This Application collects some Personal Data from its Users.

This Privacy Policy describes how and when StandICT.eu - a project funded by the European Commission under the Horizon2020 program - collects, uses, and shares your information when you use the StandICT.eu website (hereinafter, the “Website”).  This Website is provided by the StandICT.eu Consortium, and managed by Trust-IT Services Limited (hereinafter, “Trust-IT”), established in CHASE SIDE 42 CHASE GREEN HOUSE, ENFIELD EN2 6NF, United Kingdom, which is the data controller for the project related activities (the “data controller”). Trust-IT Services receives your personal data through your interaction with its website. When using any of our services your personal data are processed as described in this Privacy Policy. We therefore ask you to please read it carefully before communicating any of your data to StandICT.eu.

The data controller informs you that your personal data will be processed in full compliance with the Regulation (EU) 2016/679 and that the present privacy policy is provided pursuant to Article 13 of the Regulation (EU) 2016/679 (hereinafter, “GDPR”).

Information you provide

You may provide personally identifiable information (“personal data”) about yourself when you use our services and, of course, when you register to become part of the StandICT.eu community, by providing your name, surname, email address and other identifying information. For instance, you may provide your personal data personal in order to be registered into the StandICT.eu website and use the StandICT.eu products/tools.

Information collected automatically

We collect data automatically when you use our services. These data may be for instance your name, e-mail address, the institution you are part of and your postal address.

Purposes of the processing and legal basis

We process personal data for the sole purposes of the StandICT.eu project, namely:

1. for the organisation, management and functioning of the website, which includes ;
2. for the organisation of events to which users may decide to register using the StandICT.eu website;
3. for the publication on the website of the information concerning the participation of the members to the events and activities carried out by StandICT.eu (upon registering to events, the following details may be published in the on-line participants list open for public view: first name, surname, affiliation and country);
4. for the sending of surveys which aim to gather information regarding the cyber security and privacy policy and regulatory framework in the European Union with the objective to assist StandICT.eu to provide recommendations to protect public and private organisations from cyber-attacks.
5. for the sending of newsletters and communications by the StandICT.eu project. The newsletters and communications will be sent on a monthly basis with the purpose of being kept up to date with StandICT.eu news, events and results.
6. to enter into a contract with an External Expert or with a successful Applicant to a grant (aka Grantee).

The legal basis for the processing of your personal data for the purposes indicated under sections A) and B) of the previous paragraph is Article 6.1.b. of the GDPR. The provision of your personal data is voluntary, but any refusal to provide such data will not allow the correct use of StandICT.eu services.
The legal basis for the purpose indicated under sections C), D) and E) of the previous paragraph is Article 6.1.c. By ticking the boxes at the end of this policy you give your consent to the publication of your personal data in association with your participation to StandICT.eu events and activities and to the reception of surveys. The provision of your personal data for this purpose is voluntary, but any refusal to provide such data will not have any consequences on the correct use of StandICT.eu services. You can withdraw the consent contacting the data controller as described in the section dedicated to Exercise of users’ data protection rights.
Furthermore, with reference to section D), we inform you that consent will not be required for those who joined the StandICT.eu ecosystem, provided that the mentioned surveys are strictly connected to the services the member requested and that the recipient does not object to the processing of his personal data for that purpose. The legal basis for the processing of your personal information under point F) is to draw up and enter into a contract setting the terms and conditions of the services rendered and their payment, or activities to be carried out using the funds received through the grants.

Recipient of Data

We may share your data with the following entities:

Affiliates and Partners.  We may share your data with any partner to the Consortium, as well as with its affiliates-companies that control, are controlled by, or are under common control with any of the Consortium’s Members. These entities may receive your information only to the extent necessary for the proper execution of the research activities, or for the administration of the project. Users’ personal data will neither be communicated nor anyhow processed for marketing or profiling related purposes.

Data Processors. We may share your data with partners providing technological services, which were formally bound by means of a data processing agreement, pursuant to article 28 of the Regulation (EU) 2016/679. The full list of data processors is available by simple request to the data controller by sending an email to contact@StandICT.eu.

Persons in charge of data processing activities. We may share your data with persons authorized and instructed by the data controller to data processing activities. Precise instructions were given to them, pursuant to Article 29 of the Regulation (EU) 2016/679.

Data Controller

Parties When Required by Law or as Necessary to Protect Our Services.  There may be instances when we disclose your information to other parties in order to:

• protect the legal rights of the StandICT.eu Consortium, its partners and the latter’s affiliates, and of the users of the Services;

• protect the safety and security of users of the Services;

• prevent fraud (or for risk management purposes); or

• comply with or respond to the law or legal process or a request for cooperation by a government entity, whether or not legally required;

• administer the project and share the results thereof with the European Commission or any other public authority to which the Consortium, or any of its Partners, has to report.  

Other Parties in Aggregated Form. We may also share your data with third parties or disseminate them through the StandICT.eu website in aggregated or non-personally identifiable form.  In this case the Regulation (EU) 2016/679 does not apply.

Security

Pursuant to Article 25 of the Regulation (EU) 2016/679, we implement appropriate technical and organisational measures, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of the Regulation and protect the rights of data subjects. Furthermore, according to Article 32 of the Regulation (EU) 2016/679, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and safeguard personal data in our possession against accidental or unlawful destruction, loss, theft, alteration or unauthorised use or disclosure. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us.

Transfer of data

Your personal data will not be transferred to any country or international organisation outside European Union.

Period of storage

Your personal data will be kept for no longer than is necessary for the specific purposes for which the personal data are processed. More precisely, personal data is kept as long as follow-up actions to the StandICT.eu Website and events are necessary with regard to the purpose(s) of the processing of personal data.

Changes to this policy

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will be located at https://www.StandICT.eu/privacy-policy .We may make changes to this policy at our sole discretion. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

Exercise of users’ data protection rights

Right to access and rectification

You have the right to have access to the personal information that we hold about you, and to have this information corrected and amended, as defined in the GDPR art. 12, 15, 16. To do so, please contact us as indicated in section 16. However, please be aware that in some cases, the administrative and technical burden associated with the retrieval of archived data may be substantial. We would need to be compensated for this effort in a manner that is consistent with our actual cost.

Right to erasure

You have the right to request that we delete any Personal Information that we hold about you. The Application is compliant with the Right to Erasure as defined in the GDPR, art. 17. If you would like us to erase the Personal Information that we hold about you, please login with your credentials and click on the link below.
Click here to apply your Right to Erasure & Deletion of your account, or contact us by email at contact@StandICT.eu

Right to object

You have the right to object at any time to the processing of your personal data, on grounds relating to your particular situation, as defined in the GDPR, art. 21. Please note that all the data you provide on this website will be used only for delivery of the services provided by the Application, as described in section 5. If you would like to apply your right to object, please contact us by email at contact@StandICT.eu.

Retention of information

We will retain personal information about a user for as long as necessary to fulfil the purposes outlined in this Privacy Notice, unless a longer retention period is required by law and/or regulations. The User can always request that the Data Controller suspend or remove the data.

Cookie Policy

Like many websites, we use “cookie” technology to collect additional website usage data and to improve our Services.

Cookies may be stored on your device and be transmitted again to you when you use the services a second time. By means of cookies, the websites record user actions and preferences (such as, for example, the language chosen, the character dimensions, other settings concerning the layout of the website, etc.) so as to avoid that the user has to enter them when returning to the Website at a later date or when the user surfs a different page of the same website. Cookies are therefore used to log in users, monitor browsing sessions, store information relating to the users who access the website and may contain a unique identification code that makes it possible to track the user’s navigation within the website for statistical and advertising purposes.

Users may download cookies on their devices owned by sites and web servers different from the site that they are actually visiting (“third-party cookies”). Some cookies are necessary for the technical functioning of the Site; if you do not accept the latter cookies, some functionalities and features of the Site may not be accessible.

Different types of cookies exist, depending on their features and functions, and they may be stored on the users’ devices for different timeframes: session cookies are cancelled at the end of each browsing session; persistent cookies may last up to a certain date that has been pre-set by their owner.

On the basis of the law applicable to cookies, user consent to the latter is not always mandatory. The user’s consent is not necessary for “technical cookies”, such as cookies used exclusively with a view of carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide the said service. The latter cookies are indispensable for the proper functioning of the Site and to execute activities specifically requested by the users.

Amongst the technical cookies, that do not require an explicit prior consent by the users to be deployed, see the following:

• "cookie analytics” insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website,
• “browsing” or “session cookies” (to log-in to the website),
• “functional cookies”, which allow users to navigate as a function of certain pre-determined criteria such as language or products to be purchased so as to improve the quality of service.

For Profiling cookies, namely those aimed at creating user profiles and used to send advertising messages in line with the preferences shown by the user during navigation, the user’s prior consent is necessary.

Types of cookies used by the Website and the possibility to de-activate them

The Website deploys the following cookies, while always offering the possibility to de-activate them, except for third-party cookies, that can be de-activated by the users directly on the owners’ websites using the links provided below:

• Technical browsing or session cookies, strictly necessary for the services’ functioning and to provide the users with a service that has been explicitly requested by them;
• Technical functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language.

Please be aware that if you disable technical/functional cookies the services might not work properly and some services or some of the functionalities may not be available or work properly; you could be required to modify or manually fill in some information or preferences each time you use the services.

• Third Party Cookies, namely cookies owned by sites and web servers different from the websites that you are actually visiting.  The latter third parties are listed below with the links to their respective privacy policies; they are autonomous data controllers of the data collected through the cookies they serve; you shall refer to their privacy policies and consent forms (activation and de-activation of their respective cookies), hereby listed below:

• Google https://www.google.it/intl/it/policies/technologies/types/

The details of all the cookies deployed in the Website are available below.

How to contact Us

If you have any questions, comments, or complaints, regarding this Privacy Notice, or our privacy, security or data protection practices, please contact us by email at contact@StandICT.eu.

Effective Date: May, 16th 2018