Personal Data Protection
Partners / partnership: In the following text, “partner” / “partnership” designate partner institutions / organisations participating in [ACRONYM] and likely to collect data within the framework of the project, namely [partner 1], [partner 2], [partner 3], [etc].
Supervisory Authority: independent public authority established by a member State under article 51 of the GDPR. The Supervisory Authority is the CNIL in France. The list of Supervisory Authorities is available here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
The [ACRONYM] project partners carefully treat all data collected as confidential and strictly use it under the framework of [ACRONYM] project activities in compliance with the EU legal regulations and the Interreg MED Programme rules.
All data collected and managed under the activities of the [ACRONYM] project, namely accounts, newsletter subscribers, event registrations, surveys of any kind, [if relevant ,please name here any other main activity under which you collect data] is in strict compliance with the new Regulation (EU) 2016/679, General Data Protection Regulation.
The partnership appointed [name of partner institution having been elected among the partnership to act as DPO], to act as [ACRONYM] Data Protection Officer.
Who is concerned by this notice?
This notice is addressed to the following public:
- All partners participating in the [ACRONYM] project;
- respondents to surveys;
- registered participants in events;
- account owners in the exchange areas of the project website;
- newsletter subscribers of any outsourced database application.
- [add any type of individuals if necessary]
For what purposes does the [ACRONYM] project store your data?
Project partners collect data to perform their legal obligations as an EU co-funded project.
The scope of the data collected is the minimum necessary for each purpose, avoiding as much as possible personal information. However, no personal information is collected without the knowledge and consent of the target audience.
[If relevant, explain here for which main purposes you store personal information]
No data will be shared with third parties outside the project and the Interreg MED Programme, other than the external providers or used for unintended purposes without the express consent and prior notification to the interested individuals. When personal data is collected, the purpose will be clearly expressed.
The data collected within the framework of the [ACRONYM] project will be retained by the project partners and the Interreg MED Programme until 31/12/2028 to comply with the regulatory obligations. Once the retention period has passed, the [ACRONYM] project partners, potential sub-contractors / external providers and the Interreg MED Programme will take adequate measures to delete all personal data collected within the project.
The [ACRONYM] project may use external providers to process your personal data. You will be informed and your express consent required whenever this is the case.
The [ACRONYM] project partners make sure to demand their external providers to provide them with adequate safeguards regarding personal data protection.
External providers of [ACRONYM] project will have a limited access to personal data strictly necessary for the completion of the services rendered. They will also be contractually bound to use the personal data in compliance with the current regulation regarding personal data.
What about cookies and tracking technologies?
The Programme web platform collects and stores information using cookies and similar tracking technologies to track web behaviors. We use this information to provide analytics of only statistical nature.
What are your legal rights as data subject?
According to the GDPR Regulation (EU) 2016/679, “Every person may, on simple request addressed to the DPO of [ACRONYM], have free access to all the information concerning them in clear language (any codes must be explained) and obtain a copy against payment of a fee, fixed by the State, of 3 € for the public sector and 4,6 € for the private sector.
Every person may directly require from an organisation holding information about them the data to be corrected (if they are wrong), completed or clarified (if they are incomplete or equivocal), or erased (if this information could not legally be collected).
Anyone may oppose that information about them is used for advertising purposes or for commercial purposes;
They may also oppose to information concerning them being disclosed to a third party for such purposes. The persons concerned should have the possibility of exercising their right to oppose the disclosure of their data to a third party at the moment the data is collected. The use of automatic calling machines or faxes for advertising purposes is prohibited unless the person has given their prior consent.”*
If you believe that the processing of your personal data constitutes a violation of the legislation in force, you have the possibility to lodge a complaint with the supervisory authority concerned. (check here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)
List of the data subject rights as stated in the Chapter 3 of the GPDR:
- Transparency and modalities
- Information and access to personal data
- Rectification and erasure
- Right to object and automated individual decision-making
** For detailed information on each specific right, please check Chapter 3 of the GDPR Regulation (CE) no 2016/679.
What type of data is collected and how?
The project partners store data of different types and in several ways:
- E-mail, postal and telephone contacts;
- Newsletters subscription;
- Event registrations;
- Contact forms;
- Data collected through the [project acronym] web site and other outsourced applications [name them];
- [if relevant, state here any other way you collect data)]
Who can you contact for questions regarding data protection?
For questions or concerns regarding the collection of your personal data within the [ACRONYM] project, please contact the Data Protection Officer: [mail of DPO].