Privacy Policy
Information on the processing of personal data pursuant to Article 13 of Regulation (EU) No 2016/679 (“GDPR”)
1. DATA CONTROLLER
The controller of the processing of personal data (hereinafter the ‘Controller’) is Consortium ARC II who is implementing project ARI II, a project co-financed by the Citizenship, Equality, Rights and Values programme of the European Union No 101072630, of which further details are set out below (hereinafter the ‘Project’).
Project number: 101072630, Citizenship, Equality, Rights and Values Programme
Call: CERV-2021-DATA, Topic: CERV-2021-DATA
Granting authority: European Commission-EU
Project duration: 26 months, 2 September 2022 - 1 November 2024
4 Work packages, 15 deliverables
GRANT AMOUNT: 360 514.43 EUR
TOTAL COSTS: 400 571.62 EUR
Coordinator: Data Protection Agency, Selska cesta 136, Zagreb, tel: + 3851 4609 000, fax: + 3851 4609 099, e-mail: azop@azop.hr
Project Manager: Anamarija Mladinić
Data Protection Officer (DPO): Marija Vujeva, marija.vujeva@azop.hr; Data Protection Agency, Selska cesta 136,
Project partners:
Garante per la protezione dei dati personali (Italian data protection authority)
https://www.garanteprivacy.it/web/garante-privacy-en
Faculty of Organization and Computer Science, University of Zagreb
University of Brussels
University of Florence
More information on the project is available at the following web link: https://arc-rec-project.eu/konzorcij/, e-mail: info@arc-rec-project.eu
The processing of personal data will be carried out by the Data Controller in accordance with the provisions of the applicable legislation on the protection of personal data and this information.
2. SUBJECT MATTER AND METHOD OF PROCESSING
The Data Controller will process the personal data, communicated or legitimately found by the Data Controller, as described below:
Personal data will be processed both in paper and electronic form in compliance with the provisions of the GDPR and this information for the sole purposes referred to in point 3, by personnel of the Data Controller previously authorized, to whom appropriate instructions are given aimed at the concrete protection of personal data.
3. PURPOSE AND LEGAL BASIS OF THE PROCESSING
The Data Controller will process the contact details of the data subjects for purposes related to the use of the Olivia application. The legal basis for the processing is the performance of a contract to which the data subject is a party, provided for in Article 6(1)(b) of the GDPR, consisting in the acceptance of the terms and conditions of the same application.
The Data Controller will process the browsing data of the interested parties to allow the correct functioning of the application, as well as for conducting surveys through the EU survey platform managed by the European Commission. The legal basis of the processing is represented by the legitimate interest of the Data Controller, provided for by Article 6(1)(f) of the GDPR.
4. RIGHTS OF DATA SUBJECTS
Pursuant to Articles 15 to 22 of the GDPR, in relation to the personal data processed by the Data Controller, the data subjects have the right to:
- access and request a copy. In particular, the data subject - exercising this right - in addition to requesting access and copy - can also request information from the Data Controller on the purposes of the processing of personal data, the type of personal data processed, the recipients of the same and the relative retention period. Access to personal data may be restricted only in cases provided for by national or Union law or where such restriction respects the fundamental rights and freedoms of others;
- request rectification, in case of inaccurate, incomplete or outdated data. In this case, the interested party must specify in the relative request which personal data are considered inaccurate, incomplete or not updated to be corrected;
- request erasure. The data subject shall have the right to obtain the erasure of personal data concerning him or her without undue delay where one of the following grounds applies: a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; the data subject withdraws the consent on which the processing is based in accordance with point (a) of Article 6(1) or point (a) of Article 9(2) of the GDPR and if there is no other legal basis for the processing; the data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR; d) the personal data have been processed unlawfully; e) personal data must be deleted to fulfill a legal obligation under Union or Member State law to which the Data Controller is subject. The right does not apply if the processing is necessary: a) for the exercise of the right to freedom of expression and information; b) for the fulfillment of a legal obligation that requires the processing provided for by Union or Member State law to which the Data Controller is subject or for the performance of a task carried out in the public interest or in the exercise of public powers vested in the Data Controller; for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) and Article 9(3) of the GDPR; for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of such processing; or e) for the establishment, exercise or defense of a right in court
- obtain the limitation of processing. The interested party has the right to obtain the limitation of processing when one of the following hypotheses occurs: a) the interested party contests the accuracy of the personal data, for the period necessary for the Data Controller to verify the accuracy of such personal data; b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead that its use be restricted; c) although the Data Controller no longer needs it for the purposes of processing, the personal data are necessary for the data subject to ascertain, exercise or defend a right in court; d) the interested party has objected to the processing pursuant to Article 21, paragraph 1 of the GDPR, pending verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the interested party;
- object to the processing. In particular, the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her pursuant to Article 6(1)(e) or (f) of the GDPR.
- receive in a structured, commonly used and machine-readable format and transmit such data without hindrance to another data controller, where technically feasible.
For the exercise of their rights, as well as for more information regarding the processing of their personal data, the data subject can refer to the DPO, which can be contacted at the following address: marija.vujeva@azop.hr
Finally, it is always possible for the data subject to lodge a complaint with the competent supervisory authorities.
5. DATA RECIPIENTS
Personal data may be communicated, for the purposes indicated above:
to the employees or collaborators of the Data Controller involved in the Project, as persons authorized to process;
· Project partners and the European Commission, as data processors or independent data controllers.
6. SECURITY OF PERSONAL DATA
The Data Controller has implemented appropriate technical and organisational security measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, capable of preventing and combating loss, unlawful use or unauthorised access to personal data.
6. PERIOD OF STORAGE OF PERSONAL DATA
The personal data processed for the purposes indicated above will be kept in compliance with the principles of proportionality and necessity, and in any case until the purposes of the processing have been pursued. In particular, such data will be kept for the period necessary for the realization of the Project and as long as the services and products of the Project are active.
8. COOKIES
Cookies are small text strings that the sites visited by the user send to the device used (for example, computer, tablet, smartphone, notebook, etc.), where they are stored and then retransmitted to the same sites on the next visit by the same user.
On the site dedicated to the Olivia application (https://olivia.foi.hr/hr), only technical cookies that are necessary for the operation of the site and for which the user’s consent is not required are used.
9. CHANGES TO THE PRIVACY POLICY
The Data Controller will regularly update this information to ensure its updating and compliance with the provisions of applicable law. Any changes will be promptly communicated to data subjects in line with the principle of transparency.