Any term indicated in capital letter shall have the meaning attributed to it within the EU General Data Protection Regulation no. 2016/679 (hereinafter, “GDPR”) or otherwise provided hereto.
For any further information and/or clarifications, it is possible to contact the Data Controller at the following address: via Giuseppe Vasi 18/A, 00162 Rome (Italy) email: firstname.lastname@example.org.
The Website and its functionalities have been designed to minimize the collection as well as the processing of your Personal Data, applying the principles of necessity and proportionality to any Processing activities that the Data Controller might carry on your Personal Data.
1.2 Why CyberEthics Lab. collects your Personal Data?
CyberEthics Lab. will only process your personal data for the following purpose: to analyse the answers to the questions received through the Website section “Polls” concerning topics of interest in the context of the EU research project PHOENIX (grant agreement No. 832989), i.e. developments of armours against cyber and privacy attacks in the field of energy critical infrastructures.
1.3 Which kind of data We collect?
1.3.1 Personal Data provided directly by you
Provided that you decide to send CyberEthics Lab. an email, or you otherwise interact with CyberEthics Lab. (for instance, via an online form to request to be included in the newsletter, via email to ask a question with regards to your privacy rights, or more in general to request information), CyberEthics Lab. may collect your email, name, the content of your message, and any other information necessary to address your request. The legal basis for CyberEthics Lab. to process these Personal Data shall be your informed Consent given at the moment of the interaction.
1.3.2 Website navigation data
If you visit the Website, CyberEthics Lab. may collect technical information such as information about your interaction with the pages of the Website (scrolling, clicking, etc.) or the type of operating system you are using. However, such data will be collected on an aggregate basis, and the collection of said data will not permit the identification any individual user, and in any case the data will not be processed together with other data for the sole purpose of identifying the user.
CyberEthics Lab. may also collect Personal Data through cookies, in accordance with its Google Cookies Policy and applicable cookies regulations (see here).
1.4 Lawful basis
We process your Personal Data, as long as you, in your quality of Data Subject, have provided us with your explicit Consent to the processing for one or more specific purposes.
We also may process your Personal Data if it is necessary to comply with a legal obligation to which CyberEthics Lab., as Data Controller, is subject.
Your Personal Data will not be used for any automated decision-making including profiling.
1.5 For how long do We keep your Personal Data?
CyberEthics Lab. only keeps your Personal Data for the time strictly necessary to fulfil the purpose of the Data Processing for which the data have been collected, and, in any case, within the limits set forth by applicable laws and regulations.
In particular, your Personal Data will be retained only for the time strictly necessary to achieve the objectives of PHOENIX project [WEBSITE], and they will be deleted immediately after the end of the said project.
1.6 How do We protect and safeguard your Personal Data?
All the Processing activities are carried out in compliance with article 32 of the GDPR, with the adoption of appropriate security measures.
In particular, our technical measures include appropriate actions to address online security, risk of data loss, alteration of data or to prevent unauthorised access, taking into consideration the risk of the Processing and of the nature of the Personal Data. The organisational measures that we put in place include restricting access to the Personal Data solely to authorised personnel of the Data Controller. Moreover, in compliance with the principle of “minimisation” CyberEthics Lab. will process only those Personal Data strictly necessary to fulfil the purpose of the Data Processing.
1.7 Who may access to your Personal Data?
As a general rule, access to your Personal Data is allowed by the Data Controller to its authorised staff according to the ‘need to know’ principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
Moreover, in consideration to the fact that the data Processing is tied to, and justified to, in light of the necessity to fulfil PHOENIX objectives, it might be possible that also the partners of the Consortium established to execute the PHOENIX project might access, receive your personal data. Please note that in any case, the Data Controller shall not share your Personal Data with any organizations not belonging to the European Economic Area, including partners belonging third counties nationals. A list of the members of the PHOENIX Consortium is available at: https://www.phoenix-h2020.eu/consortium/.
The Data Controller may also disclose your information to third parties, such as police or judicial authorities, in order to comply with the law or a judicial order issued by a competent regulatory authority.
We may share your information with our service providers: (i) Google Italy, which is located in Italy (as hosting service of the main domain), and (ii) Google Ireland Limited, which is located in Ireland.
1.8 Redirect to other website
The Website incorporates links which allow the user to connect to other websites run by third parties. The Controller assumes no responsibility regarding the processing of Personal Data which may take place through and/or in connection with third-parties’ websites.
Therefore, each user who accesses such web pages and/or social platforms through the Website must carefully read the relevant privacy policies in order to better understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites.
1.9 Which are your rights and how you can exercise them
Pursuant to GDPR, you have several rights concerning the Personal Data We hold about you. If you wish to exercise any of these rights, please use the contact details set out above.
The right of access. You have the right to obtain access to your Personal Data subject matter of the data Processing. This will enable you, for example, to check that We’re using your Personal Data in accordance with the relevant data protection law. If you wish to access the information, We hold about you in this way, please get in touch.
The right to rectification. You are entitled to have your Personal Data corrected if it is inaccurate or incomplete. You can request that We rectify any errors in information that We hold by contacting us.
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of part or all of the Personal Data that We hold about you by contacting us. Please remember that it is possible that, pursuant to any applicable law, you may not have all your Personal Data erased.
The right to restrict processing. You have rights to 'block' or 'suppress' certain further use of your Personal Data. When processing is restricted, We can still store your Personal Data, but We will not use it further.
The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right, however and there are exceptions. To learn more please get in touch.
The right to lodge a complaint. You have the right to lodge a complaint about the way We handle or process your Personal Data with the relevant national Data Protection Authority.
The right to withdraw consent. If you have given your consent to anything We do with your Personal Data (i.e. We rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do so by contacting us. Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
The right to object to processing. You have the right to object to certain types of processing. You can, for instance, object to the publication of pictures taken of you within the context of a conference.
Please provide the description of your enquires, indicating also the rights you wish to exercise in your written request Where to us if you wish to exercise said rights in the context of one or several specific processing operations. Your requests will be handled within a maximum of 30 (thirty) working days.
1.10 Specific Data Protection provisions for Google Analytics, LinkedIn, and Twitter
1.10.1 Google Analytics
On this Website, the Data Controller has integrated the Google Analytics component (with the anonymizer function) to analyse website traffic. For further information, the applicable data protection provisions of Google may be retrieved at https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained at the following Link https://www.google.com/analytics/.
1.10.2 LinkedIn and Twitter
The Data Controller has integrated on this Website, LinkedIn, Twitter and Facebook (“Social Media”) plug-in components, through which the internet browser used by a visitor is directly connected to the server of the relevant Social Media.
During this technical procedure, if the Data Subject is logged in at the same time on one of the Social Media, the relevant Social Media gains knowledge of what specific sub-page of the Website was visited by the Data Subject.
This information is collected through the relevant Social Media component and associated with the respective Social Media account of the Data Subject. If the Data Subject clicks on one of the Social Media plug-ins integrated on our Website, then the relevant Social Media assigns this information to the personal Social Media user account of the Data Subject and stores the Personal Data.
To avoid that the Social Media gains this information, the Data Subject should disconnect from relevant Social Media.
In any case, to get more information, the applicable data protection provisions of:
Twitter may be accessed under https://twitter.com/privacy?lang=en.
Entry into force