Privacy policy

Introduction

This Privacy Policy is aimed at illustrating the means and purposes of the processing of personal data carried out by FUNDACIÓN CENTRO TECNOLÓXICO DE TELECOMUNICACIÓNS DE GALICIA (GRADIANT) having its registered office in Carretera do Vilar 56-58, 36314, VIGO, Pontevedra (Galicia), in its quality of data controller (hereinafter “GRADIANT” or the “Controller”), through the website www.trustedproject.eu (hereinafter the “Website”).

Please note that this Privacy Policy is applicable to anyone who accesses and visits the Website or otherwise interacts with the web services offered on the Website (the “User”).

Pursuant to article 5 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Processing of the Personal Data carried out by the GRADIANT for the development and management of the Website will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and accountability.

Any term indicated in capital letter shall have the meaning attributed to it within the GDPR, or otherwise provided hereto.

Data controller

The data Controller will be the GRADIANT: trusted_coordinator@gradiant.org

Which kind of Personal Data are collected

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, among others, IP addresses, browser type, operating system, the domain name and website addresses from which the User logs in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s OS and computer environment.

These technical / IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of crimes against the Website, or upon public authorities’ request.

In order to consent the collection of this category of data, the Website uses cookies. Please, read the Cookies Policy of this Website for any further information about them.

We may ask you to provide us your Personal Data such as first name, last name, address, e- mail to the extent of subscribe to Project’s newsletter or to use the contact form published on the Website.

Gradiant collaborates with several partners and/or associates in the development of the TRUSTED project. By providing your personal data, you consent to its inclusion in a database owned by Gradiant and its partners and/or associates as joint data controllers. This data is used to send the current newsletter to the user, as well as to send potential information related to the TRUSTED, or to solutions or events related to it that Gradiant or affiliated entities develop or organize.

Gradiant follows strict criteria in selecting partners and collaborators to ensure compliance with data protection obligations and commits to signing the corresponding joint data controller agreement, which will establish, among other things, the following obligations: applying appropriate technical and organizational measures; processing personal data for the agreed purposes and only following the documented instructions provided; and deleting the data once the service provision has ended.

Why Personal Data are processed and Lawful basis

User’s Personal Data will be processed exclusively for the following purposes, and exclusively in the framework of the research Project’s activities (further information on the Project may be found at following URL: www.trustedproject.eu)

Fulfill any request made by the User through the contact form available on the Website, as well as delivering the TRUSTED newsletter throught the subscription. This processing is needed to provide the Users with the information they have directly requested, by granting their freely and informed consent, according to Art. 6.1, a) of GDPR;
Complying with the obligations set forth by applicable laws and regulations and to ascertain responsibilities in case of any computer crimes against the Website. As this processing is mandatory by law, User’s consent is not required according to Art. 6.1, c).
Additional lawful basis for the processing may be the Regulation (EU) No 1291/2013 of the European Parliament and of the Council of 11 December 2013 establishing Horizon 2020 – the Framework Programme for Research and Innovation (2014-2020) and its annex, according to Art. 6.1, c).

User’s Personal Data will not be used for any automated decision-making including profiling, nor will be further processed without the previous consent of the User.

Cookies

The Website implemented the use of cookies. Further information on the use of cookies may be find at the following URL: www.trustedproject.eu

For how long Personal Data are kept

The Data Controller will keep User’s Personal Data collected through the Website for 5 years after the fulfilment of the of the Project, to resist to any potential legal claims. After that timeframe, the Personal Data collected will be immediately destroyed or made anonymous when no longer needed for that purpose.

How Personal Data are secured

Personal Data may be processed either manually, through information technology tools or electronically, but always under technical and organizational measures that enable ensuring their security and confidentiality, especially for the purposes of preventing any risk arising from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data. All the processing operations as well as the security measures implemented took into consideration the risk of the processing and of the nature of the Personal Data.

Organisational measures include restricting access to the Personal Data solely to authorised persons or third parties where duly authorized and instructed by the Data Controller for the purposes of processing operation, and according to the ‘need to know’ principle. Such staff abide by statutory, and when required additional, confidentiality agreements.

Who may access to Personal Data

The personal data collected by the Controller might be shared with:

Members of the TRUSTED Consortium (provided that for those partners not belonging to the European Economic Area the requirements set forth in articles 44 and subsequents of GDPR have been respected and satisfied) only for the purposes of achieving TRUSTED’ objectives;
Data Controller’ service provider which is Galicia, and it is located in within the European Economic Area in Spain, exclusively for IT organizational, administrative or support needs.

This disclosures shall be in any case made in compliance with all the data protection and privacy provisions.

Moreover, the Data Controller might be required to disclose User’s information in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process or where it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or as evidence in litigation in which we are involved.

Without prejudice to the above, unless upon specific consent of the data subject or as otherwise required by applicable laws, User’s Personal Data shall not be shared with any other organizations. In particular, without prejudice to the possibility to share User’s Personal Data with members of the Consortium located outside the European Economic Area (hereinafter, the ‘EEA’), the Data Controller will not share User’s Personal Data with any other entities and or organizations located countries outside the EEA. In any case, should a transfer of the data outside the EEA become necessary in the future, it will be carried out in accordance with the provisions of the GDPR and you will be timely informed about this processing.

Redirection to other websites

The Website incorporates links which allow the User to connect to other websites run by third parties. The Controller assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.

Therefore, each User who accesses such web pages and/or social platforms through the Website must carefully read the relevant privacy policies in order to better understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites.

Which are User’s rights and how User can exercise them

Pursuant to the GDPR, Users have a number of rights concerning the Personal Data that the Controller hold about them. If Users wish to exercise any of these rights, please use the contact details set out above.

The right to be informed. Users have the right to be provided with clear, transparent and easily understandable information about how the Controller use their information and about their rights. This is why the Controller is providing with the information in this Privacy Policy.
The right of access. Users have the right to obtain access to their Personal Data subject matter of the data Processing. This will enable Users, for example, to check that the Controller is using Users’ Personal Data in accordance with the relevant data protection law. If Users wish to access the information the Controller holds about them in this way, please get in touch (please see section Contact information here below).
The right to rectification. Users are entitled to have their Personal Data corrected if it is inaccurate or incomplete. Users can request that the Controller rectifies any errors in information that the Controller hold by contacting it (please see section Contact information here below).
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables Users to request the deletion or removal of certain of the Personal Data that the Controller hold about Users by contacting the Controller (please see section Contact information here below). Please remember that it is possible that pursuant any applicable law the Controller may not have all Users’ Personal Data erased.
The right to restrict processing. Users have rights to ‘block’ or ‘suppress’ certain further use of their Personal Data. When processing is restricted, the Controller can still store Users’ Personal Data, but will not use it further.
The right to data portability. Users have the right to obtain their personal information in an accessible and transferrable format so that they can re-use it for their own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (please see section Contact information here below).
The right to lodge a complaint. Users have the right to lodge a complaint about the way the Controller handles or processes User’s Personal Data with the relevant national Data Protection Authority (please find here the list of European Data Protection Authorities https://edpb.europa.eu/about-edpb/board/members_en).The right to withdraw consent. If Users have given their consent to anything the Controller do with their Personal Data (i.e. the Controler relies on consent as a legal basis for processing your information), Users have the right to withdraw that consent at any time. Users can do this by contacting the Controller (please see section Contact information here below). Withdrawing consent will not however make unlawful our use of User’s information while consent had been apparent.
The right to object to processing. Users have the right to object to certain types of processing. Users can for example object to the publication of pictures taken of you within the context of a conference.

Where Users wish to exercise their rights in the context of one or several specific processing operations, please provide their description in their requests.

Users requests will be handled within a maximum of 30 (thirty) working days.

Contact information

If Users would like to exercise their rights under GDPR, or if they have comments, questions or concerns, or if they would like to submit a complaint regarding the collection and use of their Personal Data, they might contact the following email address: trusted_coordinator@gradiant.org.

Changes

Where appropriate, we will notify you of any changes to this privacy policy, for example by email or push notification.

Entry into force

The present Privacy Policy entered into force the November 2024, version 1.0