Terms of service

Privacy policy

Privacy Policy

Information on the processing of personal data pursuant to Article 13 of Regulation (EU) No 2016/679 (“GDPR”)

 

1.   DATA CONTROLLER

 

The controller of the processing of personal data (hereinafter the ‘Controller’) is Consortium ARC II who is implementing project ARI II, a project co-financed by the Citizenship, Equality, Rights and Values programme of the European Union No 101072630, of which further details are set out below (hereinafter the ‘Project’).


Project number: 101072630, Citizenship, Equality, Rights and Values Programme

Call: CERV-2021-DATA, Topic: CERV-2021-DATA

Granting authority: European Commission-EU

Project duration: 26 months, 2 September 2022 - 1 November 2024

4 Work packages, 15 deliverables

GRANT AMOUNT: 360 514.43 EUR

TOTAL COSTS: 400 571.62 EUR


Coordinator: Data Protection Agency, Selska cesta 136, Zagreb, tel: + 3851 4609 000, fax: + 3851 4609 099, e-mail: azop@azop.hr

 Project Manager: Anamarija Mladinić

 

Data Protection Officer (DPO): Marija Vujeva, marija.vujeva@azop.hr; Data Protection Agency, Selska cesta 136,

 

Project partners:

Garante per la protezione dei dati personali (Italian data protection authority)

https://www.garanteprivacy.it/web/garante-privacy-en

 

Faculty of Organization and Computer Science, University of Zagreb

https://www.foi.unizg.hr/

 

University of Brussels

https://www.vub.be/

 

University of Florence

https://www.unifi.it

 

More information on the project is available at the following web link: https://arc-rec-project.eu/konzorcij/, e-mail: info@arc-rec-project.eu

 

The processing of personal data will be carried out by the Data Controller in accordance with the provisions of the applicable legislation on the protection of personal data and this information. 

 

2.   SUBJECT MATTER AND METHOD OF PROCESSING

 

The Data Controller will process the personal data, communicated or legitimately found by the Data Controller, as described below:

 

  • Contact details: first name, last name and e-mail address. These data will be processed in order to allow the use of the Olivia application and to guarantee the services provided by the terms and conditions of the application itself.

 

  • Navigation data: IP address of the device used by the user for its navigation: This data will be processed in order to allow normal navigation within the application, as well as in order to carry out surveys through the EU survey platform managed by the European Commission. In particular, each time a website managed by the European Commission is accessed, the European Commission receives the IP address of the individual user’s device, which is necessary to establish a technical connection between the device used and the server infrastructure managed by the European Commission, thus allowing access to the same websites. The European Commission keeps this data only for the duration of the browsing session. For more information on the processing of personal data by the European Commission, please consult the following link:  Privacy policy for websites operated by the European Commission.


  • Profile and Participant Information: Information associated with the Zoom profile of a user who uses Zoom products and services under a licensed account or that is provided by an unlicensed participant joining a meeting, which may include name, display name, picture, email address, phone number, job information, stated locale, user ID, or other information provided by the user and/or their account owner: This data will be processed when you participate at online events organised by ARC II Consortium. More information could be find at: Zoom Privacy Policy

 

Personal data will be processed both in paper and electronic form in compliance with the provisions of the GDPR and this information for the sole purposes referred to in point 3, by personnel of the Data Controller previously authorized, to whom appropriate instructions are given aimed at the concrete protection of personal data. 

 

 

3.   PURPOSE AND LEGAL BASIS OF THE PROCESSING 

 

The Data Controller will process the contact details of the data subjects for purposes related to the use of the Olivia application. The legal basis for the processing is the performance of a contract to which the data subject is a party, provided for in Article 6(1)(b) of the GDPR, consisting in the acceptance of the terms and conditions of the same application.

 

The Data Controller will process the browsing data of the interested parties to allow the correct functioning of the application, as well as for conducting surveys through the EU survey platform managed by the European Commission. The legal basis of the processing is represented by the legitimate interest of the Data Controller, provided for by Article 6(1)(f) of the GDPR.


The Data Controller will process the profile and participant information for conducting webinars and online events via Zoom application. The legal basis of the processing is represented by the legitimate interest of the Data Controller, provided for by Article 6(1)(f) of the GDPR.

 

 

4. RIGHTS OF DATA SUBJECTS

Pursuant to Articles 15 to 22 of the GDPR, in relation to the personal data processed by the Data Controller, the data subjects have the right to:

 

-         access and request a copy. In particular, the data subject - exercising this right - in addition to requesting access and copy - can also request information from the Data Controller on the purposes of the processing of personal data, the type of personal data processed, the recipients of the same and the relative retention period. Access to personal data may be restricted only in cases provided for by national or Union law or where such restriction respects the fundamental rights and freedoms of others;

-         request rectification, in case of inaccurate, incomplete or outdated data. In this case, the interested party must specify in the relative request which personal data are considered inaccurate, incomplete or not updated to be corrected;

 

-         request erasure. The data subject shall have the right to obtain the erasure of personal data concerning him or her without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws the consent on which the processing is based in accordance with point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR and if there is no other legal basis for the processing; the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR; d) the personal data have been processed unlawfully; e) personal data must be deleted to fulfill a legal obligation under Union or Member State law to which the Data Controller is subject. The right does not apply if the processing is necessary: a) for the exercise of the right to freedom of expression and information; b) for the fulfillment of a legal obligation that requires the processing provided for by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of public powers vested in the Data Controller; for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) and Article 9(3) of the GDPR; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of such processing; or e) for the establishment, exercise or defense of a right in court

 

-         obtain the limitation of processing. The interested party has the right to obtain the limitation of processing when one of the following hypotheses occurs: a) the interested party contests the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead that its use be restricted; c) although the Data Controller no longer needs it for the purposes of processing, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court; d) the interested party has objected to the processing pursuant to Article 21, paragraph 1 of the GDPR, pending verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the interested party;

 

-         object to the processing. In particular, the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f) of the GDPR.

 

-         receive in a structured, commonly used and machine-readable format and transmit such data without hindrance to another data controller, where technically feasible.

 

For the exercise of their rights, as well as for more information regarding the processing of their personal data, the data subject can refer to the DPO, which can be contacted at the following address: marija.vujeva@azop.hr

 

Finally, it is always possible for the data subject to lodge a complaint with the competent supervisory authorities.

 

5. DATA RECIPIENTS

Personal data may be communicated, for the purposes indicated above:

to the employees or collaborators of the Data Controller involved in the Project, as persons authorized to process;

· Project partners and the European Commission, as data processors or independent data controllers.

 

6. SECURITY OF PERSONAL DATA

The Data Controller has implemented appropriate technical and organisational security measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, capable of preventing and combating loss, unlawful use or unauthorised access to personal data.

 

6. PERIOD OF STORAGE OF PERSONAL DATA

 

The personal data processed for the purposes indicated above will be kept in compliance with the principles of proportionality and necessity, and in any case until the purposes of the processing have been pursued. In particular, such data will be kept for the period necessary for the realization of the Project and as long as the services and products of the Project are active.

 

8. COOKIES

Cookies are small text strings that the sites visited by the user send to the device used (for example, computer, tablet, smartphone, notebook, etc.), where they are stored and then retransmitted to the same sites on the next visit by the same user.

 

On the site dedicated to the Olivia application (https://olivia.foi.hr/hr), only technical cookies that are necessary for the operation of the site and for which the user’s consent is not required are used.

 

 

9. CHANGES TO THE PRIVACY POLICY

The Data Controller will regularly update this information to ensure its updating and compliance with the provisions of applicable law. Any changes will be promptly communicated to data subjects in line with the principle of transparency.