Data Protection Policy

Data Protection Policy

Scope

The SPIDER Data Protection Policy aims to protect the personal data of those stakeholders related to the project. In general, SPIDER involves data collection and processing of personnel data through questionnaires for surveys and interviews with stakeholders in order to gather information regarding the implementation of digitalization dialogues between the EU and LAC. 

The scope of our project covers European and Latin American and Caribbean Countries.

Data protection principles

The SPIDER consortium is committed to processing data in accordance with the Horizon Europe  Ethical Principles for research and innovation activities. To this end, SPIDER will comply with the existing ethical standards, such as the General Data Protection Regulation and international equivalents. Furthermore, each partner guarantees the protection of personal data, the rights of privacy, and self-image in accordance with current legislation.

 GDPR Compliance

Personal data are processed in full compliance with the General Data Protection Regulation (GDPR) and the present privacy policy pursuant to Article 13 of the GDPR. In particular, this process follows the definitions of personal data processing (Art. 4) and principles relating to processing of personal data (Art. 5).

 GDPR Article 4 definitions

Personal data means information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 2(a) GDPR).

Processing of personal data means any operation (or set of operations) performed on personal data, either manually or by automatic means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

GDPR Article 5 processing of personal data

Personal data shall be:

  1. processed lawfully, fairly, and in a transparent manner in relation to the data subject (‘lawfulness, fairness, and transparency’);
  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  5. kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’); and
  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

 General provisions

This data protection policy applies to all personal data collected and processed by SPIDER. This information may be classified as “personal data” and be gathered when users decide to provide it by different means, e.g. when subscribing to the newsletter.

The user shall take responsibility for the SPIDER’s ongoing compliance with this policy.

Individuals have the right to access their personal data and any such requests made to SPIDER shall be dealt with in a timely manner. Also, users are entitled to: 

  • Correct or update their personal data processed by SPIDER.
  • Access their personal information and data managed by SPIDER.
  • Request the removal of their personal data processed by SPIDER.
  • Object to the processing of their personal data, believing it should prevent SPIDER  from processing it.
  • Withdraw their consent for processing, especially concerning marketing activities.

Lawful purposes

All data processed by SPIDER must be done on one of the following lawful bases as defined in Article 6 of GDPR: consent, contract, legal obligation, vital interests, public task, or legitimate interests.

 Personal data which SPIDER can process through the website are as follows:

  • Name, contact details, and other Data 

In various areas of the website, users will be asked to submit information about themselves, such as their name, organisation name/type, primary domain of work/expertise, e-mail address, city/country of residence, and gender.

Mandatory fields will be marked as such in the online registration forms – it is not possible to process your registration if any of the mandatory fields are left incomplete. Not mandatory fields are used for statistical analysis and in order to provide more specific content.

In addition, whenever users communicate with SPIDER, the consortium may collect additional information that individuals choose to provide.

When signing up for an event via the website (such as a workshop organised or promoted by the website), users will also be asked to provide details such as their name and other information of relevance for the management of their attendance.

  •  Browsing data 

The website’s operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the website’s users as part of their routine operation. While SPIDER does not collect this information to link it to specific users, it is still possible to identify those users either directly via that information or by using other information collected. This information includes several parameters related to users’ operating systems and IT environments.

These data are used to compile statistical information on the use of the website, to ensure its correct operation, as well as to restore backup from possible failures of the website and identify any faults and/or abuse of the website. 

  • Cookies

The website uses cookies to improve your browsing experience and also to gather analytics data about your behavior on the website. The former is done to ensure the website’s operation, while the latter aims to gather information in order to improve user experience continuously. All behavioral data gathered by the website is anonymized.  

 Types of cookies used in this website:

 This website uses two types of cookies. The WordPress cookie (wordpress_test_cookie) is used on the front-end—it does not require users to be logged in—and checks to see if cookies are enabled on the browser and saves that information.  

 We also use Google Analytics cookies, which allow us to measure how users interact with our Website. For more information about Google Analytics cookies, please refer to this page.

 You can delete all the cookies that are on your device by clearing your browser’s history, which will eliminate the cookies from all the websites you’ve visited. It is important to note that this may result in the loss of some saved information, such as login details and site preferences. Additionally, if you employ different browsers to access this website, your cookie preferences will be reset if you block or delete cookies from this website. 

 For instructions on how to manage cookies on your browser, click here for Chrome, here for Safari, here for Firefox, and here for Microsoft Edge

If you disable technical and/or functional cookies on this website, it could render the site unresponsive for browsing. Consequently, you might need to manually adjust or input certain information or preferences each time you visit the website.

Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.

Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in the SPIDER’s systems. 

 Data minimisation

SPIDER shall ensure that the personal data we intend to process are adequate, relevant, and limited to the sole purposes of the SPIDER research project, following the data minimisation principle.

 Accuracy

SPIDER shall take reasonable steps to ensure personal data is accurate. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.

Archiving/removal

To ensure that personal data is kept for no longer than necessary, SPIDER shall put in place an archiving policy for each area in which personal data is processed and review this process annually.

 Anonymisation

Surveys will be anonymised in order to ensure that the responses are not attributed to an identified or identifiable natural person.

To keep respondents’ identities private even after they answer all of the questions, we will build an anonymous survey by using Anonymous Responses in the survey hosting platform.

 Use of data

The project will use previously collected data (‘secondary use’) that is publicly available and can be freely used for the purposes of the project and the following ways:

  1. To send users informative newsletters and other communications, to respond inquiries and requests for support.
  2. To process sign-up/registration forms for events and webinars hosted or supported by the website.
  3. For compliance with laws that impose upon test the collection and/or further processing of certain kinds of personal data.
  4. For the development of the website, particularly by the use of data analytics regarding users’ use of the website.
  5. To prevent and detect any misuse of the website, or any fraudulent activities carried out through the website, including by carrying out internal audits.

  Security

SPIDER shall adopt relevant technical and organisational measures in order to ensure that personal data is stored securely using appropriate software that is kept up to date. 

Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.

When personal data is deleted this should be done safely so that the data is irrecoverable. Appropriate back-up and disaster recovery solutions shall be in place.

 Breach

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, SPIDER shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the public security authority.

 Exchange of data and information shared WITH third countries

The SPIDER  project focuses on supporting the implementation of the EU-LAC digital dialogue commitments and facilitating the exploitation of the full potential of the BELLA network. Thus, the exchange of data and information sharing between the EU and the third countries participating in SPIDER is limited to collecting and transferring the information required to carry out the project’s activities. These include surveys and in-depth interviews with stakeholders, as well as workshops, conferences, and other project events.

Additionally, all SPIDER activities to be undertaken in the third countries involved in the project comply with the laws of the country in which the data is collected. At the same time, these activities are legal in all EU Member States.

In this regard, consortium members will gather and share information related to the project to implement the project activities, both in the EU and the selected third countries, as well as to coordinate and manage the project as a whole. This information sharing will allow us to comply with the objectives of the project and ensure a smooth execution of the action.

Regarding personal data, it is worth mentioning that databases used for surveys are not shared and that the information collected is anonymized, by the project’s data protection policy described above.

Moreover, financial information from third countries eligible for funding under the Horizon Europe framework that will be sent to the coordinator is for restricted use by the Commission for compliance with the Grant Agreement.

Therefore, apart from the information related to the project, no material will be imported from third countries to the EU or exported from the EU to third countries.

Amendments 

This Privacy Policy entered into force on January 2024.

SPIDER retains the right to make partial or complete amendments to this Privacy Policy, including updating its content due to changes in relevant laws. The website Managing Team will notify any modifications, and they will become effective upon publication on the website. 

Scroll to Top