The EU Regulation nº 679/2016 (General Data Protection Regulation, GDPR), stipulates the regulation of the protection of individuals with respect to the processing of personal data. In compliance with the indicated legislation, EENVEST Consortium (organizations within the EU funded project with GA nº 833112) processes personal data according to the principles of correctness, lawfulness, transparency and protection of your privacy and your legal rights.

The processing of your data may be carried out using both Information Technologies (IT) and manual tools, in compliance with all technical and organizational measures prepared by R2M Solution Spain SL  as the Data Controller of the EENVEST website to guarantee the security of people and the privacy of their personal data

Through this website, the Data Controller wishes to inform you about EENVEST project activities and services. The Data Controller may, depending on the development and progress of the project and the sector, extend its website to include new services, activities or contents, in order to improve the services and quality of the service provided. Conversely, the Data Controller also reserves the right to cancel, modify, substitute or restrict the contents, services or activities, expressly and without prior notice to the website users.

 

Data Controller: R2M Solution Spain, S.L.

Address: Calle Cervera 59, 1D, 28033 Madrid, Spain.

E-mail: info@eenvest.eu

 

Subjects: Natural persons who access EENVEST website and/or contact EENVEST Consortium.

 

Why are these data processed? Purpose and legal basis

  1. SITE VIEWING AND NAVIGATION
  2. CONTACT MANAGEMENT
  3. NEWSLETTER SUBSCRIPTION
  4. COMMUNICATION TO THIRD PARTIES
  5. SYSTEM MAINTENANCE

 

What happens if we cannot process the data?

The provision of personal data that the interested party agrees to provide contractually, or which must be provided by law, is mandatory and can determine legal liability.

Any other provision of personal data is optional. The only consequence of failure to provide will be the inability to provide or perform the requested services.

 

Data being processed: common data, contact and identification data, geo-location data, images, audio and video recordings may be processed.

 

Purpose of the treatment, legal bases, and retention period

 

  1. Website visualization and navigation

Purpose: The visualization of the website and the navigation within it involves, for reasons intrinsic to the use of IT protocols, an exchange of technical information between the IT system of EENVEST website and its users. The data transmitted is for example: operating system used, browser and relative version, time of the request, and size of the data flows. The data collected for this purpose is not intended to identify the website user but may be suitable for doing so in the case of committing violations. There are no banners that require any consent in relation to the cc.dd. cookies because this website, apart from the technical cookies necessary for viewing and navigation, does not use them.

Legal basis: contract and pre-contractual measures, art. 6.1.b) GDPR.

Storage: the data are immediately deleted when the website browsing session terminates, unless they are necessary for the exercise or defense of rights, as explained below.

 

  1. Contact management

Purpose: Sending an email to the EENVEST address necessarily involves the processing of the personal data contained in the message (for example: name, surname, subject, contact details).

The above communications and the relative attachments are read by authorized personal of EENVEST Consortium. Such messages therefore do not have the nature of private correspondence. They are protected by confidentiality obligations and are not disclosed to third parties except for reasons connected with the fulfillment of the assignment, authoritative requests, legal obligations, and the exercise of our defense rights.

This website does not use https encryption protocol. If you deem it appropriate, you can send encrypted files as collateral, communicating the encryption key in another way.

Legal basis: contract and pre-contractual measures, art. 6.1.b) GDPR.

Storage: these data are used to process the request and to verify it and are deleted when the purpose of contact, response or correspondence is definitively exhausted.

 

  1. Subscription to the Newsletter

Purpose: The newsletter is distributed by e-mail – automatically and free of charge – to whom request it by filling in the subscription form. The contact data provided will be used with IT and telematic tools for the sole purpose of providing the requested service.

The data will be processed exclusively by the EENVEST Consortium’s staff and collaborators who have been expressly authorized to process and who have received adequate operating instructions. 

Legal basis: contract and pre-contractual measures, art. 6.1.b) GDPR.

Storage: these data will be kept exclusively for the period in which the service will be active. The refusal to provide data makes it impossible to send the Newsletter (mandatory provision for sending purposes). 

Cancellation of the service: To stop receiving the Newsletter, send an email to the address info@eenvest.eu inserting “Unsubscribe” as object.

 

  1. Communication to third parties and other treatments in execution of legal obligation/ authoritative orders

Purpose: where applicable, EENVEST Consortium will process personal data for compliance with legal obligations and/or to process legitimate requests (e.g. requests for access or transmission of information) by authorities and persons authorized to do so. In any case, the Data Controller will do everything necessary to protect data privacy rights and to inform the correct person, where legally and factually possible, of any such request from third parties.

Legal basis: legal obligation, art. 6.1.c) GDPR and, as appropriate, also legitimate interest, art. 6.1.f) GDPR

Storage: the personal data transmitted in these scenario are retained for some of the purposes indicated in this privacy policy statement. Therefore, please refer to them.

 

  1. Maintenance of IT systems and devices

Purpose: the persons in charge of carrying out IT maintenance and repairs may have access to personal data collected by the IT systems and devices. Access will be made exclusively by individuals identified by the Data Controller and by virtue of a specific act or contract.

Legal basis: legitimate interest, art. 6.1.f) GDPR.

Storage: the personal data transmitted in these scenario are retained for some of the purposes indicated in this privacy policy statement. Therefore, please refer to them.

 

Cookies

EENVEST website uses cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

Through the use of cookies, the Data Controller can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

The data subject may, at any time, prevent the setting of cookies through this website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

 

Categories of Third-Party Recipients

  • Hosting, housing, cloud, and e-mail service providers (for the needs of publishing the website and managing the email/Certified e-mail service);
  • Accountants, experts, and lawyers (within the limits of the fulfillment of legal obligations);
  • Public entities (within the limits of the execution of legal obligations). For example: judicial authorities, independent authorities, police authorities, public institutions;
  • Persons authorized or specifically designated and instructed to process data that have committed to confidentiality or who have an adequate legal obligation of confidentiality (e.g. employees and collaborators).

The personal data provided can be transferred to the countries of the European Union (EU) or Non-EU countries, for reasons related to the processing tools used. The transfer may be based on an adequacy decision or on the standard contractual clauses approved by the European Commission. More information is available upon request and would be provided by the Data Controller.

 

Rights of Interested Parties

Interested parties may exercise the following rights against the Data Controller (by way of a written request sent to the email address indicated above):

  • Access (art.15 GDPR): you can contact the Data Controller to find out if your personal data are being processed and the information on the law of said processing;
  • Correction (art. 16 GDPR): for the correction of incorrect data or the integration of incomplete data;
  • Cancellation / oblivion (art.17 GDPR): to obtain the cancellation of personal data, in cases of law;
  • Limitation (art.18 GDPR): to obtain the submission of data for conservation only, with the exclusion of other activities, in cases of law;
  • Portability (art.20 GDPR): to obtain the data in a structured format, commonly used and readable by an automatic device and also to obtain its direct transmission to another data controller, in cases of law;
  • Opposition (art.21 GDPR): the right to terminate further processing of personal data for reasons related to a particular situation, except for the prevalence of binding legitimate reasons, in cases of law.
  • Revocation of consent (art.7.3 GDPR): the right to withdraw consent at any time.

The Data Controller has not provided means to consent to third-party data sharing on this website. Furthermore, none of the processing is based on or requires such consent. The legal bases on which we operate are: contract, legal obligation, and legitimate interest.

The Data Controller does not carry out automated decision-making processes or user profiling towards users of the website. 

 

Compliance with the Data Protection Authority

EENVEST website users also have the right to lodge a complaint before the Guarantor for the protection of personal data, Agencia Española de Protección de Datos, C/ Jorge Juan, 6, 28001 Madrid, 901 100 099 – 912 663 517, www.agpd.es, when the user considers that it has not obtained satisfaction of the exercise of its rights. We remind you that the complaint, pursuant to art. 77.1 GDPR, can be promoted by the interested party at the local authority where the data subject habitually resides, where (s)he works or where the alleged violation has occurred.

Close Menu