The SOMA project is committed to protecting your privacy and is developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the Web Site of the H2020 SOMA project (Grant Agreement No 825469) and governs data collection and usage. The Web Site falls under the responsibility of the SOMA Consortium and is concerned with the dissemination and exchange of information about the research conducted in the course of the project and the outcome of this work. By using the Web Site of the SOMA project, you consent to the data practices described in this statement.
1. Policy Scope
2. Personal Data that this Website collects provided by you and how we use it
Unless stated otherwise in detail in the relevant sections of the Website, Personal Data generated from the use of our Website is processed as follows:
(i) Use of Contact Form
Should you choose to communicate with us using the contact form embedded in our Website, we ask you to provide your name, as well your mailing address. The contact form generates an email to email@example.com. Please note that your name and mailing address is the only data we collect required for the specified purpose. Without this information we are unable to answer to your message and address it to you personally. The legal basis for processing Personal Data for the purposes set out in this Section 2 is art. 6(1)(b) of GDPR as the processing is necessary for the response to requests from the interested party.
(ii) Social Media
Some of our webpages use social plug-ins from other organizations (such as the “Facebook Recommend” function, Twitter’s retweet function etc included in the “Blog” section of the website). These other organizations may receive and use personal data about your visit to our sites or apps. If you browse our Website or view content on our apps, information they collect may be connected to your account on their site. For more information on how these organizations use personal data, please read their privacy policies.
(iii) Site visitation tracking
We use Google Analytics (GA) to track user interaction and for statistical reasons. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Your computer’s IP address is anonymized by GA services and cannot be used to personally identify you. We consider Google to be a third party.
We use Mailchimp platform to send out regular newsletters regarding SOMA project updates and information relevant to its scope and area of interest (such as invitations to events and webinars, news stories, case studies and reports, among others). People interested in receiving this newsletter have to Sign Up and explicitly express their will to receive these newsletters via the respective form (opt in). All Mailchimp’s legal policies can be found here, including details on how Mailchimp handles personal data in terms of Privacy.
3. How we store your Personal Data
If you submit your contact details in our contact form, the only personal data will be stored by SOMA is your name and email address we receive from you. We will not share your contact details with no one and will be securely stored by SOMA with access only by authorized personnel. This is currently the only occasion where personal data will be stored by this Website.
We utilise state-of-the-art technology to store your data. The following safeguards are used, for example, to protect your personal data from misuse or any form of unauthorized processing:
- Access to personal data is restricted to a limited number of authorized persons for the stated purposes.
- The IT systems used for processing data are technically isolated from other systems to prevent unauthorized access and hacking.
- Access to these IT systems is constantly monitored to detect and prevent misuse in the early stages.
4. How long we will keep your Personal Data for
We will keep your personal information only for as long as it is relevant and useful for the intended purpose for which it was originally collected, or as required by law.
In the case of personal data processing for the purposes of becoming a member to the Observatory by completing the relevant application, we retain your personal data as follows: a) if your application is not accepted, we will delete all personal data after one (1) month from the notification of non-acceptance, while b) if your application is accepted, we will keep the personal data contained in the application form at least for as long as you are member of the Observatory and generally for as long as it is relevant and useful for the intended purpose for which it was originally collected, or as required by law.
5. Cookies and Third Party - Cookies
Cookies are small text files that can be used by websites to make a user’s experience more efficient. Our Website does not collect any cookies apart from the necessary ones. When you are visiting our Website third parties such as youtube.com and twitter.com are collecting Cookies. Nevertheless, we cannot fully control what they are doing with their Cookies, so please read their privacy statements or cookies policy as well. For more information you can also see the Cookie Declaration on the Cookies we use.
You reserve the right to set up your browser to warn you before accepting cookies, or you can simply set it to refuse them, although you may not have access to all the features of this website if you do so. See your browser ‘help’ button for how you can do this. You do not need to have Cookies on to use or navigate through many parts of this Website. Remember that if you use different computers in different locations, you will need to ensure that each browser is adjusted to suit your Cookie preferences.
You can at any time change or withdraw your Cookies consent from the Cookie Declaration on our Website.
6. Data Breaches
We will report any unlawful data breach of your data within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
7. Your rights as Data Subject with respect to your Personal Data
Under the General Data Protection Regulation [Articles 15-21], you have a number of important rights free of charge. In summary, those include rights to:
Right of access:
You have the right to be aware and verify the legitimate nature of the processing. So, you have the right to access your personal data and receive additional information about how we process it.
Right to rectification:
You have the right to study, correct, update or modify your personal data by contacting SOMA at the firstname.lastname@example.org
Right to erasure (Right to be forgotten):
You have the right to request deletion of your personal data when we process it on your consent or in order to protect our legitimate interests. In all other cases (such as, where there is a contract, obligation to process personal data legally required, or public interest), this right is subject to specific restrictions or shall not exist, as the case may be.
Right to restriction of processing:
You have the right to request a restriction of the processing of your personal data in the following cases: (a) when the accuracy of the personal data is contested and until the accuracy is verified (b) when you oppose the deletion of your personal data and request the restriction of their use instead, c) when personal data are not needed for processing purposes, they are however required for the establishment, exercise, or defense of legal claims, and (d) when you object to the processing and the decision on your objection to processing is pending.
Right to object to processing:
You have the right to object at any time to the processing of your personal data where, as described above, the processing is based on the legitimate interests we pursue as data controllers, as well as, for the purposes of direct marketing and consumer profiling, if applicable.
Right to data portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them with commonly used editing methods. You also have the right to ask us, in case it is technically feasible, to transmit the data directly to another controller. Your right to do so exists for the data you have provided to us and is processed by automated means based on your consent or for the execution of a relevant contract.
Right to withdraw your consent:
In cases where processing is based on your consent, you have the right to withdraw it without affecting the lawfulness of processing based on consent prior to its withdrawal.
If you would like to exercise any of those rights, please:
- contact us using our Contact details below
- let us have enough information to identify you,
- let us have proof of your identity and address, and
- let us know the information to which your request relates.
8. Time limits for compliance with your rights as Data Subject
We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons relating to the specific right or complexity of your request.
9. Data Controller and Contact Details
The data controller of this website is:
Athens Technology Center Societe Anonyme Industrial & Commercial Advanced Technology Products (ATC), a Private Company established in Greece
Whose registered office is:
Athens Technology Center Societe Anonyme Industrial & Commercial Advanced Technology Products (ATC S.A.)
10 Rizariou street
15233 Halandri – Athens
10. How to complain
We hope that we can resolve any query or concern you raise about our use of your Data However, if you believe that we have not responded in an appropriate manner to your complaints or concerns, the General Data Protection Regulation also gives you the right to lodge a complaint with your local data protection or supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.