Under this Policy, the consortium as foreseen under the Grant Agreement, consisting of the individual affiliated members: 1) Centre for European Constitutional Law – Themistocles and Dimitris Tsatsos Foundation (CECL) (coordinator) 2) CODECA – Center for Social Cohesion, Development & Care 3) Fondazione Carolina (Fond Carolina) 4) Univerza v Ljubliani (UL) 5) Cyber Security International Institute (CSI Institute) (beneficiaries), as well as the European Commission as the funding authority under the above-mentioned agreement, which owns this https platform: //www. tracedplatform.eu/, aim, as joint Data Controllers within the scope of the applicable legislation, to provide users/visitors of this platform with specific information on the processing of their personal data when browsing and using it.
1. Introduction
In the framework of the specific agreement between the above-mentioned stakeholders and the European Commission, the TRACeD platform has been developed as an interactive and multifunctional online platform, an educational tool for students, teachers and parents, but also a support mechanism for victims-survivors of gender-based cyberviolence, supported by a competent multidisciplinary team. This platform can be accessed if you are experiencing an incident of gender-based cyberviolence, or if you simply wish to be informed about this phenomenon in general.
2.Basic concepts
The processing and protection of your personal data is governed by the provisions of the General Data Protection Regulation (EU) 2016/679 – GDPR (hereinafter “GDPR”), the applicable national legislation on the protection of personal data, as well as by the relevant decisions and instructions of the individual competent national supervisory authorities, in addition to this Policy.
For a better understanding of this Policy, definitions of the following key concepts are provided:
“Subject” of personal data: The platform user, visitor, and any natural person in general who interacts with the platform.
“Personal Data”: any information that can directly or indirectly identify a person (the “Subject”), such as his/her name, postal address, contact details (telephone number, mobile phone), e-mail address, etc.
“Special categories of personal data“: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.
“Processing”: Any operation or series of operations performed with or without the use of automated means on personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, association or combination, restriction, erasure or destruction of personal data that have been or will be brought to our attention through the Platform.
“Data Controllers”: the aforementioned consortium of related parties and the European Commission as the granting authority, which by virtue of the individual terms of their respective agreement own this Platform, jointly determine the purposes and means of the processing of personal data through the Platform, thereby acting as joint Data Controllers.
“Processor”: the natural or legal person, public authority, agency or other body/company that processes personal data on behalf of the Controller.
“Recipient”: the natural or legal person, public authority, agency or other body/company to whom the personal data are also disclosed, whether or not by a third party.
3.Which type of data is collected, for what purpose and on what legal basis
Through this platform, your necessary personal data are collected and processed on a case-by-case basis, in the context of providing you with the best possible support or information, ensuring our legal obligations on the basis of your specific consent. In particular, we process the following data in the following cases:
Activity | Data | Purpose | Legal basis |
Login to the website | The platform uses:
-The necessary cookies -The functional cookies the analytical cookies |
Providing personalized services to you, proper connection establishment, system security and stability | (a) a legal obligation
(b) a legitimate interest in the context of making the platform securely available to and providing services to the general public |
Contact form | Name, email, phone number, company, message, date-time-version of acceptance of Privacy Policy | resolving technical issues | a) the cooperation and relationship between us, at your request
b) the legitimate interest in direct service |
Chat | Data included in the Message content and attached files, date-time-version of acceptance of Privacy Policy |
Supporting, counseling and/or giving information in connection with gender based cyber violence and/or incidents of gender based cyber violence |
a) the cooperation and relationship between us, upon your request
b) your explicit consent to any special categories of data |
Login | Name, Email, date-time-version of Privacy Policy acceptance | Connection and further use of the platform | the cooperation and relationship between us, at your request |
Cookies
(see Cookies Policy) |
4.Special category data
With regard to sensitive personal data (special categories of data), such as data relating to your racial or ethnic origin, health data or data concerning your sex life or sexual orientation, in cases where you provide us with such data, depending on the subject of our communication and your specific request (in particular in the context of describing your case), they will be processed by us with your explicit consent and as an integral part of the request.
5.Data concerning minors
This platform is addressed to both adults and minors. In any case, due to the nature and purpose of the platform, the consent of the parent or guardian is not deemed necessary in light of the recital No. 38 of the GDPR and its general spirit, i.e., with regard to prevention or counselling services offered directly (among others) to children.
6.Recipients of your data
The personal data we collect in the context of the contact between you and us through the platform are processed only by:
- The authorized personnel of the above-mentioned consortium members and the European Commission, bound by confidentiality conditions and respecting appropriate security measures.
- Partners to whom we entrust the performance of specific tasks on our behalf either in accordance with Art. 28 of the GDPR as Processors, or as joint or independent Data Controllers, and with whom we ensure in any case the processing of your data in accordance with the GDPR, by signing contractual terms and committing to security measures.
- Public bodies and authorities, police and other competent authorities, public prosecutors, other administrative services, etc., when we are obliged to do so by the applicable legal framework, in particular the Cyber Crime Division in cases where it is deemed necessary on the basis of reported incidents.
In principle, we do not transfer your data to third (non-EU or E.E.A.) countries or international organizations that do not ensure an adequate level of protection.
7.Time period for keeping personal data
We retain your personal data for as long as required by the nature and purpose of the processing in question or for as long as required by the applicable legal and regulatory framework, taking into account our legal obligations and any legal claims, in order to justify the retention period of the personal data accordingly. In particular, we retain your data for at least 6 years. After the necessary period of time has elapsed in each case, the data that are no longer required will be deleted in a secure and non-recoverable manner.
8.Your rights regarding the processing of your data
Each beneficiary – user of the platform, as a data subject, retains control over his/her data and may at any time exercise his/her rights as provided for in the GDPR, in particular Articles 12 to 23 thereof, and the relevant national legislation, under the specific conditions applicable to each case, in particular:
– Right to be informed and provided with further details on the processing of data, before and during processing (Articles 12, 13, 14 GDPR), i.e., the right to know who is processing your data, which data and for what reason |
– Right of access to the personal data concerning you and if we process them, as Data Controller (Art. 15 GDPR), i.e., the right to request confirmation about the processing of your data, a copy of it and other information about the processing |
– Right to rectification of data (Art. 16 GDPR), i.e., the right to request correction or completion of your data |
– Right to erasure of your personal data (“right to be forgotten”) (Article 17 GDPR), i.e., the right to request the deletion of your personal data, if you no longer wish for them to be processed and if there is no legal reason for us to acquire them |
– Right to restrict the processing of your personal data (Article 18 GDPR), i.e., the right to request the restriction of the processing of your personal data when its accuracy is disputed, the processing is unlawful, the data is no longer needed by us or you object to any automated processing. |
– Right of portability (Article 20 GDPR), i.e., the right to receive your personal data, which has been processed by automated means by the controller, in a structured, commonly used and machine-readable format, or to request that it be transmitted to another controller. |
– Right to object (Art. 21 GDPR) and to object to any automated decision-making, including profiling (Art. 22 GDPR), i.e. the right to object for reasons related to your particular situation, to the processing of your personal data, which is based on the public or legitimate interest, including profiling under the provisions in question. |
– Right to withdraw your consent already given (Article 7(3) GDPR), on which the processing is based, in which case the data will be deleted if there is no other legal basis for the processing |
– Possibility to file a complaint with the competent supervisory authority (Article 77 GDPR), after you have first addressed your concerns with the Processor and the issue has not been resolved. Concerning the competent authorities of each member, please refer to 1. https://www.dpa.gr/el for Greece 2. https://www.ip-rs.si/ for Slovenia 3. https://www.dataprotection.gov.cy for Cyprus 4. https://www.garanteprivacy.it/ for Italy |
After we receive your written request to exercise your rights, we will make every effort to take the necessary steps to comply with it within (1) month from the date of receipt or, in any case, to inform you of the status of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
9.Security of your data
Our Consortium ensures, inter alia, that appropriate technical and organizational measures are taken to ensure an appropriate level of security when processing your data, in particular against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data, in accordance with Article 32 of the GDPR.
Notably, the user’s communication with the web application is encrypted (TLS 1.3) for all data exchanged within the web application. In addition, the data stored by the application is backed up, while the infrastructure is installed within the E.U., in a data center with all the necessary physical and electronic security measures, certified ISO/IEC 27001:2013.
For any further clarification regarding the processing of your personal data or in order to exercise your rights as described in Section 8, please contact us at gdpr@tracedplatform.eu.
This Privacy Policy may be modified at any time and an updated version will be posted on the platform each time. For this reason, users are invited to refer to this Policy regularly.
Last updated: Wednesday, 2nd of August 2023.