This privacy statement provides information about the processing and the protection of your personal data.
Processing operation: EIT Community Testbeds
Data Controller(s): EIT Manufacturing, EIT RawMaterials, EIT Food and EIT Digital (hereafter ‘EIT KICs’ or ‘Controllers’)
Table of Contents
Purpose of processing your data
Legal basis of processing your data
Which personal data do we collect and further process?
Data retention periods
Recipients of your data
Third party IT tools
Your rights and how to exercise them
DPO and other contact information
The Controllers commit to protecting your personal data and respecting your Privacy by collecting and further processing personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
This privacy statement explains the reason for the processing of your personal data in the context of the EIT Community Testbeds. It explains the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the competent national data protection authorities (DPAs).
2. Purpose of processing your data:
The Controllers collect and further process your personal data with the view of accomplishing the following purposes:
Your personal data will not be used for any automated decision-making including profiling.
3. Legal basis of processing your data:
3.1. Consent of the data subject:
By filling in the contact form on the Testbeds website, the data subject gives its consent to the Data Controllers to collect and process the personal data necessary for the purposes indicated above.
3.2. Contractual obligation
Personal data will be collected and processed in order to implement and execute the cooperation agreements partners to the projects have signed. The processing of this personal data is necessary and lawful under Article 6(1)(b) GDPR.
3.3. Compliance with a legal obligation
The Data Controller will collect and process your personal data when it is required for compliance with a legal obligation to which the Data Controller is subject. Article 6 paragraph 1(c) GDPR is the legal basis for this processing. These legal obligations are listed as follows:
These legal obligations make necessary that the Controllers might use your personal data for auditing, monitoring, record keeping and reporting purposes. In addition, the Controllers are obliged to promote and disseminate information regarding the activities and events of the Testbeds initiative.
4. Which personal data do we collect and further process?
4.1. By filling out the Contact Form, the following personal data will be collected and processed:
4.2. For the partner contracts, the following personal data is collected and processed:
While you are visiting our website, cookies may be deposited on your device. You should know that you have the possibility of turning off all unnecessary cookies. Below an explanation of cookies that may be deposited on your device when browsing a site:
Below is the list of our Cookies and their retention time:
For your information, the following anonymous data is collected via Google Analytics:
6. Data retention period
The Data Controller only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing. Once the purpose of the collection is addressed, the data will be removed.
The Data Controller will retain the personal data in its archive for a period up to 3 years and after this period, the personal data will be erased. Personal data needed for the execution and reporting for the projects to EIT will be retained for a period up to 5 years and after it will be erased.
7. Safeguard measures
All personal data in electronic format are stored either on the servers of KICs or of its contractors. All processing operations are carried out pursuant to GDPR.
The KICs’s contractors are bound by specific data sharing agreements for any processing obligations deriving from the GDPR.
In order to protect your personal data, the KICs have put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed.
Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
The data controllers will regularly evaluate and test the effectiveness of those safeguards to ensure security of our processing of personal data.
8. Who has access to your personal data and to whom is it disclosed?
Access to your personal data is provided to the Data Controllers’ staff responsible on the “need to know” basis for carrying their tasks related to your project in connection with the Testbeds. Such staff have received training regarding data protection applicable rules.
Where necessary, we may also share your information with the following third parties:
The Contact Form data will be transferred to the following staff members who are working at the below-mentioned entities depending on the Testbeds project concerned:
With the EIT (European Institute of Technology), the Court of Auditors, OLAF, the European Om-budsman, the European Data Protection Supervisor, the General Court and the European Court of Justice, where it is required by applicable regulation.
With selected service providers who are contractually bound to process personal data on behalf of and in line with the instructions of the data controller.
9. Third party IT tools
We use third party IT tools to inform about and promote the event through widely used communication channels, including the social media. You can watch our videos, which we also upload to our Youtube page and follow links from our website to Facebook, Twitter, Instagram and LinkedIn.
Our use of third-party IT tools to connect to those services might set cookies when our website pages are loaded on your computer (or other devices).
These third-party services are provided by different entities not affiliated with EIT M and its CLCs and have their own terms of service and privacy policies.
The use of a third-party IT tool does not in any way imply that EIT M endorses them or their privacy policies. In the event that one or more third party IT tools are occasionally unavailable, we accept no responsibility for lack of service due to their downtime.
10. Your rights and how to exercise them
You have specific rights as a ‘data subject’ under Chapter III (Articles 13-23) of GDPR, in particular the right to access your personal data and to rectify them in case your personal data are inaccurate or incomplete. Where applicable, you have the right to erase your personal data, to restrict the processing of your personal data, to object to the processing, and the right to data portability.
You have consented to provide your personal data to the data controller for the present processing operation. You can withdraw your consent at any time by sending an email to firstname.lastname@example.org. Please specify ‘Testbeds initiative consent withdrawal’ in the email. The withdrawal of your consent will not affect the lawfulness of the processing carried out before you have withdrawn the consent.
You can exercise your rights by contacting the data controller, or in case of conflict the Data Protection Officer. Their contact information is given below.
11. Contact information
If you would like to exercise your rights under GDPR, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller: email@example.com
The Data Protection Officer (DPO)
You may contact the Data Protection Officer (firstname.lastname@example.org) with regard to issues related to the processing of your personal data under GDPR.
The Data Protection Authorities
You have the right to have recourse (i.e. you can lodge a complaint) to the competent national data protection authorities (DPAs) if you consider that your rights under GDPR have been infringed as a result of the processing of your personal data by the data controller. https://edpb.europa.eu/about-edpb/about-edpb/members_en
If you are interested in our testbeds and would like to take your project to the next level, then let’s talk about it! We look forward to receiving your questions and ideas!