the relevant data protection law. If Users wish to access the information the Controller holds about them in this way, please get in touch (please see section Contact information here below).
- The right to rectification. Users are entitled to have their Personal Data corrected if it is inaccurate or incomplete. Users can request that the Controller rectifies any errors in information that the Controller hold by contacting it (please see section Contact information here below).
- The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables Users to request the deletion or removal of certain of the Personal Data that the Controller hold about Users by contacting the Controller (please see section Contact information here below). Please remember that it is possible that pursuant any applicable law the Controller may not have all Users’ Personal Data erased.
- The right to restrict processing. Users have rights to ‘block’ or ‘suppress’ certain further use of their Personal Data. When processing is restricted, the Controller can still store Users’ Personal Data, but will not use it further.
- The right to data portability. Users have the right to obtain their personal information in an accessible and transferrable format so that they can re-use it for their own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (please see section Contact information here below).
- The right to lodge a complaint. Users have the right to lodge a complaint about the way the Controller handles or processes User’s Personal Data with the relevant national Data Protection Authority (please find here the list of European Data Protection Authorities https://edpb.europa.eu/about-edpb/board/members_en).
- The right to withdraw consent. If Users have given their consent to anything the Controller do with their Personal Data (i.e. the Controller relies on consent as a legal basis for processing your information), Users have the right to withdraw that consent at any time. Users can do this by contacting the Controller (please see section Contact information here below). Withdrawing consent will not however make unlawful our use of User’s information while consent had been apparent.
- The right to object to processing. Users have the right to object to certain types of processing. Users can for example object to the publication of pictures taken of you within the context of a conference.
Where Users wish to exercise their rights in the context of one or several specific processing operations, please provide their description in the requests.
Users requests will be handled within a maximum of 30 (thirty) working days.
If Users would like to exercise their rights under GDPR, or if they have comments, questions or concerns, or if they would like to submit a complaint regarding the collection and use of their Personal Data, they might contact the following email address: email@example.com.
Entry into force